Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) Standard preamble: ========================================================================..
..
..
Set up some character translations and predefined strings. \*(-- will give an unbreakable dash, \*(PI will give pi, \*(L" will give a left double quote, and \*(R" will give a right double quote. \*(C+ will give a nicer C++. Capital omega is used to do unbreakable dashes and therefore won't be available. \*(C` and \*(C' expand to `' in nroff, nothing in troff, for use with C<>..tr \(*W-
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
Escape single quotes in literal strings from groff's Unicode transform. If the F register is >0, we'll generate index entries on stderr for titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index entries marked with X<> in POD. Of course, you'll have to process the output yourself in some meaningful fashion. Avoid warning from groff about undefined register 'F'...
.nr rF 0
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). Fear. Run. Save yourself. No user-serviceable parts.. \" fudge factors for nroff and troff
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #]
.\}
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
. \" corrections for vroff
. \" for low resolution devices (crt and lpr)
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
======================================================================== Title "PKCS5_PBE_KEYIVGEN 3" PKCS5_PBE_KEYIVGEN 3 "2023-05-30" "3.0.9" "OpenSSL"
For nroff, turn off justification. Always turn off hyphenation; it makes way too many mistakes in technical documents. "NAME"
PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex, PKCS5_pbe2_set, PKCS5_pbe2_set_iv,
PKCS5_pbe2_set_iv_ex, PKCS5_pbe_set, PKCS5_pbe_set_ex, PKCS5_pbe2_set_scrypt,
PKCS5_pbe_set0_algor, PKCS5_pbe_set0_algor_ex,
PKCS5_v2_PBE_keyivgen, PKCS5_v2_PBE_keyivgen_ex,
PKCS5_v2_scrypt_keyivgen, PKCS5_v2_scrypt_keyivgen_ex,
PKCS5_pbkdf2_set, PKCS5_pbkdf2_set_ex, EVP_PBE_scrypt, EVP_PBE_scrypt_ex
\- PKCS#5 Password based encryption routines
"SYNOPSIS"
Header "SYNOPSIS" .Vb 1
#include <
openssl/
evp.h>
\&
int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
ASN1_TYPE *param, const EVP_CIPHER *cipher,
const EVP_MD *md, int en_de);
int PKCS5_PBE_keyivgen_ex(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
ASN1_TYPE *param, const EVP_CIPHER *cipher,
const EVP_MD *md, int en_de, OSSL_LIB_CTX *libctx,
const char *propq);
int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
ASN1_TYPE *param, const EVP_CIPHER *cipher,
const EVP_MD *md, int en_de);
int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
ASN1_TYPE *param, const EVP_CIPHER *cipher,
const EVP_MD *md, int en_de,
OSSL_LIB_CTX *libctx, const char *propq);
int EVP_PBE_scrypt(const char *pass, size_t passlen,
const unsigned char *salt, size_t saltlen,
uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
unsigned char *key, size_t keylen);
int EVP_PBE_scrypt_ex(const char *pass, size_t passlen,
const unsigned char *salt, size_t saltlen,
uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
unsigned char *key, size_t keylen,
OSSL_LIB_CTX *ctx, const char *propq);
int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
int passlen, ASN1_TYPE *param,
const EVP_CIPHER *c, const EVP_MD *md, int en_de);
int PKCS5_v2_scrypt_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass,
int passlen, ASN1_TYPE *param,
const EVP_CIPHER *c, const EVP_MD *md, int en_de,
OSSL_LIB_CTX *libctx, const char *propq);
\&
#include <
openssl/
x509.h>
\&
int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
const unsigned char *salt, int saltlen);
int PKCS5_pbe_set0_algor_ex(X509_ALGOR *algor, int alg, int iter,
const unsigned char *salt, int saltlen,
OSSL_LIB_CTX *libctx);
\&
X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
const unsigned char *salt, int saltlen);
X509_ALGOR *PKCS5_pbe_set_ex(int alg, int iter,
const unsigned char *salt, int saltlen,
OSSL_LIB_CTX *libctx);
\&
X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
unsigned char *salt, int saltlen);
X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
unsigned char *salt, int saltlen,
unsigned char *aiv, int prf_nid);
X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher, int iter,
unsigned char *salt, int saltlen,
unsigned char *aiv, int prf_nid,
OSSL_LIB_CTX *libctx);
X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
const unsigned char *salt, int saltlen,
unsigned char *aiv, uint64_t N, uint64_t r,
uint64_t p);
\&
X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
int prf_nid, int keylen);
X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen,
int prf_nid, int keylen,
OSSL_LIB_CTX *libctx);
.Ve
"DESCRIPTION"
Header "DESCRIPTION" "Key Derivation"
Subsection "Key Derivation" \fBPKCS5_PBE_keyivgen() and
PKCS5_PBE_keyivgen_ex() take a password
pass of
length
passlen, parameters
param and a message digest function
md_type
and performs a key derivation according to PKCS#5 \s-1PBES1.\s0 The resulting key is
then used to initialise the cipher context
ctx with a cipher
cipher for
encryption (
en_de=1) or decryption (
en_de=0).
\fIpass is an optional parameter and can be \s-1NULL.\s0 If passlen is -1, then the
function will calculate the length of pass using strlen().
\fBPKCS5_v2_PBE_keyivgen() and PKCS5_v2_PBE_keyivgen_ex() are similar to the above
but instead use PKCS#5 \s-1PBES2\s0 as the encryption algorithm using the supplied
parameters.
\fBPKCS5_v2_scrypt_keyivgen() and PKCS5_v2_scrypt_keyivgen_ex() use \s-1SCRYPT\s0 as the
key derivation part of the encryption algorithm.
\fIsalt is the salt used in the derivation of length saltlen. If the
\fIsalt is \s-1NULL,\s0 then saltlen must be 0. The function will not
attempt to calculate the length of the salt because it is not assumed to
be \s-1NULL\s0 terminated.
\fIiter is the iteration count and its value should be greater than or
equal to 1. \s-1RFC 2898\s0 suggests an iteration count of at least 1000. Any
\fIiter less than 1 is treated as a single iteration.
\fIdigest is the message digest function used in the derivation.
Functions ending in _ex() take optional parameters libctx and propq which
are used to select appropriate algorithm implementations.
"Algorithm Identifier Creation"
Subsection "Algorithm Identifier Creation" \fBPKCS5_pbe_set(),
PKCS5_pbe_set_ex(),
PKCS5_pbe2_set(),
PKCS5_pbe2_set_iv(),
\fBPKCS5_pbe2_set_iv_ex() and
PKCS5_pbe2_set_scrypt() generate an
X509_ALGOR
object which represents an AlgorithmIdentifier containing the algorithm \s-1OID\s0 and
associated parameters for the \s-1PBE\s0 algorithm.
\fBPKCS5_pbkdf2_set() and PKCS5_pbkdf2_set_ex() generate an X509_ALGOR
object which represents an AlgorithmIdentifier containing the algorithm \s-1OID\s0 and
associated parameters for the \s-1PBKDF2\s0 algorithm.
\fBPKCS5_pbe_set0_algor() and PKCS5_pbe_set0_algor_ex() set the \s-1PBE\s0 algorithm \s-1OID\s0 and
parameters into the supplied X509_ALGOR.
"NOTES"
Header "NOTES" The *
_keyivgen() functions are typically used in PKCS#12 to encrypt objects.
These functions make no assumption regarding the given password.
It will simply be treated as a byte sequence.
"RETURN VALUES"
Header "RETURN VALUES" \fBPKCS5_PBE_keyivgen(),
PKCS5_v2_PBE_keyivgen(),
\fBPKCS5_v2_PBE_keyivgen_ex(),
PKCS5_v2_scrypt_keyivgen(),
\fBPKCS5_v2_scrypt_keyivgen_ex(),
PKCS5_pbe_set0_algor() and
\fBPKCS5_pbe_set0_algor_ex() return 1 for success and 0 if an error occurs.
\fBPKCS5_pbe_set(), PKCS5_pbe_set_ex(), PKCS5_pbe2_set(), PKCS5_pbe2_set_iv(),
\fBPKCS5_pbe2_set_iv_ex(), PKCS5_pbe2_set_scrypt(),
\fBPKCS5_pbkdf2_set() and PKCS5_pbkdf2_set_ex() return an X509_ALGOR object or
\s-1NULL\s0 if an error occurs.
"CONFORMING TO"
Header "CONFORMING TO" \s-1IETF RFC 8018\s0 (<https://
tools.ietf.org/
html/
rfc8018>)
"SEE ALSO"
Header "SEE ALSO" \fBEVP_PBE_CipherInit_ex\|(3),
\fBPKCS12_pbe_crypt_ex\|(3),
\fBpassphrase-encoding\|(7)
"HISTORY"
Header "HISTORY" \fBPKCS5_v2_PBE_keyivgen_ex(),
EVP_PBE_scrypt_ex(),
PKCS5_v2_scrypt_keyivgen_ex(),
\fBPKCS5_pbe_set0_algor_ex(),
PKCS5_pbe_set_ex(),
PKCS5_pbe2_set_iv_ex() and
\fBPKCS5_pbkdf2_set_ex() were added in OpenSSL 3.0.
From OpenSSL 3.0 the \s-1PBKDF1\s0 algorithm used in PKCS5_PBE_keyivgen() and
\fBPKCS5_PBE_keyivgen_ex() has been moved to the legacy provider as an \s-1EVP_KDF.\s0
"COPYRIGHT"
Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.