source-git / openssl

Clone
Source Code
GIT

Blame doc/man3/EVP_PKEY_keygen.pod

c8 c8s master
  1.   3c126e197bf64be56e1432546d39885b80b61a84
  2.   doc
  3.   man3
  4.   EVP_PKEY_keygen.pod
Blob History Raw
Packit Service 084de1 
=pod
Packit Service 084de1
Packit Service 084de1 
=head1 NAME
Packit Service 084de1
Packit Service 084de1 
EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init,
Packit Service 084de1 
EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb,
Packit Service 084de1 
EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data,
Packit Service 084de1 
EVP_PKEY_CTX_get_app_data,
Packit Service 084de1 
EVP_PKEY_gen_cb, EVP_PKEY_check, EVP_PKEY_public_check,
Packit Service 084de1 
EVP_PKEY_param_check
Packit Service 084de1 
- key and parameter generation and check functions
Packit Service 084de1
Packit Service 084de1 
=head1 SYNOPSIS
Packit Service 084de1
Packit Service 084de1 
 #include <openssl/evp.h>
Packit Service 084de1
Packit Service 084de1 
 int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
Packit Service 084de1 
 int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
Packit Service 084de1 
 int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
Packit Service 084de1 
 int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
Packit Service 084de1
Packit Service 084de1 
 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
Packit Service 084de1
Packit Service 084de1 
 void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
Packit Service 084de1 
 EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
Packit Service 084de1
Packit Service 084de1 
 int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
Packit Service 084de1
Packit Service 084de1 
 void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
Packit Service 084de1 
 void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
Packit Service 084de1
Packit Service 084de1 
 int EVP_PKEY_check(EVP_PKEY_CTX *ctx);
Packit Service 084de1 
 int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx);
Packit Service 084de1 
 int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
Packit Service 084de1
Packit Service 084de1 
=head1 DESCRIPTION
Packit Service 084de1
Packit Service 084de1 
The EVP_PKEY_keygen_init() function initializes a public key algorithm
Packit Service 084de1 
context using key B<pkey> for a key generation operation.
Packit Service 084de1
Packit Service 084de1 
The EVP_PKEY_keygen() function performs a key generation operation, the
Packit Service 084de1 
generated key is written to B<ppkey>.
Packit Service 084de1
Packit Service 084de1 
The functions EVP_PKEY_paramgen_init() and EVP_PKEY_paramgen() are similar
Packit Service 084de1 
except parameters are generated.
Packit Service 084de1
Packit Service 084de1 
The function EVP_PKEY_set_cb() sets the key or parameter generation callback
Packit Service 084de1 
to B<cb>. The function EVP_PKEY_CTX_get_cb() returns the key or parameter
Packit Service 084de1 
generation callback.
Packit Service 084de1
Packit Service 084de1 
The function EVP_PKEY_CTX_get_keygen_info() returns parameters associated
Packit Service 084de1 
with the generation operation. If B<idx> is -1 the total number of
Packit Service 084de1 
parameters available is returned. Any non negative value returns the value of
Packit Service 084de1 
that parameter. EVP_PKEY_CTX_gen_keygen_info() with a non-negative value for
Packit Service 084de1 
B<idx> should only be called within the generation callback.
Packit Service 084de1
Packit Service 084de1 
If the callback returns 0 then the key generation operation is aborted and an
Packit Service 084de1 
error occurs. This might occur during a time consuming operation where
Packit Service 084de1 
a user clicks on a "cancel" button.
Packit Service 084de1
Packit Service 084de1 
The functions EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() set
Packit Service 084de1 
and retrieve an opaque pointer. This can be used to set some application
Packit Service 084de1 
defined value which can be retrieved in the callback: for example a handle
Packit Service 084de1 
which is used to update a "progress dialog".
Packit Service 084de1
Packit Service 084de1 
EVP_PKEY_check() validates the key-pair given by B<ctx>. This function first tries
Packit Service 084de1 
to use customized key check method in B<EVP_PKEY_METHOD> if it's present; otherwise
Packit Service 084de1 
it calls a default one defined in B<EVP_PKEY_ASN1_METHOD>.
Packit Service 084de1
Packit Service 084de1 
EVP_PKEY_public_check() validates the public component of the key-pair given by B<ctx>.
Packit Service 084de1 
This function first tries to use customized key check method in B<EVP_PKEY_METHOD>
Packit Service 084de1 
if it's present; otherwise it calls a default one defined in B<EVP_PKEY_ASN1_METHOD>.
Packit Service 084de1
Packit Service 084de1 
EVP_PKEY_param_check() validates the algorithm parameters of the key-pair given by B<ctx>.
Packit Service 084de1 
This function first tries to use customized key check method in B<EVP_PKEY_METHOD>
Packit Service 084de1 
if it's present; otherwise it calls a default one defined in B<EVP_PKEY_ASN1_METHOD>.
Packit Service 084de1
Packit Service 084de1 
=head1 NOTES
Packit Service 084de1
Packit Service 084de1 
After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init() algorithm
Packit Service 084de1 
specific control operations can be performed to set any appropriate parameters
Packit Service 084de1 
for the operation.
Packit Service 084de1
Packit Service 084de1 
The functions EVP_PKEY_keygen() and EVP_PKEY_paramgen() can be called more than
Packit Service 084de1 
once on the same context if several operations are performed using the same
Packit Service 084de1 
parameters.
Packit Service 084de1
Packit Service 084de1 
The meaning of the parameters passed to the callback will depend on the
Packit Service 084de1 
algorithm and the specific implementation of the algorithm. Some might not
Packit Service 084de1 
give any useful information at all during key or parameter generation. Others
Packit Service 084de1 
might not even call the callback.
Packit Service 084de1
Packit Service 084de1 
The operation performed by key or parameter generation depends on the algorithm
Packit Service 084de1 
used. In some cases (e.g. EC with a supplied named curve) the "generation"
Packit Service 084de1 
option merely sets the appropriate fields in an EVP_PKEY structure.
Packit Service 084de1
Packit Service 084de1 
In OpenSSL an EVP_PKEY structure containing a private key also contains the
Packit Service 084de1 
public key components and parameters (if any). An OpenSSL private key is
Packit Service 084de1 
equivalent to what some libraries call a "key pair". A private key can be used
Packit Service 084de1 
in functions which require the use of a public key or parameters.
Packit Service 084de1
Packit Service 084de1 
=head1 RETURN VALUES
Packit Service 084de1
Packit Service 084de1 
EVP_PKEY_keygen_init(), EVP_PKEY_paramgen_init(), EVP_PKEY_keygen() and
Packit Service 084de1 
EVP_PKEY_paramgen() return 1 for success and 0 or a negative value for failure.
Packit Service 084de1 
In particular a return value of -2 indicates the operation is not supported by
Packit Service 084de1 
the public key algorithm.
Packit Service 084de1
Packit Service 084de1 
EVP_PKEY_check(), EVP_PKEY_public_check() and EVP_PKEY_param_check() return 1
Packit Service 084de1 
for success or others for failure. They return -2 if the operation is not supported
Packit Service 084de1 
for the specific algorithm.
Packit Service 084de1
Packit Service 084de1 
=head1 EXAMPLES
Packit Service 084de1
Packit Service 084de1 
Generate a 2048 bit RSA key:
Packit Service 084de1
Packit Service 084de1 
 #include <openssl/evp.h>
Packit Service 084de1 
 #include <openssl/rsa.h>
Packit Service 084de1
Packit Service 084de1 
 EVP_PKEY_CTX *ctx;
Packit Service 084de1 
 EVP_PKEY *pkey = NULL;
Packit Service 084de1
Packit Service 084de1 
 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
Packit Service 084de1 
 if (!ctx)
Packit Service 084de1 
     /* Error occurred */
Packit Service 084de1 
 if (EVP_PKEY_keygen_init(ctx) <= 0)
Packit Service 084de1 
     /* Error */
Packit Service 084de1 
 if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
Packit Service 084de1 
     /* Error */
Packit Service 084de1
Packit Service 084de1 
 /* Generate key */
Packit Service 084de1 
 if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
Packit Service 084de1 
     /* Error */
Packit Service 084de1
Packit Service 084de1 
Generate a key from a set of parameters:
Packit Service 084de1
Packit Service 084de1 
 #include <openssl/evp.h>
Packit Service 084de1 
 #include <openssl/rsa.h>
Packit Service 084de1
Packit Service 084de1 
 EVP_PKEY_CTX *ctx;
Packit Service 084de1 
 ENGINE *eng;
Packit Service 084de1 
 EVP_PKEY *pkey = NULL, *param;
Packit Service 084de1
Packit Service 084de1 
 /* Assumed param, eng are set up already */
Packit Service 084de1 
 ctx = EVP_PKEY_CTX_new(param, eng);
Packit Service 084de1 
 if (!ctx)
Packit Service 084de1 
     /* Error occurred */
Packit Service 084de1 
 if (EVP_PKEY_keygen_init(ctx) <= 0)
Packit Service 084de1 
     /* Error */
Packit Service 084de1
Packit Service 084de1 
 /* Generate key */
Packit Service 084de1 
 if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
Packit Service 084de1 
     /* Error */
Packit Service 084de1
Packit Service 084de1 
Example of generation callback for OpenSSL public key implementations:
Packit Service 084de1
Packit Service 084de1 
 /* Application data is a BIO to output status to */
Packit Service 084de1
Packit Service 084de1 
 EVP_PKEY_CTX_set_app_data(ctx, status_bio);
Packit Service 084de1
Packit Service 084de1 
 static int genpkey_cb(EVP_PKEY_CTX *ctx)
Packit Service 084de1 
 {
Packit Service 084de1 
     char c = '*';
Packit Service 084de1 
     BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
Packit Service 084de1 
     int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
Packit Service 084de1
Packit Service 084de1 
     if (p == 0)
Packit Service 084de1 
         c = '.';
Packit Service 084de1 
     if (p == 1)
Packit Service 084de1 
         c = '+';
Packit Service 084de1 
     if (p == 2)
Packit Service 084de1 
         c = '*';
Packit Service 084de1 
     if (p == 3)
Packit Service 084de1 
         c = '\n';
Packit Service 084de1 
     BIO_write(b, &c, 1);
Packit Service 084de1 
     (void)BIO_flush(b);
Packit Service 084de1 
     return 1;
Packit Service 084de1 
 }
Packit Service 084de1
Packit Service 084de1 
=head1 SEE ALSO
Packit Service 084de1
Packit Service 084de1 
L<EVP_PKEY_CTX_new(3)>,
Packit Service 084de1 
L<EVP_PKEY_encrypt(3)>,
Packit Service 084de1 
L<EVP_PKEY_decrypt(3)>,
Packit Service 084de1 
L<EVP_PKEY_sign(3)>,
Packit Service 084de1 
L<EVP_PKEY_verify(3)>,
Packit Service 084de1 
L<EVP_PKEY_verify_recover(3)>,
Packit Service 084de1 
L<EVP_PKEY_derive(3)>
Packit Service 084de1
Packit Service 084de1 
=head1 HISTORY
Packit Service 084de1
Packit Service 084de1 
These functions were added in OpenSSL 1.0.0.
Packit Service 084de1
Packit Service 084de1 
EVP_PKEY_check(), EVP_PKEY_public_check() and EVP_PKEY_param_check() were added
Packit Service 084de1 
in OpenSSL 1.1.1.
Packit Service 084de1
Packit Service 084de1 
=head1 COPYRIGHT
Packit Service 084de1
Packit Service 084de1 
Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
Packit Service 084de1
Packit Service 084de1 
Licensed under the OpenSSL license (the "License").  You may not use
Packit Service 084de1 
this file except in compliance with the License.  You can obtain a copy
Packit Service 084de1 
in the file LICENSE in the source distribution or at
Packit Service 084de1 
L<https://www.openssl.org/source/license.html>.
Packit Service 084de1
Packit Service 084de1 
=cut

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation