| 1 | =pod
|
|---|
| 2 | {- OpenSSL::safe::output_do_not_edit_headers(); -}
|
|---|
| 3 |
|
|---|
| 4 | =head1 NAME
|
|---|
| 5 |
|
|---|
| 6 | openssl-kdf - perform Key Derivation Function operations
|
|---|
| 7 |
|
|---|
| 8 | =head1 SYNOPSIS
|
|---|
| 9 |
|
|---|
| 10 | B<openssl kdf>
|
|---|
| 11 | [B<-help>]
|
|---|
| 12 | [B<-cipher>]
|
|---|
| 13 | [B<-digest>]
|
|---|
| 14 | [B<-mac>]
|
|---|
| 15 | [B<-kdfopt> I<nm>:I<v>]
|
|---|
| 16 | [B<-keylen> I<num>]
|
|---|
| 17 | [B<-out> I<filename>]
|
|---|
| 18 | [B<-binary>]
|
|---|
| 19 | {- $OpenSSL::safe::opt_provider_synopsis -}
|
|---|
| 20 | I<kdf_name>
|
|---|
| 21 |
|
|---|
| 22 | =head1 DESCRIPTION
|
|---|
| 23 |
|
|---|
| 24 | The key derivation functions generate a derived key from either a secret or
|
|---|
| 25 | password.
|
|---|
| 26 |
|
|---|
| 27 | =head1 OPTIONS
|
|---|
| 28 |
|
|---|
| 29 | =over 4
|
|---|
| 30 |
|
|---|
| 31 | =item B<-help>
|
|---|
| 32 |
|
|---|
| 33 | Print a usage message.
|
|---|
| 34 |
|
|---|
| 35 | =item B<-keylen> I<num>
|
|---|
| 36 |
|
|---|
| 37 | The output size of the derived key. This field is required.
|
|---|
| 38 |
|
|---|
| 39 | =item B<-out> I<filename>
|
|---|
| 40 |
|
|---|
| 41 | Filename to output to, or standard output by default.
|
|---|
| 42 |
|
|---|
| 43 | =item B<-binary>
|
|---|
| 44 |
|
|---|
| 45 | Output the derived key in binary form. Uses hexadecimal text format if not specified.
|
|---|
| 46 |
|
|---|
| 47 | =item B<-cipher> I<name>
|
|---|
| 48 |
|
|---|
| 49 | Specify the cipher to be used by the KDF.
|
|---|
| 50 | Not all KDFs require a cipher and it is an error to use this option in such
|
|---|
| 51 | cases.
|
|---|
| 52 |
|
|---|
| 53 | =item B<-digest> I<name>
|
|---|
| 54 |
|
|---|
| 55 | Specify the digest to be used by the KDF.
|
|---|
| 56 | Not all KDFs require a digest and it is an error to use this option in such
|
|---|
| 57 | cases.
|
|---|
| 58 | To see the list of supported digests, use C<openssl list -digest-commands>.
|
|---|
| 59 |
|
|---|
| 60 | =item B<-mac> I<name>
|
|---|
| 61 |
|
|---|
| 62 | Specify the MAC to be used by the KDF.
|
|---|
| 63 | Not all KDFs require a MAC and it is an error to use this option in such
|
|---|
| 64 | cases.
|
|---|
| 65 |
|
|---|
| 66 | =item B<-kdfopt> I<nm>:I<v>
|
|---|
| 67 |
|
|---|
| 68 | Passes options to the KDF algorithm.
|
|---|
| 69 | A comprehensive list of parameters can be found in L<EVP_KDF(3)/PARAMETERS>.
|
|---|
| 70 | Common parameter names used by EVP_KDF_CTX_set_params() are:
|
|---|
| 71 |
|
|---|
| 72 | =over 4
|
|---|
| 73 |
|
|---|
| 74 | =item B<key:>I<string>
|
|---|
| 75 |
|
|---|
| 76 | Specifies the secret key as an alphanumeric string (use if the key contains
|
|---|
| 77 | printable characters only).
|
|---|
| 78 | The string length must conform to any restrictions of the KDF algorithm.
|
|---|
| 79 | A key must be specified for most KDF algorithms.
|
|---|
| 80 |
|
|---|
| 81 | =item B<hexkey:>I<string>
|
|---|
| 82 |
|
|---|
| 83 | Alternative to the B<key:> option where
|
|---|
| 84 | the secret key is specified in hexadecimal form (two hex digits per byte).
|
|---|
| 85 |
|
|---|
| 86 | =item B<pass:>I<string>
|
|---|
| 87 |
|
|---|
| 88 | Specifies the password as an alphanumeric string (use if the password contains
|
|---|
| 89 | printable characters only).
|
|---|
| 90 | The password must be specified for PBKDF2 and scrypt.
|
|---|
| 91 |
|
|---|
| 92 | =item B<hexpass:>I<string>
|
|---|
| 93 |
|
|---|
| 94 | Alternative to the B<pass:> option where
|
|---|
| 95 | the password is specified in hexadecimal form (two hex digits per byte).
|
|---|
| 96 |
|
|---|
| 97 | =item B<salt:>I<string>
|
|---|
| 98 |
|
|---|
| 99 | Specifies a non-secret unique cryptographic salt as an alphanumeric string
|
|---|
| 100 | (use if it contains printable characters only).
|
|---|
| 101 | The length must conform to any restrictions of the KDF algorithm.
|
|---|
| 102 | A salt parameter is required for several KDF algorithms,
|
|---|
| 103 | such as L<EVP_KDF-PBKDF2(7)>.
|
|---|
| 104 |
|
|---|
| 105 | =item B<hexsalt:>I<string>
|
|---|
| 106 |
|
|---|
| 107 | Alternative to the B<salt:> option where
|
|---|
| 108 | the salt is specified in hexadecimal form (two hex digits per byte).
|
|---|
| 109 |
|
|---|
| 110 | =item B<info:>I<string>
|
|---|
| 111 |
|
|---|
| 112 | Some KDF implementations, such as L<EVP_KDF-HKDF(7)>, take an 'info' parameter
|
|---|
| 113 | for binding the derived key material
|
|---|
| 114 | to application- and context-specific information.
|
|---|
| 115 | Specifies the info, fixed info, other info or shared info argument
|
|---|
| 116 | as an alphanumeric string (use if it contains printable characters only).
|
|---|
| 117 | The length must conform to any restrictions of the KDF algorithm.
|
|---|
| 118 |
|
|---|
| 119 | =item B<hexinfo:>I<string>
|
|---|
| 120 |
|
|---|
| 121 | Alternative to the B<info:> option where
|
|---|
| 122 | the info is specified in hexadecimal form (two hex digits per byte).
|
|---|
| 123 |
|
|---|
| 124 | =item B<digest:>I<string>
|
|---|
| 125 |
|
|---|
| 126 | This option is identical to the B<-digest> option.
|
|---|
| 127 |
|
|---|
| 128 | =item B<cipher:>I<string>
|
|---|
| 129 |
|
|---|
| 130 | This option is identical to the B<-cipher> option.
|
|---|
| 131 |
|
|---|
| 132 | =item B<mac:>I<string>
|
|---|
| 133 |
|
|---|
| 134 | This option is identical to the B<-mac> option.
|
|---|
| 135 |
|
|---|
| 136 | =back
|
|---|
| 137 |
|
|---|
| 138 | {- $OpenSSL::safe::opt_provider_item -}
|
|---|
| 139 |
|
|---|
| 140 | =item I<kdf_name>
|
|---|
| 141 |
|
|---|
| 142 | Specifies the name of a supported KDF algorithm which will be used.
|
|---|
| 143 | The supported algorithms names include TLS1-PRF, HKDF, SSKDF, PBKDF2,
|
|---|
| 144 | SSHKDF, X942KDF-ASN1, X942KDF-CONCAT, X963KDF and SCRYPT.
|
|---|
| 145 |
|
|---|
| 146 | =back
|
|---|
| 147 |
|
|---|
| 148 | =head1 EXAMPLES
|
|---|
| 149 |
|
|---|
| 150 | Use TLS1-PRF to create a hex-encoded derived key from a secret key and seed:
|
|---|
| 151 |
|
|---|
| 152 | openssl kdf -keylen 16 -kdfopt digest:SHA2-256 -kdfopt key:secret \
|
|---|
| 153 | -kdfopt seed:seed TLS1-PRF
|
|---|
| 154 |
|
|---|
| 155 | Use HKDF to create a hex-encoded derived key from a secret key, salt and info:
|
|---|
| 156 |
|
|---|
| 157 | openssl kdf -keylen 10 -kdfopt digest:SHA2-256 -kdfopt key:secret \
|
|---|
| 158 | -kdfopt salt:salt -kdfopt info:label HKDF
|
|---|
| 159 |
|
|---|
| 160 | Use SSKDF with KMAC to create a hex-encoded derived key from a secret key, salt and info:
|
|---|
| 161 |
|
|---|
| 162 | openssl kdf -keylen 64 -kdfopt mac:KMAC-128 -kdfopt maclen:20 \
|
|---|
| 163 | -kdfopt hexkey:b74a149a161545 -kdfopt hexinfo:348a37a2 \
|
|---|
| 164 | -kdfopt hexsalt:3638271ccd68a2 SSKDF
|
|---|
| 165 |
|
|---|
| 166 | Use SSKDF with HMAC to create a hex-encoded derived key from a secret key, salt and info:
|
|---|
| 167 |
|
|---|
| 168 | openssl kdf -keylen 16 -kdfopt mac:HMAC -kdfopt digest:SHA2-256 \
|
|---|
| 169 | -kdfopt hexkey:b74a149a -kdfopt hexinfo:348a37a2 \
|
|---|
| 170 | -kdfopt hexsalt:3638271c SSKDF
|
|---|
| 171 |
|
|---|
| 172 | Use SSKDF with Hash to create a hex-encoded derived key from a secret key, salt and info:
|
|---|
| 173 |
|
|---|
| 174 | openssl kdf -keylen 14 -kdfopt digest:SHA2-256 \
|
|---|
| 175 | -kdfopt hexkey:6dbdc23f045488 \
|
|---|
| 176 | -kdfopt hexinfo:a1b2c3d4 SSKDF
|
|---|
| 177 |
|
|---|
| 178 | Use SSHKDF to create a hex-encoded derived key from a secret key, hash and session_id:
|
|---|
| 179 |
|
|---|
| 180 | openssl kdf -keylen 16 -kdfopt digest:SHA2-256 \
|
|---|
| 181 | -kdfopt hexkey:0102030405 \
|
|---|
| 182 | -kdfopt hexxcghash:06090A \
|
|---|
| 183 | -kdfopt hexsession_id:01020304 \
|
|---|
| 184 | -kdfopt type:A SSHKDF
|
|---|
| 185 |
|
|---|
| 186 | Use PBKDF2 to create a hex-encoded derived key from a password and salt:
|
|---|
| 187 |
|
|---|
| 188 | openssl kdf -keylen 32 -kdfopt digest:SHA256 -kdfopt pass:password \
|
|---|
| 189 | -kdfopt salt:salt -kdfopt iter:2 PBKDF2
|
|---|
| 190 |
|
|---|
| 191 | Use scrypt to create a hex-encoded derived key from a password and salt:
|
|---|
| 192 |
|
|---|
| 193 | openssl kdf -keylen 64 -kdfopt pass:password -kdfopt salt:NaCl \
|
|---|
| 194 | -kdfopt n:1024 -kdfopt r:8 -kdfopt p:16 \
|
|---|
| 195 | -kdfopt maxmem_bytes:10485760 SCRYPT
|
|---|
| 196 |
|
|---|
| 197 | =head1 NOTES
|
|---|
| 198 |
|
|---|
| 199 | The KDF mechanisms that are available will depend on the options
|
|---|
| 200 | used when building OpenSSL.
|
|---|
| 201 |
|
|---|
| 202 | =head1 SEE ALSO
|
|---|
| 203 |
|
|---|
| 204 | L<openssl(1)>,
|
|---|
| 205 | L<openssl-pkeyutl(1)>,
|
|---|
| 206 | L<EVP_KDF(3)>,
|
|---|
| 207 | L<EVP_KDF-SCRYPT(7)>,
|
|---|
| 208 | L<EVP_KDF-TLS1_PRF(7)>,
|
|---|
| 209 | L<EVP_KDF-PBKDF2(7)>,
|
|---|
| 210 | L<EVP_KDF-HKDF(7)>,
|
|---|
| 211 | L<EVP_KDF-SS(7)>,
|
|---|
| 212 | L<EVP_KDF-SSHKDF(7)>,
|
|---|
| 213 | L<EVP_KDF-X942-ASN1(7)>,
|
|---|
| 214 | L<EVP_KDF-X942-CONCAT(7)>,
|
|---|
| 215 | L<EVP_KDF-X963(7)>
|
|---|
| 216 |
|
|---|
| 217 | =head1 HISTORY
|
|---|
| 218 |
|
|---|
| 219 | Added in OpenSSL 3.0
|
|---|
| 220 |
|
|---|
| 221 | =head1 COPYRIGHT
|
|---|
| 222 |
|
|---|
| 223 | Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
|
|---|
| 224 |
|
|---|
| 225 | Licensed under the Apache License 2.0 (the "License"). You may not use
|
|---|
| 226 | this file except in compliance with the License. You can obtain a copy
|
|---|
| 227 | in the file LICENSE in the source distribution or at
|
|---|
| 228 | L<https://www.openssl.org/source/license.html>.
|
|---|
| 229 |
|
|---|
| 230 | =cut
|
|---|
