Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Branch: OpenSSL_1_1_0-stable
Branches Tags
openssl
/
doc
/
crypto
/
evp.pod

evp.pod 4.1 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116 
  1. =pod
    2. 

  2. 

  3. =for comment openssl_manual_section:7
    4. 

  4. 

  5. =head1 NAME
    6. 

  6. 

  7. evp - high-level cryptographic functions
    8. 

  8. 

  9. =head1 SYNOPSIS
    10. 

  10. 

  11.  #include <openssl/evp.h>
    12. 

  12. 

  13. =head1 DESCRIPTION
    14. 

  14. 

  15. The EVP library provides a high-level interface to cryptographic
    16. 

  16. functions.
    17. 

  17. 

  18. L<B<EVP_Seal>I<...>|EVP_SealInit(3)> and L<B<EVP_Open>I<...>|EVP_OpenInit(3)>
    19. 

  19. provide public key encryption and decryption to implement digital "envelopes".
    20. 

  20. 

  21. The L<B<EVP_DigestSign>I<...>|EVP_DigestSignInit(3)> and
    22. 

  22. L<B<EVP_DigestVerify>I<...>|EVP_DigestVerifyInit(3)> functions implement
    23. 

  23. digital signatures and Message Authentication Codes (MACs). Also see the older
    24. 

  24. L<B<EVP_Sign>I<...>|EVP_SignInit(3)> and L<B<EVP_Verify>I<...>|EVP_VerifyInit(3)>
    25. 

  25. functions.
    26. 

  26. 

  27. Symmetric encryption is available with the L<B<EVP_Encrypt>I<...>|EVP_EncryptInit(3)>
    28. 

  28. functions.  The L<B<EVP_Digest>I<...>|EVP_DigestInit(3)> functions provide message digests.
    29. 

  29. 

  30. The B<EVP_PKEY>I<...> functions provide a high level interface to
    31. 

  31. asymmetric algorithms. To create a new EVP_PKEY see
    32. 

  32. L<EVP_PKEY_new(3)>. EVP_PKEYs can be associated
    33. 

  33. with a private key of a particular algorithm by using the functions
    34. 

  34. described on the L<EVP_PKEY_set1_RSA(3)> page, or
    35. 

  35. new keys can be generated using L<EVP_PKEY_keygen(3)>.
    36. 

  36. EVP_PKEYs can be compared using L<EVP_PKEY_cmp(3)>, or printed using
    37. 

  37. L<EVP_PKEY_print_private(3)>.
    38. 

  38. 

  39. The EVP_PKEY functions support the full range of asymmetric algorithm operations:
    40. 

  40. 

  41. =over 4
    42. 

  42. 

  43. =item For key agreement see L<EVP_PKEY_derive(3)>
    44. 

  44. 

  45. =item For signing and verifying see L<EVP_PKEY_sign(3)>,
    46. 

  46. L<EVP_PKEY_verify(3)> and L<EVP_PKEY_verify_recover(3)>.
    47. 

  47. However, note that
    48. 

  48. these functions do not perform a digest of the data to be signed. Therefore
    49. 

  49. normally you would use the L<EVP_DigestSignInit(3)>
    50. 

  50. functions for this purpose.
    51. 

  51. 

  52. =item For encryption and decryption see L<EVP_PKEY_encrypt(3)>
    53. 

  53. and L<EVP_PKEY_decrypt(3)> respectively. However, note that
    54. 

  54. these functions perform encryption and decryption only. As public key
    55. 

  55. encryption is an expensive operation, normally you would wrap
    56. 

  56. an encrypted message in a "digital envelope" using the L<EVP_SealInit(3)> and
    57. 

  57. L<EVP_OpenInit(3)> functions.
    58. 

  58. 

  59. =back
    60. 

  60. 

  61. The L<EVP_BytesToKey(3)> function provides some limited support for password
    62. 

  62. based encryption. Careful selection of the parameters will provide a PKCS#5 PBKDF1 compatible
    63. 

  63. implementation. However, new applications should not typically use this (preferring, for example,
    64. 

  64. PBKDF2 from PCKS#5).
    65. 

  65. 

  66. The L<B<EVP_Encode>I<...>|EVP_EncodeInit(3)> and
    67. 

  67. L<B<EVP_Decode>I<...>|EVP_EncodeInit(3)> functions implement base 64 encoding
    68. 

  68. and decoding.
    69. 

  69. 

  70. All the symmetric algorithms (ciphers), digests and asymmetric algorithms
    71. 

  71. (public key algorithms) can be replaced by L<engine(3)> modules providing alternative
    72. 

  72. implementations. If ENGINE implementations of ciphers or digests are registered
    73. 

  73. as defaults, then the various EVP functions will automatically use those
    74. 

  74. implementations automatically in preference to built in software
    75. 

  75. implementations. For more information, consult the engine(3) man page.
    76. 

  76. 

  77. Although low level algorithm specific functions exist for many algorithms
    78. 

  78. their use is discouraged. They cannot be used with an ENGINE and ENGINE
    79. 

  79. versions of new algorithms cannot be accessed using the low level functions.
    80. 

  80. Also makes code harder to adapt to new algorithms and some options are not
    81. 

  81. cleanly supported at the low level and some operations are more efficient
    82. 

  82. using the high level interface.
    83. 

  83. 

  84. =head1 SEE ALSO
    85. 

  85. 

  86. L<EVP_DigestInit(3)>,
    87. 

  87. L<EVP_EncryptInit(3)>,
    88. 

  88. L<EVP_OpenInit(3)>,
    89. 

  89. L<EVP_SealInit(3)>,
    90. 

  90. L<EVP_DigestSignInit(3)>,
    91. 

  91. L<EVP_SignInit(3)>,
    92. 

  92. L<EVP_VerifyInit(3)>,
    93. 

  93. L<EVP_EncodeInit(3)>,
    94. 

  94. L<EVP_PKEY_new(3)>,
    95. 

  95. L<EVP_PKEY_set1_RSA(3)>,
    96. 

  96. L<EVP_PKEY_keygen(3)>,
    97. 

  97. L<EVP_PKEY_print_private(3)>,
    98. 

  98. L<EVP_PKEY_decrypt(3)>,
    99. 

  99. L<EVP_PKEY_encrypt(3)>,
    100. 

  100. L<EVP_PKEY_sign(3)>,
    101. 

  101. L<EVP_PKEY_verify(3)>,
    102. 

  102. L<EVP_PKEY_verify_recover(3)>,
    103. 

  103. L<EVP_PKEY_derive(3)>,
    104. 

  104. L<EVP_BytesToKey(3)>,
    105. 

  105. L<engine(3)>
    106. 

  106. 

  107. =head1 COPYRIGHT
    108. 

  108. 

  109. Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
    110. 

  110. 

  111. Licensed under the OpenSSL license (the "License").  You may not use
    112. 

  112. this file except in compliance with the License.  You can obtain a copy
    113. 

  113. in the file LICENSE in the source distribution or at
    114. 

  114. L<https://www.openssl.org/source/license.html>.
    115. 

  115. 

  116. =cut
    117.