| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322 |
- .\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
- .\"
- .\" Standard preamble:
- .\" ========================================================================
- .de Sp \" Vertical space (when we can't use .PP)
- .if t .sp .5v
- .if n .sp
- ..
- .de Vb \" Begin verbatim text
- .ft CW
- .nf
- .ne \\$1
- ..
- .de Ve \" End verbatim text
- .ft R
- .fi
- ..
- .\" Set up some character translations and predefined strings. \*(-- will
- .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
- .\" double quote, and \*(R" will give a right double quote. \*(C+ will
- .\" give a nicer C++. Capital omega is used to do unbreakable dashes and
- .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
- .\" nothing in troff, for use with C<>.
- .tr \(*W-
- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
- .ie n \{\
- . ds -- \(*W-
- . ds PI pi
- . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
- . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
- . ds L" ""
- . ds R" ""
- . ds C` ""
- . ds C' ""
- 'br\}
- .el\{\
- . ds -- \|\(em\|
- . ds PI \(*p
- . ds L" ``
- . ds R" ''
- . ds C`
- . ds C'
- 'br\}
- .\"
- .\" Escape single quotes in literal strings from groff's Unicode transform.
- .ie \n(.g .ds Aq \(aq
- .el .ds Aq '
- .\"
- .\" If the F register is >0, we'll generate index entries on stderr for
- .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
- .\" entries marked with X<> in POD. Of course, you'll have to process the
- .\" output yourself in some meaningful fashion.
- .\"
- .\" Avoid warning from groff about undefined register 'F'.
- .de IX
- ..
- .nr rF 0
- .if \n(.g .if rF .nr rF 1
- .if (\n(rF:(\n(.g==0)) \{\
- . if \nF \{\
- . de IX
- . tm Index:\\$1\t\\n%\t"\\$2"
- ..
- . if !\nF==2 \{\
- . nr % 0
- . nr F 2
- . \}
- . \}
- .\}
- .rr rF
- .\"
- .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
- .\" Fear. Run. Save yourself. No user-serviceable parts.
- . \" fudge factors for nroff and troff
- .if n \{\
- . ds #H 0
- . ds #V .8m
- . ds #F .3m
- . ds #[ \f1
- . ds #] \fP
- .\}
- .if t \{\
- . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
- . ds #V .6m
- . ds #F 0
- . ds #[ \&
- . ds #] \&
- .\}
- . \" simple accents for nroff and troff
- .if n \{\
- . ds ' \&
- . ds ` \&
- . ds ^ \&
- . ds , \&
- . ds ~ ~
- . ds /
- .\}
- .if t \{\
- . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
- . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
- . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
- . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
- . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
- . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
- .\}
- . \" troff and (daisy-wheel) nroff accents
- .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
- .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
- .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
- .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
- .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
- .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
- .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
- .ds ae a\h'-(\w'a'u*4/10)'e
- .ds Ae A\h'-(\w'A'u*4/10)'E
- . \" corrections for vroff
- .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
- .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
- . \" for low resolution devices (crt and lpr)
- .if \n(.H>23 .if \n(.V>19 \
- \{\
- . ds : e
- . ds 8 ss
- . ds o a
- . ds d- d\h'-1'\(ga
- . ds D- D\h'-1'\(hy
- . ds th \o'bp'
- . ds Th \o'LP'
- . ds ae ae
- . ds Ae AE
- .\}
- .rm #[ #] #H #V #F C
- .\" ========================================================================
- .\"
- .IX Title "LIFE_CYCLE-PKEY 7ossl"
- .TH LIFE_CYCLE-PKEY 7ossl "2024-09-03" "3.3.2" "OpenSSL"
- .\" For nroff, turn off justification. Always turn off hyphenation; it makes
- .\" way too many mistakes in technical documents.
- .if n .ad l
- .nh
- .SH "NAME"
- life_cycle\-pkey \- The PKEY algorithm life\-cycle
- .SH "DESCRIPTION"
- .IX Header "DESCRIPTION"
- All public keys (PKEYs) go through a number of stages in their life-cycle:
- .IP "start" 4
- .IX Item "start"
- This state represents the \s-1PKEY\s0 before it has been allocated. It is the
- starting state for any life-cycle transitions.
- .IP "newed" 4
- .IX Item "newed"
- This state represents the \s-1PKEY\s0 after it has been allocated.
- .IP "decapsulate" 4
- .IX Item "decapsulate"
- This state represents the \s-1PKEY\s0 when it is ready to perform a private key decapsulation
- operation.
- .IP "decrypt" 4
- .IX Item "decrypt"
- This state represents the \s-1PKEY\s0 when it is ready to decrypt some ciphertext.
- .IP "derive" 4
- .IX Item "derive"
- This state represents the \s-1PKEY\s0 when it is ready to derive a shared secret.
- .IP "digest sign" 4
- .IX Item "digest sign"
- This state represents the \s-1PKEY\s0 when it is ready to perform a private key signature
- operation.
- .IP "encapsulate" 4
- .IX Item "encapsulate"
- This state represents the \s-1PKEY\s0 when it is ready to perform a public key encapsulation
- operation.
- .IP "encrypt" 4
- .IX Item "encrypt"
- This state represents the \s-1PKEY\s0 when it is ready to encrypt some plaintext.
- .IP "key generation" 4
- .IX Item "key generation"
- This state represents the \s-1PKEY\s0 when it is ready to generate a new public/private key.
- .IP "parameter generation" 4
- .IX Item "parameter generation"
- This state represents the \s-1PKEY\s0 when it is ready to generate key parameters.
- .IP "verify" 4
- .IX Item "verify"
- This state represents the \s-1PKEY\s0 when it is ready to verify a public key signature.
- .IP "verify recover" 4
- .IX Item "verify recover"
- This state represents the \s-1PKEY\s0 when it is ready to recover a public key signature data.
- .IP "freed" 4
- .IX Item "freed"
- This state is entered when the \s-1PKEY\s0 is freed. It is the terminal state
- for all life-cycle transitions.
- .SS "State Transition Diagram"
- .IX Subsection "State Transition Diagram"
- The usual life-cycle of a \s-1PKEY\s0 object is illustrated:
- +-------------+
- | |
- | start |
- | |
- EVP_PKEY_derive +-------------+
- +-------------+ EVP_PKEY_derive_set_peer | +-------------+
- | |----------------------------+ | +----------------------------| |
- | derive | | | | EVP_PKEY_verify | verify |
- | |<---------------------------+ | +--------------------------->| |
- +-------------+ | +-------------+
- ^ | ^
- | EVP_PKEY_derive_init | EVP_PKEY_verify_init |
- +---------------------------------------+ | +---------------------------------------+
- | | |
- +-------------+ | | | +-------------+
- | |----------------------------+ | | | +----------------------------| |
- | digest sign | EVP_PKEY_sign | | | | | EVP_PKEY_verify_recover | verify |
- | |<---------------------------+ | | | +--------------------------->| recover |
- +-------------+ | | | +-------------+
- ^ | | | ^
- | EVP_PKEY_sign_init | | | EVP_PKEY_verify_recover_init |
- +---------------------------------+ | | | +---------------------------------+
- | | | | |
- +-------------+ | | | | | +-------------+
- | |----------------------------+ | | | | | +----------------------------| |
- | decapsulate | EVP_PKEY_decapsulate | | | | | | | EVP_PKEY_decrypt | decrypt |
- | |<---------------------------+ | | v | | +--------------------------->| |
- +-------------+ | +-------------+ | +-------------+
- ^ +---| |---+ ^
- | EVP_PKEY_decapsulate_init | | EVP_PKEY_decrypt_init |
- +-------------------------------------| newed |-------------------------------------+
- | |
- +---| |---+
- +-------------+ | +-------------+ | +-------------+
- | |----------------------------+ | | | | +----------------------------| |
- | encapsulate | EVP_PKEY_encapsulate | | | | | | EVP_PKEY_encrypt | encrypt |
- | |<---------------------------+ | | | | +--------------------------->| |
- +-------------+ | | | | +-------------+
- ^ | | | | ^
- | EVP_PKEY_encapsulate_init | | | | EVP_PKEY_encrypt_init |
- +---------------------------------+ | | +---------------------------------+
- | |
- +---------------------------------------+ +---------------------------------------+
- | EVP_PKEY_paramgen_init EVP_PKEY_keygen_init |
- v v
- +-------------+ +-------------+
- | |----------------------------+ +----------------------------| |
- | parameter | | | | key |
- | generation |<---------------------------+ +--------------------------->| generation |
- +-------------+ EVP_PKEY_paramgen EVP_PKEY_keygen +-------------+
- EVP_PKEY_gen EVP_PKEY_gen
- + - - - - - + +-----------+
- ' ' EVP_PKEY_CTX_free | |
- ' any state '------------------->| freed |
- ' ' | |
- + - - - - - + +-----------+
- .SS "Formal State Transitions"
- .IX Subsection "Formal State Transitions"
- This section defines all of the legal state transitions.
- This is the canonical list.
- Function Call ---------------------------------------------------------------------- Current State ----------------------------------------------------------------------
- start newed digest verify verify encrypt decrypt derive encapsulate decapsulate parameter key freed
- sign recover generation generation
- EVP_PKEY_CTX_new newed
- EVP_PKEY_CTX_new_id newed
- EVP_PKEY_CTX_new_from_name newed
- EVP_PKEY_CTX_new_from_pkey newed
- EVP_PKEY_sign_init digest digest digest digest digest digest digest digest digest digest digest
- sign sign sign sign sign sign sign sign sign sign sign
- EVP_PKEY_sign digest
- sign
- EVP_PKEY_verify_init verify verify verify verify verify verify verify verify verify verify verify
- EVP_PKEY_verify verify
- EVP_PKEY_verify_recover_init verify verify verify verify verify verify verify verify verify verify verify
- recover recover recover recover recover recover recover recover recover recover recover
- EVP_PKEY_verify_recover verify
- recover
- EVP_PKEY_encrypt_init encrypt encrypt encrypt encrypt encrypt encrypt encrypt encrypt encrypt encrypt encrypt
- EVP_PKEY_encrypt encrypt
- EVP_PKEY_decrypt_init decrypt decrypt decrypt decrypt decrypt decrypt decrypt decrypt decrypt decrypt decrypt
- EVP_PKEY_decrypt decrypt
- EVP_PKEY_derive_init derive derive derive derive derive derive derive derive derive derive derive
- EVP_PKEY_derive_set_peer derive
- EVP_PKEY_derive derive
- EVP_PKEY_encapsulate_init encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate
- EVP_PKEY_encapsulate encapsulate
- EVP_PKEY_decapsulate_init decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate
- EVP_PKEY_decapsulate decapsulate
- EVP_PKEY_paramgen_init parameter parameter parameter parameter parameter parameter parameter parameter parameter parameter parameter
- generation generation generation generation generation generation generation generation generation generation generation
- EVP_PKEY_paramgen parameter
- generation
- EVP_PKEY_keygen_init key key key key key key key key key key key
- generation generation generation generation generation generation generation generation generation generation generation
- EVP_PKEY_keygen key
- generation
- EVP_PKEY_gen parameter key
- generation generation
- EVP_PKEY_CTX_get_params newed digest verify verify encrypt decrypt derive encapsulate decapsulate parameter key
- sign recover generation generation
- EVP_PKEY_CTX_set_params newed digest verify verify encrypt decrypt derive encapsulate decapsulate parameter key
- sign recover generation generation
- EVP_PKEY_CTX_gettable_params newed digest verify verify encrypt decrypt derive encapsulate decapsulate parameter key
- sign recover generation generation
- EVP_PKEY_CTX_settable_params newed digest verify verify encrypt decrypt derive encapsulate decapsulate parameter key
- sign recover generation generation
- EVP_PKEY_CTX_free freed freed freed freed freed freed freed freed freed freed freed freed
- .SH "NOTES"
- .IX Header "NOTES"
- At some point the \s-1EVP\s0 layer will begin enforcing the transitions described
- herein.
- .SH "SEE ALSO"
- .IX Header "SEE ALSO"
- \&\fBEVP_PKEY_new\fR\|(3),
- \&\fBEVP_PKEY_decapsulate\fR\|(3), \fBEVP_PKEY_decrypt\fR\|(3), \fBEVP_PKEY_encapsulate\fR\|(3),
- \&\fBEVP_PKEY_encrypt\fR\|(3), \fBEVP_PKEY_derive\fR\|(3), \fBEVP_PKEY_keygen\fR\|(3),
- \&\fBEVP_PKEY_sign\fR\|(3), \fBEVP_PKEY_verify\fR\|(3), \fBEVP_PKEY_verify_recover\fR\|(3)
- .SH "HISTORY"
- .IX Header "HISTORY"
- The provider \s-1PKEY\s0 interface was introduced in OpenSSL 3.0.
- .SH "COPYRIGHT"
- .IX Header "COPYRIGHT"
- Copyright 2021\-2022 The OpenSSL Project Authors. All Rights Reserved.
- .PP
- Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
- this file except in compliance with the License. You can obtain a copy
- in the file \s-1LICENSE\s0 in the source distribution or at
- <https://www.openssl.org/source/license.html>.
|
