]>
Commit | Line | Data |
---|---|---|
69431c29 UM |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | evp - high-level cryptographic functions | |
6 | ||
7 | =head1 SYNOPSIS | |
8 | ||
9 | #include <openssl/evp.h> | |
10 | ||
11 | =head1 DESCRIPTION | |
12 | ||
393e826e | 13 | The EVP library provides a high-level interface to cryptographic |
69431c29 UM |
14 | functions. |
15 | ||
aafbe1cc MC |
16 | L<B<EVP_Seal>I<...>|EVP_SealInit(3)> and L<B<EVP_Open>I<...>|EVP_OpenInit(3)> |
17 | provide public key encryption and decryption to implement digital "envelopes". | |
69431c29 | 18 | |
aafbe1cc MC |
19 | The L<B<EVP_DigestSign>I<...>|EVP_DigestSignInit(3)> and |
20 | L<B<EVP_DigestVerify>I<...>|EVP_DigestVerifyInit(3)> functions implement | |
21 | digital signatures and Message Authentication Codes (MACs). Also see the older | |
22 | L<B<EVP_Sign>I<...>|EVP_SignInit(3)> and L<B<EVP_Verify>I<...>|EVP_VerifyInit(3)> | |
23 | functions. | |
69431c29 | 24 | |
aafbe1cc MC |
25 | Symmetric encryption is available with the L<B<EVP_Encrypt>I<...>|EVP_EncryptInit(3)> |
26 | functions. The L<B<EVP_Digest>I<...>|EVP_DigestInit(3)> functions provide message digests. | |
69431c29 | 27 | |
5165148f | 28 | The B<EVP_PKEY>I<...> functions provide a high level interface to |
aafbe1cc MC |
29 | asymmetric algorithms. To create a new EVP_PKEY see |
30 | L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>. EVP_PKEYs can be associated | |
31 | with a private key of a particular algorithm by using the functions | |
32 | described on the L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)> page, or | |
33 | new keys can be generated using L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>. | |
34 | EVP_PKEYs can be compared using L<EVP_PKEY_cmp(3)|EVP_PKEY_cmp(3)>, or printed using | |
35 | L<EVP_PKEY_print_private(3)|EVP_PKEY_print_private(3)>. | |
36 | ||
37 | The EVP_PKEY functions support the full range of asymmetric algorithm operations: | |
38 | =over | |
39 | ||
40 | =item For key agreement see L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> | |
41 | ||
42 | =item For signing and verifying see L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, | |
43 | L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)> and L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>. | |
44 | However, note that | |
45 | these functions do not perform a digest of the data to be signed. Therefore | |
46 | normally you would use the L<B<EVP_DigestSign>I<...>|EVP_DigestSignInit(3)> | |
47 | functions for this purpose. | |
48 | ||
49 | =item For encryption and decryption see L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)> | |
50 | and L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)> respectively. However, note that | |
51 | these functions perform encryption and decryption only. As public key | |
52 | encryption is an expensive operation, normally you would wrap | |
53 | an encrypted message in a "digital envelope" using the L<B<EVP_Seal>I<...>|EVP_SealInit(3)> and | |
54 | L<B<EVP_Open>I<...>|EVP_OpenInit(3)> functions. | |
55 | ||
56 | =back | |
57 | ||
58 | The L<EVP_BytesToKey(3)|EVP_BytesToKey(3)> function provides some limited support for password | |
59 | based encryption. Careful selection of the parameters will provide a PKCS#5 PBKDF1 compatible | |
60 | implementation. However, new applications should not typically use this (preferring, for example, | |
61 | PBKDF2 from PCKS#5). | |
62 | ||
63 | Algorithms are loaded with L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>. | |
69431c29 | 64 | |
5165148f | 65 | All the symmetric algorithms (ciphers), digests and asymmetric algorithms |
aafbe1cc | 66 | (public key algorithms) can be replaced by L<ENGINE|engine(3)> modules providing alternative |
5165148f DSH |
67 | implementations. If ENGINE implementations of ciphers or digests are registered |
68 | as defaults, then the various EVP functions will automatically use those | |
69 | implementations automatically in preference to built in software | |
70 | implementations. For more information, consult the engine(3) man page. | |
71 | ||
72 | Although low level algorithm specific functions exist for many algorithms | |
73 | their use is discouraged. They cannot be used with an ENGINE and ENGINE | |
74 | versions of new algorithms cannot be accessed using the low level functions. | |
75 | Also makes code harder to adapt to new algorithms and some options are not | |
76 | cleanly supported at the low level and some operations are more efficient | |
77 | using the high level interface. | |
5bf73873 | 78 | |
69431c29 UM |
79 | =head1 SEE ALSO |
80 | ||
81 | L<EVP_DigestInit(3)|EVP_DigestInit(3)>, | |
82 | L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, | |
83 | L<EVP_OpenInit(3)|EVP_OpenInit(3)>, | |
84 | L<EVP_SealInit(3)|EVP_SealInit(3)>, | |
aafbe1cc | 85 | L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)>, |
69431c29 UM |
86 | L<EVP_SignInit(3)|EVP_SignInit(3)>, |
87 | L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>, | |
aafbe1cc MC |
88 | L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>, |
89 | L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)>, | |
90 | L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>, | |
91 | L<EVP_PKEY_print_private(3)|EVP_PKEY_print_private(3)>, | |
92 | L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, | |
93 | L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, | |
94 | L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, | |
95 | L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, | |
96 | L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, | |
97 | L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>, | |
98 | L<EVP_BytesToKey(3)|EVP_BytesToKey(3)>, | |
5bf73873 GT |
99 | L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>, |
100 | L<engine(3)|engine(3)> | |
69431c29 UM |
101 | |
102 | =cut |