1=pod 2 3=head1 NAME 4 5openssl-glossary - An OpenSSL Glossary 6 7=head1 DESCRIPTION 8 9=for comment Please keep the items in case-insensitive alphabetical order 10 11=over 4 12 13=item Algorithm 14 15Cryptographic primitives such as the SHA256 digest, or AES encryption are 16referred to in OpenSSL as "algorithms". There can be more than one 17implementation for any given algorithm available for use. 18 19L<crypto(7)> 20 21=item ASN.1, ASN1 22 23ASN.1 ("Abstract Syntax Notation One") is a notation for describing abstract 24types and values. It is defined in the ITU-T documents X.680 to X.683: 25 26L<https://www.itu.int/rec/T-REC-X.680>, 27L<https://www.itu.int/rec/T-REC-X.681>, 28L<https://www.itu.int/rec/T-REC-X.682>, 29L<https://www.itu.int/rec/T-REC-X.683> 30 31=item Base Provider 32 33An OpenSSL Provider that contains encoders and decoders for OpenSSL keys. All 34the algorithm implementations in the Base Provider are also available in the 35Default Provider. 36 37L<OSSL_PROVIDER-base(7)> 38 39=item Decoder 40 41A decoder is a type of algorithm used for decoding keys and parameters from some 42external format such as PEM or DER. 43 44L<OSSL_DECODER_CTX_new_for_pkey(3)> 45 46=item Default Provider 47 48An OpenSSL Provider that contains the most common OpenSSL algorithm 49implementations. It is loaded by default if no other provider is available. All 50the algorithm implementations in the Base Provider are also available in the 51Default Provider. 52 53L<OSSL_PROVIDER-default(7)> 54 55=item DER ("Distinguished Encoding Rules") 56 57DER is a binary encoding of data, structured according to an ASN.1 58specification. This is a common encoding used for cryptographic objects 59such as private and public keys, certificates, CRLs, ... 60 61It is defined in ITU-T document X.690: 62 63L<https://www.itu.int/rec/T-REC-X.690> 64 65=item Encoder 66 67An encoder is a type of algorithm used for encoding keys and parameters to some 68external format such as PEM or DER. 69 70L<OSSL_ENCODER_CTX_new_for_pkey(3)> 71 72=item Explicit Fetching 73 74Explicit Fetching is a type of Fetching (see Fetching). Explicit Fetching is 75where a function call is made to obtain an algorithm object representing an 76implementation such as L<EVP_MD_fetch(3)> or L<EVP_CIPHER_fetch(3)> 77 78=item Fetching 79 80Fetching is the process of looking through the available algorithm 81implementations, applying selection criteria (via a property query string), and 82finally choosing the implementation that will be used. 83 84Also see Explicit Fetching and Implicit Fetching. 85 86L<crypto(7)> 87 88=item FIPS Provider 89 90An OpenSSL Provider that contains OpenSSL algorithm implementations that have 91been validated according to the FIPS 140-2 standard. 92 93L<OSSL_PROVIDER-FIPS(7)> 94 95=item Implicit Fetching 96 97Implicit Fetching is a type of Fetching (see Fetching). Implicit Fetching is 98where an algorithm object with no associated implementation is used such as the 99return value from L<EVP_sha256(3)> or L<EVP_aes_128_cbc(3)>. With implicit 100fetching an implementation is fetched automatically using default selection 101criteria the first time the algorithm is used. 102 103=item Legacy Provider 104 105An OpenSSL Provider that contains algorithm implementations that are considered 106insecure or are no longer in common use. 107 108L<OSSL_PROVIDER-legacy(7)> 109 110=item Library Context 111 112A Library Context in OpenSSL is represented by the type B<OSSL_LIB_CTX>. It can 113be thought of as a scope within which configuration options apply. If an 114application does not explicitly create a library context then the "default" 115one is used. Many OpenSSL functions can take a library context as an argument. 116A NULL value can always be passed to indicate the default library context. 117 118L<OSSL_LIB_CTX(3)> 119 120=item MSBLOB 121 122MSBLOB is a Microsoft specific binary format for RSA and DSA keys, both 123private and public. This form is never passphrase protected. 124 125=item Null Provider 126 127An OpenSSL Provider that contains no algorithm implementations. This can be 128useful to prevent the default provider from being automatically loaded in a 129library context. 130 131L<OSSL_PROVIDER-null(7)> 132 133=item Operation 134 135An operation is a group of OpenSSL functions with a common purpose such as 136encryption, or digesting. 137 138L<crypto(7)> 139 140=item PEM ("Privacy Enhanced Message") 141 142PEM is a format used for encoding of binary content into a mail and ASCII 143friendly form. The content is a series of base64-encoded lines, surrounded 144by begin/end markers each on their own line. For example: 145 146 -----BEGIN PRIVATE KEY----- 147 MIICdg.... 148 ... bhTQ== 149 -----END PRIVATE KEY----- 150 151Optional header line(s) may appear after the begin line, and their existence 152depends on the type of object being written or read. 153 154For all OpenSSL uses, the binary content is expected to be a DER encoded 155structure. 156 157This is defined in IETF RFC 1421: 158 159L<https://tools.ietf.org/html/rfc1421> 160 161=item PKCS#8 162 163PKCS#8 is a specification of ASN.1 structures that OpenSSL uses for storing 164or transmitting any private key in a key type agnostic manner. 165There are two structures worth noting for OpenSSL use, one that contains the 166key data in unencrypted form (known as "PrivateKeyInfo") and an encrypted 167wrapper structure (known as "EncryptedPrivateKeyInfo"). 168 169This is specified in RFC 5208: 170 171L<https://tools.ietf.org/html/rfc5208> 172 173=item Property 174 175A property is a way of classifying and selecting algorithm implementations. 176A property is a key/value pair expressed as a string. For example all algorithm 177implementations in the default provider have the property "provider=default". 178An algorithm implementation can have multiple properties defined against it. 179 180Also see Property Query String. 181 182L<property(7)> 183 184=item Property Query String 185 186A property query string is a string containing a sequence of properties that 187can be used to select an algorithm implementation. For example the query string 188"provider=example,foo=bar" will select algorithms from the "example" provider 189that have a "foo" property defined for them with a value of "bar". 190 191Property Query Strings are used during fetching. See Fetching. 192 193L<property(7)> 194 195=item Provider 196 197A provider in OpenSSL is a component that groups together algorithm 198implementations. Providers can come from OpenSSL itself or from third parties. 199 200L<provider(7)> 201 202=item PVK 203 204PVK is a Microsoft specific binary format for RSA and DSA private keys. 205This form may be passphrase protected. 206 207=item SubjectPublicKeyInfo 208 209SubjectPublicKeyInfo is an ASN.1 structure that OpenSSL uses for storing and 210transmitting any public key in a key type agnostic manner. 211 212This is specified as part of the specification for certificates, RFC 5280: 213 214L<https://tools.ietf.org/html/rfc5280> 215 216=back 217 218=head1 HISTORY 219 220This glossary was added in OpenSSL 3.0. 221 222=head1 COPYRIGHT 223 224Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. 225 226Licensed under the Apache License 2.0 (the "License"). You may not use 227this file except in compliance with the License. You can obtain a copy 228in the file LICENSE in the source distribution or at 229L<https://www.openssl.org/source/license.html>. 230 231=cut 232