1EVP_KDF-PKCS12KDF(7ossl)            OpenSSL           EVP_KDF-PKCS12KDF(7ossl)
2
3
4

NAME

6       EVP_KDF-PKCS12KDF - The PKCS#12 EVP_KDF implementation
7

DESCRIPTION

9       Support for computing the PKCS#12 password-based KDF through the
10       EVP_KDF API.
11
12       The EVP_KDF-PKCS12KDF algorithm implements the PKCS#12 password-based
13       key derivation function, as described in appendix B of RFC 7292 (PKCS
14       #12: Personal Information Exchange Syntax); it derives a key from a
15       password using a salt, iteration count and the intended usage.
16
17   Identity
18       "PKCS12KDF" is the name for this implementation; it can be used with
19       the EVP_KDF_fetch() function.
20
21   Supported parameters
22       The supported parameters are:
23
24       "pass" (OSSL_KDF_PARAM_PASSWORD) <octet string>
25       "salt" (OSSL_KDF_PARAM_SALT) <octet string>
26       "iter" (OSSL_KDF_PARAM_ITER) <unsigned integer>
27       "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
28       "digest" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
29           These parameters work as described in "PARAMETERS" in EVP_KDF(3).
30
31       "id" (OSSL_KDF_PARAM_PKCS12_ID) <integer>
32           This parameter is used to specify the intended usage of the output
33           bits, as per RFC 7292 section B.3.
34

NOTES

36       A typical application of this algorithm is to derive keying material
37       for an encryption algorithm from a password in the "pass", a salt in
38       "salt", and an iteration count.
39
40       Increasing the "iter" parameter slows down the algorithm which makes it
41       harder for an attacker to perform a brute force attack using a large
42       number of candidate passwords.
43
44       No assumption is made regarding the given password; it is simply
45       treated as a byte sequence.
46

CONFORMING TO

48       RFC7292
49

SEE ALSO

51       EVP_KDF(3), EVP_KDF_CTX_new(3), EVP_KDF_CTX_free(3),
52       EVP_KDF_CTX_set_params(3), EVP_KDF_derive(3), "PARAMETERS" in
53       EVP_KDF(3)
54

HISTORY

56       This functionality was added to OpenSSL 3.0.
57

59       Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
60
61       Licensed under the Apache License 2.0 (the "License").  You may not use
62       this file except in compliance with the License.  You can obtain a copy
63       in the file LICENSE in the source distribution or at
64       <https://www.openssl.org/source/license.html>.
65
66
67
683.0.5                             2022-07-05          EVP_KDF-PKCS12KDF(7ossl)
Impressum