214 lines
7.6 KiB
HTML
Executable File
214 lines
7.6 KiB
HTML
Executable File
<?xml version="1.0" ?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<title>EVP_PKEY_keygen</title>
|
|
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
|
<link rev="made" href="mailto:root@localhost" />
|
|
</head>
|
|
|
|
<body style="background-color: white">
|
|
|
|
|
|
<!-- INDEX BEGIN -->
|
|
<div name="index">
|
|
<p><a name="__index__"></a></p>
|
|
|
|
<ul>
|
|
|
|
<li><a href="#name">NAME</a></li>
|
|
<li><a href="#synopsis">SYNOPSIS</a></li>
|
|
<li><a href="#description">DESCRIPTION</a></li>
|
|
<li><a href="#notes">NOTES</a></li>
|
|
<li><a href="#return_values">RETURN VALUES</a></li>
|
|
<li><a href="#examples">EXAMPLES</a></li>
|
|
<li><a href="#see_also">SEE ALSO</a></li>
|
|
<li><a href="#history">HISTORY</a></li>
|
|
<li><a href="#copyright">COPYRIGHT</a></li>
|
|
</ul>
|
|
|
|
<hr name="index" />
|
|
</div>
|
|
<!-- INDEX END -->
|
|
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="name">NAME</a></h1>
|
|
<p>EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init,
|
|
EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb,
|
|
EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data,
|
|
EVP_PKEY_CTX_get_app_data,
|
|
EVP_PKEY_gen_cb
|
|
- key and parameter generation and check functions</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="synopsis">SYNOPSIS</a></h1>
|
|
<pre>
|
|
#include <openssl/evp.h></pre>
|
|
<pre>
|
|
int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
|
|
int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
|
|
int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
|
|
int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);</pre>
|
|
<pre>
|
|
typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);</pre>
|
|
<pre>
|
|
void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
|
|
EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);</pre>
|
|
<pre>
|
|
int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);</pre>
|
|
<pre>
|
|
void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
|
|
void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);</pre>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="description">DESCRIPTION</a></h1>
|
|
<p>The <code>EVP_PKEY_keygen_init()</code> function initializes a public key algorithm
|
|
context using key <strong>pkey</strong> for a key generation operation.</p>
|
|
<p>The <code>EVP_PKEY_keygen()</code> function performs a key generation operation, the
|
|
generated key is written to <strong>ppkey</strong>.</p>
|
|
<p>The functions <code>EVP_PKEY_paramgen_init()</code> and <code>EVP_PKEY_paramgen()</code> are similar
|
|
except parameters are generated.</p>
|
|
<p>The function <code>EVP_PKEY_set_cb()</code> sets the key or parameter generation callback
|
|
to <strong>cb</strong>. The function <code>EVP_PKEY_CTX_get_cb()</code> returns the key or parameter
|
|
generation callback.</p>
|
|
<p>The function <code>EVP_PKEY_CTX_get_keygen_info()</code> returns parameters associated
|
|
with the generation operation. If <strong>idx</strong> is -1 the total number of
|
|
parameters available is returned. Any non negative value returns the value of
|
|
that parameter. <code>EVP_PKEY_CTX_gen_keygen_info()</code> with a non-negative value for
|
|
<strong>idx</strong> should only be called within the generation callback.</p>
|
|
<p>If the callback returns 0 then the key generation operation is aborted and an
|
|
error occurs. This might occur during a time consuming operation where
|
|
a user clicks on a "cancel" button.</p>
|
|
<p>The functions <code>EVP_PKEY_CTX_set_app_data()</code> and <code>EVP_PKEY_CTX_get_app_data()</code> set
|
|
and retrieve an opaque pointer. This can be used to set some application
|
|
defined value which can be retrieved in the callback: for example a handle
|
|
which is used to update a "progress dialog".</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="notes">NOTES</a></h1>
|
|
<p>After the call to <code>EVP_PKEY_keygen_init()</code> or <code>EVP_PKEY_paramgen_init()</code> algorithm
|
|
specific control operations can be performed to set any appropriate parameters
|
|
for the operation.</p>
|
|
<p>The functions <code>EVP_PKEY_keygen()</code> and <code>EVP_PKEY_paramgen()</code> can be called more than
|
|
once on the same context if several operations are performed using the same
|
|
parameters.</p>
|
|
<p>The meaning of the parameters passed to the callback will depend on the
|
|
algorithm and the specific implementation of the algorithm. Some might not
|
|
give any useful information at all during key or parameter generation. Others
|
|
might not even call the callback.</p>
|
|
<p>The operation performed by key or parameter generation depends on the algorithm
|
|
used. In some cases (e.g. EC with a supplied named curve) the "generation"
|
|
option merely sets the appropriate fields in an EVP_PKEY structure.</p>
|
|
<p>In OpenSSL an EVP_PKEY structure containing a private key also contains the
|
|
public key components and parameters (if any). An OpenSSL private key is
|
|
equivalent to what some libraries call a "key pair". A private key can be used
|
|
in functions which require the use of a public key or parameters.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="return_values">RETURN VALUES</a></h1>
|
|
<p><code>EVP_PKEY_keygen_init()</code>, <code>EVP_PKEY_paramgen_init()</code>, <code>EVP_PKEY_keygen()</code> and
|
|
<code>EVP_PKEY_paramgen()</code> return 1 for success and 0 or a negative value for failure.
|
|
In particular a return value of -2 indicates the operation is not supported by
|
|
the public key algorithm.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="examples">EXAMPLES</a></h1>
|
|
<p>Generate a 2048 bit RSA key:</p>
|
|
<pre>
|
|
#include <openssl/evp.h>
|
|
#include <openssl/rsa.h></pre>
|
|
<pre>
|
|
EVP_PKEY_CTX *ctx;
|
|
EVP_PKEY *pkey = NULL;</pre>
|
|
<pre>
|
|
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
|
|
if (!ctx)
|
|
/* Error occurred */
|
|
if (EVP_PKEY_keygen_init(ctx) <= 0)
|
|
/* Error */
|
|
if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
|
|
/* Error */</pre>
|
|
<pre>
|
|
/* Generate key */
|
|
if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
|
|
/* Error */</pre>
|
|
<p>Generate a key from a set of parameters:</p>
|
|
<pre>
|
|
#include <openssl/evp.h>
|
|
#include <openssl/rsa.h></pre>
|
|
<pre>
|
|
EVP_PKEY_CTX *ctx;
|
|
ENGINE *eng;
|
|
EVP_PKEY *pkey = NULL, *param;</pre>
|
|
<pre>
|
|
/* Assumed param, eng are set up already */
|
|
ctx = EVP_PKEY_CTX_new(param, eng);
|
|
if (!ctx)
|
|
/* Error occurred */
|
|
if (EVP_PKEY_keygen_init(ctx) <= 0)
|
|
/* Error */</pre>
|
|
<pre>
|
|
/* Generate key */
|
|
if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
|
|
/* Error */</pre>
|
|
<p>Example of generation callback for OpenSSL public key implementations:</p>
|
|
<pre>
|
|
/* Application data is a BIO to output status to */</pre>
|
|
<pre>
|
|
EVP_PKEY_CTX_set_app_data(ctx, status_bio);</pre>
|
|
<pre>
|
|
static int genpkey_cb(EVP_PKEY_CTX *ctx)
|
|
{
|
|
char c = '*';
|
|
BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
|
|
int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);</pre>
|
|
<pre>
|
|
if (p == 0)
|
|
c = '.';
|
|
if (p == 1)
|
|
c = '+';
|
|
if (p == 2)
|
|
c = '*';
|
|
if (p == 3)
|
|
c = '\n';
|
|
BIO_write(b, &c, 1);
|
|
(void)BIO_flush(b);
|
|
return 1;
|
|
}</pre>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="see_also">SEE ALSO</a></h1>
|
|
<p><em>EVP_PKEY_CTX_new(3)</em>,
|
|
<em>EVP_PKEY_encrypt(3)</em>,
|
|
<em>EVP_PKEY_decrypt(3)</em>,
|
|
<em>EVP_PKEY_sign(3)</em>,
|
|
<em>EVP_PKEY_verify(3)</em>,
|
|
<em>EVP_PKEY_verify_recover(3)</em>,
|
|
<em>EVP_PKEY_derive(3)</em></p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="history">HISTORY</a></h1>
|
|
<p>These functions were added in OpenSSL 1.0.0.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="copyright">COPYRIGHT</a></h1>
|
|
<p>Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.</p>
|
|
<p>Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
<a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.</p>
|
|
|
|
</body>
|
|
|
|
</html>
|