• Start
• Documentation
  • PostgreSQL
  • mnoGoSearch
  • Apache 2.4
  • FreeBSD handbook
  • FreeBSD Manual
  • FreeBSD Source
• Tools
• Search
• Protected Area

plain

FreeBSD manual

keyword 1 2 3 4 5 6 7 8 9 n l

download PDF document: life_cycle-pkey.7.pdf

LIFE_CYCLE-PKEY(7ossl) OpenSSL LIFE_CYCLE-PKEY(7ossl)

NAME life_cycle-pkey - The PKEY algorithm life-cycle
DESCRIPTION All public keys (PKEYs) go through a number of stages in their life- cycle:
start This state represents the PKEY before it has been allocated. It is the starting state for any life-cycle transitions.
newed This state represents the PKEY after it has been allocated.
decapsulate This state represents the PKEY when it is ready to perform a private key decapsulation operation.
decrypt This state represents the PKEY when it is ready to decrypt some ciphertext.
derive This state represents the PKEY when it is ready to derive a shared secret.
digest sign This state represents the PKEY when it is ready to perform a private key signature operation.
encapsulate This state represents the PKEY when it is ready to perform a public key encapsulation operation.
encrypt This state represents the PKEY when it is ready to encrypt some plaintext.
key generation This state represents the PKEY when it is ready to generate a new public/private key.
parameter generation This state represents the PKEY when it is ready to generate key parameters.
verify This state represents the PKEY when it is ready to verify a public key signature.
verify recover This state represents the PKEY when it is ready to recover a public key signature data.
freed This state is entered when the PKEY is freed. It is the terminal | | EVP_PKEY_derive +-------------+ +-------------+ EVP_PKEY_derive_set_peer | +-------------+ | |----------------------------+ | +----------------------------| | | derive | | | | EVP_PKEY_verify | verify | | |<---------------------------+ | +--------------------------->| | +-------------+ | +-------------+ ^ | ^ | EVP_PKEY_derive_init | EVP_PKEY_verify_init | +---------------------------------------+ | +---------------------------------------+ | | | +-------------+ | | | +-------------+ | |----------------------------+ | | | +----------------------------| | | digest sign | EVP_PKEY_sign | | | | | EVP_PKEY_verify_recover | verify | | |<---------------------------+ | | | +--------------------------->| recover | +-------------+ | | | +-------------+ ^ | | | ^ | EVP_PKEY_sign_init | | | EVP_PKEY_verify_recover_init | +---------------------------------+ | | | +---------------------------------+ | | | | | +-------------+ | | | | | +-------------+ | |----------------------------+ | | | | | +----------------------------| | | decapsulate | EVP_PKEY_decapsulate | | | | | | | EVP_PKEY_decrypt | decrypt | | |<---------------------------+ | | v | | +--------------------------->| | +-------------+ | +-------------+ | +-------------+ ^ +---| |---+ ^ | EVP_PKEY_decapsulate_init | | EVP_PKEY_decrypt_init | +-------------------------------------| newed |-------------------------------------+ | | +---| |---+ +-------------+ | +-------------+ | +-------------+ | |----------------------------+ | | | | +----------------------------| | | encapsulate | EVP_PKEY_encapsulate | | | | | | EVP_PKEY_encapsulate_init | | | | EVP_PKEY_encrypt_init | +---------------------------------+ | | +---------------------------------+ | | +---------------------------------------+ +---------------------------------------+ | EVP_PKEY_paramgen_init EVP_PKEY_keygen_init | v v +-------------+ +-------------+ | |----------------------------+ +----------------------------| | | parameter | | | | key | | generation |<---------------------------+ +--------------------------->| generation | +-------------+ EVP_PKEY_paramgen EVP_PKEY_keygen +-------------+ EVP_PKEY_gen EVP_PKEY_gen

+ - - - - - + +-----------+ ' ' EVP_PKEY_CTX_free | | ' any state '------------------->| freed | ' ' | | + - - - - - + +-----------+
Formal State Transitions This section defines all of the legal state transitions. This is the canonical list. Function Call ---------------------------------------------------------------------- Current State ---------------------------------------------------------------------- start newed digest verify verify encrypt decrypt derive encapsulate decapsulate parameter key freed sign recover generation generation EVP_PKEY_CTX_new newed EVP_PKEY_CTX_new_id newed EVP_PKEY_CTX_new_from_name newed EVP_PKEY_CTX_new_from_pkey newed EVP_PKEY_sign_init digest digest digest digest digest digest digest digest digest digest digest sign sign sign sign sign sign sign sign sign sign sign verify verify verify verify verify verify verify verify recover recover recover recover recover recover recover recover recover recover recover EVP_PKEY_verify_recover verify
EVP_PKEY_encrypt_init encrypt encrypt encrypt encrypt encrypt encrypt encrypt encrypt encrypt encrypt encrypt EVP_PKEY_encrypt encrypt EVP_PKEY_decrypt_init decrypt decrypt decrypt decrypt decrypt decrypt decrypt decrypt decrypt decrypt decrypt EVP_PKEY_decrypt decrypt EVP_PKEY_derive_init derive derive derive derive derive derive derive derive derive derive derive EVP_PKEY_derive_set_peer derive EVP_PKEY_derive derive EVP_PKEY_encapsulate_init encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate EVP_PKEY_encapsulate encapsulate EVP_PKEY_decapsulate_init decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate EVP_PKEY_decapsulate decapsulate EVP_PKEY_paramgen_init parameter parameter parameter parameter parameter parameter parameter parameter parameter parameter parameter generation generation generation generation generation generation generation generation generation generation generation EVP_PKEY_paramgen parameter
EVP_PKEY_keygen_init key key key key key key key key key key key generation generation generation generation generation generation generation generation generation generation generation EVP_PKEY_keygen key
EVP_PKEY_gen parameter key
EVP_PKEY_CTX_get_params newed digest verify verify encrypt decrypt derive encapsulate decapsulate parameter key recover generation generation EVP_PKEY_CTX_gettable_params newed digest verify verify encrypt decrypt derive encapsulate decapsulate parameter key sign recover generation generation EVP_PKEY_CTX_settable_params newed digest verify verify encrypt decrypt derive encapsulate decapsulate parameter key sign recover generation generation EVP_PKEY_CTX_free freed freed freed freed freed freed freed freed freed freed freed freed
NOTES At some point the EVP layer will begin enforcing the transitions described herein.
SEE ALSO EVP_PKEY_new(3), EVP_PKEY_decapsulate(3), EVP_PKEY_decrypt(3), EVP_PKEY_encapsulate(3), EVP_PKEY_encrypt(3), EVP_PKEY_derive(3), EVP_PKEY_keygen(3), EVP_PKEY_sign(3), EVP_PKEY_verify(3), EVP_PKEY_verify_recover(3)
HISTORY The provider PKEY interface was introduced in OpenSSL 3.0.
COPYRIGHT Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.
3.0.11 2023-09-19 LIFE_CYCLE-PKEY(7ossl)