openssl/doc/man7/EVP_KEM-RSA.pod

=pod

=head1 NAME

EVP_KEM-RSA
- EVP_KEM RSA keytype and algorithm support

=head1 DESCRIPTION

The B<RSA> keytype and its parameters are described in L<EVP_PKEY-RSA(7)>.
See L<EVP_PKEY_encapsulate(3)> and L<EVP_PKEY_decapsulate(3)> for more info.

=head2 RSA KEM parameters

=over 4

=item "operation" (B<OSSL_KEM_PARAM_OPERATION>) <UTF8 string>

The OpenSSL RSA Key Encapsulation Mechanism only currently supports the
following default operation (operating mode):

=over 4

=item "RSASVE"

The encapsulate function simply generates a secret using random bytes and then
encrypts the secret using the RSA public key (with no padding).
The decapsulate function recovers the secret using the RSA private key.

=back

This can be set using EVP_PKEY_CTX_set_kem_op().

=item "fips-indicator" (B<OSSL_KEM_PARAM_FIPS_APPROVED_INDICATOR>) <integer>

=item "key-check" (B<OSSL_KEM_PARAM_FIPS_KEY_CHECK>) <integer>

These parameters are described in L<provider-kem(7)>.

=back

=head1 CONFORMING TO

=over 4

=item SP800-56Br2

Section 7.2.1.2 RSASVE Generate Operation (RSASVE.GENERATE).
Section 7.2.1.3 RSASVE Recovery Operation (RSASVE.RECOVER).

=back

=head1 SEE ALSO

L<EVP_PKEY_CTX_set_kem_op(3)>,
L<EVP_PKEY_encapsulate(3)>,
L<EVP_PKEY_decapsulate(3)>
L<EVP_KEYMGMT(3)>,
L<EVP_PKEY(3)>,
L<provider-keymgmt(7)>

=head1 HISTORY

This functionality was added in OpenSSL 3.0.

The C<operation> (operating mode) was a required parameter prior to OpenSSL 3.5.
As of OpenSSL 3.5, C<RSASVE> is the default operating mode, and no explicit
value need be specified.

=head1 COPYRIGHT

Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Add KEM (Key encapsulation mechanism) support to providers SP800-56Br2 requires support for the RSA primitives for RSASVE generate and recover. As these are simple KEM operations another operation type has been added that can support future extensions. Added public functions EVP_PKEY_encapsulate_init(), EVP_PKEY_encapsulate(), EVP_PKEY_decapsulate_init() and EVP_PKEY_decapsulate() Added EVP_KEM_* functions. Added OSSL_FUNC_kem_* dispatch functions Added EVP_PKEY_CTX_set_kem_op() so that different types of KEM can be added in the future. This value must currently be set to "RSASVE" after EVP_PKEY_encapsulate_init() & EVP_PKEY_decapsulate_init() as there is no default value. This allows the existing RSA key types, keymanagers, and encoders to be used with the encapsulation operations. The design of the public API's resulted from contributions from @romen & @levitte. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12750) 2020-09-19 16:08:46 +08:00			`=pod`

			`=head1 NAME`

			`EVP_KEM-RSA`
			`- EVP_KEM RSA keytype and algorithm support`

			`=head1 DESCRIPTION`

			`The B<RSA> keytype and its parameters are described in L<EVP_PKEY-RSA(7)>.`
			`See L<EVP_PKEY_encapsulate(3)> and L<EVP_PKEY_decapsulate(3)> for more info.`

			`=head2 RSA KEM parameters`

			`=over 4`

			`=item "operation" (B<OSSL_KEM_PARAM_OPERATION>) <UTF8 string>`

			`The OpenSSL RSA Key Encapsulation Mechanism only currently supports the`
Make the KEM operating mode optional There is only one operating mode supported for each of RSA, EC and ECX. We should not require an explicit setting for the obvious default. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/26872) 2025-02-23 12:21:14 +08:00			`following default operation (operating mode):`
Add KEM (Key encapsulation mechanism) support to providers SP800-56Br2 requires support for the RSA primitives for RSASVE generate and recover. As these are simple KEM operations another operation type has been added that can support future extensions. Added public functions EVP_PKEY_encapsulate_init(), EVP_PKEY_encapsulate(), EVP_PKEY_decapsulate_init() and EVP_PKEY_decapsulate() Added EVP_KEM_* functions. Added OSSL_FUNC_kem_* dispatch functions Added EVP_PKEY_CTX_set_kem_op() so that different types of KEM can be added in the future. This value must currently be set to "RSASVE" after EVP_PKEY_encapsulate_init() & EVP_PKEY_decapsulate_init() as there is no default value. This allows the existing RSA key types, keymanagers, and encoders to be used with the encapsulation operations. The design of the public API's resulted from contributions from @romen & @levitte. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12750) 2020-09-19 16:08:46 +08:00
			`=over 4`

			`=item "RSASVE"`

			`The encapsulate function simply generates a secret using random bytes and then`
			`encrypts the secret using the RSA public key (with no padding).`
			`The decapsulate function recovers the secret using the RSA private key.`

			`=back`

			`This can be set using EVP_PKEY_CTX_set_kem_op().`

Fix parameter types int -> integer changes Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24881) 2024-07-15 09:06:45 +08:00			`=item "fips-indicator" (B<OSSL_KEM_PARAM_FIPS_APPROVED_INDICATOR>) <integer>`
Change all existing FIPS configurable checks to use FIPS indicators. This changes the logic to always do the security checks and then decide what to do based on if this passes or not. Failure of a check causes either a failure OR the FIPS indicator callback to be triggered. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24623) 2024-07-01 09:36:58 +08:00
Fix parameter types int -> integer changes Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24881) 2024-07-15 09:06:45 +08:00			`=item "key-check" (B<OSSL_KEM_PARAM_FIPS_KEY_CHECK>) <integer>`
Add KEM (Key encapsulation mechanism) support to providers SP800-56Br2 requires support for the RSA primitives for RSASVE generate and recover. As these are simple KEM operations another operation type has been added that can support future extensions. Added public functions EVP_PKEY_encapsulate_init(), EVP_PKEY_encapsulate(), EVP_PKEY_decapsulate_init() and EVP_PKEY_decapsulate() Added EVP_KEM_* functions. Added OSSL_FUNC_kem_* dispatch functions Added EVP_PKEY_CTX_set_kem_op() so that different types of KEM can be added in the future. This value must currently be set to "RSASVE" after EVP_PKEY_encapsulate_init() & EVP_PKEY_decapsulate_init() as there is no default value. This allows the existing RSA key types, keymanagers, and encoders to be used with the encapsulation operations. The design of the public API's resulted from contributions from @romen & @levitte. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12750) 2020-09-19 16:08:46 +08:00
Change all existing FIPS configurable checks to use FIPS indicators. This changes the logic to always do the security checks and then decide what to do based on if this passes or not. Failure of a check causes either a failure OR the FIPS indicator callback to be triggered. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24623) 2024-07-01 09:36:58 +08:00			`These parameters are described in L<provider-kem(7)>.`

			`=back`
Add KEM (Key encapsulation mechanism) support to providers SP800-56Br2 requires support for the RSA primitives for RSASVE generate and recover. As these are simple KEM operations another operation type has been added that can support future extensions. Added public functions EVP_PKEY_encapsulate_init(), EVP_PKEY_encapsulate(), EVP_PKEY_decapsulate_init() and EVP_PKEY_decapsulate() Added EVP_KEM_* functions. Added OSSL_FUNC_kem_* dispatch functions Added EVP_PKEY_CTX_set_kem_op() so that different types of KEM can be added in the future. This value must currently be set to "RSASVE" after EVP_PKEY_encapsulate_init() & EVP_PKEY_decapsulate_init() as there is no default value. This allows the existing RSA key types, keymanagers, and encoders to be used with the encapsulation operations. The design of the public API's resulted from contributions from @romen & @levitte. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12750) 2020-09-19 16:08:46 +08:00
			`=head1 CONFORMING TO`

			`=over 4`

			`=item SP800-56Br2`

			`Section 7.2.1.2 RSASVE Generate Operation (RSASVE.GENERATE).`
			`Section 7.2.1.3 RSASVE Recovery Operation (RSASVE.RECOVER).`

			`=back`

			`=head1 SEE ALSO`

			`L<EVP_PKEY_CTX_set_kem_op(3)>,`
			`L<EVP_PKEY_encapsulate(3)>,`
			`L<EVP_PKEY_decapsulate(3)>`
			`L<EVP_KEYMGMT(3)>,`
			`L<EVP_PKEY(3)>,`
			`L<provider-keymgmt(7)>`

Add missing HISTORY sections for OpenSSL 3.0 related documents. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19690) 2022-11-17 05:26:06 +08:00			`=head1 HISTORY`

			`This functionality was added in OpenSSL 3.0.`

Make the KEM operating mode optional There is only one operating mode supported for each of RSA, EC and ECX. We should not require an explicit setting for the obvious default. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/26872) 2025-02-23 12:21:14 +08:00			`The C<operation> (operating mode) was a required parameter prior to OpenSSL 3.5.`
			`As of OpenSSL 3.5, C<RSASVE> is the default operating mode, and no explicit`
			`value need be specified.`

Add KEM (Key encapsulation mechanism) support to providers SP800-56Br2 requires support for the RSA primitives for RSASVE generate and recover. As these are simple KEM operations another operation type has been added that can support future extensions. Added public functions EVP_PKEY_encapsulate_init(), EVP_PKEY_encapsulate(), EVP_PKEY_decapsulate_init() and EVP_PKEY_decapsulate() Added EVP_KEM_* functions. Added OSSL_FUNC_kem_* dispatch functions Added EVP_PKEY_CTX_set_kem_op() so that different types of KEM can be added in the future. This value must currently be set to "RSASVE" after EVP_PKEY_encapsulate_init() & EVP_PKEY_decapsulate_init() as there is no default value. This allows the existing RSA key types, keymanagers, and encoders to be used with the encapsulation operations. The design of the public API's resulted from contributions from @romen & @levitte. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12750) 2020-09-19 16:08:46 +08:00			`=head1 COPYRIGHT`

Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes 2025-03-12 21:35:59 +08:00			`Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.`
Add KEM (Key encapsulation mechanism) support to providers SP800-56Br2 requires support for the RSA primitives for RSASVE generate and recover. As these are simple KEM operations another operation type has been added that can support future extensions. Added public functions EVP_PKEY_encapsulate_init(), EVP_PKEY_encapsulate(), EVP_PKEY_decapsulate_init() and EVP_PKEY_decapsulate() Added EVP_KEM_* functions. Added OSSL_FUNC_kem_* dispatch functions Added EVP_PKEY_CTX_set_kem_op() so that different types of KEM can be added in the future. This value must currently be set to "RSASVE" after EVP_PKEY_encapsulate_init() & EVP_PKEY_decapsulate_init() as there is no default value. This allows the existing RSA key types, keymanagers, and encoders to be used with the encapsulation operations. The design of the public API's resulted from contributions from @romen & @levitte. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12750) 2020-09-19 16:08:46 +08:00
			`Licensed under the Apache License 2.0 (the "License"). You may not use`
			`this file except in compliance with the License. You can obtain a copy`
			`in the file LICENSE in the source distribution or at`
			`L<https://www.openssl.org/source/license.html>.`

			`=cut`