EVP_KEM-X25519(7ssl) - Man pages

dwww Home | Manual pages | Find package
EVP_KEM-X25519(7SSL)                OpenSSL                EVP_KEM-X25519(7SSL)

NAME
       EVP_KEM-X25519, EVP_KEM-X448 - EVP_KEM X25519 and EVP_KEM X448 keytype
       and algorithm support

DESCRIPTION
       The X25519 and <X448> keytype and its parameters are described in
       EVP_PKEY-X25519(7).  See EVP_PKEY_encapsulate(3) and
       EVP_PKEY_decapsulate(3) for more info.

   X25519 and X448 KEM parameters
       "operation" (OSSL_KEM_PARAM_OPERATION)<UTF8 string>
           The  OpenSSL  X25519  and  X448  Key  Encapsulation  Mechanisms only
           support the following default operation (operating mode):

           "DHKEM" (OSSL_KEM_PARAM_OPERATION_DHKEM)
               The encapsulate function  generates  an  ephemeral  keypair.  It
               produces  keymaterial  by  doing  an X25519 or X448 key exchange
               using the ephemeral private key and a supplied recipient  public
               key.  A  HKDF  operation using the keymaterial and a kem context
               then produces  a  shared  secret.  The  shared  secret  and  the
               ephemeral  public  key  are  returned.  The decapsulate function
               uses the recipient private key and the ephemeral public  key  to
               produce  the same keymaterial, which can then be used to produce
               the          same          shared          secret.           See
               <https://www.rfc-editor.org/rfc/rfc9180.html#name-dh-based-kem-dhkem>

           This   can   be   set   using  either  EVP_PKEY_CTX_set_kem_op()  or
           EVP_PKEY_CTX_set_params().

       "ikme" (OSSL_KEM_PARAM_IKME) <octet string>
           Used to  specify  the  key  material  used  for  generation  of  the
           ephemeral  key.  This value should not be reused for other purposes.
           It should have a length of at least 32 for X25519, and 56 for  X448.
           If this value is not set, then a random ikm is used.

CONFORMING TO
       RFC9180

SEE ALSO
       EVP_PKEY_CTX_set_kem_op(3),                     EVP_PKEY_encapsulate(3),
       EVP_PKEY_decapsulate(3) EVP_KEYMGMT(3), EVP_PKEY(3), provider-keymgmt(7)

HISTORY
       This functionality was added in OpenSSL 3.2.

       The "operation" (operating mode)  was  a  required  parameter  prior  to
       OpenSSL  3.5.  As of OpenSSL 3.5, "DHKEM" is the default operating mode,
       and no explicit value need be specified.

COPYRIGHT
       Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.

       Licensed under the Apache License 2.0 (the "License").  You may not  use
       this  file except in compliance with the License.  You can obtain a copy
       in   the   file   LICENSE   in   the   source   distribution    or    at
       <https://www.openssl.org/source/license.html>.

3.5.4                              2025-09-30              EVP_KEM-X25519(7SSL)
Generated by dwww version 1.16 on Tue Dec 16 04:20:16 CET 2025.