diff options
Diffstat (limited to 'src/lib/libssl/src/doc/crypto/EVP_SealInit.pod')
| -rw-r--r-- | src/lib/libssl/src/doc/crypto/EVP_SealInit.pod | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod b/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod index 25ef07f7c7..b5e477e294 100644 --- a/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod +++ b/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod | |||
| @@ -18,22 +18,28 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption | |||
| 18 | =head1 DESCRIPTION | 18 | =head1 DESCRIPTION |
| 19 | 19 | ||
| 20 | The EVP envelope routines are a high level interface to envelope | 20 | The EVP envelope routines are a high level interface to envelope |
| 21 | encryption. They generate a random key and then "envelope" it by | 21 | encryption. They generate a random key and IV (if required) then |
| 22 | using public key encryption. Data can then be encrypted using this | 22 | "envelope" it by using public key encryption. Data can then be |
| 23 | key. | 23 | encrypted using this key. |
| 24 | 24 | ||
| 25 | EVP_SealInit() initializes a cipher context B<ctx> for encryption | 25 | EVP_SealInit() initializes a cipher context B<ctx> for encryption |
| 26 | with cipher B<type> using a random secret key and IV supplied in | 26 | with cipher B<type> using a random secret key and IV. B<type> is normally |
| 27 | the B<iv> parameter. B<type> is normally supplied by a function such | 27 | supplied by a function such as EVP_des_cbc(). The secret key is encrypted |
| 28 | as EVP_des_cbc(). The secret key is encrypted using one or more public | 28 | using one or more public keys, this allows the same encrypted data to be |
| 29 | keys, this allows the same encrypted data to be decrypted using any | 29 | decrypted using any of the corresponding private keys. B<ek> is an array of |
| 30 | of the corresponding private keys. B<ek> is an array of buffers where | 30 | buffers where the public key encrypted secret key will be written, each buffer |
| 31 | the public key encrypted secret key will be written, each buffer must | 31 | must contain enough room for the corresponding encrypted key: that is |
| 32 | contain enough room for the corresponding encrypted key: that is | ||
| 33 | B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual | 32 | B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual |
| 34 | size of each encrypted secret key is written to the array B<ekl>. B<pubk> is | 33 | size of each encrypted secret key is written to the array B<ekl>. B<pubk> is |
| 35 | an array of B<npubk> public keys. | 34 | an array of B<npubk> public keys. |
| 36 | 35 | ||
| 36 | The B<iv> parameter is a buffer where the generated IV is written to. It must | ||
| 37 | contain enough room for the corresponding cipher's IV, as determined by (for | ||
| 38 | example) EVP_CIPHER_iv_length(type). | ||
| 39 | |||
| 40 | If the cipher does not require an IV then the B<iv> parameter is ignored | ||
| 41 | and can be B<NULL>. | ||
| 42 | |||
| 37 | EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties | 43 | EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties |
| 38 | as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as | 44 | as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as |
| 39 | documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual | 45 | documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual |