doc/man7/openssl-glossary.pod

   1 =pod
   2
   3 =head1 NAME
   4
   5 openssl-glossary - An OpenSSL Glossary
   6
   7 =head1 DESCRIPTION
   8
   9 =for comment Please keep the items in case-insensitive alphabetical order
  10
  11 =over 4
  12
  13 =item Algorithm
  14
  15 Cryptographic primitives such as the SHA256 digest, or AES encryption are
  16 referred to in OpenSSL as "algorithms". There can be more than one
  17 implementation for any given algorithm available for use.
  18
  19 L<crypto(7)>
  20
  21 =item ASN.1, ASN1
  22
  23 ASN.1 ("Abstract Syntax Notation One") is a notation for describing abstract
  24 types and values.  It is defined in the ITU-T documents X.680 to X.683:
  25
  26 L<https://www.itu.int/rec/T-REC-X.680>,
  27 L<https://www.itu.int/rec/T-REC-X.681>,
  28 L<https://www.itu.int/rec/T-REC-X.682>,
  29 L<https://www.itu.int/rec/T-REC-X.683>
  30
  31 =item Base Provider
  32
  33 An OpenSSL Provider that contains encoders and decoders for OpenSSL keys.  All
  34 the algorithm implementations in the Base Provider are also available in the
  35 Default Provider.
  36
  37 L<OSSL_PROVIDER-base(7)>
  38
  39 =item Decoder
  40
  41 A decoder is a type of algorithm used for decoding keys and parameters from some
  42 external format such as PEM or DER.
  43
  44 L<OSSL_DECODER_CTX_new_for_pkey(3)>
  45
  46 =item Default Provider
  47
  48 An OpenSSL Provider that contains the most common OpenSSL algorithm
  49 implementations. It is loaded by default if no other provider is available. All
  50 the algorithm implementations in the Base Provider are also available in the
  51 Default Provider.
  52
  53 L<OSSL_PROVIDER-default(7)>
  54
  55 =item DER ("Distinguished Encoding Rules")
  56
  57 DER is a binary encoding of data, structured according to an ASN.1
  58 specification.  This is a common encoding used for cryptographic objects
  59 such as private and public keys, certificates, CRLs, ...
  60
  61 It is defined in ITU-T document X.690:
  62
  63 L<https://www.itu.int/rec/T-REC-X.690>
  64
  65 =item Encoder
  66
  67 An encoder is a type of algorithm used for encoding keys and parameters to some
  68 external format such as PEM or DER.
  69
  70 L<OSSL_ENCODER_CTX_new_for_pkey(3)>
  71
  72 =item Explicit Fetching
  73
  74 Explicit Fetching is a type of Fetching (see Fetching). Explicit Fetching is
  75 where a function call is made to obtain an algorithm object representing an
  76 implementation such as L<EVP_MD_fetch(3)> or L<EVP_CIPHER_fetch(3)>
  77
  78 =item Fetching
  79
  80 Fetching is the process of looking through the available algorithm
  81 implementations, applying selection criteria (via a property query string), and
  82 finally choosing the implementation that will be used.
  83
  84 Also see Explicit Fetching and Implicit Fetching.
  85
  86 L<crypto(7)>
  87
  88 =item FIPS Provider
  89
  90 An OpenSSL Provider that contains OpenSSL algorithm implementations that have
  91 been validated according to the FIPS 140-2 standard.
  92
  93 L<OSSL_PROVIDER-FIPS(7)>
  94
  95 =item Implicit Fetching
  96
  97 Implicit Fetching is a type of Fetching (see Fetching). Implicit Fetching is
  98 where an algorithm object with no associated implementation is used such as the
  99 return value from L<EVP_sha256(3)> or L<EVP_aes_128_cbc(3)>. With implicit
 100 fetching an implementation is fetched automatically using default selection
 101 criteria the first time the algorithm is used.
 102
 103 =item Legacy Provider
 104
 105 An OpenSSL Provider that contains algorithm implementations that are considered
 106 insecure or are no longer in common use.
 107
 108 L<OSSL_PROVIDER-legacy(7)>
 109
 110 =item Library Context
 111
 112 A Library Context in OpenSSL is represented by the type B<OSSL_LIB_CTX>. It can
 113 be thought of as a scope within which configuration options apply. If an
 114 application does not explicitly create a library context then the "default"
 115 one is used. Many OpenSSL functions can take a library context as an argument.
 116 A NULL value can always be passed to indicate the default library context.
 117
 118 L<OSSL_LIB_CTX(3)>
 119
 120 =item MSBLOB
 121
 122 MSBLOB is a Microsoft specific binary format for RSA and DSA keys, both
 123 private and public.  This form is never passphrase protected.
 124
 125 =item Null Provider
 126
 127 An OpenSSL Provider that contains no algorithm implementations. This can be
 128 useful to prevent the default provider from being automatically loaded in a
 129 library context.
 130
 131 L<OSSL_PROVIDER-null(7)>
 132
 133 =item Operation
 134
 135 An operation is a group of OpenSSL functions with a common purpose such as
 136 encryption, or digesting.
 137
 138 L<crypto(7)>
 139
 140 =item PEM ("Privacy Enhanced Message")
 141
 142 PEM is a format used for encoding of binary content into a mail and ASCII
 143 friendly form.  The content is a series of base64-encoded lines, surrounded
 144 by begin/end markers each on their own line.  For example:
 145
 146  -----BEGIN PRIVATE KEY-----
 147  MIICdg....
 148  ... bhTQ==
 149  -----END PRIVATE KEY-----
 150
 151 Optional header line(s) may appear after the begin line, and their existence
 152 depends on the type of object being written or read.
 153
 154 For all OpenSSL uses, the binary content is expected to be a DER encoded
 155 structure.
 156
 157 This is defined in IETF RFC 1421:
 158
 159 L<https://tools.ietf.org/html/rfc1421>
 160
 161 =item PKCS#8
 162
 163 PKCS#8 is a specification of ASN.1 structures that OpenSSL uses for storing
 164 or transmitting any private key in a key type agnostic manner.
 165 There are two structures worth noting for OpenSSL use, one that contains the
 166 key data in unencrypted form (known as "PrivateKeyInfo") and an encrypted
 167 wrapper structure (known as "EncryptedPrivateKeyInfo").
 168
 169 This is specified in RFC 5208:
 170
 171 L<https://tools.ietf.org/html/rfc5208>
 172
 173 =item Property
 174
 175 A property is a way of classifying and selecting algorithm implementations.
 176 A property is a key/value pair expressed as a string. For example all algorithm
 177 implementations in the default provider have the property "provider=default".
 178 An algorithm implementation can have multiple properties defined against it.
 179
 180 Also see Property Query String.
 181
 182 L<property(7)>
 183
 184 =item Property Query String
 185
 186 A property query string is a string containing a sequence of properties that
 187 can be used to select an algorithm implementation. For example the query string
 188 "provider=example,foo=bar" will select algorithms from the "example" provider
 189 that have a "foo" property defined for them with a value of "bar".
 190
 191 Property Query Strings are used during fetching. See Fetching.
 192
 193 L<property(7)>
 194
 195 =item Provider
 196
 197 A provider in OpenSSL is a component that groups together algorithm
 198 implementations. Providers can come from OpenSSL itself or from third parties.
 199
 200 L<provider(7)>
 201
 202 =item PVK
 203
 204 PVK is a Microsoft specific binary format for RSA and DSA private keys.
 205 This form may be passphrase protected.
 206
 207 =item SubjectPublicKeyInfo
 208
 209 SubjectPublicKeyInfo is an ASN.1 structure that OpenSSL uses for storing and
 210 transmitting any public key in a key type agnostic manner.
 211
 212 This is specified as part of the specification for certificates, RFC 5280:
 213
 214 L<https://tools.ietf.org/html/rfc5280>
 215
 216 =back
 217
 218 =head1 HISTORY
 219
 220 This glossary was added in OpenSSL 3.0.
 221
 222 =head1 COPYRIGHT
 223
 224 Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
 225
 226 Licensed under the Apache License 2.0 (the "License").  You may not use
 227 this file except in compliance with the License.  You can obtain a copy
 228 in the file LICENSE in the source distribution or at
 229 L<https://www.openssl.org/source/license.html>.
 230
 231 =cut