]>
Commit | Line | Data |
---|---|---|
5165148f DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm | |
6 | ||
7 | =head1 SYNOPSIS | |
8 | ||
9 | #include <openssl/evp.h> | |
10 | ||
11 | int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); | |
12 | int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, | |
13 | unsigned char *out, size_t *outlen, | |
14 | const unsigned char *in, size_t inlen); | |
15 | ||
16 | =head1 DESCRIPTION | |
17 | ||
18 | The EVP_PKEY_encrypt_init() function initializes a public key algorithm | |
19 | context using key B<pkey> for an encryption operation. | |
20 | ||
21 | The EVP_PKEY_encrypt() function performs a public key encryption operation | |
22 | using B<ctx>. The data to be encrypted is specified using the B<in> and | |
23 | B<inlen> parameters. If B<out> is B<NULL> then the maximum size of the output | |
24 | buffer is written to the B<outlen> parameter. If B<out> is not B<NULL> then | |
25 | before the call the B<outlen> parameter should contain the length of the | |
26 | B<out> buffer, if the call is successful the encrypted data is written to | |
27 | B<out> and the amount of data written to B<outlen>. | |
28 | ||
29 | =head1 NOTES | |
30 | ||
31 | After the call to EVP_PKEY_encrypt_init() algorithm specific control | |
32 | operations can be performed to set any appropriate parameters for the | |
33 | operation. | |
34 | ||
35 | The function EVP_PKEY_encrypt() can be called more than once on the same | |
36 | context if several operations are performed using the same parameters. | |
37 | ||
38 | =head1 RETURN VALUES | |
39 | ||
40 | EVP_PKEY_encrypt_init() and EVP_PKEY_encrypt() return 1 for success and 0 | |
ba544377 DSH |
41 | or a negative value for failure. In particular a return value of -2 |
42 | indicates the operation is not supported by the public key algorithm. | |
5165148f DSH |
43 | |
44 | =head1 EXAMPLE | |
45 | ||
9b86974e RS |
46 | Encrypt data using OAEP (for RSA keys). See also L<pem(3)> or |
47 | L<d2i_X509(3)> for means to load a public key. You may also simply | |
34890ac1 | 48 | set 'eng = NULL;' to start with the default OpenSSL RSA implementation: |
5165148f | 49 | |
43636910 DSH |
50 | #include <openssl/evp.h> |
51 | #include <openssl/rsa.h> | |
34890ac1 | 52 | #include <openssl/engine.h> |
43636910 DSH |
53 | |
54 | EVP_PKEY_CTX *ctx; | |
34890ac1 | 55 | ENGINE *eng; |
43636910 DSH |
56 | unsigned char *out, *in; |
57 | size_t outlen, inlen; | |
58 | EVP_PKEY *key; | |
34890ac1 | 59 | /* NB: assumes eng, key, in, inlen are already set up, |
43636910 DSH |
60 | * and that key is an RSA public key |
61 | */ | |
34890ac1 | 62 | ctx = EVP_PKEY_CTX_new(key,eng); |
43636910 DSH |
63 | if (!ctx) |
64 | /* Error occurred */ | |
65 | if (EVP_PKEY_encrypt_init(ctx) <= 0) | |
66 | /* Error */ | |
67 | if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) | |
68 | /* Error */ | |
69 | ||
70 | /* Determine buffer length */ | |
71 | if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0) | |
72 | /* Error */ | |
73 | ||
74 | out = OPENSSL_malloc(outlen); | |
75 | ||
76 | if (!out) | |
77 | /* malloc failure */ | |
78 | ||
79 | if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0) | |
80 | /* Error */ | |
81 | ||
82 | /* Encrypted data is outlen bytes written to buffer out */ | |
5165148f DSH |
83 | |
84 | =head1 SEE ALSO | |
85 | ||
9b86974e RS |
86 | L<d2i_X509(3)>, |
87 | L<engine(3)>, | |
88 | L<EVP_PKEY_CTX_new(3)>, | |
89 | L<EVP_PKEY_decrypt(3)>, | |
90 | L<EVP_PKEY_sign(3)>, | |
91 | L<EVP_PKEY_verify(3)>, | |
92 | L<EVP_PKEY_verify_recover(3)>, | |
93 | L<EVP_PKEY_derive(3)> | |
5165148f DSH |
94 | |
95 | =head1 HISTORY | |
96 | ||
fb552ac6 | 97 | These functions were first added to OpenSSL 1.0.0. |
5165148f DSH |
98 | |
99 | =cut |