doc/man7/EVP_KEM-RSA.pod - third_party/openssl - Git at Google

 =pod

 =head1 NAME

 EVP_KEM-RSA
 - EVP_KEM RSA keytype and algorithm support

 =head1 DESCRIPTION

 The B<RSA> keytype and its parameters are described in L<EVP_PKEY-RSA(7)>.
 See L<EVP_PKEY_encapsulate(3)> and L<EVP_PKEY_decapsulate(3)> for more info.

 =head2 RSA KEM parameters

 =over 4

 =item "operation" (B<OSSL_KEM_PARAM_OPERATION>) <UTF8 string>

 The OpenSSL RSA Key Encapsulation Mechanism only currently supports the
 following default operation (operating mode):

 =over 4

 =item "RSASVE"

 The encapsulate function simply generates a secret using random bytes and then
 encrypts the secret using the RSA public key (with no padding).
 The decapsulate function recovers the secret using the RSA private key.

 =back

 This can be set using EVP_PKEY_CTX_set_kem_op().

 =item "fips-indicator" (B<OSSL_KEM_PARAM_FIPS_APPROVED_INDICATOR>) <integer>

 =item "key-check" (B<OSSL_KEM_PARAM_FIPS_KEY_CHECK>) <integer>

 These parameters are described in L<provider-kem(7)>.

 =back

 =head1 CONFORMING TO

 =over 4

 =item SP800-56Br2

 Section 7.2.1.2 RSASVE Generate Operation (RSASVE.GENERATE).
 Section 7.2.1.3 RSASVE Recovery Operation (RSASVE.RECOVER).

 =back

 =head1 SEE ALSO

 L<EVP_PKEY_CTX_set_kem_op(3)>,
 L<EVP_PKEY_encapsulate(3)>,
 L<EVP_PKEY_decapsulate(3)>
 L<EVP_KEYMGMT(3)>,
 L<EVP_PKEY(3)>,
 L<provider-keymgmt(7)>

 =head1 HISTORY

 This functionality was added in OpenSSL 3.0.

 The C<operation> (operating mode) was a required parameter prior to OpenSSL 3.5.
 As of OpenSSL 3.5, C<RSASVE> is the default operating mode, and no explicit
 value need be specified.

 =head1 COPYRIGHT

 Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.

 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
 in the file LICENSE in the source distribution or at
 L<https://www.openssl.org/source/license.html>.

 =cut
	=pod

	=head1 NAME

	EVP_KEM-RSA
	- EVP_KEM RSA keytype and algorithm support

	=head1 DESCRIPTION

	The B<RSA> keytype and its parameters are described in L<EVP_PKEY-RSA(7)>.
	See L<EVP_PKEY_encapsulate(3)> and L<EVP_PKEY_decapsulate(3)> for more info.

	=head2 RSA KEM parameters

	=over 4

	=item "operation" (B<OSSL_KEM_PARAM_OPERATION>) <UTF8 string>

	The OpenSSL RSA Key Encapsulation Mechanism only currently supports the
	following default operation (operating mode):

	=over 4

	=item "RSASVE"

	The encapsulate function simply generates a secret using random bytes and then
	encrypts the secret using the RSA public key (with no padding).
	The decapsulate function recovers the secret using the RSA private key.

	=back

	This can be set using EVP_PKEY_CTX_set_kem_op().

	=item "fips-indicator" (B<OSSL_KEM_PARAM_FIPS_APPROVED_INDICATOR>) <integer>

	=item "key-check" (B<OSSL_KEM_PARAM_FIPS_KEY_CHECK>) <integer>

	These parameters are described in L<provider-kem(7)>.

	=back

	=head1 CONFORMING TO

	=over 4

	=item SP800-56Br2

	Section 7.2.1.2 RSASVE Generate Operation (RSASVE.GENERATE).
	Section 7.2.1.3 RSASVE Recovery Operation (RSASVE.RECOVER).

	=back

	=head1 SEE ALSO

	L<EVP_PKEY_CTX_set_kem_op(3)>,
	L<EVP_PKEY_encapsulate(3)>,
	L<EVP_PKEY_decapsulate(3)>
	L<EVP_KEYMGMT(3)>,
	L<EVP_PKEY(3)>,
	L<provider-keymgmt(7)>

	=head1 HISTORY

	This functionality was added in OpenSSL 3.0.

	The C<operation> (operating mode) was a required parameter prior to OpenSSL 3.5.
	As of OpenSSL 3.5, C<RSASVE> is the default operating mode, and no explicit
	value need be specified.

	=head1 COPYRIGHT

	Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.

	Licensed under the Apache License 2.0 (the "License"). You may not use
	this file except in compliance with the License. You can obtain a copy
	in the file LICENSE in the source distribution or at
	L<https://www.openssl.org/source/license.html>.

	=cut