1*e71b7053SJung-uk Kim=pod 2*e71b7053SJung-uk Kim 3*e71b7053SJung-uk Kim=begin comment 4*e71b7053SJung-uk Kim 5*e71b7053SJung-uk KimThis is a recommended way to describe OSSL_STORE loaders, 6*e71b7053SJung-uk Kim"ossl_store-{name}", where {name} is replaced with the name of the 7*e71b7053SJung-uk Kimscheme it implements, in man section 7. 8*e71b7053SJung-uk Kim 9*e71b7053SJung-uk Kim=end comment 10*e71b7053SJung-uk Kim 11*e71b7053SJung-uk Kim=head1 NAME 12*e71b7053SJung-uk Kim 13*e71b7053SJung-uk Kimossl_store-file - The store 'file' scheme loader 14*e71b7053SJung-uk Kim 15*e71b7053SJung-uk Kim=head1 SYNOPSIS 16*e71b7053SJung-uk Kim 17*e71b7053SJung-uk Kim=for comment generic 18*e71b7053SJung-uk Kim 19*e71b7053SJung-uk Kim#include <openssl/store.h> 20*e71b7053SJung-uk Kim 21*e71b7053SJung-uk Kim=head1 DESCRIPTION 22*e71b7053SJung-uk Kim 23*e71b7053SJung-uk KimSupport for the 'file' scheme is built into C<libcrypto>. 24*e71b7053SJung-uk KimSince files come in all kinds of formats and content types, the 'file' 25*e71b7053SJung-uk Kimscheme has its own layer of functionality called "file handlers", 26*e71b7053SJung-uk Kimwhich are used to try to decode diverse types of file contents. 27*e71b7053SJung-uk Kim 28*e71b7053SJung-uk KimIn case a file is formatted as PEM, each called file handler receives 29*e71b7053SJung-uk Kimthe PEM name (everything following any 'C<-----BEGIN >') as well as 30*e71b7053SJung-uk Kimpossible PEM headers, together with the decoded PEM body. Since PEM 31*e71b7053SJung-uk Kimformatted files can contain more than one object, the file handlers 32*e71b7053SJung-uk Kimare called upon for each such object. 33*e71b7053SJung-uk Kim 34*e71b7053SJung-uk KimIf the file isn't determined to be formatted as PEM, the content is 35*e71b7053SJung-uk Kimloaded in raw form in its entirety and passed to the available file 36*e71b7053SJung-uk Kimhandlers as is, with no PEM name or headers. 37*e71b7053SJung-uk Kim 38*e71b7053SJung-uk KimEach file handler is expected to handle PEM and non-PEM content as 39*e71b7053SJung-uk Kimappropriate. Some may refuse non-PEM content for the sake of 40*e71b7053SJung-uk Kimdeterminism (for example, there are keys out in the wild that are 41*e71b7053SJung-uk Kimrepresented as an ASN.1 OCTET STRING. In raw form, it's not easily 42*e71b7053SJung-uk Kimpossible to distinguish those from any other data coming as an ASN.1 43*e71b7053SJung-uk KimOCTET STRING, so such keys would naturally be accepted as PEM files 44*e71b7053SJung-uk Kimonly). 45*e71b7053SJung-uk Kim 46*e71b7053SJung-uk Kim=head1 NOTES 47*e71b7053SJung-uk Kim 48*e71b7053SJung-uk KimWhen needed, the 'file' scheme loader will require a pass phrase by 49*e71b7053SJung-uk Kimusing the C<UI_METHOD> that was passed via OSSL_STORE_open(). 50*e71b7053SJung-uk KimThis pass phrase is expected to be UTF-8 encoded, anything else will 51*e71b7053SJung-uk Kimgive an undefined result. 52*e71b7053SJung-uk KimThe files made accessible through this loader are expected to be 53*e71b7053SJung-uk Kimstandard compliant with regards to pass phrase encoding. 54*e71b7053SJung-uk KimFiles that aren't should be re-generated with a correctly encoded pass 55*e71b7053SJung-uk Kimphrase. 56*e71b7053SJung-uk KimSee L<passphrase-encoding(7)> for more information. 57*e71b7053SJung-uk Kim 58*e71b7053SJung-uk Kim=head1 SEE ALSO 59*e71b7053SJung-uk Kim 60*e71b7053SJung-uk KimL<ossl_store(7)>, L<passphrase-encoding(7)> 61*e71b7053SJung-uk Kim 62*e71b7053SJung-uk Kim=head1 COPYRIGHT 63*e71b7053SJung-uk Kim 64*e71b7053SJung-uk KimCopyright 2018 The OpenSSL Project Authors. All Rights Reserved. 65*e71b7053SJung-uk Kim 66*e71b7053SJung-uk KimLicensed under the OpenSSL license (the "License"). You may not use 67*e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 68*e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 69*e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 70*e71b7053SJung-uk Kim 71*e71b7053SJung-uk Kim=cut 72