zzy/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Encap/decap in pkeyutl - documentation

Browse Source 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25127)
This commit is contained in:
Dmitry Belyavskiy 2024-08-07 17:50:51 +02:00
parent 12b2e5552b
commit 14fa2f5f47
1 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
doc/man1/openssl-pkeyutl.pod.in
View File

@ -13,6 +13,7 @@ B<openssl> B<pkeyutl>
[B<-rawin>]
[B<-digest> I<algorithm>]
[B<-out> I<file>]
[B<-secret> I<file>]
[B<-sigfile> I<file>]
[B<-inkey> I<filename>|I<uri>]
[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
@ -28,8 +29,11 @@ B<openssl> B<pkeyutl>
[B<-encrypt>]
[B<-decrypt>]
[B<-derive>]
[B<-encap>]
[B<-decap>]
[B<-kdf> I<algorithm>]
[B<-kdflen> I<length>]
[B<-kemop> I<operation>]
[B<-pkeyopt> I<opt>:I<value>]
[B<-pkeyopt_passin> I<opt>[:I<passarg>]]
[B<-hexdump>]
@ -79,6 +83,10 @@ then the B<-rawin> option must be also specified.
Specifies the output filename to write to or standard output by
default.
=item B<-secret> I<filename>
Specifies the output filename to write the secret to on I<-encap>.
=item B<-sigfile> I<file>
Signature file, required for B<-verify> operations only
@ -147,6 +155,31 @@ Decrypt the input data using a private key.
Derive a shared secret using the peer key.
=item B<-encap>
Encapsulate a generated secret using a private key.
The encapsulated result (binary data) is written to standard output by default,
or else to the file specified with I<-out>.
The I<-secret> option must also be provided to specify the output file for the
secret value generated in the encapsulation process.
=item B<-decap>
Decapsulate the secret using a private key.
The result (binary data) is written to standard output by default, or else to
the file specified with I<-out>.
=item B<-kemop> I<operation>
This option is used for I<-encap>/I<-decap> commands and specifies the KEM
operation specific for the key algorithm when there is no default KEM
operation.
If the algorithm has the default KEM operation, this option can be omitted.
See L<EVP_PKEY_CTX_set_kem_op(3)> and algorithm-specific KEM documentation e.g.
L<EVP_KEM-RSA(7)>, L<EVP_KEM-EC(7)>, L<EVP_KEM-X25519(7)>, and
L<EVP_KEM-X448(7)>.
=item B<-kdf> I<algorithm>
Use key derivation function I<algorithm>. The supported algorithms are