document RSA-PSS algorithm options

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
上级 1b214685
......@@ -111,6 +111,31 @@ hexadecimal value if preceded by B<0x>. Default value is 65537.
=back
=head1 RSA-PSS KEY GENERATION OPTIONS
Note: by default an B<RSA-PSS> key has no parameter restrictions.
=over 4
=item B<rsa_keygen_bits:numbits>, B<rsa_keygen_pubexp:value>
These options have the same meaning as the B<RSA> algorithm.
=item B<rsa_pss_keygen_md:digest>
If set the key is restricted and can only use B<digest> for signing.
=item B<rsa_pss_keygen_mgf1_md:digest>
If set the key is restricted and can only use B<digest> as it's MGF1
parameter.
=item B<rsa_pss_keygen_saltlen:len>
If set the key is restricted and B<len> specifies the minimum salt length.
=back
=head1 DSA PARAMETER GENERATION OPTIONS
=over 4
......
......@@ -221,6 +221,32 @@ sets the salt length to the maximum permissible value. When verifying -2 causes
the salt length to be automatically determined based on the B<PSS> block
structure.
=item B<rsa_mgf1_md:digest>
For PSS and OAEP padding sets the MGF1 digest. If the MGF1 digest is not
explicitly set in PSS mode then the signing digest is used.
=back
=head1 RSA-PSS ALGORITHM
The RSA-PSS algorithm is a restricted version of the RSA algorithm which only
supports the sign and verify operations with PSS padding. The following
additional B<pkeyopt> values are supported:
=over 4
=item B<rsa_padding_mode:mode>, B<rsa_pss_saltlen:len>, B<rsa_mgf1_md:digest>
These have the same meaning as the B<RSA> algorithm with some additional
restrictions. The padding mode can only be set to B<pss> which is the
default value.
If the key has parameter restrictions than the digest, MGF1
digest and salt length are set to the values specified in the parameters.
The digest and MG cannot be changed and the salt length cannot be set to a
value less than the minimum restriction.
=back
=head1 DSA ALGORITHM
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册
新手
引导
客服 返回
顶部