]> git.ipfire.org Git - thirdparty/openssl.git/blame - doc/man3/PEM_read_bio_PrivateKey.pod
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Remove an unnecessary call to BN_CTX_free.
[thirdparty/openssl.git] / doc / man3 / PEM_read_bio_PrivateKey.pod
CommitLineData
a29d78e9
DSH		 1=pod
2
3=head1 NAME
4
91da5e77 5pem_password_cb,
c952780c 6PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey,
05dba815
DSH		 7PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey,
8PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey,
f097f81c
DSH		 9PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid,
10PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY,
11PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey,
12PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey,
13PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey,
14PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY,
15PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey,
16PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey,
17PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY,
9a6abb95
RL		 18PEM_write_DSA_PUBKEY, PEM_read_bio_Parameters, PEM_write_bio_Parameters,
19PEM_read_bio_DSAparams, PEM_read_DSAparams,
f097f81c
DSH		 20PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams,
21PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams,
22PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509,
23PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX,
24PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ,
25PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW,
26PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL,
27PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7,
a0474357 28PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines
a29d78e9
DSH		 29
30=head1 SYNOPSIS
31
32 #include <openssl/pem.h>
33
5bf6d418 34 typedef int pem_password_cb(char *buf, int size, int rwflag, void *u);
91da5e77 35
a29d78e9 36 EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,
a0474357 37 pem_password_cb *cb, void *u);
a29d78e9 38 EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,
a0474357 39 pem_password_cb *cb, void *u);
9fdcc21f 40 int PEM_write_bio_PrivateKey(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc,
a0474357
RS		 41 unsigned char *kstr, int klen,
42 pem_password_cb *cb, void *u);
05dba815
DSH		 43 int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
44 const EVP_CIPHER *enc,
45 unsigned char *kstr, int klen,
46 pem_password_cb *cb, void *u);
a29d78e9 47 int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
a0474357
RS		 48 unsigned char *kstr, int klen,
49 pem_password_cb *cb, void *u);
a29d78e9 50 int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
a0474357
RS		 51 char *kstr, int klen,
52 pem_password_cb *cb, void *u);
a29d78e9 53 int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
a0474357
RS		 54 char *kstr, int klen,
55 pem_password_cb *cb, void *u);
9fdcc21f 56 int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, const EVP_PKEY *x, int nid,
a0474357
RS		 57 char *kstr, int klen,
58 pem_password_cb *cb, void *u);
9fdcc21f 59 int PEM_write_PKCS8PrivateKey_nid(FILE *fp, const EVP_PKEY *x, int nid,
a0474357
RS		 60 char *kstr, int klen,
61 pem_password_cb *cb, void *u);
a29d78e9
DSH		 62
63 EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x,
a0474357 64 pem_password_cb *cb, void *u);
a29d78e9 65 EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
a0474357 66 pem_password_cb *cb, void *u);
a29d78e9
DSH		 67 int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x);
68 int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x);
69
70 RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x,
a0474357 71 pem_password_cb *cb, void *u);
a29d78e9 72 RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x,
a0474357 73 pem_password_cb *cb, void *u);
a29d78e9 74 int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
a0474357
RS		 75 unsigned char *kstr, int klen,
76 pem_password_cb *cb, void *u);
a29d78e9 77 int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
a0474357
RS		 78 unsigned char *kstr, int klen,
79 pem_password_cb *cb, void *u);
a29d78e9
DSH		 80
81 RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x,
a0474357 82 pem_password_cb *cb, void *u);
a29d78e9 83 RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x,
a0474357 84 pem_password_cb *cb, void *u);
a29d78e9 85 int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x);
a29d78e9
DSH		 86 int PEM_write_RSAPublicKey(FILE *fp, RSA *x);
87
88 RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x,
a0474357 89 pem_password_cb *cb, void *u);
a29d78e9 90 RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x,
a0474357 91 pem_password_cb *cb, void *u);
a29d78e9 92 int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x);
a29d78e9
DSH		 93 int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x);
94
95 DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x,
a0474357 96 pem_password_cb *cb, void *u);
a29d78e9 97 DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x,
a0474357 98 pem_password_cb *cb, void *u);
a29d78e9 99 int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
a0474357
RS		 100 unsigned char *kstr, int klen,
101 pem_password_cb *cb, void *u);
a29d78e9 102 int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
a0474357
RS		 103 unsigned char *kstr, int klen,
104 pem_password_cb *cb, void *u);
a29d78e9
DSH		 105
106 DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x,
a0474357 107 pem_password_cb *cb, void *u);
a29d78e9 108 DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x,
a0474357 109 pem_password_cb *cb, void *u);
a29d78e9 110 int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x);
a29d78e9
DSH		 111 int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x);
112
9a6abb95
RL		 113 EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
114 int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x);
115
a29d78e9 116 DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u);
a29d78e9 117 DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u);
a29d78e9 118 int PEM_write_bio_DSAparams(BIO *bp, DSA *x);
a29d78e9
DSH		 119 int PEM_write_DSAparams(FILE *fp, DSA *x);
120
121 DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
a29d78e9 122 DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u);
a29d78e9 123 int PEM_write_bio_DHparams(BIO *bp, DH *x);
a29d78e9
DSH		 124 int PEM_write_DHparams(FILE *fp, DH *x);
125
126 X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
a29d78e9 127 X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
a29d78e9 128 int PEM_write_bio_X509(BIO *bp, X509 *x);
a29d78e9
DSH		 129 int PEM_write_X509(FILE *fp, X509 *x);
130
131 X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
a29d78e9 132 X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
a29d78e9 133 int PEM_write_bio_X509_AUX(BIO *bp, X509 *x);
a29d78e9
DSH		 134 int PEM_write_X509_AUX(FILE *fp, X509 *x);
135
136 X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x,
a0474357 137 pem_password_cb *cb, void *u);
a29d78e9 138 X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x,
a0474357 139 pem_password_cb *cb, void *u);
a29d78e9 140 int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x);
a29d78e9 141 int PEM_write_X509_REQ(FILE *fp, X509_REQ *x);
a29d78e9 142 int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x);
a29d78e9
DSH		 143 int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x);
144
145 X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x,
a0474357 146 pem_password_cb *cb, void *u);
a29d78e9 147 X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x,
a0474357 148 pem_password_cb *cb, void *u);
a29d78e9
DSH		 149 int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x);
150 int PEM_write_X509_CRL(FILE *fp, X509_CRL *x);
151
152 PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u);
a29d78e9 153 PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u);
a29d78e9 154 int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x);
a29d78e9
DSH		 155 int PEM_write_PKCS7(FILE *fp, PKCS7 *x);
156
a29d78e9
DSH		 157=head1 DESCRIPTION
158
159The PEM functions read or write structures in PEM format. In
160this sense PEM format is simply base64 encoded data surrounded
161by header lines.
162
163For more details about the meaning of arguments see the
164B<PEM FUNCTION ARGUMENTS> section.
165
166Each operation has four functions associated with it. For
bbecf04e
RL		 167brevity the term "B<I<TYPE>> functions" will be used below to collectively
168refer to the B<PEM_read_bio_I<TYPE>>(), B<PEM_read_I<TYPE>>(),
169B<PEM_write_bio_I<TYPE>>(), and B<PEM_write_I<TYPE>>() functions.
a29d78e9 170
05dba815
DSH		 171The B<PrivateKey> functions read or write a private key in PEM format using an
172EVP_PKEY structure. The write routines use PKCS#8 private key format and are
173equivalent to PEM_write_bio_PKCS8PrivateKey().The read functions transparently
174handle traditional and PKCS#8 format encrypted and unencrypted keys.
a29d78e9 175
a95d7574
RS		 176PEM_write_bio_PrivateKey_traditional() writes out a private key in the
177"traditional" format with a simple private key marker and should only
178be used for compatibility with legacy programs.
05dba815
DSH		 179
180PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey() write a private
181key in an EVP_PKEY structure in PKCS#8 EncryptedPrivateKeyInfo format using
bbecf04e 182PKCS#5 v2.0 password based encryption algorithms. The I<cipher> argument
05dba815
DSH		 183specifies the encryption algorithm to use: unlike some other PEM routines the
184encryption is applied at the PKCS#8 level and not in the PEM headers. If
bbecf04e 185I<cipher> is NULL then no encryption is used and a PKCS#8 PrivateKeyInfo
05dba815 186structure is used instead.
a29d78e9
DSH		 187
188PEM_write_bio_PKCS8PrivateKey_nid() and PEM_write_PKCS8PrivateKey_nid()
189also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however
190it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm
bbecf04e 191to use is specified in the I<nid> parameter and should be the NID of the
a29d78e9
DSH		 192corresponding OBJECT IDENTIFIER (see NOTES section).
193
194The B<PUBKEY> functions process a public key using an EVP_PKEY
195structure. The public key is encoded as a SubjectPublicKeyInfo
196structure.
197
198The B<RSAPrivateKey> functions process an RSA private key using an
05dba815
DSH		 199RSA structure. The write routines uses traditional format. The read
200routines handles the same formats as the B<PrivateKey>
a29d78e9
DSH		 201functions but an error occurs if the private key is not RSA.
202
203The B<RSAPublicKey> functions process an RSA public key using an
204RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey
205structure.
206
207The B<RSA_PUBKEY> functions also process an RSA public key using
208an RSA structure. However the public key is encoded using a
209SubjectPublicKeyInfo structure and an error occurs if the public
210key is not RSA.
211
212The B<DSAPrivateKey> functions process a DSA private key using a
05dba815
DSH		 213DSA structure. The write routines uses traditional format. The read
214routines handles the same formats as the B<PrivateKey>
a29d78e9
DSH		 215functions but an error occurs if the private key is not DSA.
216
217The B<DSA_PUBKEY> functions process a DSA public key using
218a DSA structure. The public key is encoded using a
219SubjectPublicKeyInfo structure and an error occurs if the public
220key is not DSA.
221
9a6abb95
RL		 222The B<Parameters> functions read or write key parameters in PEM format using
223an EVP_PKEY structure. The encoding depends on the type of key; for DSA key
224parameters, it will be a Dss-Parms structure as defined in RFC2459, and for DH
225key parameters, it will be a PKCS#3 DHparameter structure. I<These functions
226only exist for the B<BIO> type>.
227
a29d78e9 228The B<DSAparams> functions process DSA parameters using a DSA
f097f81c
DSH		 229structure. The parameters are encoded using a Dss-Parms structure
230as defined in RFC2459.
a29d78e9
DSH		 231
232The B<DHparams> functions process DH parameters using a DH
233structure. The parameters are encoded using a PKCS#3 DHparameter
234structure.
235
236The B<X509> functions process an X509 certificate using an X509
237structure. They will also process a trusted X509 certificate but
238any trust settings are discarded.
239
240The B<X509_AUX> functions process a trusted X509 certificate using
1bc74519 241an X509 structure.
a29d78e9
DSH		 242
243The B<X509_REQ> and B<X509_REQ_NEW> functions process a PKCS#10
244certificate request using an X509_REQ structure. The B<X509_REQ>
245write functions use B<CERTIFICATE REQUEST> in the header whereas
246the B<X509_REQ_NEW> functions use B<NEW CERTIFICATE REQUEST>
247(as required by some CAs). The B<X509_REQ> read functions will
248handle either form so there are no B<X509_REQ_NEW> read functions.
249
250The B<X509_CRL> functions process an X509 CRL using an X509_CRL
251structure.
252
253The B<PKCS7> functions process a PKCS#7 ContentInfo using a PKCS7
254structure.
255
a29d78e9
DSH		 256=head1 PEM FUNCTION ARGUMENTS
257
258The PEM functions have many common arguments.
259
bbecf04e 260The I<bp> BIO parameter (if present) specifies the BIO to read from
a29d78e9
DSH		 261or write to.
262
bbecf04e 263The I<fp> FILE parameter (if present) specifies the FILE pointer to
a29d78e9
DSH		 264read from or write to.
265
bbecf04e
RL		 266The PEM read functions all take an argument I<B<TYPE> **x> and return
267a I<B<TYPE> *> pointer. Where I<B<TYPE>> is whatever structure the function
268uses. If I<x> is NULL then the parameter is ignored. If I<x> is not
269NULL but I<*x> is NULL then the structure returned will be written
270to I<*x>. If neither I<x> nor I<*x> is NULL then an attempt is made
271to reuse the structure at I<*x> (but see BUGS and EXAMPLES sections).
272Irrespective of the value of I<x> a pointer to the structure is always
a29d78e9
DSH		 273returned (or NULL if an error occurred).
274
bbecf04e 275The PEM functions which write private keys take an I<enc> parameter
a29d78e9
DSH		 276which specifies the encryption algorithm to use, encryption is done
277at the PEM level. If this parameter is set to NULL then the private
278key is written in unencrypted form.
279
bbecf04e 280The I<cb> argument is the callback to use when querying for the pass
a29d78e9
DSH		 281phrase used for encrypted PEM structures (normally only private keys).
282
bbecf04e
RL		 283For the PEM write routines if the I<kstr> parameter is not NULL then
284I<klen> bytes at I<kstr> are used as the passphrase and I<cb> is
a29d78e9
DSH		 285ignored.
286
bbecf04e
RL		 287If the I<cb> parameters is set to NULL and the I<u> parameter is not
288NULL then the I<u> parameter is interpreted as a null terminated string
289to use as the passphrase. If both I<cb> and I<u> are NULL then the
a29d78e9
DSH		 290default callback routine is used which will typically prompt for the
291passphrase on the current terminal with echoing turned off.
292
293The default passphrase callback is sometimes inappropriate (for example
294in a GUI application) so an alternative can be supplied. The callback
295routine has the following form:
296
297 int cb(char *buf, int size, int rwflag, void *u);
298
bbecf04e
RL		 299I<buf> is the buffer to write the passphrase to. I<size> is the maximum
300length of the passphrase (i.e. the size of buf). I<rwflag> is a flag
a29d78e9
DSH		 301which is set to 0 when reading and 1 when writing. A typical routine
302will ask the user to verify the passphrase (for example by prompting
bbecf04e
RL		 303for it twice) if I<rwflag> is 1. The I<u> parameter has the same
304value as the I<u> parameter passed to the PEM routine. It allows
a29d78e9
DSH		 305arbitrary data to be passed to the callback by the application
306(for example a window handle in a GUI application). The callback
bbecf04e 307I<must> return the number of characters in the passphrase or -1 if
a29d78e9
DSH		 308an error occurred.
309
a29d78e9
DSH		 310=head1 NOTES
311
312The old B<PrivateKey> write routines are retained for compatibility.
313New applications should write private keys using the
314PEM_write_bio_PKCS8PrivateKey() or PEM_write_PKCS8PrivateKey() routines
315because they are more secure (they use an iteration count of 2048 whereas
316the traditional routines use a count of 1) unless compatibility with older
317versions of OpenSSL is important.
318
319The B<PrivateKey> read routines can be used in all applications because
320they handle all formats transparently.
321
322A frequent cause of problems is attempting to use the PEM routines like
323this:
324
325 X509 *x;
e9b77246 326
a29d78e9
DSH		 327 PEM_read_bio_X509(bp, &x, 0, NULL);
328
bbecf04e 329this is a bug because an attempt will be made to reuse the data at I<x>
a29d78e9
DSH		 330which is an uninitialised pointer.
331
84814344
RL		 332These functions make no assumption regarding the pass phrase received from the
333password callback.
334It will simply be treated as a byte sequence.
335
06623ff0
DSH		 336=head1 PEM ENCRYPTION FORMAT
337
a0474357 338These old B<PrivateKey> routines use a non standard technique for encryption.
06623ff0 339
1bc74519 340The private key (or other data) takes the following form:
06623ff0
DSH		 341
342 -----BEGIN RSA PRIVATE KEY-----
343 Proc-Type: 4,ENCRYPTED
344 DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89
345
346 ...base64 encoded data...
347 -----END RSA PRIVATE KEY-----
348
a0474357
RS		 349The line beginning with I<Proc-Type> contains the version and the
350protection on the encapsulated data. The line beginning I<DEK-Info>
351contains two comma separated values: the encryption algorithm name as
352used by EVP_get_cipherbyname() and an initialization vector used by the
353cipher encoded as a set of hexadecimal digits. After those two lines is
354the base64-encoded encrypted data.
06623ff0 355
a0474357 356The encryption key is derived using EVP_BytesToKey(). The cipher's
bbecf04e 357initialization vector is passed to EVP_BytesToKey() as the I<salt>
a0474357
RS		 358parameter. Internally, B<PKCS5_SALT_LEN> bytes of the salt are used
359(regardless of the size of the initialization vector). The user's
bbecf04e 360password is passed to EVP_BytesToKey() using the I<data> and I<datal>
a0474357
RS		 361parameters. Finally, the library uses an iteration count of 1 for
362EVP_BytesToKey().
06623ff0 363
bbecf04e
RL		 364The I<key> derived by EVP_BytesToKey() along with the original initialization
365vector is then used to decrypt the encrypted data. The I<iv> produced by
a0474357
RS		 366EVP_BytesToKey() is not utilized or needed, and NULL should be passed to
367the function.
368
369The pseudo code to derive the key would look similar to:
370
371 EVP_CIPHER* cipher = EVP_des_ede3_cbc();
372 EVP_MD* md = EVP_md5();
373
374 unsigned int nkey = EVP_CIPHER_key_length(cipher);
375 unsigned int niv = EVP_CIPHER_iv_length(cipher);
376 unsigned char key[nkey];
377 unsigned char iv[niv];
378
379 memcpy(iv, HexToBin("3F17F5316E2BAC89"), niv);
380 rc = EVP_BytesToKey(cipher, md, iv /*salt*/, pword, plen, 1, key, NULL /*iv*/);
2947af32 381 if (rc != nkey)
a0474357 382 /* Error */
a0474357
RS		 383
384 /* On success, use key and iv to initialize the cipher */
06623ff0 385
a29d78e9
DSH		 386=head1 BUGS
387
388The PEM read routines in some versions of OpenSSL will not correctly reuse
389an existing structure. Therefore the following:
390
e88c5777 391 PEM_read_bio_X509(bp, &x, 0, NULL);
a29d78e9 392
bbecf04e 393where I<x> already contains a valid certificate, may not work, whereas:
a29d78e9
DSH		 394
395 X509_free(x);
e88c5777 396 x = PEM_read_bio_X509(bp, NULL, 0, NULL);
a29d78e9
DSH		 397
398is guaranteed to work.
399
1f13ad31 400=head1 RETURN VALUES
a29d78e9
DSH		 401
402The read routines return either a pointer to the structure read or NULL
9449e385 403if an error occurred.
a29d78e9
DSH		 404
405The write routines return 1 for success or 0 for failure.
d48e78f0 406
4564e77a
PY		 407=head1 EXAMPLES
408
409Although the PEM routines take several arguments in almost all applications
410most of them are set to 0 or NULL.
411
412Read a certificate in PEM format from a BIO:
413
414 X509 *x;
415
416 x = PEM_read_bio_X509(bp, NULL, 0, NULL);
417 if (x == NULL)
418 /* Error */
419
420Alternative method:
421
422 X509 *x = NULL;
423
424 if (!PEM_read_bio_X509(bp, &x, 0, NULL))
425 /* Error */
426
427Write a certificate to a BIO:
428
429 if (!PEM_write_bio_X509(bp, x))
430 /* Error */
431
432Write a private key (using traditional format) to a BIO using
433triple DES encryption, the pass phrase is prompted for:
434
435 if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL))
436 /* Error */
437
438Write a private key (using PKCS#8 format) to a BIO using triple
439DES encryption, using the pass phrase "hello":
440
441 if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),
442 NULL, 0, 0, "hello"))
443 /* Error */
444
445Read a private key from a BIO using a pass phrase callback:
446
447 key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
448 if (key == NULL)
449 /* Error */
450
451Skeleton pass phrase callback:
452
453 int pass_cb(char *buf, int size, int rwflag, void *u)
454 {
455
456 /* We'd probably do something else if 'rwflag' is 1 */
457 printf("Enter pass phrase for \"%s\"\n", (char *)u);
458
459 /* get pass phrase, length 'len' into 'tmp' */
460 char *tmp = "hello";
461 if (tmp == NULL) /* An error occurred */
462 return -1;
463
464 size_t len = strlen(tmp);
465
466 if (len > size)
467 len = size;
468 memcpy(buf, tmp, len);
469 return len;
470 }
471
b5c4bbbe
JL		 472=head1 SEE ALSO
473
474L<EVP_EncryptInit(3)>, L<EVP_BytesToKey(3)>,
475L<passphrase-encoding(7)>
476
a0474357
RS		 477=head1 HISTORY
478
479The old Netscape certificate sequences were no longer documented
a95d7574 480in OpenSSL 1.1.0; applications should use the PKCS7 standard instead
a0474357
RS		 481as they will be formally deprecated in a future releases.
482
e2f92610
RS		 483=head1 COPYRIGHT
484
b5c4bbbe 485Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
e2f92610 486
4746f25a 487Licensed under the Apache License 2.0 (the "License"). You may not use
e2f92610
RS		 488this file except in compliance with the License. You can obtain a copy
489in the file LICENSE in the source distribution or at
490L<https://www.openssl.org/source/license.html>.
491
492=cut
A mirror of the official openssl repository