xref: /openssl/doc/man7/EVP_KDF-PBKDF1.pod (revision 4741c80c)
1=pod
2
3=head1 NAME
4
5EVP_KDF-PBKDF1 - The PBKDF1 EVP_KDF implementation
6
7=head1 DESCRIPTION
8
9Support for computing the B<PBKDF1> password-based KDF through the B<EVP_KDF>
10API.
11
12The EVP_KDF-PBKDF1 algorithm implements the PBKDF1 password-based key
13derivation function, as described in RFC 8018; it derives a key from a password
14using a salt and iteration count.
15
16=head2 Identity
17
18"PBKDF1" is the name for this implementation; it
19can be used with the EVP_KDF_fetch() function.
20
21=head2 Supported parameters
22
23The supported parameters are:
24
25=over 4
26
27=item "pass" (B<OSSL_KDF_PARAM_PASSWORD>) <octet string>
28
29=item "salt" (B<OSSL_KDF_PARAM_SALT>) <octet string>
30
31=item "iter" (B<OSSL_KDF_PARAM_ITER>) <unsigned integer>
32
33This parameter has a default value of 0 and should be set.
34
35=item "properties" (B<OSSL_KDF_PARAM_PROPERTIES>) <UTF8 string>
36
37=item "digest" (B<OSSL_KDF_PARAM_DIGEST>) <UTF8 string>
38
39These parameters work as described in L<EVP_KDF(3)/PARAMETERS>.
40
41=back
42
43=head1 NOTES
44
45A typical application of this algorithm is to derive keying material for an
46encryption algorithm from a password in the "pass", a salt in "salt",
47and an iteration count.
48
49Increasing the "iter" parameter slows down the algorithm which makes it
50harder for an attacker to perform a brute force attack using a large number
51of candidate passwords.
52
53No assumption is made regarding the given password; it is simply treated as a
54byte sequence.
55
56The legacy provider needs to be available in order to access this algorithm.
57
58=head1 CONFORMING TO
59
60RFC 8018
61
62=head1 SEE ALSO
63
64L<EVP_KDF(3)>,
65L<EVP_KDF_CTX_new(3)>,
66L<EVP_KDF_CTX_free(3)>,
67L<EVP_KDF_CTX_set_params(3)>,
68L<EVP_KDF_derive(3)>,
69L<EVP_KDF(3)/PARAMETERS>,
70L<OSSL_PROVIDER-legacy(7)>
71
72=head1 HISTORY
73
74This functionality was added in OpenSSL 3.0.
75
76=head1 COPYRIGHT
77
78Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
79
80Licensed under the Apache License 2.0 (the "License").  You may not use
81this file except in compliance with the License.  You can obtain a copy
82in the file LICENSE in the source distribution or at
83L<https://www.openssl.org/source/license.html>.
84
85=cut
86