xref: /openbsd-src/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 (revision 7350f337b9e3eb4461d99580e625c7ef148d107c) 
1.\"	$OpenBSD: PEM_read_bio_PrivateKey.3,v 1.14 2019/06/06 01:06:58 schwarze Exp $
2.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
3.\"
4.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
5.\" Copyright (c) 2001-2004, 2009, 2013-2016 The OpenSSL Project.
6.\" All rights reserved.
7.\"
8.\" Redistribution and use in source and binary forms, with or without
9.\" modification, are permitted provided that the following conditions
10.\" are met:
11.\"
12.\" 1. Redistributions of source code must retain the above copyright
13.\"    notice, this list of conditions and the following disclaimer.
14.\"
15.\" 2. Redistributions in binary form must reproduce the above copyright
16.\"    notice, this list of conditions and the following disclaimer in
17.\"    the documentation and/or other materials provided with the
18.\"    distribution.
19.\"
20.\" 3. All advertising materials mentioning features or use of this
21.\"    software must display the following acknowledgment:
22.\"    "This product includes software developed by the OpenSSL Project
23.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24.\"
25.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26.\"    endorse or promote products derived from this software without
27.\"    prior written permission. For written permission, please contact
28.\"    openssl-core@openssl.org.
29.\"
30.\" 5. Products derived from this software may not be called "OpenSSL"
31.\"    nor may "OpenSSL" appear in their names without prior written
32.\"    permission of the OpenSSL Project.
33.\"
34.\" 6. Redistributions of any form whatsoever must retain the following
35.\"    acknowledgment:
36.\"    "This product includes software developed by the OpenSSL Project
37.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38.\"
39.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50.\" OF THE POSSIBILITY OF SUCH DAMAGE.
51.\"
52.Dd $Mdocdate: June 6 2019 $
53.Dt PEM_READ_BIO_PRIVATEKEY 3
54.Os
55.Sh NAME
56.Nm PEM_read_bio_PrivateKey ,
57.Nm PEM_read_PrivateKey ,
58.Nm PEM_write_bio_PrivateKey ,
59.Nm PEM_write_PrivateKey ,
60.Nm PEM_write_bio_PKCS8PrivateKey ,
61.Nm PEM_write_PKCS8PrivateKey ,
62.Nm PEM_write_bio_PKCS8PrivateKey_nid ,
63.Nm PEM_write_PKCS8PrivateKey_nid ,
64.Nm PEM_read_bio_PKCS8 ,
65.Nm PEM_read_PKCS8 ,
66.Nm PEM_write_bio_PKCS8 ,
67.Nm PEM_write_PKCS8 ,
68.Nm PEM_read_bio_PKCS8_PRIV_KEY_INFO ,
69.Nm PEM_read_PKCS8_PRIV_KEY_INFO ,
70.Nm PEM_write_bio_PKCS8_PRIV_KEY_INFO ,
71.Nm PEM_write_PKCS8_PRIV_KEY_INFO ,
72.Nm PEM_read_bio_PUBKEY ,
73.Nm PEM_read_PUBKEY ,
74.Nm PEM_write_bio_PUBKEY ,
75.Nm PEM_write_PUBKEY ,
76.Nm PEM_read_bio_RSAPrivateKey ,
77.Nm PEM_read_RSAPrivateKey ,
78.Nm PEM_write_bio_RSAPrivateKey ,
79.Nm PEM_write_RSAPrivateKey ,
80.Nm PEM_read_bio_RSAPublicKey ,
81.Nm PEM_read_RSAPublicKey ,
82.Nm PEM_write_bio_RSAPublicKey ,
83.Nm PEM_write_RSAPublicKey ,
84.Nm PEM_read_bio_RSA_PUBKEY ,
85.Nm PEM_read_RSA_PUBKEY ,
86.Nm PEM_write_bio_RSA_PUBKEY ,
87.Nm PEM_write_RSA_PUBKEY ,
88.Nm PEM_read_bio_DSAPrivateKey ,
89.Nm PEM_read_DSAPrivateKey ,
90.Nm PEM_write_bio_DSAPrivateKey ,
91.Nm PEM_write_DSAPrivateKey ,
92.Nm PEM_read_bio_DSA_PUBKEY ,
93.Nm PEM_read_DSA_PUBKEY ,
94.Nm PEM_write_bio_DSA_PUBKEY ,
95.Nm PEM_write_DSA_PUBKEY ,
96.Nm PEM_read_bio_DSAparams ,
97.Nm PEM_read_DSAparams ,
98.Nm PEM_write_bio_DSAparams ,
99.Nm PEM_write_DSAparams ,
100.Nm PEM_read_bio_DHparams ,
101.Nm PEM_read_DHparams ,
102.Nm PEM_write_bio_DHparams ,
103.Nm PEM_write_DHparams ,
104.Nm PEM_read_bio_ECPKParameters ,
105.Nm PEM_read_ECPKParameters ,
106.Nm PEM_write_bio_ECPKParameters ,
107.Nm PEM_write_ECPKParameters ,
108.Nm PEM_read_bio_ECPrivateKey ,
109.Nm PEM_read_ECPrivateKey ,
110.Nm PEM_write_bio_ECPrivateKey ,
111.Nm PEM_write_ECPrivateKey ,
112.Nm PEM_read_bio_EC_PUBKEY ,
113.Nm PEM_read_EC_PUBKEY ,
114.Nm PEM_write_bio_EC_PUBKEY ,
115.Nm PEM_write_EC_PUBKEY ,
116.Nm PEM_read_bio_X509 ,
117.Nm PEM_read_X509 ,
118.Nm PEM_write_bio_X509 ,
119.Nm PEM_write_X509 ,
120.Nm PEM_read_bio_X509_AUX ,
121.Nm PEM_read_X509_AUX ,
122.Nm PEM_write_bio_X509_AUX ,
123.Nm PEM_write_X509_AUX ,
124.Nm PEM_read_bio_X509_REQ ,
125.Nm PEM_read_X509_REQ ,
126.Nm PEM_write_bio_X509_REQ ,
127.Nm PEM_write_X509_REQ ,
128.Nm PEM_write_bio_X509_REQ_NEW ,
129.Nm PEM_write_X509_REQ_NEW ,
130.Nm PEM_read_bio_X509_CRL ,
131.Nm PEM_read_X509_CRL ,
132.Nm PEM_write_bio_X509_CRL ,
133.Nm PEM_write_X509_CRL ,
134.Nm PEM_read_bio_PKCS7 ,
135.Nm PEM_read_PKCS7 ,
136.Nm PEM_write_bio_PKCS7 ,
137.Nm PEM_write_PKCS7 ,
138.Nm PEM_read_bio_NETSCAPE_CERT_SEQUENCE ,
139.Nm PEM_read_NETSCAPE_CERT_SEQUENCE ,
140.Nm PEM_write_bio_NETSCAPE_CERT_SEQUENCE ,
141.Nm PEM_write_NETSCAPE_CERT_SEQUENCE
142.Nd PEM routines
143.Sh SYNOPSIS
144.In openssl/pem.h
145.Ft EVP_PKEY *
146.Fo PEM_read_bio_PrivateKey
147.Fa "BIO *bp"
148.Fa "EVP_PKEY **x"
149.Fa "pem_password_cb *cb"
150.Fa "void *u"
151.Fc
152.Ft EVP_PKEY *
153.Fo PEM_read_PrivateKey
154.Fa "FILE *fp"
155.Fa "EVP_PKEY **x"
156.Fa "pem_password_cb *cb"
157.Fa "void *u"
158.Fc
159.Ft int
160.Fo PEM_write_bio_PrivateKey
161.Fa "BIO *bp"
162.Fa "EVP_PKEY *x"
163.Fa "const EVP_CIPHER *enc"
164.Fa "unsigned char *kstr"
165.Fa "int klen"
166.Fa "pem_password_cb *cb"
167.Fa "void *u"
168.Fc
169.Ft int
170.Fo PEM_write_PrivateKey
171.Fa "FILE *fp"
172.Fa "EVP_PKEY *x"
173.Fa "const EVP_CIPHER *enc"
174.Fa "unsigned char *kstr"
175.Fa "int klen"
176.Fa "pem_password_cb *cb"
177.Fa "void *u"
178.Fc
179.Ft int
180.Fo PEM_write_bio_PKCS8PrivateKey
181.Fa "BIO *bp"
182.Fa "EVP_PKEY *x"
183.Fa "const EVP_CIPHER *enc"
184.Fa "char *kstr"
185.Fa "int klen"
186.Fa "pem_password_cb *cb"
187.Fa "void *u"
188.Fc
189.Ft int
190.Fo PEM_write_PKCS8PrivateKey
191.Fa "FILE *fp"
192.Fa "EVP_PKEY *x"
193.Fa "const EVP_CIPHER *enc"
194.Fa "char *kstr"
195.Fa "int klen"
196.Fa "pem_password_cb *cb"
197.Fa "void *u"
198.Fc
199.Ft int
200.Fo PEM_write_bio_PKCS8PrivateKey_nid
201.Fa "BIO *bp"
202.Fa "EVP_PKEY *x"
203.Fa "int nid"
204.Fa "char *kstr"
205.Fa "int klen"
206.Fa "pem_password_cb *cb"
207.Fa "void *u"
208.Fc
209.Ft int
210.Fo PEM_write_PKCS8PrivateKey_nid
211.Fa "FILE *fp"
212.Fa "EVP_PKEY *x"
213.Fa "int nid"
214.Fa "char *kstr"
215.Fa "int klen"
216.Fa "pem_password_cb *cb"
217.Fa "void *u"
218.Fc
219.Ft X509_SIG *
220.Fo PEM_read_bio_PKCS8
221.Fa "BIO *bp"
222.Fa "X509_SIG **x"
223.Fa "pem_password_cb *cb"
224.Fa "void *u"
225.Fc
226.Ft X509_SIG *
227.Fo PEM_read_PKCS8
228.Fa "FILE *fp"
229.Fa "X509_SIG **x"
230.Fa "pem_password_cb *cb"
231.Fa "void *u"
232.Fc
233.Ft int
234.Fo PEM_write_bio_PKCS8
235.Fa "BIO *bp"
236.Fa "X509_SIG *x"
237.Fc
238.Ft int
239.Fo PEM_write_PKCS8
240.Fa "FILE *fp"
241.Fa "X509_SIG *x"
242.Fc
243.Ft PKCS8_PRIV_KEY_INFO *
244.Fo PEM_read_bio_PKCS8_PRIV_KEY_INFO
245.Fa "BIO *bp"
246.Fa "PKCS8_PRIV_KEY_INFO **x"
247.Fa "pem_password_cb *cb"
248.Fa "void *u"
249.Fc
250.Ft PKCS8_PRIV_KEY_INFO *
251.Fo PEM_read_PKCS8_PRIV_KEY_INFO
252.Fa "FILE *fp"
253.Fa "PKCS8_PRIV_KEY_INFO **x"
254.Fa "pem_password_cb *cb"
255.Fa "void *u"
256.Fc
257.Ft int
258.Fo PEM_write_bio_PKCS8_PRIV_KEY_INFO
259.Fa "BIO *bp"
260.Fa "PKCS8_PRIV_KEY_INFO *x"
261.Fc
262.Ft int
263.Fo PEM_write_PKCS8_PRIV_KEY_INFO
264.Fa "FILE *fp"
265.Fa "PKCS8_PRIV_KEY_INFO *x"
266.Fc
267.Ft EVP_PKEY *
268.Fo PEM_read_bio_PUBKEY
269.Fa "BIO *bp"
270.Fa "EVP_PKEY **x"
271.Fa "pem_password_cb *cb"
272.Fa "void *u"
273.Fc
274.Ft EVP_PKEY *
275.Fo PEM_read_PUBKEY
276.Fa "FILE *fp"
277.Fa "EVP_PKEY **x"
278.Fa "pem_password_cb *cb"
279.Fa "void *u"
280.Fc
281.Ft int
282.Fo PEM_write_bio_PUBKEY
283.Fa "BIO *bp"
284.Fa "EVP_PKEY *x"
285.Fc
286.Ft int
287.Fo PEM_write_PUBKEY
288.Fa "FILE *fp"
289.Fa "EVP_PKEY *x"
290.Fc
291.Ft RSA *
292.Fo PEM_read_bio_RSAPrivateKey
293.Fa "BIO *bp"
294.Fa "RSA **x"
295.Fa "pem_password_cb *cb"
296.Fa "void *u"
297.Fc
298.Ft RSA *
299.Fo PEM_read_RSAPrivateKey
300.Fa "FILE *fp"
301.Fa "RSA **x"
302.Fa "pem_password_cb *cb"
303.Fa "void *u"
304.Fc
305.Ft int
306.Fo PEM_write_bio_RSAPrivateKey
307.Fa "BIO *bp"
308.Fa "RSA *x"
309.Fa "const EVP_CIPHER *enc"
310.Fa "unsigned char *kstr"
311.Fa "int klen"
312.Fa "pem_password_cb *cb"
313.Fa "void *u"
314.Fc
315.Ft int
316.Fo PEM_write_RSAPrivateKey
317.Fa "FILE *fp"
318.Fa "RSA *x"
319.Fa "const EVP_CIPHER *enc"
320.Fa "unsigned char *kstr"
321.Fa "int klen"
322.Fa "pem_password_cb *cb"
323.Fa "void *u"
324.Fc
325.Ft RSA *
326.Fo PEM_read_bio_RSAPublicKey
327.Fa "BIO *bp"
328.Fa "RSA **x"
329.Fa "pem_password_cb *cb"
330.Fa "void *u"
331.Fc
332.Ft RSA *
333.Fo PEM_read_RSAPublicKey
334.Fa "FILE *fp"
335.Fa "RSA **x"
336.Fa "pem_password_cb *cb"
337.Fa "void *u"
338.Fc
339.Ft int
340.Fo PEM_write_bio_RSAPublicKey
341.Fa "BIO *bp"
342.Fa "RSA *x"
343.Fc
344.Ft int
345.Fo PEM_write_RSAPublicKey
346.Fa "FILE *fp"
347.Fa "RSA *x"
348.Fc
349.Ft RSA *
350.Fo PEM_read_bio_RSA_PUBKEY
351.Fa "BIO *bp"
352.Fa "RSA **x"
353.Fa "pem_password_cb *cb"
354.Fa "void *u"
355.Fc
356.Ft RSA *
357.Fo PEM_read_RSA_PUBKEY
358.Fa "FILE *fp"
359.Fa "RSA **x"
360.Fa "pem_password_cb *cb"
361.Fa "void *u"
362.Fc
363.Ft int
364.Fo PEM_write_bio_RSA_PUBKEY
365.Fa "BIO *bp"
366.Fa "RSA *x"
367.Fc
368.Ft int
369.Fo PEM_write_RSA_PUBKEY
370.Fa "FILE *fp"
371.Fa "RSA *x"
372.Fc
373.Ft DSA *
374.Fo PEM_read_bio_DSAPrivateKey
375.Fa "BIO *bp"
376.Fa "DSA **x"
377.Fa "pem_password_cb *cb"
378.Fa "void *u"
379.Fc
380.Ft DSA *
381.Fo PEM_read_DSAPrivateKey
382.Fa "FILE *fp"
383.Fa "DSA **x"
384.Fa "pem_password_cb *cb"
385.Fa "void *u"
386.Fc
387.Ft int
388.Fo PEM_write_bio_DSAPrivateKey
389.Fa "BIO *bp"
390.Fa "DSA *x"
391.Fa "const EVP_CIPHER *enc"
392.Fa "unsigned char *kstr"
393.Fa "int klen"
394.Fa "pem_password_cb *cb"
395.Fa "void *u"
396.Fc
397.Ft int
398.Fo PEM_write_DSAPrivateKey
399.Fa "FILE *fp"
400.Fa "DSA *x"
401.Fa "const EVP_CIPHER *enc"
402.Fa "unsigned char *kstr"
403.Fa "int klen"
404.Fa "pem_password_cb *cb"
405.Fa "void *u"
406.Fc
407.Ft DSA *
408.Fo PEM_read_bio_DSA_PUBKEY
409.Fa "BIO *bp"
410.Fa "DSA **x"
411.Fa "pem_password_cb *cb"
412.Fa "void *u"
413.Fc
414.Ft DSA *
415.Fo PEM_read_DSA_PUBKEY
416.Fa "FILE *fp"
417.Fa "DSA **x"
418.Fa "pem_password_cb *cb"
419.Fa "void *u"
420.Fc
421.Ft int
422.Fo PEM_write_bio_DSA_PUBKEY
423.Fa "BIO *bp"
424.Fa "DSA *x"
425.Fc
426.Ft int
427.Fo PEM_write_DSA_PUBKEY
428.Fa "FILE *fp"
429.Fa "DSA *x"
430.Fc
431.Ft DSA *
432.Fo PEM_read_bio_DSAparams
433.Fa "BIO *bp"
434.Fa "DSA **x"
435.Fa "pem_password_cb *cb"
436.Fa "void *u"
437.Fc
438.Ft DSA *
439.Fo PEM_read_DSAparams
440.Fa "FILE *fp"
441.Fa "DSA **x"
442.Fa "pem_password_cb *cb"
443.Fa "void *u"
444.Fc
445.Ft int
446.Fo PEM_write_bio_DSAparams
447.Fa "BIO *bp"
448.Fa "DSA *x"
449.Fc
450.Ft int
451.Fo PEM_write_DSAparams
452.Fa "FILE *fp"
453.Fa "DSA *x"
454.Fc
455.Ft DH *
456.Fo PEM_read_bio_DHparams
457.Fa "BIO *bp"
458.Fa "DH **x"
459.Fa "pem_password_cb *cb"
460.Fa "void *u"
461.Fc
462.Ft DH *
463.Fo PEM_read_DHparams
464.Fa "FILE *fp"
465.Fa "DH **x"
466.Fa "pem_password_cb *cb"
467.Fa "void *u"
468.Fc
469.Ft int
470.Fo PEM_write_bio_DHparams
471.Fa "BIO *bp"
472.Fa "DH *x"
473.Fc
474.Ft int
475.Fo PEM_write_DHparams
476.Fa "FILE *fp"
477.Fa "DH *x"
478.Fc
479.Ft EC_GROUP *
480.Fo PEM_read_bio_ECPKParameters
481.Fa "BIO *bp"
482.Fa "EC_GROUP **x"
483.Fa "pem_password_cb *cb"
484.Fa "void *u"
485.Fc
486.Ft EC_GROUP *
487.Fo PEM_read_ECPKParameters
488.Fa "FILE *fp"
489.Fa "EC_GROUP **x"
490.Fa "pem_password_cb *cb"
491.Fa "void *u"
492.Fc
493.Ft int
494.Fo PEM_write_bio_ECPKParameters
495.Fa "BIO *bp"
496.Fa "const EC_GROUP *x"
497.Fc
498.Ft int
499.Fo PEM_write_ECPKParameters
500.Fa "FILE *fp"
501.Fa "const EC_GROUP *x"
502.Fc
503.Ft EC_KEY *
504.Fo PEM_read_bio_ECPrivateKey
505.Fa "BIO *bp"
506.Fa "EC_KEY **key"
507.Fa "pem_password_cb *cb"
508.Fa "void *u"
509.Fc
510.Ft EC_KEY *
511.Fo PEM_read_ECPrivateKey
512.Fa "FILE *fp"
513.Fa "EC_KEY **eckey"
514.Fa "pem_password_cb *cb"
515.Fa "void *u"
516.Fc
517.Ft int
518.Fo PEM_write_bio_ECPrivateKey
519.Fa "BIO *bp"
520.Fa "EC_KEY *x"
521.Fa "const EVP_CIPHER *enc"
522.Fa "unsigned char *kstr"
523.Fa "int klen"
524.Fa "pem_password_cb *cb"
525.Fa "void *u"
526.Fc
527.Ft int
528.Fo PEM_write_ECPrivateKey
529.Fa "FILE *fp"
530.Fa "EC_KEY *x"
531.Fa "const EVP_CIPHER *enc"
532.Fa "unsigned char *kstr"
533.Fa "int klen"
534.Fa "pem_password_cb *cb"
535.Fa "void *u"
536.Fc
537.Ft EC_KEY *
538.Fo PEM_read_bio_EC_PUBKEY
539.Fa "BIO *bp"
540.Fa "EC_KEY **x"
541.Fa "pem_password_cb *cb"
542.Fa "void *u"
543.Fc
544.Ft EC_KEY *
545.Fo PEM_read_EC_PUBKEY
546.Fa "FILE *fp"
547.Fa "EC_KEY **x"
548.Fa "pem_password_cb *cb"
549.Fa "void *u"
550.Fc
551.Ft int
552.Fo PEM_write_bio_EC_PUBKEY
553.Fa "BIO *bp"
554.Fa "EC_KEY *x"
555.Fc
556.Ft int
557.Fo PEM_write_EC_PUBKEY
558.Fa "FILE *fp"
559.Fa "EC_KEY *x"
560.Fc
561.Ft X509 *
562.Fo PEM_read_bio_X509
563.Fa "BIO *bp"
564.Fa "X509 **x"
565.Fa "pem_password_cb *cb"
566.Fa "void *u"
567.Fc
568.Ft X509 *
569.Fo PEM_read_X509
570.Fa "FILE *fp"
571.Fa "X509 **x"
572.Fa "pem_password_cb *cb"
573.Fa "void *u"
574.Fc
575.Ft int
576.Fo PEM_write_bio_X509
577.Fa "BIO *bp"
578.Fa "X509 *x"
579.Fc
580.Ft int
581.Fo PEM_write_X509
582.Fa "FILE *fp"
583.Fa "X509 *x"
584.Fc
585.Ft X509 *
586.Fo PEM_read_bio_X509_AUX
587.Fa "BIO *bp"
588.Fa "X509 **x"
589.Fa "pem_password_cb *cb"
590.Fa "void *u"
591.Fc
592.Ft X509 *
593.Fo PEM_read_X509_AUX
594.Fa "FILE *fp"
595.Fa "X509 **x"
596.Fa "pem_password_cb *cb"
597.Fa "void *u"
598.Fc
599.Ft int
600.Fo PEM_write_bio_X509_AUX
601.Fa "BIO *bp"
602.Fa "X509 *x"
603.Fc
604.Ft int
605.Fo PEM_write_X509_AUX
606.Fa "FILE *fp"
607.Fa "X509 *x"
608.Fc
609.Ft X509_REQ *
610.Fo PEM_read_bio_X509_REQ
611.Fa "BIO *bp"
612.Fa "X509_REQ **x"
613.Fa "pem_password_cb *cb"
614.Fa "void *u"
615.Fc
616.Ft X509_REQ *
617.Fo PEM_read_X509_REQ
618.Fa "FILE *fp"
619.Fa "X509_REQ **x"
620.Fa "pem_password_cb *cb"
621.Fa "void *u"
622.Fc
623.Ft int
624.Fo PEM_write_bio_X509_REQ
625.Fa "BIO *bp"
626.Fa "X509_REQ *x"
627.Fc
628.Ft int
629.Fo PEM_write_X509_REQ
630.Fa "FILE *fp"
631.Fa "X509_REQ *x"
632.Fc
633.Ft int
634.Fo PEM_write_bio_X509_REQ_NEW
635.Fa "BIO *bp"
636.Fa "X509_REQ *x"
637.Fc
638.Ft int
639.Fo PEM_write_X509_REQ_NEW
640.Fa "FILE *fp"
641.Fa "X509_REQ *x"
642.Fc
643.Ft X509_CRL *
644.Fo PEM_read_bio_X509_CRL
645.Fa "BIO *bp"
646.Fa "X509_CRL **x"
647.Fa "pem_password_cb *cb"
648.Fa "void *u"
649.Fc
650.Ft X509_CRL *
651.Fo PEM_read_X509_CRL
652.Fa "FILE *fp"
653.Fa "X509_CRL **x"
654.Fa "pem_password_cb *cb"
655.Fa "void *u"
656.Fc
657.Ft int
658.Fo PEM_write_bio_X509_CRL
659.Fa "BIO *bp"
660.Fa "X509_CRL *x"
661.Fc
662.Ft int
663.Fo PEM_write_X509_CRL
664.Fa "FILE *fp"
665.Fa "X509_CRL *x"
666.Fc
667.Ft PKCS7 *
668.Fo PEM_read_bio_PKCS7
669.Fa "BIO *bp"
670.Fa "PKCS7 **x"
671.Fa "pem_password_cb *cb"
672.Fa "void *u"
673.Fc
674.Ft PKCS7 *
675.Fo PEM_read_PKCS7
676.Fa "FILE *fp"
677.Fa "PKCS7 **x"
678.Fa "pem_password_cb *cb"
679.Fa "void *u"
680.Fc
681.Ft int
682.Fo PEM_write_bio_PKCS7
683.Fa "BIO *bp"
684.Fa "PKCS7 *x"
685.Fc
686.Ft int
687.Fo PEM_write_PKCS7
688.Fa "FILE *fp"
689.Fa "PKCS7 *x"
690.Fc
691.Ft NETSCAPE_CERT_SEQUENCE *
692.Fo PEM_read_bio_NETSCAPE_CERT_SEQUENCE
693.Fa "BIO *bp"
694.Fa "NETSCAPE_CERT_SEQUENCE **x"
695.Fa "pem_password_cb *cb"
696.Fa "void *u"
697.Fc
698.Ft NETSCAPE_CERT_SEQUENCE *
699.Fo PEM_read_NETSCAPE_CERT_SEQUENCE
700.Fa "FILE *fp"
701.Fa "NETSCAPE_CERT_SEQUENCE **x"
702.Fa "pem_password_cb *cb"
703.Fa "void *u"
704.Fc
705.Ft int
706.Fo PEM_write_bio_NETSCAPE_CERT_SEQUENCE
707.Fa "BIO *bp"
708.Fa "NETSCAPE_CERT_SEQUENCE *x"
709.Fc
710.Ft int
711.Fo PEM_write_NETSCAPE_CERT_SEQUENCE
712.Fa "FILE *fp"
713.Fa "NETSCAPE_CERT_SEQUENCE *x"
714.Fc
715.Sh DESCRIPTION
716The PEM functions read or write structures in PEM format.
717In this sense PEM format is simply base64-encoded data surrounded by
718header lines.
719.Pp
720For more details about the meaning of arguments see the
721.Sx PEM function arguments
722section.
723.Pp
724Each operation has four functions associated with it.
725For clarity the term
726.Dq Sy foobar No functions
727will be used to collectively refer to the
728.Fn PEM_read_bio_foobar ,
729.Fn PEM_read_foobar ,
730.Fn PEM_write_bio_foobar ,
731and
732.Fn PEM_write_foobar
733functions.
734.Pp
735The
736.Sy PrivateKey
737functions read or write a private key in PEM format using an
738.Vt EVP_PKEY
739structure.
740The write routines use "traditional" private key format and can handle
741both RSA and DSA private keys.
742The read functions can additionally transparently handle PKCS#8 format
743encrypted and unencrypted keys too.
744.Pp
745.Fn PEM_write_bio_PKCS8PrivateKey
746and
747.Fn PEM_write_PKCS8PrivateKey
748write a private key in an
749.Vt EVP_PKEY
750structure in PKCS#8
751.Vt EncryptedPrivateKeyInfo
752format using PKCS#5 v2.0 password based encryption algorithms.
753The
754.Fa enc
755argument specifies the encryption algorithm to use: unlike all other PEM
756routines, the encryption is applied at the PKCS#8 level and not in the
757PEM headers.
758If
759.Fa enc
760is
761.Dv NULL ,
762then no encryption is used and a PKCS#8
763.Vt PrivateKeyInfo
764structure is used instead.
765.Pp
766.Fn PEM_write_bio_PKCS8PrivateKey_nid
767and
768.Fn PEM_write_PKCS8PrivateKey_nid
769also write out a private key as a PKCS#8
770.Vt EncryptedPrivateKeyInfo .
771However they use PKCS#5 v1.5 or PKCS#12 encryption algorithms instead.
772The algorithm to use is specified in the
773.Fa nid
774parameter and should be the NID of the corresponding OBJECT IDENTIFIER.
775.Pp
776The
777.Sy PKCS8
778functions process an encrypted private key using an
779.Vt X509_SIG
780structure and the
781.Xr d2i_X509_SIG 3
782function.
783.Pp
784The
785.Sy PKCS8_PRIV_KEY_INFO
786functions process a private key using a
787.Vt PKCS8_PRIV_KEY_INFO
788structure.
789.Pp
790The
791.Sy PUBKEY
792functions process a public key using an
793.Vt EVP_PKEY
794structure.
795The public key is encoded as an ASN.1
796.Vt SubjectPublicKeyInfo
797structure.
798.Pp
799The
800.Sy RSAPrivateKey
801functions process an RSA private key using an
802.Vt RSA
803structure.
804They handle the same formats as the
805.Sy PrivateKey
806functions, but an error occurs if the private key is not RSA.
807.Pp
808The
809.Sy RSAPublicKey
810functions process an RSA public key using an
811.Vt RSA
812structure.
813The public key is encoded using a PKCS#1
814.Vt RSAPublicKey
815structure.
816.Pp
817The
818.Sy RSA_PUBKEY
819functions also process an RSA public key using an
820.Vt RSA
821structure.
822However the public key is encoded using an ASN.1
823.Vt SubjectPublicKeyInfo
824structure and an error occurs if the public key is not RSA.
825.Pp
826The
827.Sy DSAPrivateKey
828functions process a DSA private key using a
829.Vt DSA
830structure.
831They handle the same formats as the
832.Sy PrivateKey
833functions but an error occurs if the private key is not DSA.
834.Pp
835The
836.Sy DSA_PUBKEY
837functions process a DSA public key using a
838.Vt DSA
839structure.
840The public key is encoded using an ASN.1
841.Vt SubjectPublicKeyInfo
842structure and an error occurs if the public key is not DSA.
843.Pp
844The
845.Sy DSAparams
846functions process DSA parameters using a
847.Vt DSA
848structure.
849The parameters are encoded using a Dss-Parms structure as defined in RFC 2459.
850.Pp
851The
852.Sy DHparams
853functions process DH parameters using a
854.Vt DH
855structure.
856The parameters are encoded using a PKCS#3 DHparameter structure.
857.Pp
858The
859.Sy ECPKParameters
860functions process EC parameters using an
861.Vt EC_GROUP
862structure and the
863.Xr d2i_ECPKParameters 3
864function.
865.Pp
866The
867.Sy ECPrivateKey
868functions process an EC private key using an
869.Vt EC_KEY
870structure.
871.Pp
872The
873.Sy EC_PUBKEY
874functions process an EC public key using an
875.Vt EC_KEY
876structure.
877.Pp
878The
879.Sy X509
880functions process an X509 certificate using an
881.Vt X509
882structure.
883They will also process a trusted X509 certificate but any trust settings
884are discarded.
885.Pp
886The
887.Sy X509_AUX
888functions process a trusted X509 certificate using an
889.Vt X509
890structure.
891.Pp
892The
893.Sy X509_REQ
894and
895.Sy X509_REQ_NEW
896functions process a PKCS#10 certificate request using an
897.Vt X509_REQ
898structure.
899The
900.Sy X509_REQ
901write functions use CERTIFICATE REQUEST in the header whereas the
902.Sy X509_REQ_NEW
903functions use NEW CERTIFICATE REQUEST (as required by some CAs).
904The
905.Sy X509_REQ
906read functions will handle either form so there are no
907.Sy X509_REQ_NEW
908read functions.
909.Pp
910The
911.Sy X509_CRL
912functions process an X509 CRL using an
913.Vt X509_CRL
914structure.
915.Pp
916The
917.Sy PKCS7
918functions process a PKCS#7
919.Vt ContentInfo
920using a
921.Vt PKCS7
922structure.
923.Pp
924The
925.Sy NETSCAPE_CERT_SEQUENCE
926functions process a Netscape Certificate Sequence using a
927.Vt NETSCAPE_CERT_SEQUENCE
928structure.
929.Pp
930The old
931.Sy PrivateKey
932write routines are retained for compatibility.
933New applications should write private keys using the
934.Fn PEM_write_bio_PKCS8PrivateKey
935or
936.Fn PEM_write_PKCS8PrivateKey
937routines because they are more secure (they use an iteration count of
9382048 whereas the traditional routines use a count of 1) unless
939compatibility with older versions of OpenSSL is important.
940.Pp
941The
942.Sy PrivateKey
943read routines can be used in all applications because they handle all
944formats transparently.
945.Ss PEM function arguments
946The PEM functions have many common arguments.
947.Pp
948The
949.Fa bp
950parameter specifies the
951.Vt BIO
952to read from or write to.
953.Pp
954The
955.Fa fp
956parameter specifies the
957.Vt FILE
958pointer to read from or write to.
959.Pp
960The PEM read functions all take a pointer to pointer argument
961.Fa x
962and return a pointer of the same type.
963If
964.Fa x
965is
966.Dv NULL ,
967then the parameter is ignored.
968If
969.Fa x
970is not
971.Dv NULL
972but
973.Pf * Fa x
974is
975.Dv NULL ,
976then the structure returned will be written to
977.Pf * Fa x .
978If neither
979.Fa x
980nor
981.Pf * Fa x
982are
983.Dv NULL ,
984then an attempt is made to reuse the structure at
985.Pf * Fa x ,
986but see the
987.Sx BUGS
988and
989.Sx EXAMPLES
990sections.
991Irrespective of the value of
992.Fa x ,
993a pointer to the structure is always returned, or
994.Dv NULL
995if an error occurred.
996.Pp
997The PEM functions which write private keys take an
998.Fa enc
999parameter, which specifies the encryption algorithm to use.
1000Encryption is done at the PEM level.
1001If this parameter is set to
1002.Dv NULL ,
1003then the private key is written in unencrypted form.
1004.Pp
1005The
1006.Fa cb
1007argument is the callback to use when querying for the passphrase used
1008for encrypted PEM structures (normally only private keys).
1009.Pp
1010For the PEM write routines, if the
1011.Fa kstr
1012parameter is not
1013.Dv NULL ,
1014then
1015.Fa klen
1016bytes at
1017.Fa kstr
1018are used as the passphrase and
1019.Fa cb
1020is ignored.
1021.Pp
1022If the
1023.Fa cb
1024parameter is set to
1025.Dv NULL
1026and the
1027.Fa u
1028parameter is not
1029.Dv NULL ,
1030then the
1031.Fa u
1032parameter is interpreted as a null terminated string to use as the
1033passphrase.
1034If both
1035.Fa cb
1036and
1037.Fa u
1038are
1039.Dv NULL ,
1040then the default callback routine is used, which will typically
1041prompt for the passphrase on the current terminal with echoing
1042turned off.
1043.Pp
1044The default passphrase callback is sometimes inappropriate (for example
1045in a GUI application) so an alternative can be supplied.
1046The callback routine has the following form:
1047.Bd -filled -offset inset
1048.Ft int
1049.Fo cb
1050.Fa "char *buf"
1051.Fa "int size"
1052.Fa "int rwflag"
1053.Fa "void *u"
1054.Fc
1055.Ed
1056.Pp
1057.Fa buf
1058is the buffer to write the passphrase to.
1059.Fa size
1060is the maximum length of the passphrase, i.e. the size of
1061.Fa buf .
1062.Fa rwflag
1063is a flag which is set to 0 when reading and 1 when writing.
1064A typical routine will ask the user to verify the passphrase (for
1065example by prompting for it twice) if
1066.Fa rwflag
1067is 1.
1068The
1069.Fa u
1070parameter has the same value as the
1071.Fa u
1072parameter passed to the PEM routine.
1073It allows arbitrary data to be passed to the callback by the application
1074(for example a window handle in a GUI application).
1075The callback must return the number of characters in the passphrase
1076or 0 if an error occurred.
1077.Ss PEM encryption format
1078This old
1079.Sy PrivateKey
1080routines use a non-standard technique for encryption.
1081.Pp
1082The private key (or other data) takes the following form:
1083.Bd -literal -offset indent
1084-----BEGIN RSA PRIVATE KEY-----
1085Proc-Type: 4,ENCRYPTED
1086DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89
1087
1088\&...base64 encoded data...
1089-----END RSA PRIVATE KEY-----
1090.Ed
1091.Pp
1092The line beginning with
1093.Dq DEK-Info
1094contains two comma separated pieces of information:
1095the encryption algorithm name as used by
1096.Xr EVP_get_cipherbyname 3
1097and an 8-byte salt encoded as a set of hexadecimal digits.
1098.Pp
1099After this is the base64-encoded encrypted data.
1100.Pp
1101The encryption key is determined using
1102.Xr EVP_BytesToKey 3 ,
1103using the salt and an iteration count of 1.
1104The IV used is the value of the salt and *not* the IV returned by
1105.Xr EVP_BytesToKey 3 .
1106.Sh RETURN VALUES
1107The read routines return either a pointer to the structure read or
1108.Dv NULL
1109if an error occurred.
1110.Pp
1111The write routines return 1 for success or 0 for failure.
1112.Sh EXAMPLES
1113Although the PEM routines take several arguments, in almost all
1114applications most of them are set to 0 or
1115.Dv NULL .
1116.Pp
1117Read a certificate in PEM format from a
1118.Vt BIO :
1119.Bd -literal -offset indent
1120X509 *x;
1121x = PEM_read_bio_X509(bp, NULL, 0, NULL);
1122if (x == NULL) {
1123	/* Error */
1124}
1125.Ed
1126.Pp
1127Alternative method:
1128.Bd -literal -offset indent
1129X509 *x = NULL;
1130if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
1131	/* Error */
1132}
1133.Ed
1134.Pp
1135Write a certificate to a
1136.Vt BIO :
1137.Bd -literal -offset indent
1138if (!PEM_write_bio_X509(bp, x)) {
1139	/* Error */
1140}
1141.Ed
1142.Pp
1143Write an unencrypted private key to a
1144.Vt FILE :
1145.Bd -literal -offset indent
1146if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) {
1147	/* Error */
1148}
1149.Ed
1150.Pp
1151Write a private key (using traditional format) to a
1152.Vt BIO
1153using triple DES encryption; the pass phrase is prompted for:
1154.Bd -literal -offset indent
1155if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(),
1156    NULL, 0, 0, NULL)) {
1157	/* Error */
1158}
1159.Ed
1160.Pp
1161Write a private key (using PKCS#8 format) to a
1162.Vt BIO
1163using triple DES encryption, using the pass phrase "hello":
1164.Bd -literal -offset indent
1165if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),
1166    NULL, 0, 0, "hello")) {
1167	/* Error */
1168}
1169.Ed
1170.Pp
1171Read a private key from a
1172.Vt BIO
1173using the pass phrase "hello":
1174.Bd -literal -offset indent
1175key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello");
1176if (key == NULL) {
1177	/* Error */
1178}
1179.Ed
1180.Pp
1181Read a private key from a
1182.Vt BIO
1183using a pass phrase callback:
1184.Bd -literal -offset indent
1185key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
1186if (key == NULL) {
1187	/* Error */
1188}
1189.Ed
1190.Pp
1191Skeleton pass phrase callback:
1192.Bd -literal -offset indent
1193int
1194pass_cb(char *buf, int size, int rwflag, void *u)
1195{
1196	int len;
1197	char *tmp;
1198
1199	/* We'd probably do something else if 'rwflag' is 1 */
1200	printf("Enter pass phrase for \e"%s\e"\en", u);
1201
1202	/* get pass phrase, length 'len' into 'tmp' */
1203	tmp = "hello";
1204	len = strlen(tmp);
1205
1206	if (len == 0)
1207		return 0;
1208	/* if too long, truncate */
1209	if (len > size)
1210		len = size;
1211	memcpy(buf, tmp, len);
1212	return len;
1213}
1214.Ed
1215.Sh SEE ALSO
1216.Xr BIO_new 3 ,
1217.Xr DSA_new 3 ,
1218.Xr PEM_bytes_read_bio 3 ,
1219.Xr PEM_read 3 ,
1220.Xr PEM_write_bio_PKCS7_stream 3 ,
1221.Xr RSA_new 3 ,
1222.Xr X509_CRL_new 3 ,
1223.Xr X509_REQ_new 3 ,
1224.Xr X509_SIG_new 3
1225.Sh HISTORY
1226.Fn PEM_read_X509
1227and
1228.Fn PEM_write_X509
1229appeared in SSLeay 0.4 or earlier.
1230.Fn PEM_read_X509_REQ ,
1231.Fn PEM_write_X509_REQ ,
1232.Fn PEM_read_X509_CRL ,
1233and
1234.Fn PEM_write_X509_CRL
1235first appeared in SSLeay 0.4.4.
1236.Fn PEM_read_RSAPrivateKey ,
1237.Fn PEM_write_RSAPrivateKey ,
1238.Fn PEM_read_DHparams ,
1239.Fn PEM_write_DHparams ,
1240.Fn PEM_read_PKCS7 ,
1241and
1242.Fn PEM_write_PKCS7
1243first appeared in SSLeay 0.5.1.
1244.Fn PEM_read_bio_PrivateKey ,
1245.Fn PEM_read_PrivateKey ,
1246.Fn PEM_read_bio_RSAPrivateKey ,
1247.Fn PEM_write_bio_RSAPrivateKey ,
1248.Fn PEM_read_bio_DSAPrivateKey ,
1249.Fn PEM_read_DSAPrivateKey ,
1250.Fn PEM_write_bio_DSAPrivateKey ,
1251.Fn PEM_write_DSAPrivateKey ,
1252.Fn PEM_read_bio_DHparams ,
1253.Fn PEM_write_bio_DHparams ,
1254.Fn PEM_read_bio_X509 ,
1255.Fn PEM_write_bio_X509 ,
1256.Fn PEM_read_bio_X509_REQ ,
1257.Fn PEM_write_bio_X509_REQ ,
1258.Fn PEM_read_bio_X509_CRL ,
1259.Fn PEM_write_bio_X509_CRL ,
1260.Fn PEM_read_bio_PKCS7 ,
1261and
1262.Fn PEM_write_bio_PKCS7
1263first appeared in SSLeay 0.6.0.
1264.Fn PEM_write_bio_PrivateKey ,
1265.Fn PEM_write_PrivateKey ,
1266.Fn PEM_read_bio_DSAparams ,
1267.Fn PEM_read_DSAparams ,
1268.Fn PEM_write_bio_DSAparams ,
1269and
1270.Fn PEM_write_DSAparams
1271first appeared in SSLeay 0.8.0.
1272.Fn PEM_read_bio_RSAPublicKey ,
1273.Fn PEM_read_RSAPublicKey ,
1274.Fn PEM_write_bio_RSAPublicKey ,
1275and
1276.Fn PEM_write_RSAPublicKey
1277first appeared in SSLeay 0.8.1.
1278All these functions have been available since
1279.Ox 2.4 .
1280.Pp
1281.Fn PEM_write_bio_PKCS8PrivateKey ,
1282.Fn PEM_write_PKCS8PrivateKey ,
1283.Fn PEM_read_bio_PKCS8 ,
1284.Fn PEM_read_PKCS8 ,
1285.Fn PEM_write_bio_PKCS8 ,
1286.Fn PEM_write_PKCS8 ,
1287.Fn PEM_read_bio_PKCS8_PRIV_KEY_INFO ,
1288.Fn PEM_read_PKCS8_PRIV_KEY_INFO ,
1289.Fn PEM_write_bio_PKCS8_PRIV_KEY_INFO ,
1290.Fn PEM_write_PKCS8_PRIV_KEY_INFO ,
1291.Fn PEM_read_bio_NETSCAPE_CERT_SEQUENCE ,
1292.Fn PEM_read_NETSCAPE_CERT_SEQUENCE ,
1293.Fn PEM_write_bio_NETSCAPE_CERT_SEQUENCE ,
1294and
1295.Fn PEM_write_NETSCAPE_CERT_SEQUENCE
1296first appeared in OpenSSL 0.9.4 and have been available since
1297.Ox 2.6 .
1298.Pp
1299.Fn PEM_write_bio_PKCS8PrivateKey_nid ,
1300.Fn PEM_write_PKCS8PrivateKey_nid ,
1301.Fn PEM_read_bio_PUBKEY ,
1302.Fn PEM_read_PUBKEY ,
1303.Fn PEM_write_bio_PUBKEY ,
1304.Fn PEM_write_PUBKEY ,
1305.Fn PEM_read_bio_RSA_PUBKEY ,
1306.Fn PEM_read_RSA_PUBKEY ,
1307.Fn PEM_write_bio_RSA_PUBKEY ,
1308.Fn PEM_write_RSA_PUBKEY ,
1309.Fn PEM_read_bio_DSA_PUBKEY ,
1310.Fn PEM_read_DSA_PUBKEY ,
1311.Fn PEM_write_bio_DSA_PUBKEY ,
1312.Fn PEM_write_DSA_PUBKEY ,
1313.Fn PEM_write_bio_X509_REQ_NEW ,
1314.Fn PEM_write_X509_REQ_NEW ,
1315.Fn PEM_read_bio_X509_AUX ,
1316.Fn PEM_read_X509_AUX ,
1317.Fn PEM_write_bio_X509_AUX ,
1318and
1319.Fn PEM_write_X509_AUX
1320first appeared in OpenSSL 0.9.5 and have been available since
1321.Ox 2.7 .
1322.Pp
1323.Fn PEM_read_bio_ECPKParameters ,
1324.Fn PEM_read_ECPKParameters ,
1325.Fn PEM_write_bio_ECPKParameters ,
1326.Fn PEM_write_ECPKParameters ,
1327.Fn PEM_read_bio_ECPrivateKey ,
1328.Fn PEM_read_ECPrivateKey ,
1329.Fn PEM_write_bio_ECPrivateKey ,
1330.Fn PEM_write_ECPrivateKey ,
1331.Fn PEM_read_bio_EC_PUBKEY ,
1332.Fn PEM_read_EC_PUBKEY ,
1333.Fn PEM_write_bio_EC_PUBKEY ,
1334and
1335.Fn PEM_write_EC_PUBKEY
1336first appeared in OpenSSL 0.9.8 and have been available since
1337.Ox 4.5 .
1338.Sh CAVEATS
1339A frequent cause of problems is attempting to use the PEM routines like
1340this:
1341.Bd -literal -offset indent
1342X509 *x;
1343PEM_read_bio_X509(bp, &x, 0, NULL);
1344.Ed
1345.Pp
1346This is a bug because an attempt will be made to reuse the data at
1347.Fa x ,
1348which is an uninitialised pointer.
1349.Sh BUGS
1350The PEM read routines in some versions of OpenSSL will not correctly
1351reuse an existing structure.
1352Therefore
1353.Pp
1354.Dl PEM_read_bio_X509(bp, &x, 0, NULL);
1355.Pp
1356where
1357.Fa x
1358already contains a valid certificate may not work, whereas
1359.Bd -literal -offset indent
1360X509_free(x);
1361x = PEM_read_bio_X509(bp, NULL, 0, NULL);
1362.Ed
1363.Pp
1364is guaranteed to work.
1365