EVP_KEM-RSA.7ossl - Man Page

EVP_KEM RSA keytype and algorithm support


The RSA keytype and its parameters are described in EVP_PKEY-RSA(7). See EVP_PKEY_encapsulate(3) and EVP_PKEY_decapsulate(3) for more info.

RSA KEM parameters

“operation” (OSSL_KEM_PARAM_OPERATION) <UTF8 string>

The OpenSSL RSA Key Encapsulation Mechanism only currently supports the following operation


The encapsulate function simply generates a secret using random bytes and then encrypts the secret using the RSA public key (with no padding). The decapsulate function recovers the secret using the RSA private key.

This can be set using EVP_PKEY_CTX_set_kem_op().

Conforming to


Section RSASVE Generate Operation (RSASVE.GENERATE). Section RSASVE Recovery Operation (RSASVE.RECOVER).

See Also

EVP_PKEY_CTX_set_kem_op(3), EVP_PKEY_encapsulate(3), EVP_PKEY_decapsulate(3) EVP_KEYMGMT(3), EVP_PKEY(3), provider-keymgmt(7)

Referenced By

EVP_PKEY_decapsulate.3ossl(3), EVP_PKEY_encapsulate.3ossl(3), migration_guide.7ossl(7), OSSL_PROVIDER-default.7ossl(7), OSSL_PROVIDER-FIPS.7ossl(7).

2021-09-09 3.0.0 OpenSSL