1EVP_PKEY_KEYGEN(3) OpenSSL EVP_PKEY_KEYGEN(3)
2
3
4
6 EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init,
7 EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb,
8 EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data,
9 EVP_PKEY_CTX_get_app_data, EVP_PKEY_gen_cb, EVP_PKEY_check,
10 EVP_PKEY_public_check, EVP_PKEY_param_check - key and parameter
11 generation and check functions
12
14 #include <openssl/evp.h>
15
16 int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
17 int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
18 int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
19 int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
20
21 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
22
23 void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
24 EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
25
26 int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
27
28 void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
29 void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
30
31 int EVP_PKEY_check(EVP_PKEY_CTX *ctx);
32 int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx);
33 int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
34
36 The EVP_PKEY_keygen_init() function initializes a public key algorithm
37 context using key pkey for a key generation operation.
38
39 The EVP_PKEY_keygen() function performs a key generation operation, the
40 generated key is written to ppkey.
41
42 The functions EVP_PKEY_paramgen_init() and EVP_PKEY_paramgen() are
43 similar except parameters are generated.
44
45 The function EVP_PKEY_set_cb() sets the key or parameter generation
46 callback to cb. The function EVP_PKEY_CTX_get_cb() returns the key or
47 parameter generation callback.
48
49 The function EVP_PKEY_CTX_get_keygen_info() returns parameters
50 associated with the generation operation. If idx is -1 the total number
51 of parameters available is returned. Any non negative value returns the
52 value of that parameter. EVP_PKEY_CTX_gen_keygen_info() with a non-
53 negative value for idx should only be called within the generation
54 callback.
55
56 If the callback returns 0 then the key generation operation is aborted
57 and an error occurs. This might occur during a time consuming operation
58 where a user clicks on a "cancel" button.
59
60 The functions EVP_PKEY_CTX_set_app_data() and
61 EVP_PKEY_CTX_get_app_data() set and retrieve an opaque pointer. This
62 can be used to set some application defined value which can be
63 retrieved in the callback: for example a handle which is used to update
64 a "progress dialog".
65
66 EVP_PKEY_check() validates the key-pair given by ctx. This function
67 first tries to use customized key check method in EVP_PKEY_METHOD if
68 it's present; otherwise it calls a default one defined in
69 EVP_PKEY_ASN1_METHOD.
70
71 EVP_PKEY_public_check() validates the public component of the key-pair
72 given by ctx. This function first tries to use customized key check
73 method in EVP_PKEY_METHOD if it's present; otherwise it calls a default
74 one defined in EVP_PKEY_ASN1_METHOD.
75
76 EVP_PKEY_param_check() validates the algorithm parameters of the key-
77 pair given by ctx. This function first tries to use customized key
78 check method in EVP_PKEY_METHOD if it's present; otherwise it calls a
79 default one defined in EVP_PKEY_ASN1_METHOD.
80
82 After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init()
83 algorithm specific control operations can be performed to set any
84 appropriate parameters for the operation.
85
86 The functions EVP_PKEY_keygen() and EVP_PKEY_paramgen() can be called
87 more than once on the same context if several operations are performed
88 using the same parameters.
89
90 The meaning of the parameters passed to the callback will depend on the
91 algorithm and the specific implementation of the algorithm. Some might
92 not give any useful information at all during key or parameter
93 generation. Others might not even call the callback.
94
95 The operation performed by key or parameter generation depends on the
96 algorithm used. In some cases (e.g. EC with a supplied named curve) the
97 "generation" option merely sets the appropriate fields in an EVP_PKEY
98 structure.
99
100 In OpenSSL an EVP_PKEY structure containing a private key also contains
101 the public key components and parameters (if any). An OpenSSL private
102 key is equivalent to what some libraries call a "key pair". A private
103 key can be used in functions which require the use of a public key or
104 parameters.
105
107 EVP_PKEY_keygen_init(), EVP_PKEY_paramgen_init(), EVP_PKEY_keygen() and
108 EVP_PKEY_paramgen() return 1 for success and 0 or a negative value for
109 failure. In particular a return value of -2 indicates the operation is
110 not supported by the public key algorithm.
111
112 EVP_PKEY_check(), EVP_PKEY_public_check() and EVP_PKEY_param_check()
113 return 1 for success or others for failure. They return -2 if the
114 operation is not supported for the specific algorithm.
115
117 Generate a 2048 bit RSA key:
118
119 #include <openssl/evp.h>
120 #include <openssl/rsa.h>
121
122 EVP_PKEY_CTX *ctx;
123 EVP_PKEY *pkey = NULL;
124
125 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
126 if (!ctx)
127 /* Error occurred */
128 if (EVP_PKEY_keygen_init(ctx) <= 0)
129 /* Error */
130 if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
131 /* Error */
132
133 /* Generate key */
134 if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
135 /* Error */
136
137 Generate a key from a set of parameters:
138
139 #include <openssl/evp.h>
140 #include <openssl/rsa.h>
141
142 EVP_PKEY_CTX *ctx;
143 ENGINE *eng;
144 EVP_PKEY *pkey = NULL, *param;
145
146 /* Assumed param, eng are set up already */
147 ctx = EVP_PKEY_CTX_new(param, eng);
148 if (!ctx)
149 /* Error occurred */
150 if (EVP_PKEY_keygen_init(ctx) <= 0)
151 /* Error */
152
153 /* Generate key */
154 if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
155 /* Error */
156
157 Example of generation callback for OpenSSL public key implementations:
158
159 /* Application data is a BIO to output status to */
160
161 EVP_PKEY_CTX_set_app_data(ctx, status_bio);
162
163 static int genpkey_cb(EVP_PKEY_CTX *ctx)
164 {
165 char c = '*';
166 BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
167 int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
168
169 if (p == 0)
170 c = '.';
171 if (p == 1)
172 c = '+';
173 if (p == 2)
174 c = '*';
175 if (p == 3)
176 c = '\n';
177 BIO_write(b, &c, 1);
178 (void)BIO_flush(b);
179 return 1;
180 }
181
183 EVP_PKEY_CTX_new(3), EVP_PKEY_encrypt(3), EVP_PKEY_decrypt(3),
184 EVP_PKEY_sign(3), EVP_PKEY_verify(3), EVP_PKEY_verify_recover(3),
185 EVP_PKEY_derive(3)
186
188 These functions were added in OpenSSL 1.0.0.
189
190 EVP_PKEY_check(), EVP_PKEY_public_check() and EVP_PKEY_param_check()
191 were added in OpenSSL 1.1.1.
192
194 Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
195
196 Licensed under the OpenSSL license (the "License"). You may not use
197 this file except in compliance with the License. You can obtain a copy
198 in the file LICENSE in the source distribution or at
199 <https://www.openssl.org/source/license.html>.
200
201
202
2031.1.1g 2020-04-23 EVP_PKEY_KEYGEN(3)