summaryrefslogtreecommitdiff
path: root/static/freebsd/man7/EVP_SIGNATURE-ED25519.7
diff options
context:
space:
mode:
Diffstat (limited to 'static/freebsd/man7/EVP_SIGNATURE-ED25519.7')
-rw-r--r--static/freebsd/man7/EVP_SIGNATURE-ED25519.7232
1 files changed, 232 insertions, 0 deletions
diff --git a/static/freebsd/man7/EVP_SIGNATURE-ED25519.7 b/static/freebsd/man7/EVP_SIGNATURE-ED25519.7
new file mode 100644
index 00000000..c3d81ddd
--- /dev/null
+++ b/static/freebsd/man7/EVP_SIGNATURE-ED25519.7
@@ -0,0 +1,232 @@
+.\" -*- mode: troff; coding: utf-8 -*-
+.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
+.ie n \{\
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds C`
+. ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
+. \}
+.\}
+.rr rF
+.\"
+.\" Required to disable full justification in groff 1.23.0.
+.if n .ds AD l
+.\" ========================================================================
+.\"
+.IX Title "EVP_SIGNATURE-ED25519 7ossl"
+.TH EVP_SIGNATURE-ED25519 7ossl 2026-04-07 3.5.6 OpenSSL
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH NAME
+EVP_SIGNATURE\-ED25519,
+EVP_SIGNATURE\-ED448,
+Ed25519,
+Ed448
+\&\- The EVP_PKEY Ed25519 and Ed448 signature implementations
+.SH DESCRIPTION
+.IX Header "DESCRIPTION"
+The \fBEd25519\fR and \fBEd448\fR EVP_PKEY implementation supports key
+generation, one\-shot digest\-sign and digest\-verify using the EdDSA
+signature schemes described in RFC 8032. It has associated private and
+public key formats compatible with RFC 8410.
+.SS "EdDSA Instances"
+.IX Subsection "EdDSA Instances"
+RFC 8032 describes five EdDSA instances: Ed25519, Ed25519ctx,
+Ed25519ph, Ed448, Ed448ph.
+.PP
+The instances Ed25519, Ed25519ctx, Ed448 are referred to as \fBPureEdDSA\fR
+schemes. For these three instances, the sign and verify procedures
+require access to the complete message (not a digest of the message).
+.PP
+The instances Ed25519ph, Ed448ph are referred to as \fBHashEdDSA\fR
+schemes. For these two instances, the sign and verify procedures do
+not require access to the complete message; they operate on a hash of
+the message. For Ed25519ph, the hash function is SHA512. For
+Ed448ph, the hash function is SHAKE256 with an output length of 512
+bits.
+.PP
+The instances Ed25519ctx, Ed25519ph, Ed448, Ed448ph accept an optional
+\&\fBcontext\-string\fR as input to sign and verify operations (and for
+Ed25519ctx, the context\-string must be nonempty). For the Ed25519
+instance, a nonempty context\-string is not permitted.
+.PP
+These instances can be specified as signature parameters when using
+\&\fBEVP_DigestSignInit\fR\|(3) and \fBEVP_DigestVerifyInit\fR\|(3), see
+"ED25519 and ED448 Signature Parameters" below.
+.PP
+These instances are also explicitly fetchable as algorithms using
+\&\fBEVP_SIGNATURE_fetch\fR\|(3), which can be used with
+\&\fBEVP_PKEY_sign_init_ex2\fR\|(3), \fBEVP_PKEY_verify_init_ex2\fR\|(3),
+\&\fBEVP_PKEY_sign_message_init\fR\|(3) and \fBEVP_PKEY_verify_message_init\fR\|(3).
+.SS "ED25519 and ED448 Signature Parameters"
+.IX Subsection "ED25519 and ED448 Signature Parameters"
+Two parameters can be set during signing or verification: the EdDSA
+\&\fBinstance name\fR and the \fBcontext\-string value\fR. They can be set by
+passing an OSSL_PARAM array to \fBEVP_DigestSignInit_ex()\fR.
+.IP \(bu 4
+"instance" (\fBOSSL_SIGNATURE_PARAM_INSTANCE\fR) <utf8 string>
+.Sp
+One of the five strings "Ed25519", "Ed25519ctx", "Ed25519ph", "Ed448", "Ed448ph".
+.Sp
+"Ed25519", "Ed25519ctx", "Ed25519ph" are valid only for an Ed25519 EVP_PKEY.
+.Sp
+"Ed448", "Ed448ph" are valid only for an Ed448 EVP_PKEY.
+.IP \(bu 4
+"context\-string" (\fBOSSL_SIGNATURE_PARAM_CONTEXT_STRING\fR) <octet string>
+.Sp
+A string of octets with length at most 255.
+.PP
+Both of these parameters are optional.
+.PP
+When using \fBEVP_DigestSignInit\fR\|(3) or \fBEVP_DigestVerifyInit\fR\|(3), the
+signature algorithm is derived from the key type name. The key type name
+("Ed25519" or "Ed448") is also the default for the instance, but this can be
+changed with the "instance" parameter.
+.PP
+Note that a message digest name must \fBNOT\fR be specified when signing
+or verifying.
+.PP
+When using \fBEVP_PKEY_sign_init_ex2\fR\|(3), \fBEVP_PKEY_verify_init_ex2\fR\|(3),
+\&\fBEVP_PKEY_sign_message_init\fR\|(3) or \fBEVP_PKEY_verify_message_init\fR\|(3), the
+instance is the explicit signature algorithm name, and may not be changed
+(trying to give one with the "instance" parameter is therefore an error).
+.PP
+If a context\-string is not specified, then an empty context\-string is
+used.
+.PP
+See \fBEVP_PKEY\-X25519\fR\|(7) for information related to \fBX25519\fR and \fBX448\fR keys.
+.PP
+The following signature parameters can be retrieved using
+\&\fBEVP_PKEY_CTX_get_params()\fR.
+.IP \(bu 4
+"algorithm\-id" (\fBOSSL_SIGNATURE_PARAM_ALGORITHM_ID\fR) <octet string>
+.IP \(bu 4
+"instance" (\fBOSSL_SIGNATURE_PARAM_INSTANCE\fR) <utf8 string>
+.IP \(bu 4
+"context\-string" (\fBOSSL_SIGNATURE_PARAM_CONTEXT_STRING\fR) <octet string>
+.PP
+The parameters are described in \fBprovider\-signature\fR\|(7).
+.SH NOTES
+.IX Header "NOTES"
+The PureEdDSA instances do not support the streaming mechanism of
+other signature algorithms using, for example, \fBEVP_DigestUpdate()\fR.
+The message to sign or verify must be passed using the one\-shot
+\&\fBEVP_DigestSign()\fR and \fBEVP_DigestVerify()\fR functions.
+.PP
+The HashEdDSA instances do not yet support the streaming mechanisms
+(so the one\-shot functions must be used with HashEdDSA as well).
+.PP
+When calling \fBEVP_DigestSignInit()\fR or \fBEVP_DigestVerifyInit()\fR, the
+digest \fItype\fR parameter \fBMUST\fR be set to NULL.
+.PP
+Applications wishing to sign certificates (or other structures such as
+CRLs or certificate requests) using Ed25519 or Ed448 can either use \fBX509_sign()\fR
+or \fBX509_sign_ctx()\fR in the usual way.
+.PP
+Ed25519 or Ed448 private keys can be set directly using
+\&\fBEVP_PKEY_new_raw_private_key\fR\|(3) or loaded from a PKCS#8 private key file
+using \fBPEM_read_bio_PrivateKey\fR\|(3) (or similar function). Completely new keys
+can also be generated (see the example below). Setting a private key also sets
+the associated public key.
+.PP
+Ed25519 or Ed448 public keys can be set directly using
+\&\fBEVP_PKEY_new_raw_public_key\fR\|(3) or loaded from a SubjectPublicKeyInfo
+structure in a PEM file using \fBPEM_read_bio_PUBKEY\fR\|(3) (or similar function).
+.PP
+Ed25519 and Ed448 can be tested with the \fBopenssl\-speed\fR\|(1) application
+since version 1.1.1.
+Valid algorithm names are \fBed25519\fR, \fBed448\fR and \fBeddsa\fR. If \fBeddsa\fR is
+specified, then both Ed25519 and Ed448 are benchmarked.
+.PP
+Since Ed25519ctx is not included in FIPS 186\-5, it is not present
+in the FIPS provider.
+.SH EXAMPLES
+.IX Header "EXAMPLES"
+To sign a message using an ED25519 EVP_PKEY structure:
+.PP
+.Vb 5
+\& void do_sign(EVP_PKEY *ed_key, unsigned char *msg, size_t msg_len)
+\& {
+\& size_t sig_len;
+\& unsigned char *sig = NULL;
+\& EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
+\&
+\& const OSSL_PARAM params[] = {
+\& OSSL_PARAM_utf8_string ("instance", "Ed25519ctx", 10),
+\& OSSL_PARAM_octet_string("context\-string", (unsigned char *)"A protocol defined context string", 33),
+\& OSSL_PARAM_END
+\& };
+\&
+\& /* The input "params" is not needed if default options are acceptable.
+\& Use NULL in place of "params" in that case. */
+\& EVP_DigestSignInit_ex(md_ctx, NULL, NULL, NULL, NULL, ed_key, params);
+\& /* Calculate the required size for the signature by passing a NULL buffer. */
+\& EVP_DigestSign(md_ctx, NULL, &sig_len, msg, msg_len);
+\& sig = OPENSSL_zalloc(sig_len);
+\&
+\& EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len);
+\& ...
+\& OPENSSL_free(sig);
+\& EVP_MD_CTX_free(md_ctx);
+\& }
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fBEVP_PKEY\-X25519\fR\|(7)
+\&\fBprovider\-signature\fR\|(7),
+\&\fBEVP_DigestSignInit\fR\|(3),
+\&\fBEVP_DigestVerifyInit\fR\|(3),
+.SH COPYRIGHT
+.IX Header "COPYRIGHT"
+Copyright 2017\-2026 The OpenSSL Project Authors. All Rights Reserved.
+.PP
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+<https://www.openssl.org/source/license.html>.
generated by cgit v1.2.3 (git 2.46.0) at 2026-05-15 13:05:26 +0000