| pkeyutl.pod (238405) | pkeyutl.pod (296279) |
|---|---|
| 1=pod 2 3=head1 NAME 4 5pkeyutl - public key algorithm utility 6 7=head1 SYNOPSIS 8 --- 123 unchanged lines hidden (view full) --- 132 133The operations and options supported vary according to the key algorithm 134and its implementation. The OpenSSL operations and options are indicated below. 135 136Unless otherwise mentioned all algorithms support the B<digest:alg> option 137which specifies the digest in use for sign, verify and verifyrecover operations. 138The value B<alg> should represent a digest name as used in the 139EVP_get_digestbyname() function for example B<sha1>. | 1=pod 2 3=head1 NAME 4 5pkeyutl - public key algorithm utility 6 7=head1 SYNOPSIS 8 --- 123 unchanged lines hidden (view full) --- 132 133The operations and options supported vary according to the key algorithm 134and its implementation. The OpenSSL operations and options are indicated below. 135 136Unless otherwise mentioned all algorithms support the B<digest:alg> option 137which specifies the digest in use for sign, verify and verifyrecover operations. 138The value B<alg> should represent a digest name as used in the 139EVP_get_digestbyname() function for example B<sha1>. |
| 140This value is used only for sanity-checking the lengths of data passed in to 141the B<pkeyutl> and for creating the structures that make up the signature 142(e.g. B<DigestInfo> in RSASSA PKCS#1 v1.5 signatures). 143In case of RSA, ECDSA and DSA signatures, this utility 144will not perform hashing on input data but rather use the data directly as 145input of signature algorithm. Depending on key type, signature type and mode 146of padding, the maximum acceptable lengths of input data differ. In general, 147with RSA the signed data can't be longer than the key modulus, in case of ECDSA 148and DSA the data shouldn't be longer than field size, otherwise it will be 149silently truncated to field size. |
|
| 140 | 150 |
| 151In other words, if the value of digest is B<sha1> the input should be 20 bytes 152long binary encoding of SHA-1 hash function output. 153 |
|
| 141=head1 RSA ALGORITHM 142 143The RSA algorithm supports encrypt, decrypt, sign, verify and verifyrecover 144operations in general. Some padding modes only support some of these 145operations however. 146 147=over 4 148 --- 74 unchanged lines hidden --- | 154=head1 RSA ALGORITHM 155 156The RSA algorithm supports encrypt, decrypt, sign, verify and verifyrecover 157operations in general. Some padding modes only support some of these 158operations however. 159 160=over 4 161 --- 74 unchanged lines hidden --- |