diff --git a/doc/crypto/EVP_OpenInit.pod b/doc/crypto/EVP_OpenInit.pod new file mode 100644 index 0000000000000000000000000000000000000000..9707a4b3997d722bf8dbcc694803baa1cc5783dc --- /dev/null +++ b/doc/crypto/EVP_OpenInit.pod @@ -0,0 +1,51 @@ +=pod + +=head1 NAME + +EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption + +=head1 SYNOPSIS + + #include + + int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek, + int ekl,unsigned char *iv,EVP_PKEY *priv); + void EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, unsigned char *in, int inl); + void EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); + +=head1 DESCRIPTION + +The EVP envelope routines are a high level interface to envelope +decryption. They decrypt a public key encrypted symmetric key and +then decrypt data using it. + +EVP_OpenInit() initialises a cipher context B for decryption +with cipher B. It decrypts the encrypted symmetric key of length +B bytes passed in the B parameter using the private key B. +The IV is supplied in the B parameter. + +EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties +as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as +documented on the L manual +page. + +=head1 RETURN VALUES + +EVP_OpenInit() returns -1 on error or an non zero integer (actually the +recovered secret key size) if successful. + +EVP_SealUpdate() does not return a value. + +EVP_SealFinal() returns 0 if the decrypt failed or 1 for success. + +=head1 SEE ALSO + +L,L +L, +L + +=head1 HISTORY + +=cut diff --git a/doc/crypto/EVP_SealInit.pod b/doc/crypto/EVP_SealInit.pod new file mode 100644 index 0000000000000000000000000000000000000000..1579d110fa282035237df1a65a89855e6c143133 --- /dev/null +++ b/doc/crypto/EVP_SealInit.pod @@ -0,0 +1,70 @@ +=pod + +=head1 NAME + +EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption + +=head1 SYNOPSIS + + #include + + int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek, + int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); + void EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, unsigned char *in, int inl); + void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); + +=head1 DESCRIPTION + +The EVP envelope routines are a high level interface to envelope +encryption. They generate a random key and then "envelope" it by +using public key encryption. Data can then be encrypted using this +key. + +EVP_SealInit() initialises a cipher context B for encryption +with cipher B using a random secret key and IV supplied in +the B parameter. B is normally supplied by a function such +as EVP_des_cbc(). The secret key is encrypted using one or more public +keys, this allows the same encrypted data to be decrypted using any +of the corresponding private keys. B is an array of buffers where +the public key encrypted secret key will be written, each buffer must +contain enough room for the corresponding encrypted key: that is +B must have room for B bytes. The actual +size of each encrypted secret key is written to the array B. B is +an array of B public keys. + +EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties +as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as +documented on the L manual +page. + +=head1 RETURN VALUES + +EVP_SealInit() returns -1 on error or B if successful. + +EVP_SealUpdate() and EVP_SealFinal() do not return values. + +=head1 NOTES + +Because a random secret key is generated the random number generator +must be seeded before calling EVP_SealInit(). + +The public key must be RSA because it is the only OpenSSL public key +algorithm that supports key transport. + +Envelope encryption is the usual method of using public key encryption +on large amounts of data, this is because public key encryption is slow +but symmetric encryption is fast. So symmetric encryption is used for +bulk encryption and the small random symmetric key used is transferred +using public key encryption. + +=head1 SEE ALSO + +L,L +L, +L + +=head1 HISTORY + +=cut