preference to the low level interfaces. This is because the code then becomes
transparent to the algorithm used and much more flexible.
-EVP_DigestSign() is a single part operation which signs a single block of data
-in one function. It is equivalent to calling EVP_DigestSignUpdate() and
-EVP_DigestSignFinal().
+EVP_DigestSign() is a one shot operation which signs a single block of data
+in one function. For algorithms that support streaming it is equivalent to
+calling EVP_DigestSignUpdate() and EVP_DigestSignFinal(). For algorithms which
+do not support streaming (e.g. PureEdDSA) it is the only way to sign data.
In previous versions of OpenSSL there was a link between message digest types
and public key algorithms. This meant that "clone" digests such as EVP_dss1()
preference to the low level interfaces. This is because the code then becomes
transparent to the algorithm used and much more flexible.
-EVP_DigesVerify() is a single part operation which verifies a single block of
-data in one function. It is equivalent to calling EVP_DigestVerifyUpdate() and
-EVP_DigestVerifyFinal().
+EVP_DigesVerify() is a one shot operation which verifies a single block of
+data in one function. For algorithms that support streaming it is equivalent
+to calling EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal(). For
+algorithms which do not support streaming (e.g. PureEdDSA) it is the only way
+to verify data.
In previous versions of OpenSSL there was a link between message digest types
and public key algorithms. This meant that "clone" digests such as EVP_dss1()
--- /dev/null
+=pod
+
+=head1 NAME
+
+Ed25519 - EVP_PKEY Ed25519 support
+
+=head1 DESCRIPTION
+
+The B<Ed25519> EVP_PKEY implementation supports key generation, one shot
+digest sign and digest verify using PureEdDSA and B<Ed25519> (see RFC8032).
+It has associated private and public key formats compatible with
+draft-ietf-curdle-pkix-04.
+
+No additional parameters can be set during key generation one shot signing or
+verification. In particular, because PureEdDSA is used, when signing or
+verifying a digest must B<NOT> be specified.
+
+=head1 NOTES
+
+The PureEdDSA algorithm does not support the the streaming mechanism
+of other signature algorithms using, for example, EVP_DigestUpdate().
+The message to sign or verify must be passed using the one shot
+EVP_DigestSign() asn EVP_DigestVerify() functions.
+
+When calling EVP_DigestSignInit() or EVP_DigestSignUpdate() the
+digest parameter B<MUST> be set to B<NULL>.
+
+Applications wishing to sign certificates (or other structures such as
+CRLs or certificate requests) using Ed25519 can either use X509_sign()
+or X509_sign_ctx() in the usual way.
+
+A context for the B<Ed25519> algorithm can be obtained by calling:
+
+ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(NID_ED25519, NULL);
+
+=head1 EXAMPLE
+
+This example generates an B<ED25519> private key and writes it to standard
+output in PEM format:
+
+ #include <openssl/evp.h>
+ #include <openssl/pem.h>
+ ...
+ EVP_PKEY *pkey = NULL;
+ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(NID_ED25519, NULL);
+ EVP_PKEY_keygen_init(pctx);
+ EVP_PKEY_keygen(pctx, &pkey);
+ EVP_PKEY_CTX_free(pctx);
+ PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL);
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_keygen(3)>,
+L<EVP_DigestSignInit(3)>,
+L<EVP_DigestVerifyInit(3)>,
+
+=head1 COPYRIGHT
+
+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
projects / oweals / openssl.git / commitdiff