xref: /freebsd/crypto/openssl/doc/man3/EVP_PKEY_encrypt.pod (revision da327cd22e88f26f6cab9d4c45805b512139aa11)
1e71b7053SJung-uk Kim=pod
2e71b7053SJung-uk Kim
3e71b7053SJung-uk Kim=head1 NAME
4e71b7053SJung-uk Kim
5e71b7053SJung-uk KimEVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm
6e71b7053SJung-uk Kim
7e71b7053SJung-uk Kim=head1 SYNOPSIS
8e71b7053SJung-uk Kim
9e71b7053SJung-uk Kim #include <openssl/evp.h>
10e71b7053SJung-uk Kim
11e71b7053SJung-uk Kim int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
12e71b7053SJung-uk Kim int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
13e71b7053SJung-uk Kim                      unsigned char *out, size_t *outlen,
14e71b7053SJung-uk Kim                      const unsigned char *in, size_t inlen);
15e71b7053SJung-uk Kim
16e71b7053SJung-uk Kim=head1 DESCRIPTION
17e71b7053SJung-uk Kim
18e71b7053SJung-uk KimThe EVP_PKEY_encrypt_init() function initializes a public key algorithm
19e71b7053SJung-uk Kimcontext using key B<pkey> for an encryption operation.
20e71b7053SJung-uk Kim
21e71b7053SJung-uk KimThe EVP_PKEY_encrypt() function performs a public key encryption operation
22e71b7053SJung-uk Kimusing B<ctx>. The data to be encrypted is specified using the B<in> and
23e71b7053SJung-uk KimB<inlen> parameters. If B<out> is B<NULL> then the maximum size of the output
24e71b7053SJung-uk Kimbuffer is written to the B<outlen> parameter. If B<out> is not B<NULL> then
25e71b7053SJung-uk Kimbefore the call the B<outlen> parameter should contain the length of the
26e71b7053SJung-uk KimB<out> buffer, if the call is successful the encrypted data is written to
27e71b7053SJung-uk KimB<out> and the amount of data written to B<outlen>.
28e71b7053SJung-uk Kim
29e71b7053SJung-uk Kim=head1 NOTES
30e71b7053SJung-uk Kim
31e71b7053SJung-uk KimAfter the call to EVP_PKEY_encrypt_init() algorithm specific control
32e71b7053SJung-uk Kimoperations can be performed to set any appropriate parameters for the
33e71b7053SJung-uk Kimoperation.
34e71b7053SJung-uk Kim
35e71b7053SJung-uk KimThe function EVP_PKEY_encrypt() can be called more than once on the same
36e71b7053SJung-uk Kimcontext if several operations are performed using the same parameters.
37e71b7053SJung-uk Kim
38e71b7053SJung-uk Kim=head1 RETURN VALUES
39e71b7053SJung-uk Kim
40e71b7053SJung-uk KimEVP_PKEY_encrypt_init() and EVP_PKEY_encrypt() return 1 for success and 0
41e71b7053SJung-uk Kimor a negative value for failure. In particular a return value of -2
42e71b7053SJung-uk Kimindicates the operation is not supported by the public key algorithm.
43e71b7053SJung-uk Kim
44*da327cd2SJung-uk Kim=head1 EXAMPLES
45e71b7053SJung-uk Kim
46e71b7053SJung-uk KimEncrypt data using OAEP (for RSA keys). See also L<PEM_read_PUBKEY(3)> or
47e71b7053SJung-uk KimL<d2i_X509(3)> for means to load a public key. You may also simply
48e71b7053SJung-uk Kimset 'eng = NULL;' to start with the default OpenSSL RSA implementation:
49e71b7053SJung-uk Kim
50e71b7053SJung-uk Kim #include <openssl/evp.h>
51e71b7053SJung-uk Kim #include <openssl/rsa.h>
52e71b7053SJung-uk Kim #include <openssl/engine.h>
53e71b7053SJung-uk Kim
54e71b7053SJung-uk Kim EVP_PKEY_CTX *ctx;
55e71b7053SJung-uk Kim ENGINE *eng;
56e71b7053SJung-uk Kim unsigned char *out, *in;
57e71b7053SJung-uk Kim size_t outlen, inlen;
58e71b7053SJung-uk Kim EVP_PKEY *key;
59e71b7053SJung-uk Kim
60e71b7053SJung-uk Kim /*
61e71b7053SJung-uk Kim  * NB: assumes eng, key, in, inlen are already set up,
62e71b7053SJung-uk Kim  * and that key is an RSA public key
63e71b7053SJung-uk Kim  */
64e71b7053SJung-uk Kim ctx = EVP_PKEY_CTX_new(key, eng);
65e71b7053SJung-uk Kim if (!ctx)
66e71b7053SJung-uk Kim     /* Error occurred */
67e71b7053SJung-uk Kim if (EVP_PKEY_encrypt_init(ctx) <= 0)
68e71b7053SJung-uk Kim     /* Error */
69e71b7053SJung-uk Kim if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
70e71b7053SJung-uk Kim     /* Error */
71e71b7053SJung-uk Kim
72e71b7053SJung-uk Kim /* Determine buffer length */
73e71b7053SJung-uk Kim if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0)
74e71b7053SJung-uk Kim     /* Error */
75e71b7053SJung-uk Kim
76e71b7053SJung-uk Kim out = OPENSSL_malloc(outlen);
77e71b7053SJung-uk Kim
78e71b7053SJung-uk Kim if (!out)
79e71b7053SJung-uk Kim     /* malloc failure */
80e71b7053SJung-uk Kim
81e71b7053SJung-uk Kim if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0)
82e71b7053SJung-uk Kim     /* Error */
83e71b7053SJung-uk Kim
84e71b7053SJung-uk Kim /* Encrypted data is outlen bytes written to buffer out */
85e71b7053SJung-uk Kim
86e71b7053SJung-uk Kim=head1 SEE ALSO
87e71b7053SJung-uk Kim
88e71b7053SJung-uk KimL<d2i_X509(3)>,
89e71b7053SJung-uk KimL<ENGINE_by_id(3)>,
90e71b7053SJung-uk KimL<EVP_PKEY_CTX_new(3)>,
91e71b7053SJung-uk KimL<EVP_PKEY_decrypt(3)>,
92e71b7053SJung-uk KimL<EVP_PKEY_sign(3)>,
93e71b7053SJung-uk KimL<EVP_PKEY_verify(3)>,
94e71b7053SJung-uk KimL<EVP_PKEY_verify_recover(3)>,
95e71b7053SJung-uk KimL<EVP_PKEY_derive(3)>
96e71b7053SJung-uk Kim
97e71b7053SJung-uk Kim=head1 HISTORY
98e71b7053SJung-uk Kim
996935a639SJung-uk KimThese functions were added in OpenSSL 1.0.0.
100e71b7053SJung-uk Kim
101e71b7053SJung-uk Kim=head1 COPYRIGHT
102e71b7053SJung-uk Kim
103*da327cd2SJung-uk KimCopyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
104e71b7053SJung-uk Kim
105e71b7053SJung-uk KimLicensed under the OpenSSL license (the "License").  You may not use
106e71b7053SJung-uk Kimthis file except in compliance with the License.  You can obtain a copy
107e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at
108e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>.
109e71b7053SJung-uk Kim
110e71b7053SJung-uk Kim=cut
111