EVP_PKEY_new() -- SSLeay 0.9.0b -- January 1999

NAME

EVP_PKEY_new, EVP_PKEY_free, EVP_PKEY_size, EVP_PKEY_assign, EVP_PKEY_type,
EVP_PKEY_bits, EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters,
EVP_PKEY_save_parameters, EVP_PKEY_cmp_parameters, EVP_PKEY_encrypt,
EVP_PKEY_decrypt, d2i_PublicKey, i2d_PublicKey, d2i_PrivateKey,
i2d_PrivateKey -- EVP public/private key handling

SYNOPSIS

#include "evp.h"

EVP_PKEY *EVP_PKEY_new();

void EVP_PKEY_free(pkey)
EVP_PKEY *pkey;

int EVP_PKEY_size(pkey)
EVP_PKEY *pkey;

int EVP_PKEY_assign(pkey, type, key)
EVP_PKEY *pkey;
int type;
char *key;

int EVP_PKEY_type(int type)
int type;

int EVP_PKEY_bits(pkey)
EVP_PKEY *pkey;

int EVP_PKEY_copy_parameters(to, from)
EVP_PKEY *to, *from;

int EVP_PKEY_missing_parameters(pkey)
EVP_PKEY *pkey;

int EVP_PKEY_save_parameters(pkey, mode)
EVP_PKEY *pkey;
int mode;

int EVP_PKEY_cmp_parameters(a, b)
EVP_PKEY *a, *b;

int EVP_PKEY_encrypt(enc_key, key, key_len, pub_key)
unsigned char *enc_key, *key;
int key_len;
EVP_PKEY *pub_key;

int EVP_PKEY_decrypt(dec_key, enc_key, enc_key_len, private_key)
unsigned char *dec_key, *enc_key;
int enc_key_len;
EVP_PKEY *private_key;

EVP_PKEY *d2i_PublicKey(type, a, pp, length)
int type;
EVP_PKEY **a;
unsigned char **pp;
long length;

int i2d_PublicKey(a, pp)
EVP_PKEY *a;
unsigned char **pp;

EVP_PKEY *d2i_PrivateKey(type, a, pp, length)
int type;
EVP_PKEY **a;
unsigned char **pp;
long length;

int i2d_PrivateKey(a, pp)
EVP_PKEY *a;
unsigned char **pp;

DESCRIPTION

Most of these functions operate on an EVP_PKEY which contains the following:

/* Type needs to be a bit field
 * Sub-type needs to be for variations on the method, as in, can it do
 * arbitary encryption.... */
typedef struct evp_pkey_st
{
  int type;
  int save_type;
  int references;
  union   {
          char *ptr;
          struct rsa_st *rsa;     /* RSA */
          struct dsa_st *dsa;     /* DSA */
          struct dh_st *dh;       /* DH */
          } pkey;
  int save_parameters;
#ifdef HEADER_STACK_H
  STACK /* X509_ATTRIBUTE */ *attributes; /* [ 0 ] */
#else
  char /* X509_ATTRIBUTE */ *attributes; /* [ 0 ] */
#endif
} EVP_PKEY;

Both public and private key can be stored in the same EVP_PKEY structure.

EVP_PKEY_new creates a new EVP_PKEY object and initializes the elements of the structure to reasonable (NULL or similar) values. It returns a pointer to the new structure, or NULL on error.

EVP_PKEY_free frees pkey after first removing a reference to it, who knows what that does :(

EVP_PKEY_size

EVP_PKEY_assign expects the user to pass a previously allocated pkey, which wil then be initialized according to the type of key and the actual key value.

EVP_PKEY_type translates a type to one of EVP_PKEY_RSA, EVP_PKEY_DSA, or EVP_PKEY_DH. If it is none of these then NID_undef is returned. The type passed by the user must actually be a NID for one of the many EVP_PKEY_RSA#, EVP_PKEY_DSA#, or single EVP_PKEY_DH objects.

EVP_PKEY_bits returns the number of bits in the RSA modulus in bytes, if the key is an RSA key, or the number of bits of the parameter p if the key is a DSA key, or 0 for everything else.

EVP_PKEY_save_parameters is only useful if the pkey which you are using is of type EVP_PKEY_DSA; in that case, the pkey->save_parameters flag is set to the specified mode; this should be one in order to reuse parameters from this key.

The only routine that appears to use this flag at present is X509_PUBKEY_set.

EVP_PKEY_copy_parameters copies the parameter field from EVP_PKEY from to to. If the two keys are not of the same type then nothing is copied, an error is noted and 0 is returned. If from has no parameters to copy then an error is noted and 0 is returned. Otherwise 1 is returned. This function is only useful for keys of type EVP_PKEY_DSA.

EVP_PKEY_missing_parameters returns 1 if any of the parameters p, q, or g is not set for the particular pkey; otherwise, 0 is returned. This function is only useful for keys of type EVP_PKEY_DSA.

EVP_PKEY_cmp_parameters returns 0 if any of the parameters p, q, or g for the two keys a and b do not match, and 1 otherwise. If the keys are not both of type EVP_PKEY_DSA, -1 is returned as an error.

EVP_PKEY_encrypt encrypts key with pubkey and stuffs the result into enc_key, and returns the length of the result. enc_key must be large enough to hold the result. key is expected to be key_len bytes long. This function is used by EVP_SealInit and indirectly by PEM_SealInit. This function returns an error of -1 if pubkey is not of type EVP_PKEY_RSA.

EVP_PKEY_decrypt decrypts ek with priv and stuffs the result into key, and returns the length of the result. key must be large enough to hold the result. ek is expected to be ekl bytes long. This function returns an error of -1 if priv is not of type EVP_PKEY_RSA.

The following functions are actually provided by the ASN1 library:

EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp, long length);
int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);

EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp, long length);
int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);

See ASN.1 conversion to and from DER-encoded form for how to use these i2d and d2i functions.