5 EVP_PKEY-RSA, EVP_KEYMGMT-RSA, RSA
6 - EVP_PKEY RSA keytype and algorithm support
10 The B<RSA> keytype is implemented in OpenSSL's default and FIPS providers.
11 That implementation supports the basic RSA keys, containing the modulus I<n>,
12 the public exponent I<e>, the private exponent I<d>, and a collection of prime
13 factors, exponents and coefficient for CRT calculations, of which the first
14 few are known as I<p> and I<q>, I<dP> and I<dQ>, and I<qInv>.
16 =head2 Common RSA parameters
18 In addition to the common parameters that all keytypes should support (see
19 L<provider-keymgmt(7)/Common parameters>), the B<RSA> keytype implementation
20 supports the following.
24 =item "n" (B<OSSL_PKEY_PARAM_RSA_N>) <unsigned integer>
28 =item "e" (B<OSSL_PKEY_PARAM_RSA_E>) <unsigned integer>
32 =item "d" (B<OSSL_PKEY_PARAM_RSA_D>) <unsigned integer>
36 =item "rsa-factor1" (B<OSSL_PKEY_PARAM_RSA_FACTOR1>) <unsigned integer>
38 =item "rsa-factor2" (B<OSSL_PKEY_PARAM_RSA_FACTOR2>) <unsigned integer>
40 =item "rsa-factor3" (B<OSSL_PKEY_PARAM_RSA_FACTOR3>) <unsigned integer>
42 =item "rsa-factor4" (B<OSSL_PKEY_PARAM_RSA_FACTOR4>) <unsigned integer>
44 =item "rsa-factor5" (B<OSSL_PKEY_PARAM_RSA_FACTOR5>) <unsigned integer>
46 =item "rsa-factor6" (B<OSSL_PKEY_PARAM_RSA_FACTOR6>) <unsigned integer>
48 =item "rsa-factor7" (B<OSSL_PKEY_PARAM_RSA_FACTOR7>) <unsigned integer>
50 =item "rsa-factor8" (B<OSSL_PKEY_PARAM_RSA_FACTOR8>) <unsigned integer>
52 =item "rsa-factor9" (B<OSSL_PKEY_PARAM_RSA_FACTOR9>) <unsigned integer>
54 =item "rsa-factor10" (B<OSSL_PKEY_PARAM_RSA_FACTOR10>) <unsigned integer>
56 RSA prime factors. The factors are known as "p", "q" and "r_i" in RFC8017.
57 Up to eight additional "r_i" prime factors are supported.
59 =item "rsa-exponent1" (B<OSSL_PKEY_PARAM_RSA_EXPONENT1>) <unsigned integer>
61 =item "rsa-exponent2" (B<OSSL_PKEY_PARAM_RSA_EXPONENT2>) <unsigned integer>
63 =item "rsa-exponent3" (B<OSSL_PKEY_PARAM_RSA_EXPONENT3>) <unsigned integer>
65 =item "rsa-exponent4" (B<OSSL_PKEY_PARAM_RSA_EXPONENT4>) <unsigned integer>
67 =item "rsa-exponent5" (B<OSSL_PKEY_PARAM_RSA_EXPONENT5>) <unsigned integer>
69 =item "rsa-exponent6" (B<OSSL_PKEY_PARAM_RSA_EXPONENT6>) <unsigned integer>
71 =item "rsa-exponent7" (B<OSSL_PKEY_PARAM_RSA_EXPONENT7>) <unsigned integer>
73 =item "rsa-exponent8" (B<OSSL_PKEY_PARAM_RSA_EXPONENT8>) <unsigned integer>
75 =item "rsa-exponent9" (B<OSSL_PKEY_PARAM_RSA_EXPONENT9>) <unsigned integer>
77 =item "rsa-exponent10" (B<OSSL_PKEY_PARAM_RSA_EXPONENT10>) <unsigned integer>
79 RSA CRT (Chinese Remainder Theorem) exponents. The exponents are known
80 as "dP", "dQ" and "d_i in RFC8017".
81 Up to eight additional "d_i" exponents are supported.
83 =item "rsa-coefficient1" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT1>) <unsigned integer>
85 =item "rsa-coefficient2" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT2>) <unsigned integer>
87 =item "rsa-coefficient3" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT3>) <unsigned integer>
89 =item "rsa-coefficient4" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT4>) <unsigned integer>
91 =item "rsa-coefficient5" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT5>) <unsigned integer>
93 =item "rsa-coefficient6" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT6>) <unsigned integer>
95 =item "rsa-coefficient7" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT7>) <unsigned integer>
97 =item "rsa-coefficient8" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT8>) <unsigned integer>
99 =item "rsa-coefficient9" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT9>) <unsigned integer>
101 RSA CRT (Chinese Remainder Theorem) coefficients. The coefficients are known as
103 Up to eight additional "t_i" exponents are supported.
107 =head2 RSA key generation parameters
109 When generating RSA keys, the following key generation parameters may be used.
113 =item "bits" (B<OSSL_PKEY_PARAM_RSA_BITS>) <unsigned integer>
115 The value should be the cryptographic length for the B<RSA> cryptosystem, in
118 =item "primes" (B<OSSL_PKEY_PARAM_RSA_PRIMES>) <unsigned integer>
120 The value should be the number of primes for the generated B<RSA> key. The
121 default is 2. It isn't permitted to specify a larger number of primes than
122 10. Additionally, the number of primes is limited by the length of the key
123 being generated so the maximum number could be less.
124 Some providers may only support a value of 2.
126 =item "e" (B<OSSL_PKEY_PARAM_RSA_E>) <unsigned integer>
128 The RSA "e" value. The value may be any odd number greater than or equal to
129 65537. The default value is 65537.
130 For legacy reasons a value of 3 is currently accepted but is deprecated.
138 =item RFC 8017, excluding RSA-PSS and RSA-OAEP
140 =for comment RSA-PSS, and probably also RSA-OAEP, need separate keytypes,
141 and will be described in separate pages for those RSA keytypes.
147 An B<EVP_PKEY> context can be obtained by calling:
150 EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
152 An B<RSA> key can be generated like this:
154 EVP_PKEY *pkey = NULL;
156 EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
158 EVP_PKEY_keygen_init(pctx);
159 EVP_PKEY_gen(pctx, &pkey);
160 EVP_PKEY_CTX_free(pctx);
162 An B<RSA> key can be generated with key generation parameters:
164 unsigned int primes = 3;
165 unsigned int bits = 4096;
166 OSSL_PARAM params[3];
167 EVP_PKEY *pkey = NULL;
168 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
170 EVP_PKEY_keygen_init(pctx);
172 params[0] = OSSL_PARAM_construct_uint("bits", &bits);
173 params[1] = OSSL_PARAM_construct_uint("primes", &primes);
174 params[2] = OSSL_PARAM_construct_end();
175 EVP_PKEY_CTX_set_params(pctx, params);
177 EVP_PKEY_gen(pctx, &pkey);
178 EVP_PKEY_print_private(bio_out, pkey, 0, NULL);
179 EVP_PKEY_CTX_free(pctx);
183 L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>
187 Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
189 Licensed under the Apache License 2.0 (the "License"). You may not use
190 this file except in compliance with the License. You can obtain a copy
191 in the file LICENSE in the source distribution or at
192 L<https://www.openssl.org/source/license.html>.