diff options
| author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-03-03 23:30:42 -0500 |
|---|---|---|
| committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-03-04 01:23:46 -0500 |
| commit | f04abe7d500eeebc078a0ffb0e82997d5f62b2df (patch) | |
| tree | 45ac08dfbfb141d42c992797be2e0dcf5980e217 /doc/apps | |
| parent | c8cca980dc9a3d38eed6356219b84fcb5e257e0a (diff) | |
| download | openssl-f04abe7d500eeebc078a0ffb0e82997d5f62b2df.tar.gz | |
Improved HKDF and TLS1-PRF documentation
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'doc/apps')
| -rw-r--r-- | doc/apps/pkeyutl.pod | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/doc/apps/pkeyutl.pod b/doc/apps/pkeyutl.pod index 0426009094..1c8e83fa48 100644 --- a/doc/apps/pkeyutl.pod +++ b/doc/apps/pkeyutl.pod @@ -123,12 +123,15 @@ derive a shared secret using the peer key. =item B<-kdf algorithm> -Use key derivation function B<algorithm>. Note: additional paramers -will normally have to be set and the KDF output length for this to work. +Use key derivation function B<algorithm>. The supported algorithms are +at present B<TLS1-PRF> and B<HKDF>. +Note: additional paramers and the KDF output length will normally have to be +set for this to work. See L<EVP_PKEY_HKDF(3)> and L<EVP_PKEY_TLS1_PRF(3)> +for the supported string parameters of each algorithm. =item B<-kdflen length> -Set the ouput length for KDF. +Set the output length for KDF. =item B<-pkeyopt opt:value> @@ -155,7 +158,6 @@ for all available algorithms. When used with the B<-engine> option, it specifies to also use engine B<id> for crypto operations. - =back =head1 NOTES @@ -269,4 +271,5 @@ seed consisting of the single byte 0xFF. =head1 SEE ALSO L<genpkey(1)>, L<pkey(1)>, L<rsautl(1)> -L<dgst(1)>, L<rsa(1)>, L<genrsa(1)> +L<dgst(1)>, L<rsa(1)>, L<genrsa(1)>, +L<EVP_PKEY_HKDF(3)>, L<EVP_PKEY_TLS1_PRF(3)> |