libcrypto/man/EVP_PKEY_encrypt.3

*f1c41952Sschwarze.\"	$OpenBSD: EVP_PKEY_encrypt.3,v 1.10 2024/12/06 14:27:49 schwarze Exp $
0f34efa9Sschwarze.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
8974101aSjmc.\"
0f34efa9Sschwarze.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
0f34efa9Sschwarze.\" Copyright (c) 2006, 2009, 2013, 2014, 2016 The OpenSSL Project.
0f34efa9Sschwarze.\" All rights reserved.
0f34efa9Sschwarze.\"
0f34efa9Sschwarze.\" Redistribution and use in source and binary forms, with or without
0f34efa9Sschwarze.\" modification, are permitted provided that the following conditions
0f34efa9Sschwarze.\" are met:
0f34efa9Sschwarze.\"
0f34efa9Sschwarze.\" 1. Redistributions of source code must retain the above copyright
0f34efa9Sschwarze.\"    notice, this list of conditions and the following disclaimer.
0f34efa9Sschwarze.\"
0f34efa9Sschwarze.\" 2. Redistributions in binary form must reproduce the above copyright
0f34efa9Sschwarze.\"    notice, this list of conditions and the following disclaimer in
0f34efa9Sschwarze.\"    the documentation and/or other materials provided with the
0f34efa9Sschwarze.\"    distribution.
0f34efa9Sschwarze.\"
0f34efa9Sschwarze.\" 3. All advertising materials mentioning features or use of this
0f34efa9Sschwarze.\"    software must display the following acknowledgment:
0f34efa9Sschwarze.\"    "This product includes software developed by the OpenSSL Project
0f34efa9Sschwarze.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
0f34efa9Sschwarze.\"
0f34efa9Sschwarze.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
0f34efa9Sschwarze.\"    endorse or promote products derived from this software without
0f34efa9Sschwarze.\"    prior written permission. For written permission, please contact
0f34efa9Sschwarze.\"    openssl-core@openssl.org.
0f34efa9Sschwarze.\"
0f34efa9Sschwarze.\" 5. Products derived from this software may not be called "OpenSSL"
0f34efa9Sschwarze.\"    nor may "OpenSSL" appear in their names without prior written
0f34efa9Sschwarze.\"    permission of the OpenSSL Project.
0f34efa9Sschwarze.\"
0f34efa9Sschwarze.\" 6. Redistributions of any form whatsoever must retain the following
0f34efa9Sschwarze.\"    acknowledgment:
0f34efa9Sschwarze.\"    "This product includes software developed by the OpenSSL Project
0f34efa9Sschwarze.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
0f34efa9Sschwarze.\"
0f34efa9Sschwarze.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
0f34efa9Sschwarze.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
0f34efa9Sschwarze.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
0f34efa9Sschwarze.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
0f34efa9Sschwarze.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
0f34efa9Sschwarze.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
0f34efa9Sschwarze.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
0f34efa9Sschwarze.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
0f34efa9Sschwarze.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
0f34efa9Sschwarze.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
0f34efa9Sschwarze.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
0f34efa9Sschwarze.\" OF THE POSSIBILITY OF SUCH DAMAGE.
0f34efa9Sschwarze.\"
*f1c41952Sschwarze.Dd $Mdocdate: December 6 2024 $
d5c51cd3Sschwarze.Dt EVP_PKEY_ENCRYPT 3
d5c51cd3Sschwarze.Os
d5c51cd3Sschwarze.Sh NAME
d5c51cd3Sschwarze.Nm EVP_PKEY_encrypt_init ,
d5c51cd3Sschwarze.Nm EVP_PKEY_encrypt
d5c51cd3Sschwarze.Nd encrypt using a public key algorithm
d5c51cd3Sschwarze.Sh SYNOPSIS
d5c51cd3Sschwarze.In openssl/evp.h
d5c51cd3Sschwarze.Ft int
d5c51cd3Sschwarze.Fo EVP_PKEY_encrypt_init
d5c51cd3Sschwarze.Fa "EVP_PKEY_CTX *ctx"
d5c51cd3Sschwarze.Fc
d5c51cd3Sschwarze.Ft int
d5c51cd3Sschwarze.Fo EVP_PKEY_encrypt
d5c51cd3Sschwarze.Fa "EVP_PKEY_CTX *ctx"
d5c51cd3Sschwarze.Fa "unsigned char *out"
d5c51cd3Sschwarze.Fa "size_t *outlen"
d5c51cd3Sschwarze.Fa "const unsigned char *in"
d5c51cd3Sschwarze.Fa "size_t inlen"
d5c51cd3Sschwarze.Fc
d5c51cd3Sschwarze.Sh DESCRIPTION
d5c51cd3SschwarzeThe
d5c51cd3Sschwarze.Fn EVP_PKEY_encrypt_init
d5c51cd3Sschwarzefunction initializes a public key algorithm context using key
d5c51cd3Sschwarze.Fa ctx->pkey
d5c51cd3Sschwarzefor an encryption operation.
d5c51cd3Sschwarze.Pp
d5c51cd3SschwarzeThe
d5c51cd3Sschwarze.Fn EVP_PKEY_encrypt
d5c51cd3Sschwarzefunction performs a public key encryption operation using
d5c51cd3Sschwarze.Fa ctx .
d5c51cd3SschwarzeThe data to be encrypted is specified using the
d5c51cd3Sschwarze.Fa in
d5c51cd3Sschwarzeand
d5c51cd3Sschwarze.Fa inlen
d5c51cd3Sschwarzeparameters.
d5c51cd3SschwarzeIf
d5c51cd3Sschwarze.Fa out
d5c51cd3Sschwarzeis
d5c51cd3Sschwarze.Dv NULL ,
d5c51cd3Sschwarzethen the maximum size of the output buffer is written to the
d5c51cd3Sschwarze.Fa outlen
d5c51cd3Sschwarzeparameter.
d5c51cd3SschwarzeIf
d5c51cd3Sschwarze.Fa out
d5c51cd3Sschwarzeis not
d5c51cd3Sschwarze.Dv NULL ,
d5c51cd3Sschwarzethen before the call the
d5c51cd3Sschwarze.Fa outlen
d5c51cd3Sschwarzeparameter should contain the length of the
d5c51cd3Sschwarze.Fa out
84a81591Sjmcbuffer.
41ce3b17SnaddyIf the call is successful, the encrypted data is written to
d5c51cd3Sschwarze.Fa out
d5c51cd3Sschwarzeand the amount of data written to
d5c51cd3Sschwarze.Fa outlen .
d5c51cd3Sschwarze.Pp
d5c51cd3SschwarzeAfter the call to
d5c51cd3Sschwarze.Fn EVP_PKEY_encrypt_init ,
d5c51cd3Sschwarzealgorithm specific control operations can be performed to set any
d5c51cd3Sschwarzeappropriate parameters for the operation.
d5c51cd3Sschwarze.Pp
d5c51cd3SschwarzeThe function
d5c51cd3Sschwarze.Fn EVP_PKEY_encrypt
d5c51cd3Sschwarzecan be called more than once on the same context if several operations
d5c51cd3Sschwarzeare performed using the same parameters.
d5c51cd3Sschwarze.Sh RETURN VALUES
d5c51cd3Sschwarze.Fn EVP_PKEY_encrypt_init
d5c51cd3Sschwarzeand
d5c51cd3Sschwarze.Fn EVP_PKEY_encrypt
d5c51cd3Sschwarzereturn 1 for success and 0 or a negative value for failure.
d5c51cd3SschwarzeIn particular, a return value of -2 indicates the operation is not
d5c51cd3Sschwarzesupported by the public key algorithm.
d5c51cd3Sschwarze.Sh EXAMPLES
0f34efa9SschwarzeEncrypt data using OAEP (for RSA keys).
0f34efa9SschwarzeSee also
0f34efa9Sschwarze.Xr PEM_read_PUBKEY 3
0f34efa9Sschwarzeand
0f34efa9Sschwarze.Xr d2i_X509 3
0f34efa9Sschwarzefor means to load a public key.
0f34efa9SschwarzeYou may also simply set
50f025f4Stb.Dq eng
50f025f4Stbto
50f025f4Stb.Dv NULL
0f34efa9Sschwarzeto start with the default OpenSSL RSA implementation:
84a81591Sjmc.Bd -literal -offset indent
d5c51cd3Sschwarze#include <openssl/evp.h>
d5c51cd3Sschwarze#include <openssl/rsa.h>
d5c51cd3Sschwarze
d5c51cd3SschwarzeEVP_PKEY_CTX *ctx;
d5c51cd3Sschwarzeunsigned char *out, *in;
d5c51cd3Sschwarzesize_t outlen, inlen;
d5c51cd3SschwarzeEVP_PKEY *key;
9a2973baStb/* NB: assumes that key, in, inlen are already set up
d5c51cd3Sschwarze * and that key is an RSA public key
d5c51cd3Sschwarze */
9a2973baStbctx = EVP_PKEY_CTX_new(key, NULL);
d5c51cd3Sschwarzeif (!ctx)
d5c51cd3Sschwarze	/* Error occurred */
d5c51cd3Sschwarzeif (EVP_PKEY_encrypt_init(ctx) <= 0)
d5c51cd3Sschwarze	/* Error */
d5c51cd3Sschwarzeif (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0)
d5c51cd3Sschwarze	/* Error */
d5c51cd3Sschwarze
d5c51cd3Sschwarze/* Determine buffer length */
d5c51cd3Sschwarzeif (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0)
d5c51cd3Sschwarze	/* Error */
d5c51cd3Sschwarze
d5c51cd3Sschwarzeout = malloc(outlen);
d5c51cd3Sschwarze
d5c51cd3Sschwarzeif (!out)
d5c51cd3Sschwarze	/* malloc failure */
d5c51cd3Sschwarze
d5c51cd3Sschwarzeif (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0)
d5c51cd3Sschwarze	/* Error */
d5c51cd3Sschwarze
d5c51cd3Sschwarze/* Encrypted data is outlen bytes written to buffer out */
d5c51cd3Sschwarze.Ed
d5c51cd3Sschwarze.Sh SEE ALSO
d5c51cd3Sschwarze.Xr EVP_PKEY_CTX_new 3 ,
d5c51cd3Sschwarze.Xr EVP_PKEY_decrypt 3 ,
d5c51cd3Sschwarze.Xr EVP_PKEY_derive 3 ,
d5c51cd3Sschwarze.Xr EVP_PKEY_sign 3 ,
d5c51cd3Sschwarze.Xr EVP_PKEY_verify 3 ,
d5c51cd3Sschwarze.Xr EVP_PKEY_verify_recover 3
d5c51cd3Sschwarze.Sh HISTORY
56929f71Sschwarze.Fn EVP_PKEY_encrypt_init
56929f71Sschwarzeand
56929f71Sschwarze.Fn EVP_PKEY_encrypt
56929f71Sschwarzefirst appeared in OpenSSL 1.0.0 and have been available since
56929f71Sschwarze.Ox 4.9 .