openssl-glossary.pod 6.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231
  1. =pod
  2. =head1 NAME
  3. openssl-glossary - An OpenSSL Glossary
  4. =head1 DESCRIPTION
  5. =for comment Please keep the items in case-insensitive alphabetical order
  6. =over 4
  7. =item Algorithm
  8. Cryptograpic primitives such as the SHA256 digest, or AES encryption are
  9. referred to in OpenSSL as "algorithms". There can be more than one
  10. implementation for any given algorithm available for use.
  11. L<crypto(7)>
  12. =item ASN.1, ASN1
  13. ASN.1 ("Abstract Syntax Notation One") is a notation for describing abstract
  14. types and values. It is defined in the ITU-T documents X.680 to X.683:
  15. L<https://www.itu.int/rec/T-REC-X.680>,
  16. L<https://www.itu.int/rec/T-REC-X.681>,
  17. L<https://www.itu.int/rec/T-REC-X.682>,
  18. L<https://www.itu.int/rec/T-REC-X.683>
  19. =item Base Provider
  20. An OpenSSL Provider that contains encoders and decoders for OpenSSL keys. All
  21. the algorithm implementations in the Base Provider are also available in the
  22. Default Provider.
  23. L<OSSL_PROVIDER-base(7)>
  24. =item Decoder
  25. A decoder is a type of algorithm used for decoding keys and parameters from some
  26. external format such as PEM or DER.
  27. L<OSSL_DECODER_CTX_new_for_pkey(3)>
  28. =item Default Provider
  29. An OpenSSL Provider that contains the most commmon OpenSSL algorithm
  30. implementations. It is loaded by default if no other provider is available. All
  31. the algorithm implementations in the Base Provider are also available in the
  32. Default Provider.
  33. L<OSSL_PROVIDER-default(7)>
  34. =item DER ("Distinguished Encoding Rules")
  35. DER is a binary encoding of data, structured according to an ASN.1
  36. specification. This is a common encoding used for cryptographic objects
  37. such as private and public keys, certificates, CRLs, ...
  38. It is defined in ITU-T document X.690:
  39. L<https://www.itu.int/rec/T-REC-X.690>
  40. =item Encoder
  41. An encoder is a type of algorithm used for encoding keys and parameters to some
  42. external format such as PEM or DER.
  43. L<OSSL_ENCODER_CTX_new_for_pkey(3)>
  44. =item Explicit Fetching
  45. Explicit Fetching is a type of Fetching (see Fetching). Explicit Fetching is
  46. where a function call is made to obtain an algorithm object representing an
  47. implementation such as L<EVP_MD_fetch(3)> or L<EVP_CIPHER_fetch(3)>
  48. =item Fetching
  49. Fetching is the process of looking through the available algorithm
  50. implementations, applying selection criteria (via a property query string), and
  51. finally choosing the implementation that will be used.
  52. Also see Explicit Fetching and Implict Fetching.
  53. L<crypto(7)>
  54. =item FIPS Provider
  55. An OpenSSL Provider that contains OpenSSL algorithm implementations that have
  56. been validated according to the FIPS 140-2 standard.
  57. L<OSSL_PROVIDER-FIPS(7)>
  58. =item Implicit Fetching
  59. Implicit Fetching is a type of Fetching (see Fetching). Implicit Fetching is
  60. where an algorithm object with no associated implementation is used such as the
  61. return value from L<EVP_sha256(3)> or L<EVP_aes_128_cbc(3)>. With implicit
  62. fetching an implementation is fetched automatically using default selection
  63. criteria the first time the algorithm is used.
  64. =item Legacy Provider
  65. An OpenSSL Provider that contains algorithm implementations that are considered
  66. insecure or are no longer in common use.
  67. L<OSSL_PROVIDER-legacy(7)>
  68. =item Library Context
  69. A Library Context in OpenSSL is represented by the type B<OSSL_LIB_CTX>. It can
  70. be thought of as a scope within which configuration options apply. If an
  71. application does not explicitly create a library context then the "default"
  72. one is used. Many OpenSSL functions can take a library context as an argument.
  73. A NULL value can always be passed to indicate the default library context.
  74. L<OSSL_LIB_CTX(3)>
  75. =item MSBLOB
  76. MSBLOB is a Microsoft specific binary format for RSA and DSA keys, both
  77. private and public. This form is never passphrase protected.
  78. =item Null Provider
  79. An OpenSSL Provider that contains no algorithm implementations. This can be
  80. useful to prevent the default provider from being automatically loaded in a
  81. library context.
  82. L<OSSL_PROVIDER-null(7)>
  83. =item Operation
  84. An operation is a group of OpenSSL functions with a common purpose such as
  85. encryption, or digesting.
  86. L<crypto(7)>
  87. =item PEM ("Privacy Enhanced Message")
  88. PEM is a format used for encoding of binary content into a mail and ASCII
  89. friendly form. The content is a series of base64-encoded lines, surrounded
  90. by begin/end markers each on their own line. For example:
  91. -----BEGIN PRIVATE KEY-----
  92. MIICdg....
  93. ... bhTQ==
  94. -----END PRIVATE KEY-----
  95. Optional header line(s) may appear after the begin line, and their existence
  96. depends on the type of object being written or read.
  97. For all OpenSSL uses, the binary content is expected to be a DER encoded
  98. structure.
  99. This is defined in IETF RFC 1421:
  100. L<https://tools.ietf.org/html/rfc1421>
  101. =item PKCS#8
  102. PKCS#8 is a specification of ASN.1 structures that OpenSSL uses for storing
  103. or transmitting any private key in a key type agnostic manner.
  104. There are two structures worth noting for OpenSSL use, one that contains the
  105. key data in unencrypted form (known as "PrivateKeyInfo") and an encrypted
  106. wrapper structure (known as "EncryptedPrivateKeyInfo").
  107. This is specified in RFC 5208:
  108. L<https://tools.ietf.org/html/rfc5208>
  109. =item Property
  110. A property is a way of classifying and selecting algorithm implementations.
  111. A property is a key/value pair expressed as a string. For example all algorithm
  112. implementations in the default provider have the property "provider=default".
  113. An algorithm implementation can have multiple properties defined against it.
  114. Also see Property Query String.
  115. L<property(7)>
  116. =item Property Query String
  117. A property query string is a string containing a sequence of properties that
  118. can be used to select an algorithm implementation. For example the query string
  119. "provider=example,foo=bar" will select algorithms from the "example" provider
  120. that have a "foo" property defined for them with a value of "bar".
  121. Property Query Strings are used during fetching. See Fetching.
  122. L<property(7)>
  123. =item Provider
  124. A provider in OpenSSL is a component that groups together algorithm
  125. implementations. Providers can come from OpenSSL itself or from third parties.
  126. L<provider(7)>
  127. =item PVK
  128. PVK is a Microsoft specific binary format for RSA and DSA private keys.
  129. This form may be passphrase protected.
  130. =item SubjectPublicKeyInfo
  131. SubjectPublicKeyInfo is an ASN.1 structure that OpenSSL uses for storing and
  132. transmitting any public key in a key type agnostic manner.
  133. This is specified as part of the specification for certificates, RFC 5280:
  134. L<https://tools.ietf.org/html/rfc5280>
  135. =back
  136. =head1 HISTORY
  137. This glossary was added in OpenSSL 3.0.
  138. =head1 COPYRIGHT
  139. Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
  140. Licensed under the Apache License 2.0 (the "License"). You may not use
  141. this file except in compliance with the License. You can obtain a copy
  142. in the file LICENSE in the source distribution or at
  143. L<https://www.openssl.org/source/license.html>.
  144. =cut