Lines Matching +full:per +full:- +full:string
18 .\" Set up some character translations and predefined strings. \*(-- will
24 .tr \(*W-
27 . ds -- \(*W-
29 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
37 . ds -- \|\(em\|
71 .\" Fear. Run. Save yourself. No user-serviceable parts.
81 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
97 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
98 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
99 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
100 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
101 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
102 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
104 . \" troff and (daisy-wheel) nroff accents
123 . ds d- d\h'-1'\(ga
124 . ds D- D\h'-1'\(hy
133 .IX Title "OPENSSL-KDF 1ossl"
134 .TH OPENSSL-KDF 1ossl "2023-09-22" "3.0.11" "OpenSSL"
140 openssl\-kdf \- perform Key Derivation Function operations
144 [\fB\-help\fR]
145 [\fB\-cipher\fR]
146 [\fB\-digest\fR]
147 [\fB\-mac\fR]
148 [\fB\-kdfopt\fR \fInm\fR:\fIv\fR]
149 [\fB\-keylen\fR \fInum\fR]
150 [\fB\-out\fR \fIfilename\fR]
151 [\fB\-binary\fR]
152 [\fB\-provider\fR \fIname\fR]
153 [\fB\-provider\-path\fR \fIpath\fR]
154 [\fB\-propquery\fR \fIpropq\fR]
162 .IP "\fB\-help\fR" 4
163 .IX Item "-help"
165 .IP "\fB\-keylen\fR \fInum\fR" 4
166 .IX Item "-keylen num"
168 .IP "\fB\-out\fR \fIfilename\fR" 4
169 .IX Item "-out filename"
171 .IP "\fB\-binary\fR" 4
172 .IX Item "-binary"
174 .IP "\fB\-cipher\fR \fIname\fR" 4
175 .IX Item "-cipher name"
176 Specify the cipher to be used by the \s-1KDF.\s0
179 .IP "\fB\-digest\fR \fIname\fR" 4
180 .IX Item "-digest name"
181 Specify the digest to be used by the \s-1KDF.\s0
184 To see the list of supported digests, use \f(CW\*(C`openssl list \-digest\-commands\*(C'\fR.
185 .IP "\fB\-mac\fR \fIname\fR" 4
186 .IX Item "-mac name"
187 Specify the \s-1MAC\s0 to be used by the \s-1KDF.\s0
188 Not all KDFs require a \s-1MAC\s0 and it is an error to use this option in such
190 .IP "\fB\-kdfopt\fR \fInm\fR:\fIv\fR" 4
191 .IX Item "-kdfopt nm:v"
192 Passes options to the \s-1KDF\s0 algorithm.
193 A comprehensive list of parameters can be found in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0…
196 .IP "\fBkey:\fR\fIstring\fR" 4
197 .IX Item "key:string"
198 Specifies the secret key as an alphanumeric string (use if the key contains
200 The string length must conform to any restrictions of the \s-1KDF\s0 algorithm.
201 A key must be specified for most \s-1KDF\s0 algorithms.
202 .IP "\fBhexkey:\fR\fIstring\fR" 4
203 .IX Item "hexkey:string"
205 the secret key is specified in hexadecimal form (two hex digits per byte).
206 .IP "\fBpass:\fR\fIstring\fR" 4
207 .IX Item "pass:string"
208 Specifies the password as an alphanumeric string (use if the password contains
210 The password must be specified for \s-1PBKDF2\s0 and scrypt.
211 .IP "\fBhexpass:\fR\fIstring\fR" 4
212 .IX Item "hexpass:string"
214 the password is specified in hexadecimal form (two hex digits per byte).
215 .IP "\fBsalt:\fR\fIstring\fR" 4
216 .IX Item "salt:string"
217 Specifies a non-secret unique cryptographic salt as an alphanumeric string
219 The length must conform to any restrictions of the \s-1KDF\s0 algorithm.
220 A salt parameter is required for several \s-1KDF\s0 algorithms,
221 such as \s-1\fBEVP_KDF\-PBKDF2\s0\fR\|(7).
222 .IP "\fBhexsalt:\fR\fIstring\fR" 4
223 .IX Item "hexsalt:string"
225 the salt is specified in hexadecimal form (two hex digits per byte).
226 .IP "\fBinfo:\fR\fIstring\fR" 4
227 .IX Item "info:string"
228 Some \s-1KDF\s0 implementations, such as \s-1\fBEVP_KDF\-HKDF\s0\fR\|(7), take an 'info' parameter
230 to application\- and context-specific information.
232 as an alphanumeric string (use if it contains printable characters only).
233 The length must conform to any restrictions of the \s-1KDF\s0 algorithm.
234 .IP "\fBhexinfo:\fR\fIstring\fR" 4
235 .IX Item "hexinfo:string"
237 the info is specified in hexadecimal form (two hex digits per byte).
238 .IP "\fBdigest:\fR\fIstring\fR" 4
239 .IX Item "digest:string"
240 This option is identical to the \fB\-digest\fR option.
241 .IP "\fBcipher:\fR\fIstring\fR" 4
242 .IX Item "cipher:string"
243 This option is identical to the \fB\-cipher\fR option.
244 .IP "\fBmac:\fR\fIstring\fR" 4
245 .IX Item "mac:string"
246 This option is identical to the \fB\-mac\fR option.
250 .IP "\fB\-provider\fR \fIname\fR" 4
251 .IX Item "-provider name"
253 .IP "\fB\-provider\-path\fR \fIpath\fR" 4
254 .IX Item "-provider-path path"
255 .IP "\fB\-propquery\fR \fIpropq\fR" 4
256 .IX Item "-propquery propq"
261 Specifies the name of a supported \s-1KDF\s0 algorithm which will be used.
262 The supported algorithms names include \s-1TLS1\-PRF, HKDF, SSKDF, PBKDF2,
263 SSHKDF, X942KDF\-ASN1, X942KDF\-CONCAT, X963KDF\s0 and \s-1SCRYPT.\s0
266 Use \s-1TLS1\-PRF\s0 to create a hex-encoded derived key from a secret key and seed:
269 \& openssl kdf \-keylen 16 \-kdfopt digest:SHA2\-256 \-kdfopt key:secret \e
270 \& \-kdfopt seed:seed TLS1\-PRF
273 Use \s-1HKDF\s0 to create a hex-encoded derived key from a secret key, salt and info:
276 \& openssl kdf \-keylen 10 \-kdfopt digest:SHA2\-256 \-kdfopt key:secret \e
277 \& \-kdfopt salt:salt \-kdfopt info:label HKDF
280 Use \s-1SSKDF\s0 with \s-1KMAC\s0 to create a hex-encoded derived key from a secret key, salt and i…
283 \& openssl kdf \-keylen 64 \-kdfopt mac:KMAC\-128 \-kdfopt maclen:20 \e
284 \& \-kdfopt hexkey:b74a149a161545 \-kdfopt hexinfo:348a37a2 \e
285 \& \-kdfopt hexsalt:3638271ccd68a2 SSKDF
288 Use \s-1SSKDF\s0 with \s-1HMAC\s0 to create a hex-encoded derived key from a secret key, salt and i…
291 \& openssl kdf \-keylen 16 \-kdfopt mac:HMAC \-kdfopt digest:SHA2\-256 \e
292 \& \-kdfopt hexkey:b74a149a \-kdfopt hexinfo:348a37a2 \e
293 \& \-kdfopt hexsalt:3638271c SSKDF
296 Use \s-1SSKDF\s0 with Hash to create a hex-encoded derived key from a secret key, salt and info:
299 \& openssl kdf \-keylen 14 \-kdfopt digest:SHA2\-256 \e
300 \& \-kdfopt hexkey:6dbdc23f045488 \e
301 \& \-kdfopt hexinfo:a1b2c3d4 SSKDF
304 Use \s-1SSHKDF\s0 to create a hex-encoded derived key from a secret key, hash and session_id:
307 \& openssl kdf \-keylen 16 \-kdfopt digest:SHA2\-256 \e
308 \& \-kdfopt hexkey:0102030405 \e
309 \& \-kdfopt hexxcghash:06090A \e
310 \& \-kdfopt hexsession_id:01020304 \e
311 \& \-kdfopt type:A SSHKDF
314 Use \s-1PBKDF2\s0 to create a hex-encoded derived key from a password and salt:
317 \& openssl kdf \-keylen 32 \-kdfopt digest:SHA256 \-kdfopt pass:password \e
318 \& \-kdfopt salt:salt \-kdfopt iter:2 PBKDF2
321 Use scrypt to create a hex-encoded derived key from a password and salt:
324 \& openssl kdf \-keylen 64 \-kdfopt pass:password \-kdfopt salt:NaCl \e
325 \& \-kdfopt n:1024 \-kdfopt r:8 \-kdfopt p:16 \e
326 \& \-kdfopt maxmem_bytes:10485760 SCRYPT
330 The \s-1KDF\s0 mechanisms that are available will depend on the options
335 \&\fBopenssl\-pkeyutl\fR\|(1),
336 \&\s-1\fBEVP_KDF\s0\fR\|(3),
337 \&\s-1\fBEVP_KDF\-SCRYPT\s0\fR\|(7),
338 \&\s-1\fBEVP_KDF\-TLS1_PRF\s0\fR\|(7),
339 \&\s-1\fBEVP_KDF\-PBKDF2\s0\fR\|(7),
340 \&\s-1\fBEVP_KDF\-HKDF\s0\fR\|(7),
341 \&\s-1\fBEVP_KDF\-SS\s0\fR\|(7),
342 \&\s-1\fBEVP_KDF\-SSHKDF\s0\fR\|(7),
343 \&\s-1\fBEVP_KDF\-X942\-ASN1\s0\fR\|(7),
344 \&\s-1\fBEVP_KDF\-X942\-CONCAT\s0\fR\|(7),
345 \&\s-1\fBEVP_KDF\-X963\s0\fR\|(7)
351 Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved.
355 in the file \s-1LICENSE\s0 in the source distribution or at