1*b077aed3SPierre Pronchery=pod 2*b077aed3SPierre Pronchery 3*b077aed3SPierre Pronchery=head1 NAME 4*b077aed3SPierre Pronchery 5*b077aed3SPierre ProncheryPKCS8_decrypt, PKCS8_decrypt_ex, PKCS8_encrypt, PKCS8_encrypt_ex, 6*b077aed3SPierre ProncheryPKCS8_set0_pbe, PKCS8_set0_pbe_ex - PKCS8 encrypt/decrypt functions 7*b077aed3SPierre Pronchery 8*b077aed3SPierre Pronchery=head1 SYNOPSIS 9*b077aed3SPierre Pronchery 10*b077aed3SPierre Pronchery #include <openssl/x509.h> 11*b077aed3SPierre Pronchery 12*b077aed3SPierre Pronchery PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, 13*b077aed3SPierre Pronchery int passlen); 14*b077aed3SPierre Pronchery PKCS8_PRIV_KEY_INFO *PKCS8_decrypt_ex(const X509_SIG *p8, const char *pass, 15*b077aed3SPierre Pronchery int passlen, OSSL_LIB_CTX *ctx, 16*b077aed3SPierre Pronchery const char *propq); 17*b077aed3SPierre Pronchery X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, 18*b077aed3SPierre Pronchery const char *pass, int passlen, unsigned char *salt, 19*b077aed3SPierre Pronchery int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); 20*b077aed3SPierre Pronchery X509_SIG *PKCS8_encrypt_ex(int pbe_nid, const EVP_CIPHER *cipher, 21*b077aed3SPierre Pronchery const char *pass, int passlen, unsigned char *salt, 22*b077aed3SPierre Pronchery int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8, 23*b077aed3SPierre Pronchery OSSL_LIB_CTX *ctx, const char *propq); 24*b077aed3SPierre Pronchery X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, 25*b077aed3SPierre Pronchery PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe); 26*b077aed3SPierre Pronchery X509_SIG *PKCS8_set0_pbe_ex(const char *pass, int passlen, 27*b077aed3SPierre Pronchery PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe, 28*b077aed3SPierre Pronchery OSSL_LIB_CTX *ctx); 29*b077aed3SPierre Pronchery 30*b077aed3SPierre Pronchery=head1 DESCRIPTION 31*b077aed3SPierre Pronchery 32*b077aed3SPierre ProncheryPKCS8_encrypt() and PKCS8_encrypt_ex() perform encryption of an object I<p8> using 33*b077aed3SPierre Proncherythe password I<pass> of length I<passlen>, salt I<salt> of length I<saltlen> 34*b077aed3SPierre Proncheryand iteration count I<iter>. 35*b077aed3SPierre ProncheryThe resulting B<X509_SIG> contains the encoded algorithm parameters and encrypted 36*b077aed3SPierre Proncherykey. 37*b077aed3SPierre Pronchery 38*b077aed3SPierre ProncheryPKCS8_decrypt() and PKCS8_decrypt_ex() perform decryption of an B<X509_SIG> in 39*b077aed3SPierre ProncheryI<p8> using the password I<pass> of length I<passlen> along with algorithm 40*b077aed3SPierre Proncheryparameters obtained from the I<p8>. 41*b077aed3SPierre Pronchery 42*b077aed3SPierre ProncheryPKCS8_set0_pbe() and PKCS8_set0_pbe_ex() perform encryption of the I<p8inf> 43*b077aed3SPierre Proncheryusing the password I<pass> of length I<passlen> and parameters I<pbe>. 44*b077aed3SPierre Pronchery 45*b077aed3SPierre ProncheryFunctions ending in _ex() allow for a library context I<ctx> and property query 46*b077aed3SPierre ProncheryI<propq> to be used to select algorithm implementations. 47*b077aed3SPierre Pronchery 48*b077aed3SPierre Pronchery=head1 RETURN VALUES 49*b077aed3SPierre Pronchery 50*b077aed3SPierre ProncheryPKCS8_encrypt(), PKCS8_encrypt_ex(), PKCS8_set0_pbe() and PKCS8_set0_pbe_ex() 51*b077aed3SPierre Proncheryreturn an encrypted key in a B<X509_SIG> structure or NULL if an error occurs. 52*b077aed3SPierre Pronchery 53*b077aed3SPierre ProncheryPKCS8_decrypt() and PKCS8_decrypt_ex() return a B<PKCS8_PRIV_KEY_INFO> or NULL 54*b077aed3SPierre Proncheryif an error occurs. 55*b077aed3SPierre Pronchery 56*b077aed3SPierre Pronchery=head1 CONFORMING TO 57*b077aed3SPierre Pronchery 58*b077aed3SPierre ProncheryIETF RFC 7292 (L<https://tools.ietf.org/html/rfc7292>) 59*b077aed3SPierre Pronchery 60*b077aed3SPierre Pronchery=head1 SEE ALSO 61*b077aed3SPierre Pronchery 62*b077aed3SPierre ProncheryL<crypto(7)> 63*b077aed3SPierre Pronchery 64*b077aed3SPierre Pronchery=head1 HISTORY 65*b077aed3SPierre Pronchery 66*b077aed3SPierre ProncheryPKCS8_decrypt_ex(), PKCS8_encrypt_ex() and PKCS8_set0_pbe_ex() were added in 67*b077aed3SPierre ProncheryOpenSSL 3.0. 68*b077aed3SPierre Pronchery 69*b077aed3SPierre Pronchery=head1 COPYRIGHT 70*b077aed3SPierre Pronchery 71*b077aed3SPierre ProncheryCopyright 2021 The OpenSSL Project Authors. All Rights Reserved. 72*b077aed3SPierre Pronchery 73*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 74*b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 75*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 76*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 77*b077aed3SPierre Pronchery 78*b077aed3SPierre Pronchery=cut 79