1=pod 2 3=head1 NAME 4 5EVP_KEM-RSA 6- EVP_KEM RSA keytype and algorithm support 7 8=head1 DESCRIPTION 9 10The B<RSA> keytype and its parameters are described in L<EVP_PKEY-RSA(7)>. 11See L<EVP_PKEY_encapsulate(3)> and L<EVP_PKEY_decapsulate(3)> for more info. 12 13=head2 RSA KEM parameters 14 15=over 4 16 17=item "operation" (B<OSSL_KEM_PARAM_OPERATION>) <UTF8 string> 18 19The OpenSSL RSA Key Encapsulation Mechanism only currently supports the 20following default operation (operating mode): 21 22=over 4 23 24=item "RSASVE" 25 26The encapsulate function simply generates a secret using random bytes and then 27encrypts the secret using the RSA public key (with no padding). 28The decapsulate function recovers the secret using the RSA private key. 29 30=back 31 32This can be set using EVP_PKEY_CTX_set_kem_op(). 33 34=item "fips-indicator" (B<OSSL_KEM_PARAM_FIPS_APPROVED_INDICATOR>) <integer> 35 36=item "key-check" (B<OSSL_KEM_PARAM_FIPS_KEY_CHECK>) <integer> 37 38These parameters are described in L<provider-kem(7)>. 39 40=back 41 42=head1 CONFORMING TO 43 44=over 4 45 46=item SP800-56Br2 47 48Section 7.2.1.2 RSASVE Generate Operation (RSASVE.GENERATE). 49Section 7.2.1.3 RSASVE Recovery Operation (RSASVE.RECOVER). 50 51=back 52 53=head1 SEE ALSO 54 55L<EVP_PKEY_CTX_set_kem_op(3)>, 56L<EVP_PKEY_encapsulate(3)>, 57L<EVP_PKEY_decapsulate(3)> 58L<EVP_KEYMGMT(3)>, 59L<EVP_PKEY(3)>, 60L<provider-keymgmt(7)> 61 62=head1 HISTORY 63 64This functionality was added in OpenSSL 3.0. 65 66The C<operation> (operating mode) was a required parameter prior to OpenSSL 3.5. 67As of OpenSSL 3.5, C<RSASVE> is the default operating mode, and no explicit 68value need be specified. 69 70=head1 COPYRIGHT 71 72Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. 73 74Licensed under the Apache License 2.0 (the "License"). You may not use 75this file except in compliance with the License. You can obtain a copy 76in the file LICENSE in the source distribution or at 77L<https://www.openssl.org/source/license.html>. 78 79=cut 80