$NetBSD: life_cycle-pkey.7,v 1.5 2024/09/08 13:08:38 christos Exp $
-*- mode: troff; coding: utf-8 -*-
Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43)
Standard preamble:
========================================================================
..
. ds C` "" . ds C' "" 'br\} . ds C` . ds C' 'br\}
Escape single quotes in literal strings from groff's Unicode transform.
If the F register is >0, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.
Avoid warning from groff about undefined register 'F'.
.. .nr rF 0 . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF ========================================================================
Title "LIFE_CYCLE-PKEY 7"
way too many mistakes in technical documents.
-*- mode: troff; coding: utf-8 -*-
Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43)
Standard preamble:
========================================================================
..
.... \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
. ds C` "" . ds C' "" 'br\} . ds C` . ds C' 'br\}
Escape single quotes in literal strings from groff's Unicode transform.
If the F register is >0, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.
Avoid warning from groff about undefined register 'F'.
.. .nr rF 0 . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF ========================================================================
Title "LIFE_CYCLE-PKEY 7"
LIFE_CYCLE-PKEY 7 2024-09-03 3.0.15 OpenSSL
For nroff, turn off justification. Always turn off hyphenation; it makesway too many mistakes in technical documents.
NAME
life_cycle-pkey - The PKEY algorithm life-cycle
DESCRIPTION
Header "DESCRIPTION" All public keys (PKEYs) go through a number of stages in their life-cycle:
start 4
Item "start" This state represents the PKEY before it has been allocated. It is the
starting state for any life-cycle transitions.
newed 4
Item "newed" This state represents the PKEY after it has been allocated.
decapsulate 4
Item "decapsulate" This state represents the PKEY when it is ready to perform a private key decapsulation
operation.
decrypt 4
Item "decrypt" This state represents the PKEY when it is ready to decrypt some ciphertext.
derive 4
Item "derive" This state represents the PKEY when it is ready to derive a shared secret.
"digest sign" 4
Item "digest sign" This state represents the PKEY when it is ready to perform a private key signature
operation.
encapsulate 4
Item "encapsulate" This state represents the PKEY when it is ready to perform a public key encapsulation
operation.
encrypt 4
Item "encrypt" This state represents the PKEY when it is ready to encrypt some plaintext.
"key generation" 4
Item "key generation" This state represents the PKEY when it is ready to generate a new public/private key.
"parameter generation" 4
Item "parameter generation" This state represents the PKEY when it is ready to generate key parameters.
verify 4
Item "verify" This state represents the PKEY when it is ready to verify a public key signature.
"verify recover" 4
Item "verify recover" This state represents the PKEY when it is ready to recover a public key signature data.
freed 4
Item "freed" This state is entered when the PKEY is freed. It is the terminal state
for all life-cycle transitions.
"State Transition Diagram"
Subsection "State Transition Diagram" The usual life-cycle of a PKEY object is illustrated:
+-------------+
| |
| start |
| |
EVP_PKEY_derive +-------------+
+-------------+ EVP_PKEY_derive_set_peer | +-------------+
| |----------------------------+ | +----------------------------| |
| derive | | | | EVP_PKEY_verify | verify |
| |<---------------------------+ | +--------------------------->| |
+-------------+ | +-------------+
^ | ^
| EVP_PKEY_derive_init | EVP_PKEY_verify_init |
+---------------------------------------+ | +---------------------------------------+
| | |
+-------------+ | | | +-------------+
| |----------------------------+ | | | +----------------------------| |
| digest sign | EVP_PKEY_sign | | | | | EVP_PKEY_verify_recover | verify |
| |<---------------------------+ | | | +--------------------------->| recover |
+-------------+ | | | +-------------+
^ | | | ^
| EVP_PKEY_sign_init | | | EVP_PKEY_verify_recover_init |
+---------------------------------+ | | | +---------------------------------+
| | | | |
+-------------+ | | | | | +-------------+
| |----------------------------+ | | | | | +----------------------------| |
| decapsulate | EVP_PKEY_decapsulate | | | | | | | EVP_PKEY_decrypt | decrypt |
| |<---------------------------+ | | v | | +--------------------------->| |
+-------------+ | +-------------+ | +-------------+
^ +---| |---+ ^
| EVP_PKEY_decapsulate_init | | EVP_PKEY_decrypt_init |
+-------------------------------------| newed |-------------------------------------+
| |
+---| |---+
+-------------+ | +-------------+ | +-------------+
| |----------------------------+ | | | | +----------------------------| |
| encapsulate | EVP_PKEY_encapsulate | | | | | | EVP_PKEY_encrypt | encrypt |
| |<---------------------------+ | | | | +--------------------------->| |
+-------------+ | | | | +-------------+
^ | | | | ^
| EVP_PKEY_encapsulate_init | | | | EVP_PKEY_encrypt_init |
+---------------------------------+ | | +---------------------------------+
| |
+---------------------------------------+ +---------------------------------------+
| EVP_PKEY_paramgen_init EVP_PKEY_keygen_init |
v v
+-------------+ +-------------+
| |----------------------------+ +----------------------------| |
| parameter | | | | key |
| generation |<---------------------------+ +--------------------------->| generation |
+-------------+ EVP_PKEY_paramgen EVP_PKEY_keygen +-------------+
EVP_PKEY_gen EVP_PKEY_gen
+ - - - - - + +-----------+
' ' EVP_PKEY_CTX_free | |
' any state '------------------->| freed |
' ' | |
+ - - - - - + +-----------+
"Formal State Transitions"
Subsection "Formal State Transitions" This section defines all of the legal state transitions.
This is the canonical list.
Function Call ---------------------------------------------------------------------- Current State ----------------------------------------------------------------------
start newed digest verify verify encrypt decrypt derive encapsulate decapsulate parameter key freed
sign recover generation generation
EVP_PKEY_CTX_new newed
EVP_PKEY_CTX_new_id newed
EVP_PKEY_CTX_new_from_name newed
EVP_PKEY_CTX_new_from_pkey newed
EVP_PKEY_sign_init digest digest digest digest digest digest digest digest digest digest digest
sign sign sign sign sign sign sign sign sign sign sign
EVP_PKEY_sign digest
sign
EVP_PKEY_verify_init verify verify verify verify verify verify verify verify verify verify verify
EVP_PKEY_verify verify
EVP_PKEY_verify_recover_init verify verify verify verify verify verify verify verify verify verify verify
recover recover recover recover recover recover recover recover recover recover recover
EVP_PKEY_verify_recover verify
recover
EVP_PKEY_encrypt_init encrypt encrypt encrypt encrypt encrypt encrypt encrypt encrypt encrypt encrypt encrypt
EVP_PKEY_encrypt encrypt
EVP_PKEY_decrypt_init decrypt decrypt decrypt decrypt decrypt decrypt decrypt decrypt decrypt decrypt decrypt
EVP_PKEY_decrypt decrypt
EVP_PKEY_derive_init derive derive derive derive derive derive derive derive derive derive derive
EVP_PKEY_derive_set_peer derive
EVP_PKEY_derive derive
EVP_PKEY_encapsulate_init encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate
EVP_PKEY_encapsulate encapsulate
EVP_PKEY_decapsulate_init decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate
EVP_PKEY_decapsulate decapsulate
EVP_PKEY_paramgen_init parameter parameter parameter parameter parameter parameter parameter parameter parameter parameter parameter
generation generation generation generation generation generation generation generation generation generation generation
EVP_PKEY_paramgen parameter
generation
EVP_PKEY_keygen_init key key key key key key key key key key key
generation generation generation generation generation generation generation generation generation generation generation
EVP_PKEY_keygen key
generation
EVP_PKEY_gen parameter key
generation generation
EVP_PKEY_CTX_get_params newed digest verify verify encrypt decrypt derive encapsulate decapsulate parameter key
sign recover generation generation
EVP_PKEY_CTX_set_params newed digest verify verify encrypt decrypt derive encapsulate decapsulate parameter key
sign recover generation generation
EVP_PKEY_CTX_gettable_params newed digest verify verify encrypt decrypt derive encapsulate decapsulate parameter key
sign recover generation generation
EVP_PKEY_CTX_settable_params newed digest verify verify encrypt decrypt derive encapsulate decapsulate parameter key
sign recover generation generation
EVP_PKEY_CTX_free freed freed freed freed freed freed freed freed freed freed freed freed
NOTES
Header "NOTES" At some point the EVP layer will begin enforcing the transitions described
herein.
"SEE ALSO"
Header "SEE ALSO" \fBEVP_PKEY_new\|(3),
\fBEVP_PKEY_decapsulate\|(3), EVP_PKEY_decrypt\|(3), EVP_PKEY_encapsulate\|(3),
\fBEVP_PKEY_encrypt\|(3), EVP_PKEY_derive\|(3), EVP_PKEY_keygen\|(3),
\fBEVP_PKEY_sign\|(3), EVP_PKEY_verify\|(3), EVP_PKEY_verify_recover\|(3)
HISTORY
Header "HISTORY" The provider PKEY interface was introduced in OpenSSL 3.0.
COPYRIGHT
Header "COPYRIGHT" Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.