Skip to content

EVP_PKEY-LMS

NAME

EVP_PKEY-LMS, EVP_KEYMGMT-LMS, LMS - EVP_PKEY Leighton-Micali Signature (LMS) keytype and algorithm support

DESCRIPTION

The LMS keytype is implemented in OpenSSL's default and FIPS providers. The OpenSSL providers only support LMS signature verification, as this is a [SP 800-208](https://csrc.nist.gov/pubs/sp/800/208/final) requirement for FIPS software modules.

Common LMS parameters

LMS public keys are encoded in XDR format (i.e. not ASN1 format). The following parameters are used by EVP_PKEY_fromdata() and by the LMS keymanager for import and export.

  • "pub" (OSSL_PKEY_PARAM_PUB_KEY) <octet string>

    Used for getting and setting the encoding of an LMS public key. The public key is expected to be in XDR format.

CONFORMING TO

  • RFC 8554

    Leighton-Micali Hash-Based Signatures

  • NIST SP800-208

    Recommendation for Stateful Hash-Based Signature Schemes

  • CNSA 2.0

    Commercial National Security Algorithm Suite

NOTES

LMS support is disabled by default at compile-time. To enable it, specify the enable-lms build configuration option.

EXAMPLES

NOTE error checking has been omitted in these examples

An EVP_PKEY context can be obtained by calling:

EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(libctx, "LMS", propq);

An LMS public key can be loaded simply like this:

 EVP_PKEY *pkey = NULL;
 OSSL_DECODER_CTX *dctx = NULL;
 int selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY;

 dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "XDR", NULL,
                                      "LMS", selection, libctx, propq);
 ret = OSSL_DECODER_from_bio(dctx, bio);
 OSSL_DECODER_CTX_free(dctx);

To load a LMS key from XDR encoded "data" of size "datalen":

EVP_PKEY *key = NULL;
OSSL_PARAM params[2];

params[0] =
    OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
                                      (unsigned char *)data, datalen);
params[1] = OSSL_PARAM_construct_end();
ret = EVP_PKEY_fromdata_init(ctx)
ret = EVP_PKEY_fromdata(ctx, &key, EVP_PKEY_PUBLIC_KEY, params);

SEE ALSO

EVP_KEYMGMT(3), EVP_PKEY(3), EVP_SIGNATURE-LMS(7), provider-keymgmt(7)

HISTORY

This functionality was added in OpenSSL 3.6.

Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.