1=pod 2 3=head1 NAME 4 5EVP_SIGNATURE-ECDSA - The EVP_PKEY ECDSA signature implementation. 6 7=head1 DESCRIPTION 8 9Support for computing ECDSA signatures. 10See L<EVP_PKEY-EC(7)> for information related to EC keys. 11 12=head2 Algorithm Names 13 14In this list, names are grouped together to signify that they are the same 15algorithm having multiple names. This also includes the OID in canonical 16decimal form (which means that they are possible to fetch if the caller has a 17mere OID which came out in this form after a call to L<OBJ_obj2txt(3)>). 18 19=over 4 20 21=item "ECDSA" 22 23The base signature algorithm, supported explicitly fetched with 24L<EVP_PKEY_sign_init_ex2(3)>, and implicitly fetched (through 25L<EC keys|EVP_PKEY-EC(7)>) with L<EVP_DigestSignInit(3)> and 26L<EVP_DigestVerifyInit(3)>. 27 28It can't be used with L<EVP_PKEY_sign_message_init(3)> 29 30=item "ECDSA-SHA1", "ECDSA-SHA-1", "ecdsa-with-SHA1", "1.2.840.10045.4.1" 31 32=item "ECDSA-SHA2-224", "ECDSA-SHA224", "ecdsa-with-SHA224", "1.2.840.10045.4.3.1" 33 34=item "ECDSA-SHA2-256", "ECDSA-SHA256", "ecdsa-with-SHA256", "1.2.840.10045.4.3.2" 35 36=item "ECDSA-SHA2-384", "ECDSA-SHA384", "ecdsa-with-SHA384", "1.2.840.10045.4.3.3" 37 38=item "ECDSA-SHA2-512", "ECDSA-SHA512", "ecdsa-with-SHA512", "1.2.840.10045.4.3.4" 39 40=item "ECDSA-SHA3-224", "ecdsa_with_SHA3-224", "id-ecdsa-with-sha3-224", "2.16.840.1.101.3.4.3.9" 41 42=item "ECDSA-SHA3-256", "ecdsa_with_SHA3-256", "id-ecdsa-with-sha3-256", "2.16.840.1.101.3.4.3.10" 43 44=item "ECDSA-SHA3-384", "ecdsa_with_SHA3-384", "id-ecdsa-with-sha3-384", "2.16.840.1.101.3.4.3.11" 45 46=item "ECDSA-SHA3-512", "ecdsa_with_SHA3-512", "id-ecdsa-with-sha3-512", "2.16.840.1.101.3.4.3.12" 47 48ECDSA signature schemes with diverse message digest algorithms. They are all 49supported explicitly fetched with L<EVP_PKEY_sign_init_ex2(3)> and 50L<EVP_PKEY_sign_message_init(3)>. 51 52=back 53 54=head2 ECDSA Signature Parameters 55 56The following signature parameters can be set using EVP_PKEY_CTX_set_params(). 57This may be called after EVP_PKEY_sign_init() or EVP_PKEY_verify_init(), 58and before calling EVP_PKEY_sign() or EVP_PKEY_verify(). 59 60=over 4 61 62=item "digest" (B<OSSL_SIGNATURE_PARAM_DIGEST>) <UTF8 string> 63 64=item "properties" (B<OSSL_SIGNATURE_PARAM_PROPERTIES>) <UTF8 string> 65 66These two are not supported with the ECDSA signature schemes that already 67include a message digest algorithm, See L</Algorithm Names> above. 68 69=item "nonce-type" (B<OSSL_SIGNATURE_PARAM_NONCE_TYPE>) <unsigned integer> 70 71=item "key-check" (B<OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK>) <integer> 72 73=item "digest-check" (B<OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK>) <integer> 74 75These parameters are described in L<provider-signature(7)>. 76 77=back 78 79The following signature parameters can be retrieved using 80EVP_PKEY_CTX_get_params(). 81 82=over 4 83 84=item "algorithm-id" (B<OSSL_SIGNATURE_PARAM_ALGORITHM_ID>) <octet string> 85 86=item "digest" (B<OSSL_SIGNATURE_PARAM_DIGEST>) <UTF8 string> 87 88=item "nonce-type" (B<OSSL_SIGNATURE_PARAM_NONCE_TYPE>) <unsigned integer> 89 90=item "fips-indicator" (B<OSSL_SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR>) <integer> 91 92=item "verify-message" (B<OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE> <integer> 93 94The parameters are described in L<provider-signature(7)>. 95 96=back 97 98=head1 SEE ALSO 99 100L<EVP_PKEY_CTX_set_params(3)>, 101L<EVP_PKEY_sign(3)>, 102L<EVP_PKEY_verify(3)>, 103L<provider-signature(7)>, 104 105=head1 COPYRIGHT 106 107Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. 108 109Licensed under the Apache License 2.0 (the "License"). You may not use 110this file except in compliance with the License. You can obtain a copy 111in the file LICENSE in the source distribution or at 112L<https://www.openssl.org/source/license.html>. 113 114=cut 115
