logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

EVP_KEM-RSA - EVP_KEM RSA keytype and algorithm support

Conforming To

SP800-56Br2 Section 7.2.1.2 RSASVE Generate Operation (RSASVE.GENERATE). Section 7.2.1.3 RSASVE Recovery Operation (RSASVE.RECOVER).

Description

The RSA keytype and its parameters are described in EVP_PKEY-RSA(7). See EVP_PKEY_encapsulate(3) and EVP_PKEY_decapsulate(3) for more info. RSAKEMparameters "operation" (OSSL_KEM_PARAM_OPERATION) <UTF8 string> The OpenSSL RSA Key Encapsulation Mechanism only currently supports the following default operation (operating mode): "RSASVE" The encapsulate function simply generates a secret using random bytes and then encrypts the secret using the RSA public key (with no padding). The decapsulate function recovers the secret using the RSA private key. This can be set using EVP_PKEY_CTX_set_kem_op(). "fips-indicator" (OSSL_KEM_PARAM_FIPS_APPROVED_INDICATOR) <integer> "key-check" (OSSL_KEM_PARAM_FIPS_KEY_CHECK) <integer> These parameters are described in provider-kem(7).

History

This functionality was added in OpenSSL 3.0. The "operation" (operating mode) was a required parameter prior to OpenSSL 3.5. As of OpenSSL 3.5, "RSASVE" is the default operating mode, and no explicit value need be specified.

Name

EVP_KEM-RSA - EVP_KEM RSA keytype and algorithm support

See Also

EVP_PKEY_CTX_set_kem_op(3), EVP_PKEY_encapsulate(3), EVP_PKEY_decapsulate(3) EVP_KEYMGMT(3), EVP_PKEY(3), provider-keymgmt(7)

See Also