Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
146ca72c
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
146ca72c
编写于
2月 19, 2015
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add additional EC documentation.
Reviewed-by:
N
Matt Caswell
<
matt@openssl.org
>
上级
86f300d3
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
60 addition
and
15 deletion
+60
-15
doc/apps/genpkey.pod
doc/apps/genpkey.pod
+30
-5
doc/crypto/EC_GROUP_copy.pod
doc/crypto/EC_GROUP_copy.pod
+12
-4
doc/crypto/EVP_PKEY_CTX_ctrl.pod
doc/crypto/EVP_PKEY_CTX_ctrl.pod
+18
-6
未找到文件。
doc/apps/genpkey.pod
浏览文件 @
146ca72c
...
...
@@ -29,7 +29,7 @@ The B<genpkey> command generates a private key.
=item B<-out filename>
the output filename. If this argument is not specified then standard output is
used.
used.
=item B<-outform DER|PEM>
...
...
@@ -141,11 +141,21 @@ and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections
=head1 EC PARAMETER GENERATION OPTIONS
In OpenSSL 1.0.2 and later the EC parameter generation options below can also
be supplied as EC key generation options. This can (for example) generate a
key from a named curve without the need to use an explicit parameter file.
=over 4
=item B<ec_paramgen_curve:curve>
the EC curve to use.
the EC curve to use. OpenSSL 1.0.2 and later supports NIST curve names
such as "P-256".
=item B<ec_param_enc:encoding>
the encoding to use for parameters. The "encoding" paramater must be either
"named_curve" or "explicit".
=back
...
...
@@ -190,7 +200,7 @@ can be used.
Generate an RSA private key using default parameters:
openssl genpkey -algorithm RSA -out key.pem
openssl genpkey -algorithm RSA -out key.pem
Encrypt output private key using 128 bit AES and the passphrase "hello":
...
...
@@ -208,7 +218,7 @@ Generate 1024 bit DSA parameters:
Generate DSA key from parameters:
openssl genpkey -paramfile dsap.pem -out dsakey.pem
openssl genpkey -paramfile dsap.pem -out dsakey.pem
Generate 1024 bit DH parameters:
...
...
@@ -221,8 +231,23 @@ Output RFC5114 2048 bit DH parameters with 224 bit subgroup:
Generate DH key from parameters:
openssl genpkey -paramfile dhp.pem -out dhkey.pem
openssl genpkey -paramfile dhp.pem -out dhkey.pem
Generate EC parameters:
openssl genpkey -genparam -algorithm EC -out ecp.pem \
-pkeyopt ec_paramgen_curve:secp384r1 \
-pkeyopt ec_param_enc:named_curve
Generate EC key from parameters:
openssl genpkey -paramfile ecp.pem -out eckey.pem
Generate EC key directly (OpenSSL 1.0.2+ only):
openssl genpkey -algorithm EC -out eckey.pem \
-pkeyopt ec_paramgen_curve:P-384 \
-pkeyopt ec_param_enc:named_curve
=cut
doc/crypto/EC_GROUP_copy.pod
浏览文件 @
146ca72c
...
...
@@ -69,10 +69,18 @@ The functions EC_GROUP_set_curve_name and EC_GROUP_get_curve_name, set and get t
(see L<EC_GROUP_new(3)|EC_GROUP_new(3)>). If a curve does not have a NID associated with it, then EC_GROUP_get_curve_name
will return 0.
The asn1_flag value on a curve is used to determine whether there is a specific ASN1 OID to describe the curve or not.
If the asn1_flag is 1 then this is a named curve with an associated ASN1 OID. If not then asn1_flag is 0. The functions
EC_GROUP_get_asn1_flag and EC_GROUP_set_asn1_flag get and set the status of the asn1_flag for the curve. If set then
the curve_name must also be set.
The asn1_flag value is used to determine whether the curve encoding uses
explicit parameters or a named curve using an ASN1 OID: many applications only
support the latter form. If asn1_flag is B<OPENSSL_EC_NAMED_CURVE> then the
named curve form is used and the parameters must have a corresponding
named curve NID set. If asn1_flags is B<OPENSSL_EC_EXPLICIT_CURVE> the
parameters are explicitly encoded. The functions EC_GROUP_get_asn1_flag and
EC_GROUP_set_asn1_flag get and set the status of the asn1_flag for the curve.
Note: B<OPENSSL_EC_EXPLICIT_CURVE> was first added to OpenSSL 1.1.0, for
previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL
1.1.0 the default form was to use explicit parameters (meaning that
applications would have to explicitly set the named curve form) in OpenSSL
1.1.0 and later the named curve form is the default.
The point_coversion_form for a curve controls how EC_POINT data is encoded as ASN1 as defined in X9.62 (ECDSA).
point_conversion_form_t is an enum defined as follows:
...
...
doc/crypto/EVP_PKEY_CTX_ctrl.pod
浏览文件 @
146ca72c
...
...
@@ -8,7 +8,8 @@ EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_rsa_keygen_bits,
EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_dsa_paramgen_bits,
EVP_PKEY_CTX_set_dh_paramgen_prime_len,
EVP_PKEY_CTX_set_dh_paramgen_generator,
EVP_PKEY_CTX_set_ec_paramgen_curve_nid - algorithm specific control operations
EVP_PKEY_CTX_set_ec_paramgen_curve_nid,
EVP_PKEY_CTX_set_ec_param_enc - algorithm specific control operations
=head1 SYNOPSIS
...
...
@@ -37,6 +38,7 @@ EVP_PKEY_CTX_set_ec_paramgen_curve_nid - algorithm specific control operations
#include <openssl/ec.h>
int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid);
int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc);
=head1 DESCRIPTION
...
...
@@ -66,7 +68,7 @@ The macro EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for B<ctx>.
The B<pad> parameter can take the value RSA_PKCS1_PADDING for PKCS#1 padding,
RSA_SSLV23_PADDING for SSLv23 padding, RSA_NO_PADDING for no padding,
RSA_PKCS1_OAEP_PADDING for OAEP padding (encrypt and decrypt only),
RSA_X931_PADDING for X9.31 padding (signature operations only) and
RSA_X931_PADDING for X9.31 padding (signature operations only) and
RSA_PKCS1_PSS_PADDING (sign and verify only).
Two RSA padding modes behave differently if EVP_PKEY_CTX_set_signature_md()
...
...
@@ -91,7 +93,7 @@ RSA key genration to B<bits>. If not specified 1024 bits is used.
The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value
for RSA key generation to B<pubexp> currently it should be an odd integer. The
B<pubexp> pointer is used internally by this function so it should not be
B<pubexp> pointer is used internally by this function so it should not be
modified or free after the call. If this macro is not called then 65537 is used.
The macro EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used
...
...
@@ -106,7 +108,17 @@ for DH parameter generation. If not specified 2 is used.
The EVP_PKEY_CTX_set_ec_paramgen_curve_nid() sets the EC curve for EC parameter
generation to B<nid>. For EC parameter generation this macro must be called
or an error occurs because there is no default curve.
or an error occurs because there is no default curve. In OpenSSL 1.0.2 and
later this function can also be called to set the curve explicitly when
generating an EC key.
The EVP_PKEY_CTX_set_ec_param_enc() sets the EC parameter encoding to
B<param_enc> when generating EC parameters or an EC key. The encoding can be
B<OPENSSL_EC_EXPLICIT_CURVE> for explicit parameters (the default in versions
of OpenSSL before 1.1.0) or B<OPENSSL_EC_NAMED_CURVE> to use named curve form.
For maximum compatibility the named curve form should be used. Note: the
B<OPENSSL_EC_NAMED_CURVE> value was only added to OpenSSL 1.1.0: previous
versions should use 0 instead.
=head1 RETURN VALUES
...
...
@@ -122,8 +134,8 @@ L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>
L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>
=head1 HISTORY
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录