1=pod 2 3=head1 NAME 4 5EVP_PKEY_is_a, EVP_PKEY_can_sign, EVP_PKEY_type_names_do_all, 6EVP_PKEY_get0_type_name, EVP_PKEY_get0_description, EVP_PKEY_get0_provider 7- key type and capabilities functions 8 9=head1 SYNOPSIS 10 11 #include <openssl/evp.h> 12 13 int EVP_PKEY_is_a(const EVP_PKEY *pkey, const char *name); 14 int EVP_PKEY_can_sign(const EVP_PKEY *pkey); 15 int EVP_PKEY_type_names_do_all(const EVP_PKEY *pkey, 16 void (*fn)(const char *name, void *data), 17 void *data); 18 const char *EVP_PKEY_get0_type_name(const EVP_PKEY *key); 19 const char *EVP_PKEY_get0_description(const EVP_PKEY *key); 20 const OSSL_PROVIDER *EVP_PKEY_get0_provider(const EVP_PKEY *key); 21 22=head1 DESCRIPTION 23 24EVP_PKEY_is_a() checks if the key type of I<pkey> is I<name>. 25 26EVP_PKEY_can_sign() checks if the functionality for the key type of 27I<pkey> supports signing. No other check is done, such as whether 28I<pkey> contains a private key. 29 30EVP_PKEY_type_names_do_all() traverses all names for I<pkey>'s key type, and 31calls I<fn> with each name and I<data>. For example, an RSA B<EVP_PKEY> may 32be named both C<RSA> and C<rsaEncryption>. 33The order of the names depends on the provider implementation that holds 34the key. 35 36EVP_PKEY_get0_type_name() returns the first key type name that is found 37for the given I<pkey>. Note that the I<pkey> may have multiple synonyms 38associated with it. In this case it depends on the provider implementation 39that holds the key which one will be returned. 40Ownership of the returned string is retained by the I<pkey> object and should 41not be freed by the caller. 42 43EVP_PKEY_get0_description() returns a description of the type of B<EVP_PKEY>, 44meant for display and human consumption. The description is at the 45discretion of the key type implementation. 46 47EVP_PKEY_get0_provider() returns the provider of the B<EVP_PKEY>'s 48L<EVP_KEYMGMT(3)>. 49 50=head1 RETURN VALUES 51 52EVP_PKEY_is_a() returns 1 if I<pkey> has the key type I<name>, 53otherwise 0. 54 55EVP_PKEY_can_sign() returns 1 if the I<pkey> key type functionality 56supports signing, otherwise 0. 57 58EVP_PKEY_get0_type_name() returns the name that is found or NULL on error. 59 60EVP_PKEY_get0_description() returns the description if found or NULL if not. 61 62EVP_PKEY_get0_provider() returns the provider if found or NULL if not. 63 64EVP_PKEY_type_names_do_all() returns 1 if the callback was called for all 65names. A return value of 0 means that the callback was not called for any 66names. 67 68=head1 EXAMPLES 69 70=head2 EVP_PKEY_is_a() 71 72The loaded providers and what key types they support will ultimately 73determine what I<name> is possible to use with EVP_PKEY_is_a(). We do know 74that the default provider supports RSA, DH, DSA and EC keys, so we can use 75this as an crude example: 76 77 #include <openssl/evp.h> 78 79 ... 80 /* |pkey| is an EVP_PKEY* */ 81 if (EVP_PKEY_is_a(pkey, "RSA")) { 82 BIGNUM *modulus = NULL; 83 if (EVP_PKEY_get_bn_param(pkey, "n", &modulus)) 84 /* do whatever with the modulus */ 85 BN_free(modulus); 86 } 87 88=head2 EVP_PKEY_can_sign() 89 90 #include <openssl/evp.h> 91 92 ... 93 /* |pkey| is an EVP_PKEY* */ 94 if (!EVP_PKEY_can_sign(pkey)) { 95 fprintf(stderr, "Not a signing key!"); 96 exit(1); 97 } 98 /* Sign something... */ 99 100=head1 HISTORY 101 102The functions described here were added in OpenSSL 3.0. 103 104=head1 COPYRIGHT 105 106Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. 107 108Licensed under the Apache License 2.0 (the "License"). You may not use 109this file except in compliance with the License. You can obtain a copy 110in the file LICENSE in the source distribution or at 111L<https://www.openssl.org/source/license.html>. 112 113=cut 114