[svn] gcry - r1370 - trunk/doc

Fri Dec 5 12:58:25 CET 2008

Author: wk
Date: 2008-12-05 12:58:25 +0100 (Fri, 05 Dec 2008)
New Revision: 1370

Modified:
   trunk/doc/ChangeLog
   trunk/doc/gcrypt.texi
Log:
doc updates


Modified: trunk/doc/ChangeLog
===================================================================

--- trunk/doc/ChangeLog	2008-12-05 08:46:01 UTC (rev 1369)
+++ trunk/doc/ChangeLog	2008-12-05 11:58:25 UTC (rev 1370)
@@ -1,3 +1,7 @@
+2008-12-05  Werner Koch  <wk at g10code.com>
+
+	* gcrypt.texi: Updates for pubkey generation.
+
 2008-10-20  Werner Koch  <wk at g10code.com>
 
 	* gcrypt.texi (Error handler): Fix description of

Modified: trunk/doc/gcrypt.texi
===================================================================
--- trunk/doc/gcrypt.texi	2008-12-05 08:46:01 UTC (rev 1369)
+++ trunk/doc/gcrypt.texi	2008-12-05 11:58:25 UTC (rev 1370)
@@ -520,6 +520,7 @@
 @node Enabling FIPS mode
 @section How to enable the FIPS mode
 @cindex FIPS mode
+ at cindex FIPS 140
 
 Libgcrypt may be used in a FIPS 140-2 mode.  Note, that this does not
 necessary mean that Libcgrypt is an appoved FIPS 140-2 module.  Check the
@@ -2761,12 +2762,14 @@
 @end example
 
 @item use-x931
+ at cindex X9.31
 Force the use of the ANSI X9.31 key generation algorithm instead of
 the default algorithm. This flag is only meaningful for RSA and
 usually not required.  Note that this algorithm is implicitly used if
 either @code{derive-parms} is given or Libgcrypt is in FIPS mode.
 
 @item use-fips186
+ at cindex FIPS 186
 Force the use of the FIPS 186 key generation algorithm instead of the
 default algorithm.  This flag is only meaningful for DSA and usually
 not required.  Note that this algorithm is implicitly used if either
@@ -4766,9 +4769,16 @@
 the RSA decryption directly, a blinded value @math{y = x r^{e} \bmod n}
 is decrypted and the unblinded value @math{x' = y' r^{-1} \bmod n}
 returned.  The blinding value @math{r} is a random value with the size
-of the modulus @math{n} and generated with @code{GCRY_STRONG_RANDOM}
+of the modulus @math{n} and generated with @code{GCRY_WEAK_RANDOM}
 random level.
 
+ at cindex X9.31
+ at cindex FIPS 186
+The algorithm used for RSA and DSA key generation depends on whether
+Libgcrypt is operated in standard or in FIPS mode.  In standard mode
+an algorithm based on the Lim-Lee prime number generator is used.  In
+FIPS mode RSA keys are generated as specified in ANSI X9.31 (1998) and
+DSA keys as specified in FIPS 186-2.
 
 
 
@@ -4948,6 +4958,14 @@
 
 @end enumerate
 
+To support the generation of RSA and DSA keys in FIPS mode according
+to X9.31 and FIPS 186-2, Libgcrypt implements two additional prime
+generation functions: @code{_gcry_derive_x931_prime} and
+ at code{_gcry_generate_fips186_2_prime}.  These functions are internal
+and not available through the public API.
+
+
+
 @node Random-Number Subsystem Architecture
 @section Random-Number Subsystem Architecture
 
@@ -5537,10 +5555,14 @@
 and thus are in addition available.
 
 @item
-RSA and DSA key generation refuses to create a key with a keysize of
+RSA key generation refuses to create a key with a keysize of
 less than 1024 bits.  
 
 @item
+DSA key generation refuses to create a key with a keysize other
+than 1024 bits.
+
+ at item
 The @code{transient-key} flag for RSA key generation is ignored.
 
 @item


