TeaSpeak/openssl-prebuild
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
8171e85754
openssl-prebuild/linux_amd64/share/doc/openssl/html/man1/openssl-kdf.html
WolverinDEV fac3c18e6c Initial upload
2020-03-02 16:50:34 +00:00

215 lines
7.3 KiB
HTML
Executable File
Raw Blame History

<?xml version="1.0" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>openssl-kdf</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
</head>
<body style="background-color: white">
<!-- INDEX BEGIN -->
<div name="index">
<p><a name="__index__"></a></p>
<ul>
<li><a href="#name">NAME</a></li>
<li><a href="#synopsis">SYNOPSIS</a></li>
<li><a href="#description">DESCRIPTION</a></li>
<li><a href="#options">OPTIONS</a></li>
<li><a href="#examples">EXAMPLES</a></li>
<li><a href="#notes">NOTES</a></li>
<li><a href="#see_also">SEE ALSO</a></li>
<li><a href="#history">HISTORY</a></li>
<li><a href="#copyright">COPYRIGHT</a></li>
</ul>
<hr name="index" />
</div>
<!-- INDEX END -->
<p>
</p>
<hr />
<h1><a name="name">NAME</a></h1>
<p>openssl-kdf - perform Key Derivation Function operations</p>
<p>
</p>
<hr />
<h1><a name="synopsis">SYNOPSIS</a></h1>
<p><strong>openssl kdf</strong>
[<strong>-help</strong>]
[<strong>-kdfopt</strong> <em>nm</em>:<em>v</em>]
[<strong>-keylen</strong> <em>num</em>]
[<strong>-out</strong> <em>filename</em>]
[<strong>-binary</strong>]
<em>kdf_name</em></p>
<p>
</p>
<hr />
<h1><a name="description">DESCRIPTION</a></h1>
<p>The key derivation functions generate a derived key from either a secret or
password.</p>
<p>
</p>
<hr />
<h1><a name="options">OPTIONS</a></h1>
<dl>
<dt><strong><a name="help" class="item"><strong>-help</strong></a></strong></dt>
<dd>
<p>Print a usage message.</p>
</dd>
<dt><strong><a name="keylen_num" class="item"><strong>-keylen</strong> <em>num</em></a></strong></dt>
<dd>
<p>The output size of the derived key. This field is required.</p>
</dd>
<dt><strong><a name="out_filename" class="item"><strong>-out</strong> <em>filename</em></a></strong></dt>
<dd>
<p>Filename to output to, or standard output by default.</p>
</dd>
<dt><strong><a name="binary" class="item"><strong>-binary</strong></a></strong></dt>
<dd>
<p>Output the derived key in binary form. Uses hexadecimal text format if not specified.</p>
</dd>
<dt><strong><a name="kdfopt_nm_v" class="item"><strong>-kdfopt</strong> <em>nm</em>:<em>v</em></a></strong></dt>
<dd>
<p>Passes options to the KDF algorithm.
A comprehensive list of parameters can be found in the EVP_KDF_CTX
implementation documentation.
Common parameter names used by <code>EVP_KDF_CTX_set_params()</code> are:</p>
<dl>
<dt><strong><a name="key_string" class="item"><strong>key:</strong><em>string</em></a></strong></dt>
<dd>
<p>Specifies the secret key as an alphanumeric string (use if the key contains
printable characters only).
The string length must conform to any restrictions of the KDF algorithm.
A key must be specified for most KDF algorithms.</p>
</dd>
<dt><strong><a name="hexkey_string" class="item"><strong>hexkey:</strong><em>string</em></a></strong></dt>
<dd>
<p>Specifies the secret key in hexadecimal form (two hex digits per byte).
The key length must conform to any restrictions of the KDF algorithm.
A key must be specified for most KDF algorithms.</p>
</dd>
<dt><strong><a name="pass_string" class="item"><strong>pass:</strong><em>string</em></a></strong></dt>
<dd>
<p>Specifies the password as an alphanumeric string (use if the password contains
printable characters only).
The password must be specified for PBKDF2 and scrypt.</p>
</dd>
<dt><strong><a name="hexpass_string" class="item"><strong>hexpass:</strong><em>string</em></a></strong></dt>
<dd>
<p>Specifies the password in hexadecimal form (two hex digits per byte).
The password must be specified for PBKDF2 and scrypt.</p>
</dd>
<dt><strong><a name="digest_string" class="item"><strong>digest:</strong><em>string</em></a></strong></dt>
<dd>
<p>Specifies the name of a digest as an alphanumeric string.
To see the list of supported digests, use the command <em>list -digest-commands</em>.</p>
</dd>
</dl>
</dd>
<dt><strong><a name="kdf_name" class="item"><em>kdf_name</em></a></strong></dt>
<dd>
<p>Specifies the name of a supported KDF algorithm which will be used.
The supported algorithms names include TLS1-PRF, HKDF, SSKDF, PBKDF2,
SSHKDF, X942KDF, X963KDF and SCRYPT.</p>
</dd>
</dl>
<p>
</p>
<hr />
<h1><a name="examples">EXAMPLES</a></h1>
<p>Use TLS1-PRF to create a hex-encoded derived key from a secret key and seed:</p>
<pre>
openssl kdf -keylen 16 -kdfopt digest:SHA2-256 -kdfopt key:secret \
-kdfopt seed:seed TLS1-PRF</pre>
<p>Use HKDF to create a hex-encoded derived key from a secret key, salt and info:</p>
<pre>
openssl kdf -keylen 10 -kdfopt digest:SHA2-256 -kdfopt key:secret \
-kdfopt salt:salt -kdfopt info:label HKDF</pre>
<p>Use SSKDF with KMAC to create a hex-encoded derived key from a secret key, salt and info:</p>
<pre>
openssl kdf -keylen 64 -kdfopt mac:KMAC-128 -kdfopt maclen:20 \
-kdfopt hexkey:b74a149a161545 -kdfopt hexinfo:348a37a2 \
-kdfopt hexsalt:3638271ccd68a2 SSKDF</pre>
<p>Use SSKDF with HMAC to create a hex-encoded derived key from a secret key, salt and info:</p>
<pre>
openssl kdf -keylen 16 -kdfopt mac:HMAC -kdfopt digest:SHA2-256 \
-kdfopt hexkey:b74a149a -kdfopt hexinfo:348a37a2 \
-kdfopt hexsalt:3638271c SSKDF</pre>
<p>Use SSKDF with Hash to create a hex-encoded derived key from a secret key, salt and info:</p>
<pre>
openssl kdf -keylen 14 -kdfopt digest:SHA2-256 \
-kdfopt hexkey:6dbdc23f045488 \
-kdfopt hexinfo:a1b2c3d4 SSKDF</pre>
<p>Use SSHKDF to create a hex-encoded derived key from a secret key, hash and session_id:</p>
<pre>
openssl kdf -keylen 16 -kdfopt digest:SHA2-256 \
-kdfopt hexkey:0102030405 \
-kdfopt hexxcghash:06090A \
-kdfopt hexsession_id:01020304 \
-kdfopt type:A SSHKDF</pre>
<p>Use PBKDF2 to create a hex-encoded derived key from a password and salt:</p>
<pre>
openssl kdf -keylen 32 -kdfopt digest:SHA256 -kdfopt pass:password \
-kdfopt salt:salt -kdfopt iter:2 PBKDF2</pre>
<p>Use scrypt to create a hex-encoded derived key from a password and salt:</p>
<pre>
openssl kdf -keylen 64 -kdfopt pass:password -kdfopt salt:NaCl \
-kdfopt N:1024 -kdfopt r:8 -kdfopt p:16 \
-kdfopt maxmem_bytes:10485760 SCRYPT</pre>
<p>
</p>
<hr />
<h1><a name="notes">NOTES</a></h1>
<p>The KDF mechanisms that are available will depend on the options
used when building OpenSSL.</p>
<p>
</p>
<hr />
<h1><a name="see_also">SEE ALSO</a></h1>
<p><em>openssl(1)</em>,
<em>openssl-pkeyutl(1)</em>,
<em>EVP_KDF(3)</em>,
<em>EVP_KDF-SCRYPT(7)</em>,
<em>EVP_KDF-TLS1_PRF(7)</em>,
<em>EVP_KDF-PBKDF2(7)</em>,
<em>EVP_KDF-HKDF(7)</em>,
<em>EVP_KDF-SS(7)</em>,
<em>EVP_KDF-SSHKDF(7)</em>,
<em>EVP_KDF-X942(7)</em>,
<em>EVP_KDF-X963(7)</em></p>
<p>
</p>
<hr />
<h1><a name="history">HISTORY</a></h1>
<p>Added in OpenSSL 3.0</p>
<p>
</p>
<hr />
<h1><a name="copyright">COPYRIGHT</a></h1>
<p>Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.</p>
<p>Licensed under the OpenSSL license (the &quot;License&quot;). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
<a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.</p>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink