man/man7/EVP_PKEY-RSA.7

         Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)

 Standard preamble:
 ========================================================================
..
..

..
 Set up some character translations and predefined strings. \*(-- will
 give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
 double quote, and \*(R" will give a right double quote. \*(C+ will
 give a nicer C++. Capital omega is used to do unbreakable dashes and
 therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
 nothing in troff, for use with C<>.
.tr \(*W-
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}

 Escape single quotes in literal strings from groff's Unicode transform.

 If the F register is >0, we'll generate index entries on stderr for
 titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 entries marked with X<> in POD. Of course, you'll have to process the
 output yourself in some meaningful fashion.

 Avoid warning from groff about undefined register 'F'.
..
.nr rF 0
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
 Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #]
.\}
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
. \" corrections for vroff
. \" for low resolution devices (crt and lpr)
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
 ========================================================================

 Title "EVP_PKEY-RSA 7ossl"  EVP_PKEY-RSA 7ossl "2023-09-19" "3.0.11" "OpenSSL"
 For nroff, turn off justification. Always turn off hyphenation; it makes
 way too many mistakes in technical documents.
 "NAME"
EVP_PKEY-RSA, EVP_KEYMGMT-RSA, RSA
\- EVP_PKEY RSA keytype and algorithm support
 "DESCRIPTION"
 Header "DESCRIPTION" The \s-1RSA\s0 keytype is implemented in OpenSSL's default and \s-1FIPS\s0 providers.
That implementation supports the basic \s-1RSA\s0 keys, containing the modulus n,
the public exponent e, the private exponent d, and a collection of prime
factors, exponents and coefficient for \s-1CRT\s0 calculations, of which the first
few are known as p and q, dP and dQ, and qInv.
 "Common \s-1RSA\s0 parameters"
 Subsection "Common RSA parameters" In addition to the common parameters that all keytypes should support (see
\*(L"Common parameters\*(R" in provider-keymgmt\|(7)), the \s-1RSA\s0 keytype implementation
supports the following.
 Item "n (OSSL_PKEY_PARAM_RSA_N) <unsigned integer>" The \s-1RSA\s0 modulus \*(L"n\*(R" value.
 Item "e (OSSL_PKEY_PARAM_RSA_E) <unsigned integer>" The \s-1RSA\s0 public exponent \*(L"e\*(R" value.
This value must always be set when creating a raw key using EVP_PKEY_fromdata\|(3).
Note that when a decryption operation is performed, that this value is used for
blinding purposes to prevent timing attacks.
 Item "d (OSSL_PKEY_PARAM_RSA_D) <unsigned integer>" The \s-1RSA\s0 private exponent \*(L"d\*(R" value.
 Item "rsa-factor1 (OSSL_PKEY_PARAM_RSA_FACTOR1) <unsigned integer>"  0
 Item "rsa-factor2 (OSSL_PKEY_PARAM_RSA_FACTOR2) <unsigned integer>"  Item "rsa-factor3 (OSSL_PKEY_PARAM_RSA_FACTOR3) <unsigned integer>"  Item "rsa-factor4 (OSSL_PKEY_PARAM_RSA_FACTOR4) <unsigned integer>"  Item "rsa-factor5 (OSSL_PKEY_PARAM_RSA_FACTOR5) <unsigned integer>"  Item "rsa-factor6 (OSSL_PKEY_PARAM_RSA_FACTOR6) <unsigned integer>"  Item "rsa-factor7 (OSSL_PKEY_PARAM_RSA_FACTOR7) <unsigned integer>"  Item "rsa-factor8 (OSSL_PKEY_PARAM_RSA_FACTOR8) <unsigned integer>"  Item "rsa-factor9 (OSSL_PKEY_PARAM_RSA_FACTOR9) <unsigned integer>"  Item "rsa-factor10 (OSSL_PKEY_PARAM_RSA_FACTOR10) <unsigned integer>"
\s-1RSA\s0 prime factors. The factors are known as \*(L"p\*(R", \*(L"q\*(R" and \*(L"r_i\*(R" in \s-1RFC8017.\s0
Up to eight additional \*(L"r_i\*(R" prime factors are supported.
 Item "rsa-exponent1 (OSSL_PKEY_PARAM_RSA_EXPONENT1) <unsigned integer>"  0
 Item "rsa-exponent2 (OSSL_PKEY_PARAM_RSA_EXPONENT2) <unsigned integer>"  Item "rsa-exponent3 (OSSL_PKEY_PARAM_RSA_EXPONENT3) <unsigned integer>"  Item "rsa-exponent4 (OSSL_PKEY_PARAM_RSA_EXPONENT4) <unsigned integer>"  Item "rsa-exponent5 (OSSL_PKEY_PARAM_RSA_EXPONENT5) <unsigned integer>"  Item "rsa-exponent6 (OSSL_PKEY_PARAM_RSA_EXPONENT6) <unsigned integer>"  Item "rsa-exponent7 (OSSL_PKEY_PARAM_RSA_EXPONENT7) <unsigned integer>"  Item "rsa-exponent8 (OSSL_PKEY_PARAM_RSA_EXPONENT8) <unsigned integer>"  Item "rsa-exponent9 (OSSL_PKEY_PARAM_RSA_EXPONENT9) <unsigned integer>"  Item "rsa-exponent10 (OSSL_PKEY_PARAM_RSA_EXPONENT10) <unsigned integer>"
\s-1RSA CRT\s0 (Chinese Remainder Theorem) exponents. The exponents are known
as \*(L"dP\*(R", \*(L"dQ\*(R" and \*(L"d_i in \s-1RFC8017\*(R".\s0
Up to eight additional \*(L"d_i\*(R" exponents are supported.
 Item "rsa-coefficient1 (OSSL_PKEY_PARAM_RSA_COEFFICIENT1) <unsigned integer>"  0
 Item "rsa-coefficient2 (OSSL_PKEY_PARAM_RSA_COEFFICIENT2) <unsigned integer>"  Item "rsa-coefficient3 (OSSL_PKEY_PARAM_RSA_COEFFICIENT3) <unsigned integer>"  Item "rsa-coefficient4 (OSSL_PKEY_PARAM_RSA_COEFFICIENT4) <unsigned integer>"  Item "rsa-coefficient5 (OSSL_PKEY_PARAM_RSA_COEFFICIENT5) <unsigned integer>"  Item "rsa-coefficient6 (OSSL_PKEY_PARAM_RSA_COEFFICIENT6) <unsigned integer>"  Item "rsa-coefficient7 (OSSL_PKEY_PARAM_RSA_COEFFICIENT7) <unsigned integer>"  Item "rsa-coefficient8 (OSSL_PKEY_PARAM_RSA_COEFFICIENT8) <unsigned integer>"  Item "rsa-coefficient9 (OSSL_PKEY_PARAM_RSA_COEFFICIENT9) <unsigned integer>"
\s-1RSA CRT\s0 (Chinese Remainder Theorem) coefficients. The coefficients are known as
\*(L"qInv\*(R" and \*(L"t_i\*(R".
Up to eight additional \*(L"t_i\*(R" exponents are supported.
 "\s-1RSA\s0 key generation parameters"
 Subsection "RSA key generation parameters" When generating \s-1RSA\s0 keys, the following key generation parameters may be used.
 Item "bits (OSSL_PKEY_PARAM_RSA_BITS) <unsigned integer>" The value should be the cryptographic length for the \s-1RSA\s0 cryptosystem, in
bits.
 Item "primes (OSSL_PKEY_PARAM_RSA_PRIMES) <unsigned integer>" The value should be the number of primes for the generated \s-1RSA\s0 key. The
default is 2. It isn't permitted to specify a larger number of primes than
10. Additionally, the number of primes is limited by the length of the key
being generated so the maximum number could be less.
Some providers may only support a value of 2.
 Item "e (OSSL_PKEY_PARAM_RSA_E) <unsigned integer>" The \s-1RSA\s0 \*(L"e\*(R" value. The value may be any odd number greater than or equal to
65537. The default value is 65537.
For legacy reasons a value of 3 is currently accepted but is deprecated.
 "\s-1RSA\s0 key generation parameters for \s-1FIPS\s0 module testing"
 Subsection "RSA key generation parameters for FIPS module testing" When generating \s-1RSA\s0 keys, the following additional key generation parameters may
be used for algorithm testing purposes only. Do not use these to generate
\s-1RSA\s0 keys for a production environment.
 Item "xp (OSSL_PKEY_PARAM_RSA_TEST_XP) <unsigned integer>"  0
 Item "xq (OSSL_PKEY_PARAM_RSA_TEST_XQ) <unsigned integer>"
These 2 fields are normally randomly generated and are used to generate \*(L"p\*(R" and
\*(L"q\*(R".
 Item "xp1 (OSSL_PKEY_PARAM_RSA_TEST_XP1) <unsigned integer>"  0
 Item "xp2 (OSSL_PKEY_PARAM_RSA_TEST_XP2) <unsigned integer>"  Item "xq1 (OSSL_PKEY_PARAM_RSA_TEST_XQ1) <unsigned integer>"  Item "xq2 (OSSL_PKEY_PARAM_RSA_TEST_XQ2) <unsigned integer>"
These 4 fields are normally randomly generated. The prime factors \*(L"p1\*(R", \*(L"p2\*(R",
\*(L"q1\*(R" and \*(L"q2\*(R" are determined from these values.
 "\s-1RSA\s0 key parameters for \s-1FIPS\s0 module testing"
 Subsection "RSA key parameters for FIPS module testing" The following intermediate values can be retrieved only if the values
specified in \*(L"\s-1RSA\s0 key generation parameters for \s-1FIPS\s0 module testing\*(R" are set.
These should not be accessed in a production environment.
 Item "p1 (OSSL_PKEY_PARAM_RSA_TEST_P1) <unsigned integer>"  0
 Item "p2 (OSSL_PKEY_PARAM_RSA_TEST_P2) <unsigned integer>"  Item "q1 (OSSL_PKEY_PARAM_RSA_TEST_Q1) <unsigned integer>"  Item "q2 (OSSL_PKEY_PARAM_RSA_TEST_Q2) <unsigned integer>"
The auxiliary probable primes.
 "\s-1RSA\s0 key validation"
 Subsection "RSA key validation" For \s-1RSA\s0 keys, EVP_PKEY_param_check\|(3) and EVP_PKEY_param_check_quick\|(3)
both return 1 unconditionally.

For \s-1RSA\s0 keys, EVP_PKEY_public_check\|(3) conforms to the SP800-56Br1 public key
check when the OpenSSL \s-1FIPS\s0 provider is used. The OpenSSL default provider
performs similar tests but relaxes the keysize restrictions for backwards
compatibility.

For \s-1RSA\s0 keys, EVP_PKEY_public_check_quick\|(3) is the same as
\fBEVP_PKEY_public_check\|(3).

For \s-1RSA\s0 keys, EVP_PKEY_private_check\|(3) conforms to the SP800-56Br1
\fIprivate key test.

For \s-1RSA\s0 keys, EVP_PKEY_pairwise_check\|(3) conforms to the
SP800-56Br1 KeyPair Validation check for the OpenSSL \s-1FIPS\s0 provider. The
OpenSSL default provider allows testing of the validity of multi-primes.
 "CONFORMING TO"
 Header "CONFORMING TO"  "\s-1FIPS186-4\s0" 4
 Item "FIPS186-4" Section B.3.6 Generation of Probable Primes with Conditions Based on
Auxiliary Probable Primes
 "\s-1RFC 8017,\s0 excluding RSA-PSS and RSA-OAEP" 4
 Item "RFC 8017, excluding RSA-PSS and RSA-OAEP"  "EXAMPLES"
 Header "EXAMPLES" An \s-1EVP_PKEY\s0 context can be obtained by calling:

.Vb 2
  EVP_PKEY_CTX *pctx =
  EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
.Ve

An \s-1RSA\s0 key can be generated simply like this:

.Vb 1
  pkey = EVP_RSA_gen(4096);
.Ve

or like this:

.Vb 3
  EVP_PKEY *pkey = NULL;
  EVP_PKEY_CTX *pctx =
  EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
\&
  EVP_PKEY_keygen_init(pctx);
  EVP_PKEY_generate(pctx, &pkey);
  EVP_PKEY_CTX_free(pctx);
.Ve

An \s-1RSA\s0 key can be generated with key generation parameters:

.Vb 5
  unsigned int primes = 3;
  unsigned int bits = 4096;
  OSSL_PARAM params[3];
  EVP_PKEY *pkey = NULL;
  EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
\&
  EVP_PKEY_keygen_init(pctx);
\&
  params[0] = OSSL_PARAM_construct_uint("bits", &bits);
  params[1] = OSSL_PARAM_construct_uint("primes", &primes);
  params[2] = OSSL_PARAM_construct_end();
  EVP_PKEY_CTX_set_params(pctx, params);
\&
  EVP_PKEY_generate(pctx, &pkey);
  EVP_PKEY_print_private(bio_out, pkey, 0, NULL);
  EVP_PKEY_CTX_free(pctx);
.Ve
 "SEE ALSO"
 Header "SEE ALSO" \fBEVP_RSA_gen\|(3), \s-1EVP_KEYMGMT\s0\|(3), \s-1EVP_PKEY\s0\|(3), provider-keymgmt\|(7)
 "COPYRIGHT"
 Header "COPYRIGHT" Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.