1b077aed3SPierre Pronchery=pod 2b077aed3SPierre Pronchery{- OpenSSL::safe::output_do_not_edit_headers(); -} 3b077aed3SPierre Pronchery 4b077aed3SPierre Pronchery=head1 NAME 5b077aed3SPierre Pronchery 6b077aed3SPierre Proncheryopenssl-kdf - perform Key Derivation Function operations 7b077aed3SPierre Pronchery 8b077aed3SPierre Pronchery=head1 SYNOPSIS 9b077aed3SPierre Pronchery 10b077aed3SPierre ProncheryB<openssl kdf> 11b077aed3SPierre Pronchery[B<-help>] 12b077aed3SPierre Pronchery[B<-cipher>] 13b077aed3SPierre Pronchery[B<-digest>] 14b077aed3SPierre Pronchery[B<-mac>] 15b077aed3SPierre Pronchery[B<-kdfopt> I<nm>:I<v>] 16b077aed3SPierre Pronchery[B<-keylen> I<num>] 17b077aed3SPierre Pronchery[B<-out> I<filename>] 18b077aed3SPierre Pronchery[B<-binary>] 19b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_provider_synopsis -} 20b077aed3SPierre ProncheryI<kdf_name> 21b077aed3SPierre Pronchery 22b077aed3SPierre Pronchery=head1 DESCRIPTION 23b077aed3SPierre Pronchery 24b077aed3SPierre ProncheryThe key derivation functions generate a derived key from either a secret or 25b077aed3SPierre Proncherypassword. 26b077aed3SPierre Pronchery 27b077aed3SPierre Pronchery=head1 OPTIONS 28b077aed3SPierre Pronchery 29b077aed3SPierre Pronchery=over 4 30b077aed3SPierre Pronchery 31b077aed3SPierre Pronchery=item B<-help> 32b077aed3SPierre Pronchery 33b077aed3SPierre ProncheryPrint a usage message. 34b077aed3SPierre Pronchery 35b077aed3SPierre Pronchery=item B<-keylen> I<num> 36b077aed3SPierre Pronchery 37b077aed3SPierre ProncheryThe output size of the derived key. This field is required. 38b077aed3SPierre Pronchery 39b077aed3SPierre Pronchery=item B<-out> I<filename> 40b077aed3SPierre Pronchery 41b077aed3SPierre ProncheryFilename to output to, or standard output by default. 42b077aed3SPierre Pronchery 43b077aed3SPierre Pronchery=item B<-binary> 44b077aed3SPierre Pronchery 45b077aed3SPierre ProncheryOutput the derived key in binary form. Uses hexadecimal text format if not specified. 46b077aed3SPierre Pronchery 47b077aed3SPierre Pronchery=item B<-cipher> I<name> 48b077aed3SPierre Pronchery 49b077aed3SPierre ProncherySpecify the cipher to be used by the KDF. 50b077aed3SPierre ProncheryNot all KDFs require a cipher and it is an error to use this option in such 51b077aed3SPierre Proncherycases. 52b077aed3SPierre Pronchery 53b077aed3SPierre Pronchery=item B<-digest> I<name> 54b077aed3SPierre Pronchery 55b077aed3SPierre ProncherySpecify the digest to be used by the KDF. 56b077aed3SPierre ProncheryNot all KDFs require a digest and it is an error to use this option in such 57b077aed3SPierre Proncherycases. 58b077aed3SPierre ProncheryTo see the list of supported digests, use C<openssl list -digest-commands>. 59b077aed3SPierre Pronchery 60b077aed3SPierre Pronchery=item B<-mac> I<name> 61b077aed3SPierre Pronchery 62b077aed3SPierre ProncherySpecify the MAC to be used by the KDF. 63b077aed3SPierre ProncheryNot all KDFs require a MAC and it is an error to use this option in such 64b077aed3SPierre Proncherycases. 65b077aed3SPierre Pronchery 66b077aed3SPierre Pronchery=item B<-kdfopt> I<nm>:I<v> 67b077aed3SPierre Pronchery 68b077aed3SPierre ProncheryPasses options to the KDF algorithm. 69*aa795734SPierre ProncheryA comprehensive list of parameters can be found in L<EVP_KDF(3)/PARAMETERS>. 70b077aed3SPierre ProncheryCommon parameter names used by EVP_KDF_CTX_set_params() are: 71b077aed3SPierre Pronchery 72b077aed3SPierre Pronchery=over 4 73b077aed3SPierre Pronchery 74b077aed3SPierre Pronchery=item B<key:>I<string> 75b077aed3SPierre Pronchery 76b077aed3SPierre ProncherySpecifies the secret key as an alphanumeric string (use if the key contains 77b077aed3SPierre Proncheryprintable characters only). 78b077aed3SPierre ProncheryThe string length must conform to any restrictions of the KDF algorithm. 79b077aed3SPierre ProncheryA key must be specified for most KDF algorithms. 80b077aed3SPierre Pronchery 81b077aed3SPierre Pronchery=item B<hexkey:>I<string> 82b077aed3SPierre Pronchery 83*aa795734SPierre ProncheryAlternative to the B<key:> option where 84*aa795734SPierre Proncherythe secret key is specified in hexadecimal form (two hex digits per byte). 85b077aed3SPierre Pronchery 86b077aed3SPierre Pronchery=item B<pass:>I<string> 87b077aed3SPierre Pronchery 88b077aed3SPierre ProncherySpecifies the password as an alphanumeric string (use if the password contains 89b077aed3SPierre Proncheryprintable characters only). 90b077aed3SPierre ProncheryThe password must be specified for PBKDF2 and scrypt. 91b077aed3SPierre Pronchery 92b077aed3SPierre Pronchery=item B<hexpass:>I<string> 93b077aed3SPierre Pronchery 94*aa795734SPierre ProncheryAlternative to the B<pass:> option where 95*aa795734SPierre Proncherythe password is specified in hexadecimal form (two hex digits per byte). 96*aa795734SPierre Pronchery 97*aa795734SPierre Pronchery=item B<salt:>I<string> 98*aa795734SPierre Pronchery 99*aa795734SPierre ProncherySpecifies a non-secret unique cryptographic salt as an alphanumeric string 100*aa795734SPierre Pronchery(use if it contains printable characters only). 101*aa795734SPierre ProncheryThe length must conform to any restrictions of the KDF algorithm. 102*aa795734SPierre ProncheryA salt parameter is required for several KDF algorithms, 103*aa795734SPierre Proncherysuch as L<EVP_KDF-PBKDF2(7)>. 104*aa795734SPierre Pronchery 105*aa795734SPierre Pronchery=item B<hexsalt:>I<string> 106*aa795734SPierre Pronchery 107*aa795734SPierre ProncheryAlternative to the B<salt:> option where 108*aa795734SPierre Proncherythe salt is specified in hexadecimal form (two hex digits per byte). 109*aa795734SPierre Pronchery 110*aa795734SPierre Pronchery=item B<info:>I<string> 111*aa795734SPierre Pronchery 112*aa795734SPierre ProncherySome KDF implementations, such as L<EVP_KDF-HKDF(7)>, take an 'info' parameter 113*aa795734SPierre Proncheryfor binding the derived key material 114*aa795734SPierre Proncheryto application- and context-specific information. 115*aa795734SPierre ProncherySpecifies the info, fixed info, other info or shared info argument 116*aa795734SPierre Proncheryas an alphanumeric string (use if it contains printable characters only). 117*aa795734SPierre ProncheryThe length must conform to any restrictions of the KDF algorithm. 118*aa795734SPierre Pronchery 119*aa795734SPierre Pronchery=item B<hexinfo:>I<string> 120*aa795734SPierre Pronchery 121*aa795734SPierre ProncheryAlternative to the B<info:> option where 122*aa795734SPierre Proncherythe info is specified in hexadecimal form (two hex digits per byte). 123b077aed3SPierre Pronchery 124b077aed3SPierre Pronchery=item B<digest:>I<string> 125b077aed3SPierre Pronchery 126b077aed3SPierre ProncheryThis option is identical to the B<-digest> option. 127b077aed3SPierre Pronchery 128b077aed3SPierre Pronchery=item B<cipher:>I<string> 129b077aed3SPierre Pronchery 130b077aed3SPierre ProncheryThis option is identical to the B<-cipher> option. 131b077aed3SPierre Pronchery 132b077aed3SPierre Pronchery=item B<mac:>I<string> 133b077aed3SPierre Pronchery 134b077aed3SPierre ProncheryThis option is identical to the B<-mac> option. 135b077aed3SPierre Pronchery 136b077aed3SPierre Pronchery=back 137b077aed3SPierre Pronchery 138b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_provider_item -} 139b077aed3SPierre Pronchery 140b077aed3SPierre Pronchery=item I<kdf_name> 141b077aed3SPierre Pronchery 142b077aed3SPierre ProncherySpecifies the name of a supported KDF algorithm which will be used. 143b077aed3SPierre ProncheryThe supported algorithms names include TLS1-PRF, HKDF, SSKDF, PBKDF2, 144b077aed3SPierre ProncherySSHKDF, X942KDF-ASN1, X942KDF-CONCAT, X963KDF and SCRYPT. 145b077aed3SPierre Pronchery 146b077aed3SPierre Pronchery=back 147b077aed3SPierre Pronchery 148b077aed3SPierre Pronchery=head1 EXAMPLES 149b077aed3SPierre Pronchery 150b077aed3SPierre ProncheryUse TLS1-PRF to create a hex-encoded derived key from a secret key and seed: 151b077aed3SPierre Pronchery 152b077aed3SPierre Pronchery openssl kdf -keylen 16 -kdfopt digest:SHA2-256 -kdfopt key:secret \ 153b077aed3SPierre Pronchery -kdfopt seed:seed TLS1-PRF 154b077aed3SPierre Pronchery 155b077aed3SPierre ProncheryUse HKDF to create a hex-encoded derived key from a secret key, salt and info: 156b077aed3SPierre Pronchery 157b077aed3SPierre Pronchery openssl kdf -keylen 10 -kdfopt digest:SHA2-256 -kdfopt key:secret \ 158b077aed3SPierre Pronchery -kdfopt salt:salt -kdfopt info:label HKDF 159b077aed3SPierre Pronchery 160b077aed3SPierre ProncheryUse SSKDF with KMAC to create a hex-encoded derived key from a secret key, salt and info: 161b077aed3SPierre Pronchery 162b077aed3SPierre Pronchery openssl kdf -keylen 64 -kdfopt mac:KMAC-128 -kdfopt maclen:20 \ 163b077aed3SPierre Pronchery -kdfopt hexkey:b74a149a161545 -kdfopt hexinfo:348a37a2 \ 164b077aed3SPierre Pronchery -kdfopt hexsalt:3638271ccd68a2 SSKDF 165b077aed3SPierre Pronchery 166b077aed3SPierre ProncheryUse SSKDF with HMAC to create a hex-encoded derived key from a secret key, salt and info: 167b077aed3SPierre Pronchery 168b077aed3SPierre Pronchery openssl kdf -keylen 16 -kdfopt mac:HMAC -kdfopt digest:SHA2-256 \ 169b077aed3SPierre Pronchery -kdfopt hexkey:b74a149a -kdfopt hexinfo:348a37a2 \ 170b077aed3SPierre Pronchery -kdfopt hexsalt:3638271c SSKDF 171b077aed3SPierre Pronchery 172b077aed3SPierre ProncheryUse SSKDF with Hash to create a hex-encoded derived key from a secret key, salt and info: 173b077aed3SPierre Pronchery 174b077aed3SPierre Pronchery openssl kdf -keylen 14 -kdfopt digest:SHA2-256 \ 175b077aed3SPierre Pronchery -kdfopt hexkey:6dbdc23f045488 \ 176b077aed3SPierre Pronchery -kdfopt hexinfo:a1b2c3d4 SSKDF 177b077aed3SPierre Pronchery 178b077aed3SPierre ProncheryUse SSHKDF to create a hex-encoded derived key from a secret key, hash and session_id: 179b077aed3SPierre Pronchery 180b077aed3SPierre Pronchery openssl kdf -keylen 16 -kdfopt digest:SHA2-256 \ 181b077aed3SPierre Pronchery -kdfopt hexkey:0102030405 \ 182b077aed3SPierre Pronchery -kdfopt hexxcghash:06090A \ 183b077aed3SPierre Pronchery -kdfopt hexsession_id:01020304 \ 184b077aed3SPierre Pronchery -kdfopt type:A SSHKDF 185b077aed3SPierre Pronchery 186b077aed3SPierre ProncheryUse PBKDF2 to create a hex-encoded derived key from a password and salt: 187b077aed3SPierre Pronchery 188b077aed3SPierre Pronchery openssl kdf -keylen 32 -kdfopt digest:SHA256 -kdfopt pass:password \ 189b077aed3SPierre Pronchery -kdfopt salt:salt -kdfopt iter:2 PBKDF2 190b077aed3SPierre Pronchery 191b077aed3SPierre ProncheryUse scrypt to create a hex-encoded derived key from a password and salt: 192b077aed3SPierre Pronchery 193b077aed3SPierre Pronchery openssl kdf -keylen 64 -kdfopt pass:password -kdfopt salt:NaCl \ 194b077aed3SPierre Pronchery -kdfopt n:1024 -kdfopt r:8 -kdfopt p:16 \ 195b077aed3SPierre Pronchery -kdfopt maxmem_bytes:10485760 SCRYPT 196b077aed3SPierre Pronchery 197b077aed3SPierre Pronchery=head1 NOTES 198b077aed3SPierre Pronchery 199b077aed3SPierre ProncheryThe KDF mechanisms that are available will depend on the options 200b077aed3SPierre Proncheryused when building OpenSSL. 201b077aed3SPierre Pronchery 202b077aed3SPierre Pronchery=head1 SEE ALSO 203b077aed3SPierre Pronchery 204b077aed3SPierre ProncheryL<openssl(1)>, 205b077aed3SPierre ProncheryL<openssl-pkeyutl(1)>, 206b077aed3SPierre ProncheryL<EVP_KDF(3)>, 207b077aed3SPierre ProncheryL<EVP_KDF-SCRYPT(7)>, 208b077aed3SPierre ProncheryL<EVP_KDF-TLS1_PRF(7)>, 209b077aed3SPierre ProncheryL<EVP_KDF-PBKDF2(7)>, 210b077aed3SPierre ProncheryL<EVP_KDF-HKDF(7)>, 211b077aed3SPierre ProncheryL<EVP_KDF-SS(7)>, 212b077aed3SPierre ProncheryL<EVP_KDF-SSHKDF(7)>, 213b077aed3SPierre ProncheryL<EVP_KDF-X942-ASN1(7)>, 214b077aed3SPierre ProncheryL<EVP_KDF-X942-CONCAT(7)>, 215b077aed3SPierre ProncheryL<EVP_KDF-X963(7)> 216b077aed3SPierre Pronchery 217b077aed3SPierre Pronchery=head1 HISTORY 218b077aed3SPierre Pronchery 219b077aed3SPierre ProncheryAdded in OpenSSL 3.0 220b077aed3SPierre Pronchery 221b077aed3SPierre Pronchery=head1 COPYRIGHT 222b077aed3SPierre Pronchery 223*aa795734SPierre ProncheryCopyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. 224b077aed3SPierre Pronchery 225b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 226b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 227b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 228b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 229b077aed3SPierre Pronchery 230b077aed3SPierre Pronchery=cut 231