OpenBSD manual page server

Manual Page Search Parameters

D2I_PRIVATEKEY(3) Library Functions Manual D2I_PRIVATEKEY(3)

d2i_PrivateKey, d2i_AutoPrivateKey, i2d_PrivateKey, d2i_PrivateKey_bio, d2i_PrivateKey_fp, i2d_PKCS8PrivateKeyInfo_bio, i2d_PKCS8PrivateKeyInfo_fp, d2i_PublicKey, i2d_PublicKeydecode and encode EVP_PKEY objects

#include <openssl/evp.h>

d2i_PrivateKey(int type, EVP_PKEY **val_out, const unsigned char **des_in, long length);

d2i_AutoPrivateKey(EVP_PKEY **val_out, const unsigned char **des_in, long length);

i2d_PrivateKey(EVP_PKEY *val_in, unsigned char **des_out);

d2i_PrivateKey_bio(BIO *in_bio, EVP_PKEY **val_out);

d2i_PrivateKey_fp(FILE *in_fp, EVP_PKEY **val_out);

i2d_PKCS8PrivateKeyInfo_bio(BIO *out_bio, EVP_PKEY *val_in);

i2d_PKCS8PrivateKeyInfo_fp(FILE *out_fp, EVP_PKEY *val_in);

d2i_PublicKey(int type, EVP_PKEY **val_out, const unsigned char **des_in, long length);

i2d_PublicKey(EVP_PKEY *val_in, unsigned char **des_out);

These are algorithm-independent interfaces to decode and encode private and public keys. For details about the semantics, examples, caveats, and bugs, see ASN1_item_d2i(3).

() decodes a private key using algorithm type. It attempts to use any algorithm specific format or the PKCS#8 unencrypted PrivateKeyInfo format defined in RFC 5208 section 5. The type parameter should be a public key algorithm constant such as EVP_PKEY_RSA. An error occurs if the decoded key does not match type.

() is similar to d2i_PrivateKey() except that it attempts to automatically detect the algorithm.

() and () are similar to d2i_PrivateKey() except that they read from a BIO or FILE pointer.

() encodes val_in. It uses an algorithm specific format or, if none is defined for that key type, the PKCS#8 unencrypted PrivateKeyInfo format.

() and () encode val_in in PKCS#8 unencrypted PrivateKeyInfo format. They are similar to i2d_PrivateKey() except that they don't use any algorithm-specific formats and that they write to a BIO or FILE pointer rather than to a buffer.

All these functions use DER format and unencrypted keys. Applications wishing to encrypt or decrypt private keys should use other functions such as d2i_PKCS8PrivateKey_bio(3) instead.

If *val_out is not NULL when calling () or d2i_AutoPrivateKey() (i.e. an existing structure is being reused) and the key format is PKCS#8, then *val_out will be freed and replaced on a successful call.

() calls d2i_DSAPublicKey(3), o2i_ECPublicKey(3), or d2i_RSAPublicKey(3) depending on type and stores the result in the returned EVP_PKEY object.

() calls i2d_DSAPublicKey(3), i2o_ECPublicKey(3), or i2d_RSAPublicKey(3) depending on the algorithm used by val_in.

d2i_PrivateKey(), d2i_AutoPrivateKey(), d2i_PrivateKey_bio(), d2i_PrivateKey_fp(), and d2i_PublicKey() return a valid EVP_PKEY structure or NULL if an error occurs.

i2d_PrivateKey() and i2d_PublicKey() return the number of bytes successfully encoded or a negative value if an error occurs.

i2d_PKCS8PrivateKeyInfo_bio() and i2d_PKCS8PrivateKeyInfo_fp() return 1 for success or 0 if an error occurs.

For all functions, the error code can be obtained by calling ERR_get_error(3).

d2i_PKCS8_PRIV_KEY_INFO(3), d2i_PKCS8PrivateKey_bio(3), EVP_PKEY_new(3), EVP_PKEY_type(3), PEM_write_PrivateKey(3), PKCS8_PRIV_KEY_INFO_new(3)

RFC 5208: Public-Key Cryptography Standards (PKCS) #8: Private-Key Information Syntax Specification

d2i_PrivateKey(), i2d_PrivateKey(), d2i_PublicKey(), and i2d_PublicKey() first appeared in SSLeay 0.6.0 and have been available since OpenBSD 2.4.

d2i_AutoPrivateKey(), d2i_PrivateKey_bio(), i2d_PrivateKey_bio(), d2i_PrivateKey_fp(), i2d_PrivateKey_fp(), i2d_PKCS8PrivateKeyInfo_bio(), and i2d_PKCS8PrivateKeyInfo_fp() first appeared in OpenSSL 0.9.5 and have been available since OpenBSD 2.7.

June 6, 2019 OpenBSD-6.7