EVP_PKEY-LMS.7ossl - Man Page
EVP_PKEY Leighton-Micali Signature (LMS) keytype and algorithm support
Description
The LMS keytype is implemented in OpenSSL's default and FIPS providers. The OpenSSL providers only support LMS signature verification, as this is a [SP 800-208](https://csrc.nist.gov/pubs/sp/800/208/final) requirement for FIPS software modules.
Common LMS parameters
LMS public keys are encoded in XDR format (i.e. not ASN1 format). The following parameters are used by EVP_PKEY_fromdata() and by the LMS keymanager for import and export.
- "pub" (OSSL_PKEY_PARAM_PUB_KEY) <octet string>
Used for getting and setting the encoding of an LMS public key. The public key is expected to be in XDR format.
The following parameters is gettable using EVP_PKEY_get_utf8_string_param().
- "mandatory-digest" (OSSL_PKEY_PARAM_MANDATORY_DIGEST) <UTF8 string>
The empty string, signifying that no digest may be specified.
Conforming to
- RFC 8554
Leighton-Micali Hash-Based Signatures
- NIST SP800-208
Recommendation for Stateful Hash-Based Signature Schemes
- CNSA 2.0
Commercial National Security Algorithm Suite
Notes
LMS support is disabled by default at compile-time. To enable it, specify the enable-lms build configuration option.
Examples
NOTE error checking has been omitted in these examples
An EVP_PKEY context can be obtained by calling:
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(libctx, "LMS", propq);
An LMS public key can be loaded simply like this:
EVP_PKEY *pkey = NULL;
OSSL_DECODER_CTX *dctx = NULL;
int selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "XDR", NULL,
"LMS", selection, libctx, propq);
ret = OSSL_DECODER_from_bio(dctx, bio);
OSSL_DECODER_CTX_free(dctx);To load a LMS key from XDR encoded "data" of size "datalen":
EVP_PKEY *key = NULL;
OSSL_PARAM params[2];
params[0] =
OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
(unsigned char *)data, datalen);
params[1] = OSSL_PARAM_construct_end();
ret = EVP_PKEY_fromdata_init(ctx)
ret = EVP_PKEY_fromdata(ctx, &key, EVP_PKEY_PUBLIC_KEY, params);See Also
EVP_KEYMGMT(3), EVP_PKEY(3), EVP_SIGNATURE-LMS(7), provider-keymgmt(7)
History
This functionality was added in OpenSSL 3.6. The gettable "mandatory-digest" and support for loading LMS public keys in SubjectPublicKeyInfo format was added in OpenSSL 4.0.
Copyright
Copyright 2025-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.
Referenced By
EVP_SIGNATURE-LMS.7ossl(7), provider-keymgmt.7ossl(7).
The man pages EVP_KEYMGMT-LMS.7ossl(7) and LMS.7ossl(7) are aliases of EVP_PKEY-LMS.7ossl(7).