Manual Pages for UNIX Darwin command on man EVP_SealUpdate
MyWebUniversity

Manual Pages for UNIX Darwin command on man EVP_SealUpdate

EVPSealInit(3) OpenSSL EVPSealInit(3)





NAME
       EVPSealInit, EVPSealUpdate, EVPSealFinal - EVP envelope encryption



SYNOPSIS
        #include 


        int EVPSealInit(EVPCIPHERCTX *ctx, const EVPCIPHER *type,
                       unsigned char **ek, int *ekl, unsigned char *iv,
                       EVPPKEY **pubk, int npubk);
        int EVPSealUpdate(EVPCIPHERCTX *ctx, unsigned char *out,
                int *outl, unsigned char *in, int inl);
        int EVPSealFinal(EVPCIPHERCTX *ctx, unsigned char *out,
                int *outl);


DESCRIPTION
       The EVP envelope routines are a high level interface to envelope
       encryption. They generate a random key and IV (if required) then
       "envelope" it by using public key encryption. Data can then be
       encrypted using this key.

       EVPSealInit() initializes a cipher context ccttxx for encryption with
       cipher ttyyppee using a random secret key and IV. ttyyppee is normally supplied
       by a function such as EVPdescbc(). The secret key is encrypted using
       one or more public keys, this allows the same encrypted data to be
       decrypted using any of the corresponding private keys. eekk is an array
       of buffers where the public key encrypted secret key will be written,
       each buffer must contain enough room for the corresponding encrypted
       key: that is eekk[[ii]] must have room for EEVVPPPPKKEEYYssiizzee((ppuubbkk[[ii]])) bytes. The
       actual size of each encrypted secret key is written to the array eekkll.
       ppuubbkk is an array of nnppuubbkk public keys.

       The iivv parameter is a buffer where the generated IV is written to. It
       must contain enough room for the corresponding cipher's IV, as
       determined by (for example) EVPCIPHERivlength(type).

       If the cipher does not require an IV then the iivv parameter is ignored
       and can be NNUULLLL.

       EVPSealUpdate() and EVPSealFinal() have exactly the same properties
       as the EVPEncryptUpdate() and EVPEncryptFinal() routines, as
       documented on the EVPEncryptInit(3) manual page.


RETURN VALUES
       EVPSealInit() returns 0 on error or nnppuubbkk if successful.

       EVPSealUpdate() and EVPSealFinal() return 1 for success and 0 for
       failure.

NNOOTTEESS
       Because a random secret key is generated the random number generator
       must be seeded before calling EVPSealInit().

       The public key must be RSA because it is the only OpenSSL public key
       algorithm that supports key transport.

       Envelope encryption is the usual method of using public key encryption
       on large amounts of data, this is because public key encryption is slow
       but symmetric encryption is fast. So symmetric encryption is used for
       bulk encryption and the small random symmetric key used is transferred
       using public key encryption.

       It is possible to call EVPSealInit() twice in the same way as
       EVPEncryptInit(). The first call should have nnppuubbkk set to 0 and (after
       setting any cipher parameters) it should be called again with ttyyppee set
       to NULL.


SEE ALSO
       evp(3), rand(3), EVPEncryptInit(3), EVPOpenInit(3)

HISTORY       EVPSealFinal() did not return a value before OpenSSL 0.9.7.




0.9.7l                            2005-03-29                   EVPSealInit(3)



Contact us      |      About us      |      Term of use      |       Copyright © 2000-2019 MyWebUniversity.com ™