document RSA-PSS algorithm options
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2177)
This commit is contained in:
Dr. Stephen Henson
parent
1b2146855e
commit
7751098ecd
2 changed files with 51 additions and 0 deletions
|
|
@ -111,6 +111,31 @@ hexadecimal value if preceded by B<0x>. Default value is 65537.
|
|||
|
||||
=back
|
||||
|
||||
=head1 RSA-PSS KEY GENERATION OPTIONS
|
||||
|
||||
Note: by default an B<RSA-PSS> key has no parameter restrictions.
|
||||
|
||||
=over 4
|
||||
|
||||
=item B<rsa_keygen_bits:numbits>, B<rsa_keygen_pubexp:value>
|
||||
|
||||
These options have the same meaning as the B<RSA> algorithm.
|
||||
|
||||
=item B<rsa_pss_keygen_md:digest>
|
||||
|
||||
If set the key is restricted and can only use B<digest> for signing.
|
||||
|
||||
=item B<rsa_pss_keygen_mgf1_md:digest>
|
||||
|
||||
If set the key is restricted and can only use B<digest> as it's MGF1
|
||||
parameter.
|
||||
|
||||
=item B<rsa_pss_keygen_saltlen:len>
|
||||
|
||||
If set the key is restricted and B<len> specifies the minimum salt length.
|
||||
|
||||
=back
|
||||
|
||||
=head1 DSA PARAMETER GENERATION OPTIONS
|
||||
|
||||
=over 4
|
||||
|
|
|
|||
|
|
@ -221,6 +221,32 @@ sets the salt length to the maximum permissible value. When verifying -2 causes
|
|||
the salt length to be automatically determined based on the B<PSS> block
|
||||
structure.
|
||||
|
||||
=item B<rsa_mgf1_md:digest>
|
||||
|
||||
For PSS and OAEP padding sets the MGF1 digest. If the MGF1 digest is not
|
||||
explicitly set in PSS mode then the signing digest is used.
|
||||
|
||||
=back
|
||||
|
||||
=head1 RSA-PSS ALGORITHM
|
||||
|
||||
The RSA-PSS algorithm is a restricted version of the RSA algorithm which only
|
||||
supports the sign and verify operations with PSS padding. The following
|
||||
additional B<pkeyopt> values are supported:
|
||||
|
||||
=over 4
|
||||
|
||||
=item B<rsa_padding_mode:mode>, B<rsa_pss_saltlen:len>, B<rsa_mgf1_md:digest>
|
||||
|
||||
These have the same meaning as the B<RSA> algorithm with some additional
|
||||
restrictions. The padding mode can only be set to B<pss> which is the
|
||||
default value.
|
||||
|
||||
If the key has parameter restrictions than the digest, MGF1
|
||||
digest and salt length are set to the values specified in the parameters.
|
||||
The digest and MG cannot be changed and the salt length cannot be set to a
|
||||
value less than the minimum restriction.
|
||||
|
||||
=back
|
||||
|
||||
=head1 DSA ALGORITHM
|
||||
|
|
|
|||
Loading…
Reference in a new issue