xref: /freebsd/crypto/openssl/doc/man7/EVP_KDF-PBKDF1.pod (revision e1e636193db45630c7881246d25902e57c43d24e)
1=pod
2
3=head1 NAME
4
5EVP_KDF-PBKDF1 - The PBKDF1 EVP_KDF implementation
6
7=head1 DESCRIPTION
8
9Support for computing the B<PBKDF1> password-based KDF through the B<EVP_KDF>
10API.
11
12The EVP_KDF-PBKDF1 algorithm implements the PBKDF1 password-based key
13derivation function, as described in RFC 8018; it derives a key from a password
14using a salt and iteration count.
15
16=head2 Identity
17
18"PBKDF1" is the name for this implementation; it
19can be used with the EVP_KDF_fetch() function.
20
21=head2 Supported parameters
22
23The supported parameters are:
24
25=over 4
26
27=item "pass" (B<OSSL_KDF_PARAM_PASSWORD>) <octet string>
28
29=item "salt" (B<OSSL_KDF_PARAM_SALT>) <octet string>
30
31=item "iter" (B<OSSL_KDF_PARAM_ITER>) <unsigned integer>
32
33This parameter has a default value of 0 and should be set.
34
35=item "properties" (B<OSSL_KDF_PARAM_PROPERTIES>) <UTF8 string>
36
37=item "digest" (B<OSSL_KDF_PARAM_DIGEST>) <UTF8 string>
38
39These parameters work as described in L<EVP_KDF(3)/PARAMETERS>.
40
41=back
42
43=head1 NOTES
44
45A typical application of this algorithm is to derive keying material for an
46encryption algorithm from a password in the "pass", a salt in "salt",
47and an iteration count.
48
49Increasing the "iter" parameter slows down the algorithm which makes it
50harder for an attacker to perform a brute force attack using a large number
51of candidate passwords.
52
53No assumption is made regarding the given password; it is simply treated as a
54byte sequence.
55
56=head1 CONFORMING TO
57
58RFC 8018
59
60=head1 SEE ALSO
61
62L<EVP_KDF(3)>,
63L<EVP_KDF_CTX_new(3)>,
64L<EVP_KDF_CTX_free(3)>,
65L<EVP_KDF_CTX_set_params(3)>,
66L<EVP_KDF_derive(3)>,
67L<EVP_KDF(3)/PARAMETERS>
68
69=head1 HISTORY
70
71This functionality was added in OpenSSL 3.0.
72
73=head1 COPYRIGHT
74
75Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
76
77Licensed under the Apache License 2.0 (the "License").  You may not use
78this file except in compliance with the License.  You can obtain a copy
79in the file LICENSE in the source distribution or at
80L<https://www.openssl.org/source/license.html>.
81
82=cut
83