openssl/doc/envelope.doc

68 lines
2.7 KiB
Plaintext
Raw Normal View History

The following routines are use to create 'digital' envelopes.
By this I mean that they perform various 'higher' level cryptographic
functions. Have a read of 'cipher.doc' and 'digest.doc' since those
routines are used by these functions.
cipher.doc contains documentation about the cipher part of the
envelope library and digest.doc contatins the description of the
message digests supported.
To 'sign' a document involves generating a message digest and then encrypting
the digest with an private key.
#define EVP_SignInit(a,b) EVP_DigestInit(a,b)
#define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
Due to the fact this operation is basically just an extended message
digest, the first 2 functions are macro calls to Digest generating
functions.
int EVP_SignFinal(
EVP_MD_CTX *ctx,
unsigned char *md,
unsigned int *s,
EVP_PKEY *pkey);
This finalisation function finishes the generation of the message
digest and then encrypts the digest (with the correct message digest
object identifier) with the EVP_PKEY private key. 'ctx' is the message digest
context. 'md' will end up containing the encrypted message digest. This
array needs to be EVP_PKEY_size(pkey) bytes long. 's' will actually
contain the exact length. 'pkey' of course is the private key. It is
one of EVP_PKEY_RSA or EVP_PKEY_DSA type.
If there is an error, 0 is returned, otherwise 1.
Verify is used to check an signed message digest.
#define EVP_VerifyInit(a,b) EVP_DigestInit(a,b)
#define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
Since the first step is to generate a message digest, the first 2 functions
are macros.
int EVP_VerifyFinal(
EVP_MD_CTX *ctx,
unsigned char *md,
unsigned int s,
EVP_PKEY *pkey);
This function finishes the generation of the message digest and then
compares it with the supplied encrypted message digest. 'md' contains the
's' bytes of encrypted message digest. 'pkey' is used to public key decrypt
the digest. It is then compared with the message digest just generated.
If they match, 1 is returned else 0.
int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk);
Must have at least one public key, error is 0. I should also mention that
the buffers pointed to by 'ek' need to be EVP_PKEY_size(pubk[n]) is size.
#define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e)
void EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
int ekl,unsigned char *iv,EVP_PKEY *priv);
0 on failure
#define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e)
int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
Decrypt final return code