xref: /freebsd/crypto/openssl/doc/man3/EVP_SealInit.pod (revision b077aed33b7b6aefca7b17ddb250cf521f938613) 
1e71b7053SJung-uk Kim=pod
2e71b7053SJung-uk Kim
3e71b7053SJung-uk Kim=head1 NAME
4e71b7053SJung-uk Kim
5e71b7053SJung-uk KimEVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption
6e71b7053SJung-uk Kim
7e71b7053SJung-uk Kim=head1 SYNOPSIS
8e71b7053SJung-uk Kim
9e71b7053SJung-uk Kim #include <openssl/evp.h>
10e71b7053SJung-uk Kim
11e71b7053SJung-uk Kim int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
12e71b7053SJung-uk Kim                  unsigned char **ek, int *ekl, unsigned char *iv,
13e71b7053SJung-uk Kim                  EVP_PKEY **pubk, int npubk);
14e71b7053SJung-uk Kim int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
15e71b7053SJung-uk Kim                    int *outl, unsigned char *in, int inl);
16e71b7053SJung-uk Kim int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
17e71b7053SJung-uk Kim
18e71b7053SJung-uk Kim=head1 DESCRIPTION
19e71b7053SJung-uk Kim
2058f35182SJung-uk KimThe EVP envelope routines are a high-level interface to envelope
21e71b7053SJung-uk Kimencryption. They generate a random key and IV (if required) then
22e71b7053SJung-uk Kim"envelope" it by using public key encryption. Data can then be
23e71b7053SJung-uk Kimencrypted using this key.
24e71b7053SJung-uk Kim
25e71b7053SJung-uk KimEVP_SealInit() initializes a cipher context B<ctx> for encryption
26e71b7053SJung-uk Kimwith cipher B<type> using a random secret key and IV. B<type> is normally
27e71b7053SJung-uk Kimsupplied by a function such as EVP_aes_256_cbc(). The secret key is encrypted
28e71b7053SJung-uk Kimusing one or more public keys, this allows the same encrypted data to be
29e71b7053SJung-uk Kimdecrypted using any of the corresponding private keys. B<ek> is an array of
30e71b7053SJung-uk Kimbuffers where the public key encrypted secret key will be written, each buffer
31e71b7053SJung-uk Kimmust contain enough room for the corresponding encrypted key: that is
32*b077aed3SPierre ProncheryB<ek[i]> must have room for B<EVP_PKEY_get_size(pubk[i])> bytes. The actual
33e71b7053SJung-uk Kimsize of each encrypted secret key is written to the array B<ekl>. B<pubk> is
34e71b7053SJung-uk Kiman array of B<npubk> public keys.
35e71b7053SJung-uk Kim
36e71b7053SJung-uk KimThe B<iv> parameter is a buffer where the generated IV is written to. It must
37e71b7053SJung-uk Kimcontain enough room for the corresponding cipher's IV, as determined by (for
38*b077aed3SPierre Proncheryexample) EVP_CIPHER_get_iv_length(type).
39e71b7053SJung-uk Kim
40e71b7053SJung-uk KimIf the cipher does not require an IV then the B<iv> parameter is ignored
41e71b7053SJung-uk Kimand can be B<NULL>.
42e71b7053SJung-uk Kim
43e71b7053SJung-uk KimEVP_SealUpdate() and EVP_SealFinal() have exactly the same properties
44e71b7053SJung-uk Kimas the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as
45e71b7053SJung-uk Kimdocumented on the L<EVP_EncryptInit(3)> manual
46e71b7053SJung-uk Kimpage.
47e71b7053SJung-uk Kim
48e71b7053SJung-uk Kim=head1 RETURN VALUES
49e71b7053SJung-uk Kim
50e71b7053SJung-uk KimEVP_SealInit() returns 0 on error or B<npubk> if successful.
51e71b7053SJung-uk Kim
52e71b7053SJung-uk KimEVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for
53e71b7053SJung-uk Kimfailure.
54e71b7053SJung-uk Kim
55e71b7053SJung-uk Kim=head1 NOTES
56e71b7053SJung-uk Kim
57e71b7053SJung-uk KimBecause a random secret key is generated the random number generator
58da327cd2SJung-uk Kimmust be seeded when EVP_SealInit() is called.
59da327cd2SJung-uk KimIf the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to
60da327cd2SJung-uk Kimexternal circumstances (see L<RAND(7)>), the operation will fail.
61e71b7053SJung-uk Kim
62e71b7053SJung-uk KimThe public key must be RSA because it is the only OpenSSL public key
63e71b7053SJung-uk Kimalgorithm that supports key transport.
64e71b7053SJung-uk Kim
65e71b7053SJung-uk KimEnvelope encryption is the usual method of using public key encryption
66e71b7053SJung-uk Kimon large amounts of data, this is because public key encryption is slow
67e71b7053SJung-uk Kimbut symmetric encryption is fast. So symmetric encryption is used for
68e71b7053SJung-uk Kimbulk encryption and the small random symmetric key used is transferred
69e71b7053SJung-uk Kimusing public key encryption.
70e71b7053SJung-uk Kim
71e71b7053SJung-uk KimIt is possible to call EVP_SealInit() twice in the same way as
72e71b7053SJung-uk KimEVP_EncryptInit(). The first call should have B<npubk> set to 0
73e71b7053SJung-uk Kimand (after setting any cipher parameters) it should be called again
74e71b7053SJung-uk Kimwith B<type> set to NULL.
75e71b7053SJung-uk Kim
76e71b7053SJung-uk Kim=head1 SEE ALSO
77e71b7053SJung-uk Kim
78e71b7053SJung-uk KimL<evp(7)>, L<RAND_bytes(3)>,
79e71b7053SJung-uk KimL<EVP_EncryptInit(3)>,
80da327cd2SJung-uk KimL<EVP_OpenInit(3)>,
81da327cd2SJung-uk KimL<RAND(7)>
82e71b7053SJung-uk Kim
83e71b7053SJung-uk Kim=head1 COPYRIGHT
84e71b7053SJung-uk Kim
85*b077aed3SPierre ProncheryCopyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
86e71b7053SJung-uk Kim
87*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License").  You may not use
88e71b7053SJung-uk Kimthis file except in compliance with the License.  You can obtain a copy
89e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at
90e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>.
91e71b7053SJung-uk Kim
92e71b7053SJung-uk Kim=cut
93