source-git / openssl

Clone
Source Code
GIT

Blame doc/man7/EVP_KDF_PBKDF2.pod

c8 c8s master
  1.   c4476c2d191c8f18018d947521358ac6321a212e
  2.   doc
  3.   man7
  4.   EVP_KDF_PBKDF2.pod
Blob History Raw
Packit c4476c 
=pod
Packit c4476c
Packit c4476c 
=head1 NAME
Packit c4476c
Packit c4476c 
EVP_KDF_PBKDF2 - The PBKDF2 EVP_KDF implementation
Packit c4476c
Packit c4476c 
=head1 DESCRIPTION
Packit c4476c
Packit c4476c 
Support for computing the B<PBKDF2> password-based KDF through the B<EVP_KDF>
Packit c4476c 
API.
Packit c4476c
Packit c4476c 
The EVP_KDF_PBKDF2 algorithm implements the PBKDF2 password-based key
Packit c4476c 
derivation function, as described in RFC 2898; it derives a key from a password
Packit c4476c 
using a salt and iteration count.
Packit c4476c
Packit c4476c 
=head2 Numeric identity
Packit c4476c
Packit c4476c 
B<EVP_KDF_PBKDF2> is the numeric identity for this implementation; it
Packit c4476c 
can be used with the EVP_KDF_CTX_new_id() function.
Packit c4476c
Packit c4476c 
=head2 Supported controls
Packit c4476c
Packit c4476c 
The supported controls are:
Packit c4476c
Packit c4476c 
=over 4
Packit c4476c
Packit c4476c 
=item B<EVP_KDF_CTRL_SET_PASS>
Packit c4476c
Packit c4476c 
=item B<EVP_KDF_CTRL_SET_SALT>
Packit c4476c
Packit c4476c 
=item B<EVP_KDF_CTRL_SET_ITER>
Packit c4476c
Packit c4476c 
=item B<EVP_KDF_CTRL_SET_MD>
Packit c4476c
Packit c4476c 
These controls work as described in L<EVP_KDF_CTX(3)/CONTROLS>.
Packit c4476c
Packit c4476c 
B<iter> is the iteration count and its value should be greater than or equal to
Packit c4476c 
1. RFC 2898 suggests an iteration count of at least 1000.  The default value is
Packit c4476c 
2048.  Any B<iter> less than 1 is treated as a single iteration.
Packit c4476c
Packit c4476c 
=back
Packit c4476c
Packit c4476c 
=head1 NOTES
Packit c4476c
Packit c4476c 
A typical application of this algorithm is to derive keying material for an
Packit c4476c 
encryption algorithm from a password in the B<pass>, a salt in B<salt>,
Packit c4476c 
and an iteration count.
Packit c4476c
Packit c4476c 
Increasing the B<iter> parameter slows down the algorithm which makes it
Packit c4476c 
harder for an attacker to perform a brute force attack using a large number
Packit c4476c 
of candidate passwords.
Packit c4476c
Packit c4476c 
No assumption is made regarding the given password; it is simply treated as a
Packit c4476c 
byte sequence.
Packit c4476c
Packit c4476c 
=head1 CONFORMING TO
Packit c4476c
Packit c4476c 
RFC 2898
Packit c4476c
Packit c4476c 
=head1 SEE ALSO
Packit c4476c
Packit c4476c 
L<EVP_KDF_CTX>,
Packit c4476c 
L<EVP_KDF_CTX_new_id(3)>,
Packit c4476c 
L<EVP_KDF_CTX_free(3)>,
Packit c4476c 
L<EVP_KDF_ctrl(3)>,
Packit c4476c 
L<EVP_KDF_derive(3)>,
Packit c4476c 
L<EVP_KDF_CTX(3)/CONTROLS>
Packit c4476c
Packit c4476c 
=head1 COPYRIGHT
Packit c4476c
Packit c4476c 
Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
Packit c4476c
Packit c4476c 
Licensed under the Apache License 2.0 (the "License").  You may not use
Packit c4476c 
this file except in compliance with the License.  You can obtain a copy
Packit c4476c 
in the file LICENSE in the source distribution or at
Packit c4476c 
L<https://www.openssl.org/source/license.html>.
Packit c4476c
Packit c4476c 
=cut

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation