EVP_PKEY-ML-DSA.7 - OpenGrok cross reference for /freebsd/secure/lib/libcrypto/man/man7/EVP

Lines Matching +full:output +full:- +full:only
1 .\" -*- mode: troff; coding: utf-8 -*-
36 .\" output yourself in some meaningful fashion.
57 .IX Title "EVP_PKEY-ML-DSA 7ossl"
58 .TH EVP_PKEY-ML-DSA 7ossl 2025-09-30 3.5.4 OpenSSL
64 EVP_PKEY\-ML\-DSA, EVP_KEYMGMT\-ML\-DSA,
65 EVP_PKEY\-ML\-DSA\-44, EVP_PKEY\-ML\-DSA\-65, EVP_PKEY\-ML\-DSA\-87
66 \&\- EVP_PKEY ML\-DSA keytype and algorithm support
69 ML-DSA implements the algorithms \fBML\-DSA\-44\fR, \fBML\-DSA\-65\fR and \fBML\-DSA\-87\fR. 
76 This value is one of 2, 3 or 5 for key types \fBML\-DSA\-44\fR, \fBML\-DSA\-65\fR
77 and \fBML\-DSA\-87\fR respectively, which correspond to security strengths of
96 and private key output to \fBPKCS#8\fR files will by default include the seed.
98 key files will contain only the private key in FIPS 204 \f(CW\*(C`sk\*(C'\fR format.
102 ML-DSA hashing operations.
105 .SS "Common ML-DSA parameters"
106 .IX Subsection "Common ML-DSA parameters"
108 "Common Information Parameters" in \fBprovider\-keymgmt\fR\|(7), the implementation of
119 respective key type of \fBML\-DSA\-44\fR, \fBML\-DSA\-65\fR or \fBML\-DSA\-87\fR.
123 respective key type of \fBML\-DSA\-44\fR, \fBML\-DSA\-65\fR or \fBML\-DSA\-87\fR.
126 See the description of the \fB\-provparam\fR option in \fBopenssl\fR\|(1) to learn
132 .IX Item "ml-dsa.retain_seed (OSSL_PKEY_PARAM_ML_DSA_RETAIN_SEED) <UTF8 string>"
137 only the FIPS 204 \f(CW\*(C`sk\*(C'\fR key.
140 .IX Item "ml-dsa.prefer_seed (OSSL_PKEY_PARAM_ML_DSA_PREFER_SEED) <UTF8 string>"
150 .IX Item "ml-dsa.input_formats (OSSL_PKEY_PARAM_ML_DSA_INPUT_FORMATS) <UTF8 string>"
154 in the "EXAMPLES" section below, or the via the \fB\-provparam\fR command-line
157 Values specified on the command-line override any configuration file settings.
163 .IX Item "seed-priv:"
164 This format represents \fBPKCS#8\fR objects in which both the FIPS 204 32\-byte
169 \&    ML\-DSA\-PrivateKey ::= CHOICE {
177 If the \f(CW\*(C`seed\-priv\*(C'\fR format is not included in the list, this format will not be
181 .IX Item "seed-only:"
182 This format represents \fBPKCS#8\fR objects in which only the 32\-byte FIPS 204
184 If the \f(CW\*(C`seed\-only\*(C'\fR format is not included in the list, this format will not be
188 .IX Item "priv-only:"
189 This format represents \fBPKCS#8\fR objects in which only the FIPS 204
191 If the \f(CW\*(C`priv\-only\*(C'\fR format is not included in the list, this format will not be
204 .IX Item "bare-seed:"
206 the 32\-byte FIPS 204 seed \fBξ\fR without any ASN.1 encapsulation.
207 If the \f(CW\*(C`bare\-seed\*(C'\fR format is not included in the list, this format will not be
211 .IX Item "bare-priv:"
214 If the \f(CW\*(C`bare\-priv\*(C'\fR format is not included in the list, this format will not be
221 .IX Item "ml-dsa.output_formats (OSSL_PKEY_PARAM_ML_DSA_OUTPUT_FORMATS) <UTF8 string>"
222 Ordered list of enabled private key output formats when writing \fBPKCS#8\fR files.
225 in the "EXAMPLES" section below, or the via the \fB\-provparam\fR command-line
228 This supports the same set of formats as described under \f(CW\*(C`ml\-dsa.input_formats\*(C'\fR
231 the first one that is possible to output.
234 The default order is equivalent to \f(CW\*(C`seed\-priv\*(C'\fR first and \f(CW\*(C`priv\-only\*(C'…
235 both seed and key output when the seed is available, and just the
237 If \f(CW\*(C`seed\-only\*(C'\fR is listed first, then the seed will be output without the key
238 when available, otherwise the output will have just the key.
239 If \f(CW\*(C`priv\-only\*(C'\fR is listed first, then just the key is output regardless of
241 The legacy \f(CW\*(C`oqskeypair\*(C'\fR, \f(CW\*(C`bare\-seed\*(C'\fR and \f(CW\*(C`bare\-priv\*(C'…
242 output, by listing those first.
253 \&        EVP_PKEY_CTX_new_from_name(NULL, "ML\-DSA\-44", NULL);
256 An \fBML\-DSA\-44\fR key can be generated like this:
259 \&    pkey = EVP_PKEY_Q_keygen(NULL, NULL, "ML\-DSA\-44");
265 \&    /* Sizes large enough for ML\-DSA\-87 */
277 An \fBML-DSA\fR private key in seed format can be converted to a key in the FIPS
281 \&    $ openssl pkey \-provparam ml\-dsa.retain_seed=no \e
282 \&        \-in seed\-only.pem \-out priv\-only.pem
285 To generate an, e.g., \fBML\-DSA\-65\fR key, in FIPS 204 \fBsk\fR format, you can run:
288 \&    $ openssl genpkey \-provparam ml\-dsa.retain_seed=no \e
289 \&        \-algorithm ml\-dsa\-65 \-out priv\-only.pem
296 \&    $ openssl pkey \-provparam ml\-dsa.prefer_seed=no \e
297 \&        \-in seed\-priv.pem \-out priv\-only.pem
313 \&    input_formats = seed\-priv, seed\-only, priv\-only
314 \&    # Output either the seed alone, or else the key alone
315 \&    output_formats = seed\-only, priv\-only
323 \&    ml\-dsa = ml_dsa_sect
326 \&    ml\-dsa = ml_dsa_sect
332 \&\fBprovider\-keymgmt\fR\|(7),
337 \&\fBprovider\-keymgmt\fR\|(7),
338 \&\fBEVP_SIGNATURE\-ML\-DSA\fR\|(7)