OpenBSD manual page server

NAME

evp — high-level cryptographic functions

SYNOPSIS

#include <openssl/evp.h>

DESCRIPTION

The EVP library provides a high-level interface to cryptographic functions.

EVP_SealInit(3) and EVP_OpenInit(3) provide public key encryption and decryption to implement digital "envelopes".

The EVP_DigestSignInit(3) and EVP_DigestVerifyInit(3) functions implement digital signatures and Message Authentication Codes (MACs). Also see the older EVP_SignInit(3) and EVP_VerifyInit(3) functions.

Symmetric encryption is available with the EVP_EncryptInit(3) functions. The EVP_DigestInit(3) functions provide message digests.

Authenticated encryption with additional data (AEAD) is available with the EVP_AEAD_CTX_init(3) functions.

The EVP_PKEY_*() functions provide a high-level interface to asymmetric algorithms. To create a new EVP_PKEY, see EVP_PKEY_new(3). EVP_PKEYs can be associated with a private key of a particular algorithm by using the functions described in the EVP_PKEY_set1_RSA(3) page, or new keys can be generated using EVP_PKEY_keygen(3). EVP_PKEYs can be compared using EVP_PKEY_cmp(3) or printed using EVP_PKEY_print_private(3).

The EVP_PKEY_*() functions support the full range of asymmetric algorithm operations:

• For key agreement, see EVP_PKEY_derive(3).
• For signing and verifying, see EVP_PKEY_sign(3), EVP_PKEY_verify(3), and EVP_PKEY_verify_recover(3). However, note that these functions do not perform a digest of the data to be signed. Therefore, normally you would use the EVP_DigestSignInit(3) functions for this purpose.
• For encryption and decryption see EVP_PKEY_encrypt(3) and EVP_PKEY_decrypt(3), respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a digital envelope using the EVP_SealInit(3) and EVP_OpenInit(3) functions.

The EVP_BytesToKey(3) function provides some limited support for password based encryption. Careful selection of the parameters will provide a PKCS#5 PBKDF1 compatible implementation. However, new applications should typically not use this (preferring, for example, PBKDF2 from PCKS#5).

The EVP_EncodeInit(3) family of functions provides base64 encoding and decoding.

SEE ALSO

ASN1_item_digest(3), ASN1_item_sign(3), BIO_f_cipher(3), BIO_f_md(3), CMAC_Init(3), CMS_encrypt(3), CMS_sign(3), crypto(3), d2i_PKCS8PrivateKey_bio(3), d2i_PrivateKey(3), EVP_AEAD_CTX_init(3), EVP_aes_128_cbc(3), EVP_BytesToKey(3), EVP_camellia_128_cbc(3), EVP_chacha20(3), EVP_CIPHER_CTX_ctrl(3), EVP_CIPHER_CTX_get_cipher_data(3), EVP_CIPHER_CTX_init(3), EVP_CIPHER_CTX_set_flags(3), EVP_CIPHER_do_all(3), EVP_CIPHER_meth_new(3), EVP_CIPHER_nid(3), EVP_des_cbc(3), EVP_DigestInit(3), EVP_DigestSignInit(3), EVP_DigestVerifyInit(3), EVP_EncodeInit(3), EVP_EncryptInit(3), EVP_MD_CTX_ctrl(3), EVP_MD_nid(3), EVP_OpenInit(3), EVP_PKCS82PKEY(3), EVP_PKEY_add1_attr(3), EVP_PKEY_asn1_get_count(3), EVP_PKEY_asn1_new(3), EVP_PKEY_check(3), EVP_PKEY_cmp(3), EVP_PKEY_CTX_ctrl(3), EVP_PKEY_CTX_get_operation(3), EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_set_hkdf_md(3), EVP_PKEY_decrypt(3), EVP_PKEY_derive(3), EVP_PKEY_encrypt(3), EVP_PKEY_get_default_digest_nid(3), EVP_PKEY_keygen(3), EVP_PKEY_meth_get0_info(3), EVP_PKEY_meth_new(3), EVP_PKEY_new(3), EVP_PKEY_print_private(3), EVP_PKEY_set1_RSA(3), EVP_PKEY_sign(3), EVP_PKEY_size(3), EVP_PKEY_verify(3), EVP_PKEY_verify_recover(3), EVP_rc4(3), EVP_SealInit(3), EVP_sha1(3), EVP_sha3_224(3), EVP_SignInit(3), EVP_sm3(3), EVP_sm4_cbc(3), EVP_VerifyInit(3), EVP_whirlpool(3), HMAC(3), OCSP_basic_sign(3), OCSP_request_sign(3), PEM_get_EVP_CIPHER_INFO(3), PEM_read_bio_PrivateKey(3), PKCS12_create(3), PKCS5_PBKDF2_HMAC(3), PKCS7_encrypt(3), PKCS7_sign(3), RSA_pkey_ctx_ctrl(3), SSL_CTX_set_tlsext_ticket_key_cb(3), X509_ALGOR_set0(3), X509_check_private_key(3), X509_digest(3), X509_get_pubkey(3), X509_PUBKEY_set(3), X509_sign(3), X509_to_X509_REQ(3)