1b077aed3SPierre Pronchery=pod 2b077aed3SPierre Pronchery 3b077aed3SPierre Pronchery=head1 NAME 4b077aed3SPierre Pronchery 5b077aed3SPierre Proncheryopenssl-glossary - An OpenSSL Glossary 6b077aed3SPierre Pronchery 7b077aed3SPierre Pronchery=head1 DESCRIPTION 8b077aed3SPierre Pronchery 9b077aed3SPierre Pronchery=for comment Please keep the items in case-insensitive alphabetical order 10b077aed3SPierre Pronchery 11b077aed3SPierre Pronchery=over 4 12b077aed3SPierre Pronchery 13b077aed3SPierre Pronchery=item Algorithm 14b077aed3SPierre Pronchery 15*aa795734SPierre ProncheryCryptographic primitives such as the SHA256 digest, or AES encryption are 16b077aed3SPierre Proncheryreferred to in OpenSSL as "algorithms". There can be more than one 17b077aed3SPierre Proncheryimplementation for any given algorithm available for use. 18b077aed3SPierre Pronchery 19b077aed3SPierre ProncheryL<crypto(7)> 20b077aed3SPierre Pronchery 21b077aed3SPierre Pronchery=item ASN.1, ASN1 22b077aed3SPierre Pronchery 23b077aed3SPierre ProncheryASN.1 ("Abstract Syntax Notation One") is a notation for describing abstract 24b077aed3SPierre Proncherytypes and values. It is defined in the ITU-T documents X.680 to X.683: 25b077aed3SPierre Pronchery 26b077aed3SPierre ProncheryL<https://www.itu.int/rec/T-REC-X.680>, 27b077aed3SPierre ProncheryL<https://www.itu.int/rec/T-REC-X.681>, 28b077aed3SPierre ProncheryL<https://www.itu.int/rec/T-REC-X.682>, 29b077aed3SPierre ProncheryL<https://www.itu.int/rec/T-REC-X.683> 30b077aed3SPierre Pronchery 31b077aed3SPierre Pronchery=item Base Provider 32b077aed3SPierre Pronchery 33b077aed3SPierre ProncheryAn OpenSSL Provider that contains encoders and decoders for OpenSSL keys. All 34b077aed3SPierre Proncherythe algorithm implementations in the Base Provider are also available in the 35b077aed3SPierre ProncheryDefault Provider. 36b077aed3SPierre Pronchery 37b077aed3SPierre ProncheryL<OSSL_PROVIDER-base(7)> 38b077aed3SPierre Pronchery 39b077aed3SPierre Pronchery=item Decoder 40b077aed3SPierre Pronchery 41b077aed3SPierre ProncheryA decoder is a type of algorithm used for decoding keys and parameters from some 42b077aed3SPierre Proncheryexternal format such as PEM or DER. 43b077aed3SPierre Pronchery 44b077aed3SPierre ProncheryL<OSSL_DECODER_CTX_new_for_pkey(3)> 45b077aed3SPierre Pronchery 46b077aed3SPierre Pronchery=item Default Provider 47b077aed3SPierre Pronchery 48*aa795734SPierre ProncheryAn OpenSSL Provider that contains the most common OpenSSL algorithm 49b077aed3SPierre Proncheryimplementations. It is loaded by default if no other provider is available. All 50b077aed3SPierre Proncherythe algorithm implementations in the Base Provider are also available in the 51b077aed3SPierre ProncheryDefault Provider. 52b077aed3SPierre Pronchery 53b077aed3SPierre ProncheryL<OSSL_PROVIDER-default(7)> 54b077aed3SPierre Pronchery 55b077aed3SPierre Pronchery=item DER ("Distinguished Encoding Rules") 56b077aed3SPierre Pronchery 57b077aed3SPierre ProncheryDER is a binary encoding of data, structured according to an ASN.1 58b077aed3SPierre Proncheryspecification. This is a common encoding used for cryptographic objects 59b077aed3SPierre Proncherysuch as private and public keys, certificates, CRLs, ... 60b077aed3SPierre Pronchery 61b077aed3SPierre ProncheryIt is defined in ITU-T document X.690: 62b077aed3SPierre Pronchery 63b077aed3SPierre ProncheryL<https://www.itu.int/rec/T-REC-X.690> 64b077aed3SPierre Pronchery 65b077aed3SPierre Pronchery=item Encoder 66b077aed3SPierre Pronchery 67b077aed3SPierre ProncheryAn encoder is a type of algorithm used for encoding keys and parameters to some 68b077aed3SPierre Proncheryexternal format such as PEM or DER. 69b077aed3SPierre Pronchery 70b077aed3SPierre ProncheryL<OSSL_ENCODER_CTX_new_for_pkey(3)> 71b077aed3SPierre Pronchery 72b077aed3SPierre Pronchery=item Explicit Fetching 73b077aed3SPierre Pronchery 74b077aed3SPierre ProncheryExplicit Fetching is a type of Fetching (see Fetching). Explicit Fetching is 75b077aed3SPierre Proncherywhere a function call is made to obtain an algorithm object representing an 76b077aed3SPierre Proncheryimplementation such as L<EVP_MD_fetch(3)> or L<EVP_CIPHER_fetch(3)> 77b077aed3SPierre Pronchery 78b077aed3SPierre Pronchery=item Fetching 79b077aed3SPierre Pronchery 80b077aed3SPierre ProncheryFetching is the process of looking through the available algorithm 81b077aed3SPierre Proncheryimplementations, applying selection criteria (via a property query string), and 82b077aed3SPierre Proncheryfinally choosing the implementation that will be used. 83b077aed3SPierre Pronchery 84*aa795734SPierre ProncheryAlso see Explicit Fetching and Implicit Fetching. 85b077aed3SPierre Pronchery 86b077aed3SPierre ProncheryL<crypto(7)> 87b077aed3SPierre Pronchery 88b077aed3SPierre Pronchery=item FIPS Provider 89b077aed3SPierre Pronchery 90b077aed3SPierre ProncheryAn OpenSSL Provider that contains OpenSSL algorithm implementations that have 91b077aed3SPierre Proncherybeen validated according to the FIPS 140-2 standard. 92b077aed3SPierre Pronchery 93b077aed3SPierre ProncheryL<OSSL_PROVIDER-FIPS(7)> 94b077aed3SPierre Pronchery 95b077aed3SPierre Pronchery=item Implicit Fetching 96b077aed3SPierre Pronchery 97b077aed3SPierre ProncheryImplicit Fetching is a type of Fetching (see Fetching). Implicit Fetching is 98b077aed3SPierre Proncherywhere an algorithm object with no associated implementation is used such as the 99b077aed3SPierre Proncheryreturn value from L<EVP_sha256(3)> or L<EVP_aes_128_cbc(3)>. With implicit 100b077aed3SPierre Proncheryfetching an implementation is fetched automatically using default selection 101b077aed3SPierre Proncherycriteria the first time the algorithm is used. 102b077aed3SPierre Pronchery 103b077aed3SPierre Pronchery=item Legacy Provider 104b077aed3SPierre Pronchery 105b077aed3SPierre ProncheryAn OpenSSL Provider that contains algorithm implementations that are considered 106b077aed3SPierre Proncheryinsecure or are no longer in common use. 107b077aed3SPierre Pronchery 108b077aed3SPierre ProncheryL<OSSL_PROVIDER-legacy(7)> 109b077aed3SPierre Pronchery 110b077aed3SPierre Pronchery=item Library Context 111b077aed3SPierre Pronchery 112b077aed3SPierre ProncheryA Library Context in OpenSSL is represented by the type B<OSSL_LIB_CTX>. It can 113b077aed3SPierre Proncherybe thought of as a scope within which configuration options apply. If an 114b077aed3SPierre Proncheryapplication does not explicitly create a library context then the "default" 115b077aed3SPierre Proncheryone is used. Many OpenSSL functions can take a library context as an argument. 116b077aed3SPierre ProncheryA NULL value can always be passed to indicate the default library context. 117b077aed3SPierre Pronchery 118b077aed3SPierre ProncheryL<OSSL_LIB_CTX(3)> 119b077aed3SPierre Pronchery 120b077aed3SPierre Pronchery=item MSBLOB 121b077aed3SPierre Pronchery 122b077aed3SPierre ProncheryMSBLOB is a Microsoft specific binary format for RSA and DSA keys, both 123b077aed3SPierre Proncheryprivate and public. This form is never passphrase protected. 124b077aed3SPierre Pronchery 125b077aed3SPierre Pronchery=item Null Provider 126b077aed3SPierre Pronchery 127b077aed3SPierre ProncheryAn OpenSSL Provider that contains no algorithm implementations. This can be 128b077aed3SPierre Proncheryuseful to prevent the default provider from being automatically loaded in a 129b077aed3SPierre Proncherylibrary context. 130b077aed3SPierre Pronchery 131b077aed3SPierre ProncheryL<OSSL_PROVIDER-null(7)> 132b077aed3SPierre Pronchery 133b077aed3SPierre Pronchery=item Operation 134b077aed3SPierre Pronchery 135b077aed3SPierre ProncheryAn operation is a group of OpenSSL functions with a common purpose such as 136b077aed3SPierre Proncheryencryption, or digesting. 137b077aed3SPierre Pronchery 138b077aed3SPierre ProncheryL<crypto(7)> 139b077aed3SPierre Pronchery 140b077aed3SPierre Pronchery=item PEM ("Privacy Enhanced Message") 141b077aed3SPierre Pronchery 142b077aed3SPierre ProncheryPEM is a format used for encoding of binary content into a mail and ASCII 143b077aed3SPierre Proncheryfriendly form. The content is a series of base64-encoded lines, surrounded 144b077aed3SPierre Proncheryby begin/end markers each on their own line. For example: 145b077aed3SPierre Pronchery 146b077aed3SPierre Pronchery -----BEGIN PRIVATE KEY----- 147b077aed3SPierre Pronchery MIICdg.... 148b077aed3SPierre Pronchery ... bhTQ== 149b077aed3SPierre Pronchery -----END PRIVATE KEY----- 150b077aed3SPierre Pronchery 151b077aed3SPierre ProncheryOptional header line(s) may appear after the begin line, and their existence 152b077aed3SPierre Proncherydepends on the type of object being written or read. 153b077aed3SPierre Pronchery 154b077aed3SPierre ProncheryFor all OpenSSL uses, the binary content is expected to be a DER encoded 155b077aed3SPierre Proncherystructure. 156b077aed3SPierre Pronchery 157b077aed3SPierre ProncheryThis is defined in IETF RFC 1421: 158b077aed3SPierre Pronchery 159b077aed3SPierre ProncheryL<https://tools.ietf.org/html/rfc1421> 160b077aed3SPierre Pronchery 161b077aed3SPierre Pronchery=item PKCS#8 162b077aed3SPierre Pronchery 163b077aed3SPierre ProncheryPKCS#8 is a specification of ASN.1 structures that OpenSSL uses for storing 164b077aed3SPierre Proncheryor transmitting any private key in a key type agnostic manner. 165b077aed3SPierre ProncheryThere are two structures worth noting for OpenSSL use, one that contains the 166b077aed3SPierre Proncherykey data in unencrypted form (known as "PrivateKeyInfo") and an encrypted 167b077aed3SPierre Proncherywrapper structure (known as "EncryptedPrivateKeyInfo"). 168b077aed3SPierre Pronchery 169b077aed3SPierre ProncheryThis is specified in RFC 5208: 170b077aed3SPierre Pronchery 171b077aed3SPierre ProncheryL<https://tools.ietf.org/html/rfc5208> 172b077aed3SPierre Pronchery 173b077aed3SPierre Pronchery=item Property 174b077aed3SPierre Pronchery 175b077aed3SPierre ProncheryA property is a way of classifying and selecting algorithm implementations. 176b077aed3SPierre ProncheryA property is a key/value pair expressed as a string. For example all algorithm 177b077aed3SPierre Proncheryimplementations in the default provider have the property "provider=default". 178b077aed3SPierre ProncheryAn algorithm implementation can have multiple properties defined against it. 179b077aed3SPierre Pronchery 180b077aed3SPierre ProncheryAlso see Property Query String. 181b077aed3SPierre Pronchery 182b077aed3SPierre ProncheryL<property(7)> 183b077aed3SPierre Pronchery 184b077aed3SPierre Pronchery=item Property Query String 185b077aed3SPierre Pronchery 186b077aed3SPierre ProncheryA property query string is a string containing a sequence of properties that 187b077aed3SPierre Proncherycan be used to select an algorithm implementation. For example the query string 188b077aed3SPierre Pronchery"provider=example,foo=bar" will select algorithms from the "example" provider 189b077aed3SPierre Proncherythat have a "foo" property defined for them with a value of "bar". 190b077aed3SPierre Pronchery 191b077aed3SPierre ProncheryProperty Query Strings are used during fetching. See Fetching. 192b077aed3SPierre Pronchery 193b077aed3SPierre ProncheryL<property(7)> 194b077aed3SPierre Pronchery 195b077aed3SPierre Pronchery=item Provider 196b077aed3SPierre Pronchery 197b077aed3SPierre ProncheryA provider in OpenSSL is a component that groups together algorithm 198b077aed3SPierre Proncheryimplementations. Providers can come from OpenSSL itself or from third parties. 199b077aed3SPierre Pronchery 200b077aed3SPierre ProncheryL<provider(7)> 201b077aed3SPierre Pronchery 202b077aed3SPierre Pronchery=item PVK 203b077aed3SPierre Pronchery 204b077aed3SPierre ProncheryPVK is a Microsoft specific binary format for RSA and DSA private keys. 205b077aed3SPierre ProncheryThis form may be passphrase protected. 206b077aed3SPierre Pronchery 207b077aed3SPierre Pronchery=item SubjectPublicKeyInfo 208b077aed3SPierre Pronchery 209b077aed3SPierre ProncherySubjectPublicKeyInfo is an ASN.1 structure that OpenSSL uses for storing and 210b077aed3SPierre Proncherytransmitting any public key in a key type agnostic manner. 211b077aed3SPierre Pronchery 212b077aed3SPierre ProncheryThis is specified as part of the specification for certificates, RFC 5280: 213b077aed3SPierre Pronchery 214b077aed3SPierre ProncheryL<https://tools.ietf.org/html/rfc5280> 215b077aed3SPierre Pronchery 216b077aed3SPierre Pronchery=back 217b077aed3SPierre Pronchery 218b077aed3SPierre Pronchery=head1 HISTORY 219b077aed3SPierre Pronchery 220b077aed3SPierre ProncheryThis glossary was added in OpenSSL 3.0. 221b077aed3SPierre Pronchery 222b077aed3SPierre Pronchery=head1 COPYRIGHT 223b077aed3SPierre Pronchery 224*aa795734SPierre ProncheryCopyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. 225b077aed3SPierre Pronchery 226b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 227b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 228b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 229b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 230b077aed3SPierre Pronchery 231b077aed3SPierre Pronchery=cut 232