1*1dcdf01fSchristos=pod
2*1dcdf01fSchristos
3*1dcdf01fSchristos=head1 NAME
4*1dcdf01fSchristos
5*1dcdf01fSchristosevp - high-level cryptographic functions
6*1dcdf01fSchristos
7*1dcdf01fSchristos=head1 SYNOPSIS
8*1dcdf01fSchristos
9*1dcdf01fSchristos #include <openssl/evp.h>
10*1dcdf01fSchristos
11*1dcdf01fSchristos=head1 DESCRIPTION
12*1dcdf01fSchristos
13*1dcdf01fSchristosThe EVP library provides a high-level interface to cryptographic
14*1dcdf01fSchristosfunctions.
15*1dcdf01fSchristos
16*1dcdf01fSchristosThe L<B<EVP_Seal>I<XXX>|EVP_SealInit(3)> and L<B<EVP_Open>I<XXX>|EVP_OpenInit(3)>
17*1dcdf01fSchristosfunctions provide public key encryption and decryption to implement digital "envelopes".
18*1dcdf01fSchristos
19*1dcdf01fSchristosThe L<B<EVP_DigestSign>I<XXX>|EVP_DigestSignInit(3)> and
20*1dcdf01fSchristosL<B<EVP_DigestVerify>I<XXX>|EVP_DigestVerifyInit(3)> functions implement
21*1dcdf01fSchristosdigital signatures and Message Authentication Codes (MACs). Also see the older
22*1dcdf01fSchristosL<B<EVP_Sign>I<XXX>|EVP_SignInit(3)> and L<B<EVP_Verify>I<XXX>|EVP_VerifyInit(3)>
23*1dcdf01fSchristosfunctions.
24*1dcdf01fSchristos
25*1dcdf01fSchristosSymmetric encryption is available with the L<B<EVP_Encrypt>I<XXX>|EVP_EncryptInit(3)>
26*1dcdf01fSchristosfunctions.  The L<B<EVP_Digest>I<XXX>|EVP_DigestInit(3)> functions provide message digests.
27*1dcdf01fSchristos
28*1dcdf01fSchristosThe B<EVP_PKEY>I<XXX> functions provide a high-level interface to
29*1dcdf01fSchristosasymmetric algorithms. To create a new EVP_PKEY see
30*1dcdf01fSchristosL<EVP_PKEY_new(3)>. EVP_PKEYs can be associated
31*1dcdf01fSchristoswith a private key of a particular algorithm by using the functions
32*1dcdf01fSchristosdescribed on the L<EVP_PKEY_set1_RSA(3)> page, or
33*1dcdf01fSchristosnew keys can be generated using L<EVP_PKEY_keygen(3)>.
34*1dcdf01fSchristosEVP_PKEYs can be compared using L<EVP_PKEY_cmp(3)>, or printed using
35*1dcdf01fSchristosL<EVP_PKEY_print_private(3)>.
36*1dcdf01fSchristos
37*1dcdf01fSchristosThe EVP_PKEY functions support the full range of asymmetric algorithm operations:
38*1dcdf01fSchristos
39*1dcdf01fSchristos=over 4
40*1dcdf01fSchristos
41*1dcdf01fSchristos=item For key agreement see L<EVP_PKEY_derive(3)>
42*1dcdf01fSchristos
43*1dcdf01fSchristos=item For signing and verifying see L<EVP_PKEY_sign(3)>,
44*1dcdf01fSchristosL<EVP_PKEY_verify(3)> and L<EVP_PKEY_verify_recover(3)>.
45*1dcdf01fSchristosHowever, note that
46*1dcdf01fSchristosthese functions do not perform a digest of the data to be signed. Therefore,
47*1dcdf01fSchristosnormally you would use the L<EVP_DigestSignInit(3)>
48*1dcdf01fSchristosfunctions for this purpose.
49*1dcdf01fSchristos
50*1dcdf01fSchristos=item For encryption and decryption see L<EVP_PKEY_encrypt(3)>
51*1dcdf01fSchristosand L<EVP_PKEY_decrypt(3)> respectively. However, note that
52*1dcdf01fSchristosthese functions perform encryption and decryption only. As public key
53*1dcdf01fSchristosencryption is an expensive operation, normally you would wrap
54*1dcdf01fSchristosan encrypted message in a "digital envelope" using the L<EVP_SealInit(3)> and
55*1dcdf01fSchristosL<EVP_OpenInit(3)> functions.
56*1dcdf01fSchristos
57*1dcdf01fSchristos=back
58*1dcdf01fSchristos
59*1dcdf01fSchristosThe L<EVP_BytesToKey(3)> function provides some limited support for password
60*1dcdf01fSchristosbased encryption. Careful selection of the parameters will provide a PKCS#5 PBKDF1 compatible
61*1dcdf01fSchristosimplementation. However, new applications should not typically use this (preferring, for example,
62*1dcdf01fSchristosPBKDF2 from PCKS#5).
63*1dcdf01fSchristos
64*1dcdf01fSchristosThe L<B<EVP_Encode>I<XXX>|EVP_EncodeInit(3)> and
65*1dcdf01fSchristosL<B<EVP_Decode>I<XXX>|EVP_EncodeInit(3)> functions implement base 64 encoding
66*1dcdf01fSchristosand decoding.
67*1dcdf01fSchristos
68*1dcdf01fSchristosAll the symmetric algorithms (ciphers), digests and asymmetric algorithms
69*1dcdf01fSchristos(public key algorithms) can be replaced by ENGINE modules providing alternative
70*1dcdf01fSchristosimplementations. If ENGINE implementations of ciphers or digests are registered
71*1dcdf01fSchristosas defaults, then the various EVP functions will automatically use those
72*1dcdf01fSchristosimplementations automatically in preference to built in software
73*1dcdf01fSchristosimplementations. For more information, consult the engine(3) man page.
74*1dcdf01fSchristos
75*1dcdf01fSchristosAlthough low-level algorithm specific functions exist for many algorithms
76*1dcdf01fSchristostheir use is discouraged. They cannot be used with an ENGINE and ENGINE
77*1dcdf01fSchristosversions of new algorithms cannot be accessed using the low-level functions.
78*1dcdf01fSchristosAlso makes code harder to adapt to new algorithms and some options are not
79*1dcdf01fSchristoscleanly supported at the low-level and some operations are more efficient
80*1dcdf01fSchristosusing the high-level interface.
81*1dcdf01fSchristos
82*1dcdf01fSchristos=head1 SEE ALSO
83*1dcdf01fSchristos
84*1dcdf01fSchristosL<EVP_DigestInit(3)>,
85*1dcdf01fSchristosL<EVP_EncryptInit(3)>,
86*1dcdf01fSchristosL<EVP_OpenInit(3)>,
87*1dcdf01fSchristosL<EVP_SealInit(3)>,
88*1dcdf01fSchristosL<EVP_DigestSignInit(3)>,
89*1dcdf01fSchristosL<EVP_SignInit(3)>,
90*1dcdf01fSchristosL<EVP_VerifyInit(3)>,
91*1dcdf01fSchristosL<EVP_EncodeInit(3)>,
92*1dcdf01fSchristosL<EVP_PKEY_new(3)>,
93*1dcdf01fSchristosL<EVP_PKEY_set1_RSA(3)>,
94*1dcdf01fSchristosL<EVP_PKEY_keygen(3)>,
95*1dcdf01fSchristosL<EVP_PKEY_print_private(3)>,
96*1dcdf01fSchristosL<EVP_PKEY_decrypt(3)>,
97*1dcdf01fSchristosL<EVP_PKEY_encrypt(3)>,
98*1dcdf01fSchristosL<EVP_PKEY_sign(3)>,
99*1dcdf01fSchristosL<EVP_PKEY_verify(3)>,
100*1dcdf01fSchristosL<EVP_PKEY_verify_recover(3)>,
101*1dcdf01fSchristosL<EVP_PKEY_derive(3)>,
102*1dcdf01fSchristosL<EVP_BytesToKey(3)>,
103*1dcdf01fSchristosL<ENGINE_by_id(3)>
104*1dcdf01fSchristos
105*1dcdf01fSchristos=head1 COPYRIGHT
106*1dcdf01fSchristos
107*1dcdf01fSchristosCopyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
108*1dcdf01fSchristos
109*1dcdf01fSchristosLicensed under the OpenSSL license (the "License").  You may not use
110*1dcdf01fSchristosthis file except in compliance with the License.  You can obtain a copy
111*1dcdf01fSchristosin the file LICENSE in the source distribution or at
112*1dcdf01fSchristosL<https://www.openssl.org/source/license.html>.
113*1dcdf01fSchristos
114*1dcdf01fSchristos=cut
115