1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5e71b7053SJung-uk Kimevp - high-level cryptographic functions 6e71b7053SJung-uk Kim 7e71b7053SJung-uk Kim=head1 SYNOPSIS 8e71b7053SJung-uk Kim 9e71b7053SJung-uk Kim #include <openssl/evp.h> 10e71b7053SJung-uk Kim 11e71b7053SJung-uk Kim=head1 DESCRIPTION 12e71b7053SJung-uk Kim 13e71b7053SJung-uk KimThe EVP library provides a high-level interface to cryptographic 14e71b7053SJung-uk Kimfunctions. 15e71b7053SJung-uk Kim 16e71b7053SJung-uk KimThe L<B<EVP_Seal>I<XXX>|EVP_SealInit(3)> and L<B<EVP_Open>I<XXX>|EVP_OpenInit(3)> 17e71b7053SJung-uk Kimfunctions provide public key encryption and decryption to implement digital "envelopes". 18e71b7053SJung-uk Kim 19e71b7053SJung-uk KimThe L<B<EVP_DigestSign>I<XXX>|EVP_DigestSignInit(3)> and 20e71b7053SJung-uk KimL<B<EVP_DigestVerify>I<XXX>|EVP_DigestVerifyInit(3)> functions implement 21e71b7053SJung-uk Kimdigital signatures and Message Authentication Codes (MACs). Also see the older 22e71b7053SJung-uk KimL<B<EVP_Sign>I<XXX>|EVP_SignInit(3)> and L<B<EVP_Verify>I<XXX>|EVP_VerifyInit(3)> 23e71b7053SJung-uk Kimfunctions. 24e71b7053SJung-uk Kim 25e71b7053SJung-uk KimSymmetric encryption is available with the L<B<EVP_Encrypt>I<XXX>|EVP_EncryptInit(3)> 26e71b7053SJung-uk Kimfunctions. The L<B<EVP_Digest>I<XXX>|EVP_DigestInit(3)> functions provide message digests. 27e71b7053SJung-uk Kim 2858f35182SJung-uk KimThe B<EVP_PKEY>I<XXX> functions provide a high-level interface to 29e71b7053SJung-uk Kimasymmetric algorithms. To create a new EVP_PKEY see 30e71b7053SJung-uk KimL<EVP_PKEY_new(3)>. EVP_PKEYs can be associated 31e71b7053SJung-uk Kimwith a private key of a particular algorithm by using the functions 32*b077aed3SPierre Proncherydescribed on the L<EVP_PKEY_fromdata(3)> page, or 33e71b7053SJung-uk Kimnew keys can be generated using L<EVP_PKEY_keygen(3)>. 34*b077aed3SPierre ProncheryEVP_PKEYs can be compared using L<EVP_PKEY_eq(3)>, or printed using 35*b077aed3SPierre ProncheryL<EVP_PKEY_print_private(3)>. L<EVP_PKEY_todata(3)> can be used to convert a 36*b077aed3SPierre Proncherykey back into an L<OSSL_PARAM(3)> array. 37e71b7053SJung-uk Kim 38e71b7053SJung-uk KimThe EVP_PKEY functions support the full range of asymmetric algorithm operations: 39e71b7053SJung-uk Kim 40e71b7053SJung-uk Kim=over 4 41e71b7053SJung-uk Kim 42e71b7053SJung-uk Kim=item For key agreement see L<EVP_PKEY_derive(3)> 43e71b7053SJung-uk Kim 44e71b7053SJung-uk Kim=item For signing and verifying see L<EVP_PKEY_sign(3)>, 45e71b7053SJung-uk KimL<EVP_PKEY_verify(3)> and L<EVP_PKEY_verify_recover(3)>. 46e71b7053SJung-uk KimHowever, note that 4758f35182SJung-uk Kimthese functions do not perform a digest of the data to be signed. Therefore, 48e71b7053SJung-uk Kimnormally you would use the L<EVP_DigestSignInit(3)> 49e71b7053SJung-uk Kimfunctions for this purpose. 50e71b7053SJung-uk Kim 51e71b7053SJung-uk Kim=item For encryption and decryption see L<EVP_PKEY_encrypt(3)> 52e71b7053SJung-uk Kimand L<EVP_PKEY_decrypt(3)> respectively. However, note that 53e71b7053SJung-uk Kimthese functions perform encryption and decryption only. As public key 54e71b7053SJung-uk Kimencryption is an expensive operation, normally you would wrap 55e71b7053SJung-uk Kiman encrypted message in a "digital envelope" using the L<EVP_SealInit(3)> and 56e71b7053SJung-uk KimL<EVP_OpenInit(3)> functions. 57e71b7053SJung-uk Kim 58e71b7053SJung-uk Kim=back 59e71b7053SJung-uk Kim 60e71b7053SJung-uk KimThe L<EVP_BytesToKey(3)> function provides some limited support for password 61e71b7053SJung-uk Kimbased encryption. Careful selection of the parameters will provide a PKCS#5 PBKDF1 compatible 62e71b7053SJung-uk Kimimplementation. However, new applications should not typically use this (preferring, for example, 63e71b7053SJung-uk KimPBKDF2 from PCKS#5). 64e71b7053SJung-uk Kim 65e71b7053SJung-uk KimThe L<B<EVP_Encode>I<XXX>|EVP_EncodeInit(3)> and 66e71b7053SJung-uk KimL<B<EVP_Decode>I<XXX>|EVP_EncodeInit(3)> functions implement base 64 encoding 67e71b7053SJung-uk Kimand decoding. 68e71b7053SJung-uk Kim 69e71b7053SJung-uk KimAll the symmetric algorithms (ciphers), digests and asymmetric algorithms 70e71b7053SJung-uk Kim(public key algorithms) can be replaced by ENGINE modules providing alternative 71e71b7053SJung-uk Kimimplementations. If ENGINE implementations of ciphers or digests are registered 72e71b7053SJung-uk Kimas defaults, then the various EVP functions will automatically use those 73e71b7053SJung-uk Kimimplementations automatically in preference to built in software 74e71b7053SJung-uk Kimimplementations. For more information, consult the engine(3) man page. 75e71b7053SJung-uk Kim 7658f35182SJung-uk KimAlthough low-level algorithm specific functions exist for many algorithms 77e71b7053SJung-uk Kimtheir use is discouraged. They cannot be used with an ENGINE and ENGINE 7858f35182SJung-uk Kimversions of new algorithms cannot be accessed using the low-level functions. 79e71b7053SJung-uk KimAlso makes code harder to adapt to new algorithms and some options are not 8058f35182SJung-uk Kimcleanly supported at the low-level and some operations are more efficient 8158f35182SJung-uk Kimusing the high-level interface. 82e71b7053SJung-uk Kim 83e71b7053SJung-uk Kim=head1 SEE ALSO 84e71b7053SJung-uk Kim 85e71b7053SJung-uk KimL<EVP_DigestInit(3)>, 86e71b7053SJung-uk KimL<EVP_EncryptInit(3)>, 87e71b7053SJung-uk KimL<EVP_OpenInit(3)>, 88e71b7053SJung-uk KimL<EVP_SealInit(3)>, 89e71b7053SJung-uk KimL<EVP_DigestSignInit(3)>, 90e71b7053SJung-uk KimL<EVP_SignInit(3)>, 91e71b7053SJung-uk KimL<EVP_VerifyInit(3)>, 92e71b7053SJung-uk KimL<EVP_EncodeInit(3)>, 93e71b7053SJung-uk KimL<EVP_PKEY_new(3)>, 94*b077aed3SPierre ProncheryL<EVP_PKEY_fromdata(3)>, 95*b077aed3SPierre ProncheryL<EVP_PKEY_todata(3)>, 96e71b7053SJung-uk KimL<EVP_PKEY_keygen(3)>, 97e71b7053SJung-uk KimL<EVP_PKEY_print_private(3)>, 98e71b7053SJung-uk KimL<EVP_PKEY_decrypt(3)>, 99e71b7053SJung-uk KimL<EVP_PKEY_encrypt(3)>, 100e71b7053SJung-uk KimL<EVP_PKEY_sign(3)>, 101e71b7053SJung-uk KimL<EVP_PKEY_verify(3)>, 102e71b7053SJung-uk KimL<EVP_PKEY_verify_recover(3)>, 103e71b7053SJung-uk KimL<EVP_PKEY_derive(3)>, 104e71b7053SJung-uk KimL<EVP_BytesToKey(3)>, 105e71b7053SJung-uk KimL<ENGINE_by_id(3)> 106e71b7053SJung-uk Kim 107e71b7053SJung-uk Kim=head1 COPYRIGHT 108e71b7053SJung-uk Kim 109*b077aed3SPierre ProncheryCopyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. 110e71b7053SJung-uk Kim 111*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 112e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 113e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 114e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 115e71b7053SJung-uk Kim 116e71b7053SJung-uk Kim=cut 117