[thirdparty/openssl.git] / doc / man3 / EVP_PKEY_decrypt.pod

=pod

=head1 NAME

EVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm

=head1 SYNOPSIS

 #include <openssl/evp.h>

 int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
                      unsigned char *out, size_t *outlen,
                      const unsigned char *in, size_t inlen);

=head1 DESCRIPTION

The EVP_PKEY_decrypt_init() function initializes a public key algorithm
context using key B<pkey> for a decryption operation.

The EVP_PKEY_decrypt() function performs a public key decryption operation
using B<ctx>. The data to be decrypted is specified using the B<in> and
B<inlen> parameters. If B<out> is B<NULL> then the maximum size of the output
buffer is written to the B<outlen> parameter. If B<out> is not B<NULL> then
before the call the B<outlen> parameter should contain the length of the
B<out> buffer, if the call is successful the decrypted data is written to
B<out> and the amount of data written to B<outlen>.

=head1 NOTES

After the call to EVP_PKEY_decrypt_init() algorithm specific control
operations can be performed to set any appropriate parameters for the
operation.

The function EVP_PKEY_decrypt() can be called more than once on the same
context if several operations are performed using the same parameters.

=head1 RETURN VALUES

EVP_PKEY_decrypt_init() and EVP_PKEY_decrypt() return 1 for success and 0
or a negative value for failure. In particular a return value of -2
indicates the operation is not supported by the public key algorithm.

=head1 EXAMPLE

Decrypt data using OAEP (for RSA keys):

 #include <openssl/evp.h>
 #include <openssl/rsa.h>

 EVP_PKEY_CTX *ctx;
 ENGINE *eng;
 unsigned char *out, *in;
 size_t outlen, inlen;
 EVP_PKEY *key;

 /*
  * NB: assumes key, eng, in, inlen are already set up
  * and that key is an RSA private key
  */
 ctx = EVP_PKEY_CTX_new(key, eng);
 if (!ctx)
     /* Error occurred */
 if (EVP_PKEY_decrypt_init(ctx) <= 0)
     /* Error */
 if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
     /* Error */

 /* Determine buffer length */
 if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0)
     /* Error */

 out = OPENSSL_malloc(outlen);

 if (!out)
     /* malloc failure */

 if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0)
     /* Error */

 /* Decrypted data is outlen bytes written to buffer out */

=head1 SEE ALSO

L<EVP_PKEY_CTX_new(3)>,
L<EVP_PKEY_encrypt(3)>,
L<EVP_PKEY_sign(3)>,
L<EVP_PKEY_verify(3)>,
L<EVP_PKEY_verify_recover(3)>,
L<EVP_PKEY_derive(3)>

=head1 HISTORY

These functions were first added to OpenSSL 1.0.0.

=head1 COPYRIGHT

Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
5165148f DSH	1	=pod
	2
	3	=head1 NAME
	4
	5	EVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm
	6
	7	=head1 SYNOPSIS
	8
	9	#include <openssl/evp.h>
	10
	11	int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
	12	int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
e9b77246 BB	13	unsigned char out, size_t outlen,
e9b77246 BB	14	const unsigned char *in, size_t inlen);
5165148f DSH	15
	16	=head1 DESCRIPTION
	17
	18	The EVP_PKEY_decrypt_init() function initializes a public key algorithm
	19	context using key B<pkey> for a decryption operation.
	20
	21	The EVP_PKEY_decrypt() function performs a public key decryption operation
	22	using B<ctx>. The data to be decrypted is specified using the B<in> and
	23	B<inlen> parameters. If B<out> is B<NULL> then the maximum size of the output
	24	buffer is written to the B<outlen> parameter. If B<out> is not B<NULL> then
	25	before the call the B<outlen> parameter should contain the length of the
	26	B<out> buffer, if the call is successful the decrypted data is written to
	27	B<out> and the amount of data written to B<outlen>.
	28
	29	=head1 NOTES
	30
	31	After the call to EVP_PKEY_decrypt_init() algorithm specific control
	32	operations can be performed to set any appropriate parameters for the
	33	operation.
	34
	35	The function EVP_PKEY_decrypt() can be called more than once on the same
	36	context if several operations are performed using the same parameters.
	37
	38	=head1 RETURN VALUES
	39
	40	EVP_PKEY_decrypt_init() and EVP_PKEY_decrypt() return 1 for success and 0
ba544377 DSH	41	or a negative value for failure. In particular a return value of -2
ba544377 DSH	42	indicates the operation is not supported by the public key algorithm.
5165148f DSH	43
	44	=head1 EXAMPLE
	45
	46	Decrypt data using OAEP (for RSA keys):
	47
43636910 DSH	48	#include <openssl/evp.h>
	49	#include <openssl/rsa.h>
	50
	51	EVP_PKEY_CTX *ctx;
9db6673e	52	ENGINE *eng;
43636910	53	unsigned char out, in;
1bc74519	54	size_t outlen, inlen;
43636910	55	EVP_PKEY *key;
e9b77246	56
2947af32	57	/*
9db6673e	58	* NB: assumes key, eng, in, inlen are already set up
43636910 DSH	59	* and that key is an RSA private key
43636910 DSH	60	*/
9db6673e	61	ctx = EVP_PKEY_CTX_new(key, eng);
43636910	62	if (!ctx)
2947af32	63	/* Error occurred */
43636910	64	if (EVP_PKEY_decrypt_init(ctx) <= 0)
2947af32	65	/* Error */
43636910	66	if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
2947af32	67	/* Error */
43636910 DSH	68
	69	/* Determine buffer length */
	70	if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0)
2947af32	71	/* Error */
43636910 DSH	72
	73	out = OPENSSL_malloc(outlen);
	74
	75	if (!out)
2947af32	76	/* malloc failure */
1bc74519	77
43636910	78	if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0)
2947af32	79	/* Error */
43636910 DSH	80
43636910 DSH	81	/* Decrypted data is outlen bytes written to buffer out */
5165148f DSH	82
	83	=head1 SEE ALSO
	84
9b86974e RS	85	L<EVP_PKEY_CTX_new(3)>,
	86	L<EVP_PKEY_encrypt(3)>,
	87	L<EVP_PKEY_sign(3)>,
	88	L<EVP_PKEY_verify(3)>,
	89	L<EVP_PKEY_verify_recover(3)>,
1bc74519	90	L<EVP_PKEY_derive(3)>
5165148f DSH	91
	92	=head1 HISTORY
	93
fb552ac6	94	These functions were first added to OpenSSL 1.0.0.
5165148f	95
e2f92610 RS	96	=head1 COPYRIGHT
e2f92610 RS	97
48e5119a	98	Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
e2f92610	99
4746f25a	100	Licensed under the Apache License 2.0 (the "License"). You may not use
e2f92610 RS	101	this file except in compliance with the License. You can obtain a copy
	102	in the file LICENSE in the source distribution or at
	103	L<https://www.openssl.org/source/license.html>.
	104
	105	=cut