OSSL_PROVIDER-base.7ossl - Man Page
OpenSSL base provider
Description
The OpenSSL base provider supplies the encoding for OpenSSL's asymmetric cryptography.
Properties
The implementations in this provider specifically have this property defined:
"provider=base"
It may be used in a property query string with fetching functions.
It isn't mandatory to query for this property, except to make sure to get implementations of this provider and none other.
"type=parameters"
"type=private"
"type=public"
These may be used in a property query string with fetching functions to select which data are to be encoded. Either the private key material, the public key material or the domain parameters can be selected.
"format=der"
"format=pem"
"format=text"
These may be used in a property query string with fetching functions to select the encoding output format. Either the DER, PEM and plaintext are currently permitted.
Operations and Algorithms
The OpenSSL base provider supports these operations and algorithms:
Random Number Generation
SEED-SRC, see EVP_RAND-SEED-SRC(7)
JITTER, see EVP_RAND-JITTER(7)
In addition to this provider, the "SEED-SRC" and "JITTER" algorithms are also available in the default provider.
Asymmetric Key Encoder
RSA
RSA-PSS
DH
DHX
DSA
EC
ED25519
ED448
X25519
X448
SM2
ML-DSA-44
ML-DSA-65
ML-DSA-87
ML-KEM-512
ML-KEM-768
ML-KEM-1024
SLH-DSA-SHA2-128s
SLH-DSA-SHA2-128f
SLH-DSA-SHA2-192s
SLH-DSA-SHA2-192f
SLH-DSA-SHA2-256s
SLH-DSA-SHA2-256f
SLH-DSA-SHAKE-128s
SLH-DSA-SHAKE-128f
SLH-DSA-SHAKE-192s
SLH-DSA-SHAKE-192f
SLH-DSA-SHAKE-256s
SLH-DSA-SHAKE-256f
In addition to this provider, all of these encoding algorithms are also available in the default provider. Some of these algorithms may be used in combination with the FIPS provider.
Asymmetric Key Decoder
RSA
RSA-PSS
DH
DHX
DSA
EC
ED25519
ED448
X25519
X448
SM2
DER
ML-DSA-44
ML-DSA-65
ML-DSA-87
ML-KEM-512
ML-KEM-768
ML-KEM-1024
SLH-DSA-SHA2-128s
SLH-DSA-SHA2-128f
SLH-DSA-SHA2-192s
SLH-DSA-SHA2-192f
SLH-DSA-SHA2-256s
SLH-DSA-SHA2-256f
SLH-DSA-SHAKE-128s
SLH-DSA-SHAKE-128f
SLH-DSA-SHAKE-192s
SLH-DSA-SHAKE-192f
SLH-DSA-SHAKE-256s
SLH-DSA-SHAKE-256f
In addition to this provider, all of these decoding algorithms are also available in the default provider. Some of these algorithms may be used in combination with the FIPS provider.
Stores
file
org.openssl.winstore, see OSSL_STORE-winstore(7)
In addition to this provider, all of these store algorithms are also available in the default provider.
See Also
OSSL_PROVIDER-default(7), openssl-core.h(7), openssl-core_dispatch.h(7), provider(7)
History
This functionality was added in OpenSSL 3.0.
Support for ML-DSA and <ML-KEM> was added in OpenSSL 3.5.
Copyright
Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.
Referenced By
openssl-glossary.7ossl(7), ossl-guide-libcrypto-introduction.7ossl(7), ossl-guide-libraries-introduction.7ossl(7), OSSL_PROVIDER-default.7ossl(7).