EVP_PKEY-FFC.pod - OpenGrok cross reference for /freebsd/crypto/openssl/doc/man7/EVP

Lines Matching +full:first +full:- +full:generation
5 EVP_PKEY-FFC - EVP_PKEY DSA and DH/DHX shared FFC parameters.
11 Diffie-Hellman key establishment algorithms specified in SP800-56A can also be
20 For B<DSA> (and B<DH> that is not a named group) the FIPS186-4 standard
21 specifies that the values used for FFC parameter generation are also required
31 must be used for FIPS186-4.
36 L<provider-keymgmt(7)/Common parameters>), the B<DSA>, B<DH> and B<DHX> keytype
57 A DSA or Diffie-Hellman prime "p" value.
61 A DSA or Diffie-Hellman generator "g" value.
71 A DSA or Diffie-Hellman prime "q" value.
75 An optional domain parameter I<seed> value used during generation and validation
77 For validation this needs to set the I<seed> that was produced during generation.
81 Sets the index to use for canonical generation and verification of the generator
85 is not set or is -1 then unverifiable generation of the generator I<g> will be
90 An optional domain parameter I<counter> value that is output during generation
95 For unverifiable generation of the generator I<g> this value is output during
96 generation of I<g>. Its value is the first integer larger than one that
101 An optional informational cofactor parameter that should equal to (p - 1) / q.
103 =item "validate-pq" (B<OSSL_PKEY_PARAM_FFC_VALIDATE_PQ>) <unsigned integer>
105 =item "validate-g" (B<OSSL_PKEY_PARAM_FFC_VALIDATE_G>) <unsigned integer>
107 These boolean values are used during FIPS186-4 or FIPS186-2 key validation checks
109 I<validate-pq> and I<validate-g> are both set to 1 to check that p,q and g are
113 =item "validate-legacy" (B<OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY>) <unsigned integer>
117 value of 0 selects FIPS186-4 validation. Setting this value to 1 selects
118 FIPS186-2 validation.
122 =head2 FFC key generation parameters
124 The following key generation types are available for DSA and DHX algorithms:
130 Sets the type of parameter generation. The shared valid values are:
145 parameters set for parameter generation.
162 Sets the Digest algorithm to be used as part of the Key Generation Function
163 associated with the given Key Generation I<ctx>.
169 Digest algorithm for the Key Generation Function associated with the given key
170 generation I<ctx>. This may also be set for key validation.
174 For "fips186_4" or "fips186_2" generation this sets the I<seed> data to use
191 The following sections of SP800-56Ar3:
195 =item 5.5.1.1 FFC Domain Parameter Selection/Generation
199 The following sections of FIPS186-4:
203 =item A.1.1.2 Generation of Probable Primes p and q Using an Approved Hash Function.
205 =item A.2.3 Generation of canonical generator g.
207 =item A.2.1 Unverifiable Generation of the Generator g.
213 L<EVP_PKEY-DSA(7)>,
214 L<EVP_PKEY-DH(7)>,
215 L<EVP_SIGNATURE-DSA(7)>,
216 L<EVP_KEYEXCH-DH(7)>
219 L<provider-keymgmt(7)>,
220 L<OSSL_PROVIDER-default(7)>,
221 L<OSSL_PROVIDER-FIPS(7)>,
225 Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.