Manual pages for EVP_Open* and EVP_Seal*
This commit is contained in:
Dr. Stephen Henson
51
doc/crypto/EVP_OpenInit.pod
Normal file
51
doc/crypto/EVP_OpenInit.pod
Normal file
@@ -0,0 +1,51 @@
|
|||||||
|
=pod
|
||||||
|
|
||||||
|
=head1 NAME
|
||||||
|
|
||||||
|
EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption
|
||||||
|
|
||||||
|
=head1 SYNOPSIS
|
||||||
|
|
||||||
|
#include <openssl/evp.h>
|
||||||
|
|
||||||
|
int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
|
||||||
|
int ekl,unsigned char *iv,EVP_PKEY *priv);
|
||||||
|
void EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||||
|
int *outl, unsigned char *in, int inl);
|
||||||
|
void EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||||
|
int *outl);
|
||||||
|
|
||||||
|
=head1 DESCRIPTION
|
||||||
|
|
||||||
|
The EVP envelope routines are a high level interface to envelope
|
||||||
|
decryption. They decrypt a public key encrypted symmetric key and
|
||||||
|
then decrypt data using it.
|
||||||
|
|
||||||
|
EVP_OpenInit() initialises a cipher context B<ctx> for decryption
|
||||||
|
with cipher B<type>. It decrypts the encrypted symmetric key of length
|
||||||
|
B<ekl> bytes passed in the B<ek> parameter using the private key B<priv>.
|
||||||
|
The IV is supplied in the B<iv> parameter.
|
||||||
|
|
||||||
|
EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties
|
||||||
|
as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as
|
||||||
|
documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
|
||||||
|
page.
|
||||||
|
|
||||||
|
=head1 RETURN VALUES
|
||||||
|
|
||||||
|
EVP_OpenInit() returns -1 on error or an non zero integer (actually the
|
||||||
|
recovered secret key size) if successful.
|
||||||
|
|
||||||
|
EVP_SealUpdate() does not return a value.
|
||||||
|
|
||||||
|
EVP_SealFinal() returns 0 if the decrypt failed or 1 for success.
|
||||||
|
|
||||||
|
=head1 SEE ALSO
|
||||||
|
|
||||||
|
L<evp(3)|evp(3)>,L<rand(3)|rand(3)>
|
||||||
|
L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
|
||||||
|
L<EVP_SealInit(3)|EVP_SealInit(3)>
|
||||||
|
|
||||||
|
=head1 HISTORY
|
||||||
|
|
||||||
|
=cut
|
||||||
70
doc/crypto/EVP_SealInit.pod
Normal file
70
doc/crypto/EVP_SealInit.pod
Normal file
@@ -0,0 +1,70 @@
|
|||||||
|
=pod
|
||||||
|
|
||||||
|
=head1 NAME
|
||||||
|
|
||||||
|
EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption
|
||||||
|
|
||||||
|
=head1 SYNOPSIS
|
||||||
|
|
||||||
|
#include <openssl/evp.h>
|
||||||
|
|
||||||
|
int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
|
||||||
|
int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
|
||||||
|
void EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||||
|
int *outl, unsigned char *in, int inl);
|
||||||
|
void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||||
|
int *outl);
|
||||||
|
|
||||||
|
=head1 DESCRIPTION
|
||||||
|
|
||||||
|
The EVP envelope routines are a high level interface to envelope
|
||||||
|
encryption. They generate a random key and then "envelope" it by
|
||||||
|
using public key encryption. Data can then be encrypted using this
|
||||||
|
key.
|
||||||
|
|
||||||
|
EVP_SealInit() initialises a cipher context B<ctx> for encryption
|
||||||
|
with cipher B<type> using a random secret key and IV supplied in
|
||||||
|
the B<iv> parameter. B<type> is normally supplied by a function such
|
||||||
|
as EVP_des_cbc(). The secret key is encrypted using one or more public
|
||||||
|
keys, this allows the same encrypted data to be decrypted using any
|
||||||
|
of the corresponding private keys. B<ek> is an array of buffers where
|
||||||
|
the public key encrypted secret key will be written, each buffer must
|
||||||
|
contain enough room for the corresponding encrypted key: that is
|
||||||
|
B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual
|
||||||
|
size of each encrypted secret key is written to the array B<ekl>. B<pubk> is
|
||||||
|
an array of B<npubk> public keys.
|
||||||
|
|
||||||
|
EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties
|
||||||
|
as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as
|
||||||
|
documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
|
||||||
|
page.
|
||||||
|
|
||||||
|
=head1 RETURN VALUES
|
||||||
|
|
||||||
|
EVP_SealInit() returns -1 on error or B<npubk> if successful.
|
||||||
|
|
||||||
|
EVP_SealUpdate() and EVP_SealFinal() do not return values.
|
||||||
|
|
||||||
|
=head1 NOTES
|
||||||
|
|
||||||
|
Because a random secret key is generated the random number generator
|
||||||
|
must be seeded before calling EVP_SealInit().
|
||||||
|
|
||||||
|
The public key must be RSA because it is the only OpenSSL public key
|
||||||
|
algorithm that supports key transport.
|
||||||
|
|
||||||
|
Envelope encryption is the usual method of using public key encryption
|
||||||
|
on large amounts of data, this is because public key encryption is slow
|
||||||
|
but symmetric encryption is fast. So symmetric encryption is used for
|
||||||
|
bulk encryption and the small random symmetric key used is transferred
|
||||||
|
using public key encryption.
|
||||||
|
|
||||||
|
=head1 SEE ALSO
|
||||||
|
|
||||||
|
L<evp(3)|evp(3)>,L<rand(3)|rand(3)>
|
||||||
|
L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
|
||||||
|
L<EVP_OpenInit(3)|EVP_OpenInit(3)>
|
||||||
|
|
||||||
|
=head1 HISTORY
|
||||||
|
|
||||||
|
=cut
|
||||||
Reference in New Issue
Block a user