1*1dcdf01fSchristos=pod 2*1dcdf01fSchristos 3*1dcdf01fSchristos=head1 NAME 4*1dcdf01fSchristos 5*1dcdf01fSchristosevp - high-level cryptographic functions 6*1dcdf01fSchristos 7*1dcdf01fSchristos=head1 SYNOPSIS 8*1dcdf01fSchristos 9*1dcdf01fSchristos #include <openssl/evp.h> 10*1dcdf01fSchristos 11*1dcdf01fSchristos=head1 DESCRIPTION 12*1dcdf01fSchristos 13*1dcdf01fSchristosThe EVP library provides a high-level interface to cryptographic 14*1dcdf01fSchristosfunctions. 15*1dcdf01fSchristos 16*1dcdf01fSchristosThe L<B<EVP_Seal>I<XXX>|EVP_SealInit(3)> and L<B<EVP_Open>I<XXX>|EVP_OpenInit(3)> 17*1dcdf01fSchristosfunctions provide public key encryption and decryption to implement digital "envelopes". 18*1dcdf01fSchristos 19*1dcdf01fSchristosThe L<B<EVP_DigestSign>I<XXX>|EVP_DigestSignInit(3)> and 20*1dcdf01fSchristosL<B<EVP_DigestVerify>I<XXX>|EVP_DigestVerifyInit(3)> functions implement 21*1dcdf01fSchristosdigital signatures and Message Authentication Codes (MACs). Also see the older 22*1dcdf01fSchristosL<B<EVP_Sign>I<XXX>|EVP_SignInit(3)> and L<B<EVP_Verify>I<XXX>|EVP_VerifyInit(3)> 23*1dcdf01fSchristosfunctions. 24*1dcdf01fSchristos 25*1dcdf01fSchristosSymmetric encryption is available with the L<B<EVP_Encrypt>I<XXX>|EVP_EncryptInit(3)> 26*1dcdf01fSchristosfunctions. The L<B<EVP_Digest>I<XXX>|EVP_DigestInit(3)> functions provide message digests. 27*1dcdf01fSchristos 28*1dcdf01fSchristosThe B<EVP_PKEY>I<XXX> functions provide a high-level interface to 29*1dcdf01fSchristosasymmetric algorithms. To create a new EVP_PKEY see 30*1dcdf01fSchristosL<EVP_PKEY_new(3)>. EVP_PKEYs can be associated 31*1dcdf01fSchristoswith a private key of a particular algorithm by using the functions 32*1dcdf01fSchristosdescribed on the L<EVP_PKEY_set1_RSA(3)> page, or 33*1dcdf01fSchristosnew keys can be generated using L<EVP_PKEY_keygen(3)>. 34*1dcdf01fSchristosEVP_PKEYs can be compared using L<EVP_PKEY_cmp(3)>, or printed using 35*1dcdf01fSchristosL<EVP_PKEY_print_private(3)>. 36*1dcdf01fSchristos 37*1dcdf01fSchristosThe EVP_PKEY functions support the full range of asymmetric algorithm operations: 38*1dcdf01fSchristos 39*1dcdf01fSchristos=over 4 40*1dcdf01fSchristos 41*1dcdf01fSchristos=item For key agreement see L<EVP_PKEY_derive(3)> 42*1dcdf01fSchristos 43*1dcdf01fSchristos=item For signing and verifying see L<EVP_PKEY_sign(3)>, 44*1dcdf01fSchristosL<EVP_PKEY_verify(3)> and L<EVP_PKEY_verify_recover(3)>. 45*1dcdf01fSchristosHowever, note that 46*1dcdf01fSchristosthese functions do not perform a digest of the data to be signed. Therefore, 47*1dcdf01fSchristosnormally you would use the L<EVP_DigestSignInit(3)> 48*1dcdf01fSchristosfunctions for this purpose. 49*1dcdf01fSchristos 50*1dcdf01fSchristos=item For encryption and decryption see L<EVP_PKEY_encrypt(3)> 51*1dcdf01fSchristosand L<EVP_PKEY_decrypt(3)> respectively. However, note that 52*1dcdf01fSchristosthese functions perform encryption and decryption only. As public key 53*1dcdf01fSchristosencryption is an expensive operation, normally you would wrap 54*1dcdf01fSchristosan encrypted message in a "digital envelope" using the L<EVP_SealInit(3)> and 55*1dcdf01fSchristosL<EVP_OpenInit(3)> functions. 56*1dcdf01fSchristos 57*1dcdf01fSchristos=back 58*1dcdf01fSchristos 59*1dcdf01fSchristosThe L<EVP_BytesToKey(3)> function provides some limited support for password 60*1dcdf01fSchristosbased encryption. Careful selection of the parameters will provide a PKCS#5 PBKDF1 compatible 61*1dcdf01fSchristosimplementation. However, new applications should not typically use this (preferring, for example, 62*1dcdf01fSchristosPBKDF2 from PCKS#5). 63*1dcdf01fSchristos 64*1dcdf01fSchristosThe L<B<EVP_Encode>I<XXX>|EVP_EncodeInit(3)> and 65*1dcdf01fSchristosL<B<EVP_Decode>I<XXX>|EVP_EncodeInit(3)> functions implement base 64 encoding 66*1dcdf01fSchristosand decoding. 67*1dcdf01fSchristos 68*1dcdf01fSchristosAll the symmetric algorithms (ciphers), digests and asymmetric algorithms 69*1dcdf01fSchristos(public key algorithms) can be replaced by ENGINE modules providing alternative 70*1dcdf01fSchristosimplementations. If ENGINE implementations of ciphers or digests are registered 71*1dcdf01fSchristosas defaults, then the various EVP functions will automatically use those 72*1dcdf01fSchristosimplementations automatically in preference to built in software 73*1dcdf01fSchristosimplementations. For more information, consult the engine(3) man page. 74*1dcdf01fSchristos 75*1dcdf01fSchristosAlthough low-level algorithm specific functions exist for many algorithms 76*1dcdf01fSchristostheir use is discouraged. They cannot be used with an ENGINE and ENGINE 77*1dcdf01fSchristosversions of new algorithms cannot be accessed using the low-level functions. 78*1dcdf01fSchristosAlso makes code harder to adapt to new algorithms and some options are not 79*1dcdf01fSchristoscleanly supported at the low-level and some operations are more efficient 80*1dcdf01fSchristosusing the high-level interface. 81*1dcdf01fSchristos 82*1dcdf01fSchristos=head1 SEE ALSO 83*1dcdf01fSchristos 84*1dcdf01fSchristosL<EVP_DigestInit(3)>, 85*1dcdf01fSchristosL<EVP_EncryptInit(3)>, 86*1dcdf01fSchristosL<EVP_OpenInit(3)>, 87*1dcdf01fSchristosL<EVP_SealInit(3)>, 88*1dcdf01fSchristosL<EVP_DigestSignInit(3)>, 89*1dcdf01fSchristosL<EVP_SignInit(3)>, 90*1dcdf01fSchristosL<EVP_VerifyInit(3)>, 91*1dcdf01fSchristosL<EVP_EncodeInit(3)>, 92*1dcdf01fSchristosL<EVP_PKEY_new(3)>, 93*1dcdf01fSchristosL<EVP_PKEY_set1_RSA(3)>, 94*1dcdf01fSchristosL<EVP_PKEY_keygen(3)>, 95*1dcdf01fSchristosL<EVP_PKEY_print_private(3)>, 96*1dcdf01fSchristosL<EVP_PKEY_decrypt(3)>, 97*1dcdf01fSchristosL<EVP_PKEY_encrypt(3)>, 98*1dcdf01fSchristosL<EVP_PKEY_sign(3)>, 99*1dcdf01fSchristosL<EVP_PKEY_verify(3)>, 100*1dcdf01fSchristosL<EVP_PKEY_verify_recover(3)>, 101*1dcdf01fSchristosL<EVP_PKEY_derive(3)>, 102*1dcdf01fSchristosL<EVP_BytesToKey(3)>, 103*1dcdf01fSchristosL<ENGINE_by_id(3)> 104*1dcdf01fSchristos 105*1dcdf01fSchristos=head1 COPYRIGHT 106*1dcdf01fSchristos 107*1dcdf01fSchristosCopyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. 108*1dcdf01fSchristos 109*1dcdf01fSchristosLicensed under the OpenSSL license (the "License"). You may not use 110*1dcdf01fSchristosthis file except in compliance with the License. You can obtain a copy 111*1dcdf01fSchristosin the file LICENSE in the source distribution or at 112*1dcdf01fSchristosL<https://www.openssl.org/source/license.html>. 113*1dcdf01fSchristos 114*1dcdf01fSchristos=cut 115