]>
Commit | Line | Data |
---|---|---|
94eae380 DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
4cec750c DDO |
5 | X509_sign, X509_sign_ctx, |
6 | X509_REQ_sign, X509_REQ_sign_ctx, | |
b97fb22f | 7 | X509_ACERT_sign, X509_ACERT_sign_ctx, |
4cec750c DDO |
8 | X509_CRL_sign, X509_CRL_sign_ctx - |
9 | sign certificate, certificate request, or CRL signature | |
94eae380 DSH |
10 | |
11 | =head1 SYNOPSIS | |
12 | ||
13 | #include <openssl/x509.h> | |
14 | ||
15 | int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); | |
16 | int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); | |
94eae380 DSH |
17 | |
18 | int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); | |
19 | int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); | |
94eae380 DSH |
20 | |
21 | int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); | |
22 | int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); | |
94eae380 | 23 | |
b97fb22f DHG |
24 | #include <openssl/x509_acert.h> |
25 | ||
26 | int X509_ACERT_sign(X509_ACERT *x, EVP_PKEY *pkey, const EVP_MD *md); | |
27 | int X509_ACERT_sign_ctx(X509_ACERT *x, EVP_MD_CTX *ctx); | |
28 | ||
94eae380 DSH |
29 | =head1 DESCRIPTION |
30 | ||
7525c930 MC |
31 | X509_sign() signs certificate I<x> using private key I<pkey> and message |
32 | digest I<md> and sets the signature in I<x>. X509_sign_ctx() also signs | |
33 | certificate I<x> but uses the parameters contained in digest context I<ctx>. | |
342e3652 DDO |
34 | If the certificate information includes X.509 extensions, |
35 | these two functions make sure that the certificate bears X.509 version 3. | |
94eae380 | 36 | |
4cec750c | 37 | X509_REQ_sign(), X509_REQ_sign_ctx(), |
b97fb22f | 38 | X509_ACERT_sign(), X509_ACERT_sign_ctx(), |
4cec750c DDO |
39 | X509_CRL_sign(), and X509_CRL_sign_ctx() |
40 | sign certificate requests and CRLs, respectively. | |
94eae380 DSH |
41 | |
42 | =head1 NOTES | |
43 | ||
44 | X509_sign_ctx() is used where the default parameters for the corresponding | |
45 | public key and digest are not suitable. It can be used to sign keys using | |
46 | RSA-PSS for example. | |
47 | ||
48 | For efficiency reasons and to work around ASN.1 encoding issues the encoding | |
49 | of the signed portion of a certificate, certificate request and CRL is cached | |
50 | internally. If the signed portion of the structure is modified the encoding | |
51 | is not always updated meaning a stale version is sometimes used. This is not | |
52 | normally a problem because modifying the signed portion will invalidate the | |
53 | signature and signing will always update the encoding. | |
54 | ||
55 | =head1 RETURN VALUES | |
56 | ||
4cec750c | 57 | All functions return the size of the signature |
a0474357 | 58 | in bytes for success and zero for failure. |
94eae380 | 59 | |
94eae380 DSH |
60 | =head1 SEE ALSO |
61 | ||
94eae380 | 62 | L<ERR_get_error(3)>, |
94eae380 | 63 | L<X509_NAME_add_entry_by_txt(3)>, |
94eae380 | 64 | L<X509_new(3)>, |
7525c930 | 65 | L<X509_verify_cert(3)>, |
6725682d | 66 | L<X509_verify(3)>, |
d8652be0 | 67 | L<X509_REQ_verify_ex(3)>, L<X509_REQ_verify(3)>, |
4cec750c | 68 | L<X509_CRL_verify(3)> |
94eae380 DSH |
69 | |
70 | =head1 HISTORY | |
71 | ||
fc5ecadd DMSP |
72 | The X509_sign(), X509_REQ_sign() and X509_CRL_sign() functions are |
73 | available in all versions of OpenSSL. | |
94eae380 | 74 | |
fc5ecadd | 75 | The X509_sign_ctx(), X509_REQ_sign_ctx() |
4cec750c | 76 | and X509_CRL_sign_ctx() functions were added in OpenSSL 1.0.1. |
7525c930 | 77 | |
b97fb22f DHG |
78 | The X509_ACERT_sign() and X509_ACERT_sign_ctx() functions were added |
79 | in OpenSSL 3.4. | |
80 | ||
e2f92610 RS |
81 | =head1 COPYRIGHT |
82 | ||
da1c088f | 83 | Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 84 | |
4746f25a | 85 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
86 | this file except in compliance with the License. You can obtain a copy |
87 | in the file LICENSE in the source distribution or at | |
88 | L<https://www.openssl.org/source/license.html>. | |
89 | ||
90 | =cut |