EVP

From OpenSSLWiki
Jump to navigationJump to search

The EVP functions provide a high level interface to OpenSSL cryptographic functions.

They provide the following features:

  • A single consistent interface regardless of the underlying algorithm or mode
  • Support for an extensive range of algorithms
  • Encryption/Decryption using both symmetric and asymmetric algorithms
  • Sign/Verify
  • Key derivation
  • Secure Hash functions
  • Message Authentication Codes
  • Support for external crypto engines

Working with EVP_PKEYs

EVP_PKEY objects are used to store a public key and (optionally) a private key, along with an associated algorithm and parameters. They are also capable of storing symmetric MAC keys.

The following EVP_PKEY types are supported:

  • EVP_PKEY_EC: Elliptic Curve keys (for ECDSA and ECDH) - Supports sign/verify operations, and Key derivation
  • EVP_PKEY_RSA: RSA - Supports sign/verify and encrypt/decrypt
  • EVP_PKEY_DH: Diffie Hellman - for key derivation
  • EVP_PKEY_DSA: DSA keys for sign/verify
  • EVP_PKEY_HMAC: An HMAC key for generating a Message Authentication Code
  • EVP_PKEY_CMAC: A CMAC key for generating a Message Authentication Code

Refer to the EVP_PKEY_new manual page for information on creating an EVP_PKEY object, and the EVP_PKEY_set1_RSA page for information on how to initialise an EVP_PKEY.

Working with Algorithms and Modes

Need content here