1PEM_READ_BIO_PRIVATEKEY(3ossl) OpenSSL PEM_READ_BIO_PRIVATEKEY(3ossl)
2
6 pem_password_cb, PEM_read_bio_PrivateKey_ex, PEM_read_bio_PrivateKey,
7 PEM_read_PrivateKey_ex, PEM_read_PrivateKey,
8 PEM_write_bio_PrivateKey_ex, PEM_write_bio_PrivateKey,
9 PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey_ex,
10 PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey,
11 PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid,
12 PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY_ex,
13 PEM_read_bio_PUBKEY, PEM_read_PUBKEY_ex, PEM_read_PUBKEY,
14 PEM_write_bio_PUBKEY_ex, PEM_write_bio_PUBKEY, PEM_write_PUBKEY_ex,
15 PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey,
16 PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey,
17 PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey,
18 PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey,
19 PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY,
20 PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey,
21 PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey,
22 PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY,
23 PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY,
24 PEM_read_bio_Parameters_ex, PEM_read_bio_Parameters,
25 PEM_write_bio_Parameters, PEM_read_bio_DSAparams, PEM_read_DSAparams,
26 PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams,
27 PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams,
28 PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509,
29 PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX,
30 PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ,
31 PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW,
32 PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL,
33 PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7,
34 PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines
35
37 #include <openssl/pem.h>
38 typedef int pem_password_cb(char *buf, int size, int rwflag, void *u);
40 EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x,
42 pem_password_cb *cb, void *u,
43 OSSL_LIB_CTX *libctx, const char *propq);
44 EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,
45 pem_password_cb *cb, void *u);
46 EVP_PKEY *PEM_read_PrivateKey_ex(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
47 void *u, OSSL_LIB_CTX *libctx,
48 const char *propq);
49 EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,
50 pem_password_cb *cb, void *u);
51 int PEM_write_bio_PrivateKey_ex(BIO *bp, const EVP_PKEY *x,
52 const EVP_CIPHER *enc,
53 unsigned char *kstr, int klen,
54 pem_password_cb *cb, void *u,
55 OSSL_LIB_CTX *libctx, const char *propq);
56 int PEM_write_bio_PrivateKey(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc,
57 unsigned char *kstr, int klen,
58 pem_password_cb *cb, void *u);
59 int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
60 const EVP_CIPHER *enc,
61 unsigned char *kstr, int klen,
62 pem_password_cb *cb, void *u);
63 int PEM_write_PrivateKey_ex(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
64 unsigned char *kstr, int klen,
65 pem_password_cb *cb, void *u,
66 OSSL_LIB_CTX *libctx, const char *propq);
67 int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
68 unsigned char *kstr, int klen,
69 pem_password_cb *cb, void *u);
70 int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
71 char *kstr, int klen,
72 pem_password_cb *cb, void *u);
73 int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
74 char *kstr, int klen,
75 pem_password_cb *cb, void *u);
76 int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, const EVP_PKEY *x, int nid,
77 char *kstr, int klen,
78 pem_password_cb *cb, void *u);
79 int PEM_write_PKCS8PrivateKey_nid(FILE *fp, const EVP_PKEY *x, int nid,
80 char *kstr, int klen,
81 pem_password_cb *cb, void *u);
82 EVP_PKEY *PEM_read_bio_PUBKEY_ex(BIO *bp, EVP_PKEY **x,
84 pem_password_cb *cb, void *u,
85 OSSL_LIB_CTX *libctx, const char *propq);
86 EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x,
87 pem_password_cb *cb, void *u);
88 EVP_PKEY *PEM_read_PUBKEY_ex(FILE *fp, EVP_PKEY **x,
89 pem_password_cb *cb, void *u,
90 OSSL_LIB_CTX *libctx, const char *propq);
91 EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
92 pem_password_cb *cb, void *u);
93 int PEM_write_bio_PUBKEY_ex(BIO *bp, EVP_PKEY *x,
94 OSSL_LIB_CTX *libctx, const char *propq);
95 int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x);
96 int PEM_write_PUBKEY_ex(FILE *fp, EVP_PKEY *x,
97 OSSL_LIB_CTX *libctx, const char *propq);
98 int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x);
99 EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x,
101 OSSL_LIB_CTX *libctx, const char *propq);
102 EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
103 int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x);
104 X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
106 X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
107 int PEM_write_bio_X509(BIO *bp, X509 *x);
108 int PEM_write_X509(FILE *fp, X509 *x);
109 X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
111 X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
112 int PEM_write_bio_X509_AUX(BIO *bp, X509 *x);
113 int PEM_write_X509_AUX(FILE *fp, X509 *x);
114 X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x,
116 pem_password_cb *cb, void *u);
117 X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x,
118 pem_password_cb *cb, void *u);
119 int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x);
120 int PEM_write_X509_REQ(FILE *fp, X509_REQ *x);
121 int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x);
122 int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x);
123 X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x,
125 pem_password_cb *cb, void *u);
126 X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x,
127 pem_password_cb *cb, void *u);
128 int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x);
129 int PEM_write_X509_CRL(FILE *fp, X509_CRL *x);
130 PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u);
132 PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u);
133 int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x);
134 int PEM_write_PKCS7(FILE *fp, PKCS7 *x);
135 The following functions have been deprecated since OpenSSL 3.0, and can
137 be hidden entirely by defining OPENSSL_API_COMPAT with a suitable
138 version value, see openssl_user_macros(7):
139 RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x,
141 pem_password_cb *cb, void *u);
142 RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x,
143 pem_password_cb *cb, void *u);
144 int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
145 unsigned char *kstr, int klen,
146 pem_password_cb *cb, void *u);
147 int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
148 unsigned char *kstr, int klen,
149 pem_password_cb *cb, void *u);
150 RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x,
152 pem_password_cb *cb, void *u);
153 RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x,
154 pem_password_cb *cb, void *u);
155 int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x);
156 int PEM_write_RSAPublicKey(FILE *fp, RSA *x);
157 RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x,
159 pem_password_cb *cb, void *u);
160 RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x,
161 pem_password_cb *cb, void *u);
162 int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x);
163 int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x);
164 DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x,
166 pem_password_cb *cb, void *u);
167 DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x,
168 pem_password_cb *cb, void *u);
169 int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
170 unsigned char *kstr, int klen,
171 pem_password_cb *cb, void *u);
172 int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
173 unsigned char *kstr, int klen,
174 pem_password_cb *cb, void *u);
175 DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x,
177 pem_password_cb *cb, void *u);
178 DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x,
179 pem_password_cb *cb, void *u);
180 int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x);
181 int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x);
182 DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u);
183 DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u);
184 int PEM_write_bio_DSAparams(BIO *bp, DSA *x);
185 int PEM_write_DSAparams(FILE *fp, DSA *x);
186 DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
188 DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u);
189 int PEM_write_bio_DHparams(BIO *bp, DH *x);
190 int PEM_write_DHparams(FILE *fp, DH *x);
191
193 All of the functions described on this page that have a TYPE of DH, DSA
194 and RSA are deprecated. Applications should use OSSL_ENCODER_to_bio(3)
195 and OSSL_DECODER_from_bio(3) instead.
196 The PEM functions read or write structures in PEM format. In this sense
198 PEM format is simply base64 encoded data surrounded by header lines.
199 For more details about the meaning of arguments see the PEM FUNCTION
201 ARGUMENTS section.
202 Each operation has four functions associated with it. For brevity the
204 term "TYPE functions" will be used below to collectively refer to the
205 PEM_read_bio_TYPE(), PEM_read_TYPE(), PEM_write_bio_TYPE(), and
206 PEM_write_TYPE() functions.
207 Some operations have additional variants that take a library context
209 libctx and a property query string propq. The X509, X509_REQ and
210 X509_CRL objects may have an associated library context or property
211 query string but there are no variants of these functions that take a
212 library context or property query string parameter. In this case it is
213 possible to set the appropriate library context or property query
214 string by creating an empty X509, X509_REQ or X509_CRL object using
215 X509_new_ex(3), X509_REQ_new_ex(3) or X509_CRL_new_ex(3) respectively.
216 Then pass the empty object as a parameter to the relevant PEM function.
217 See the "EXAMPLES" section below.
218 The PrivateKey functions read or write a private key in PEM format
220 using an EVP_PKEY structure. The write routines use PKCS#8 private key
221 format and are equivalent to PEM_write_bio_PKCS8PrivateKey(). The read
222 functions transparently handle traditional and PKCS#8 format encrypted
223 and unencrypted keys.
224 PEM_write_bio_PrivateKey_traditional() writes out a private key in the
226 "traditional" format with a simple private key marker and should only
227 be used for compatibility with legacy programs.
228 PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey() write a
230 private key in an EVP_PKEY structure in PKCS#8 EncryptedPrivateKeyInfo
231 format using PKCS#5 v2.0 password based encryption algorithms. The
232 cipher argument specifies the encryption algorithm to use: unlike some
233 other PEM routines the encryption is applied at the PKCS#8 level and
234 not in the PEM headers. If cipher is NULL then no encryption is used
235 and a PKCS#8 PrivateKeyInfo structure is used instead.
236 PEM_write_bio_PKCS8PrivateKey_nid() and PEM_write_PKCS8PrivateKey_nid()
238 also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo
239 however it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead.
240 The algorithm to use is specified in the nid parameter and should be
241 the NID of the corresponding OBJECT IDENTIFIER (see NOTES section).
242 The PUBKEY functions process a public key using an EVP_PKEY structure.
244 The public key is encoded as a SubjectPublicKeyInfo structure.
245 The RSAPrivateKey functions process an RSA private key using an RSA
247 structure. The write routines uses traditional format. The read
248 routines handles the same formats as the PrivateKey functions but an
249 error occurs if the private key is not RSA.
250 The RSAPublicKey functions process an RSA public key using an RSA
252 structure. The public key is encoded using a PKCS#1 RSAPublicKey
253 structure.
254 The RSA_PUBKEY functions also process an RSA public key using an RSA
256 structure. However, the public key is encoded using a
257 SubjectPublicKeyInfo structure and an error occurs if the public key is
258 not RSA.
259 The DSAPrivateKey functions process a DSA private key using a DSA
261 structure. The write routines uses traditional format. The read
262 routines handles the same formats as the PrivateKey functions but an
263 error occurs if the private key is not DSA.
264 The DSA_PUBKEY functions process a DSA public key using a DSA
266 structure. The public key is encoded using a SubjectPublicKeyInfo
267 structure and an error occurs if the public key is not DSA.
268 The Parameters functions read or write key parameters in PEM format
270 using an EVP_PKEY structure. The encoding depends on the type of key;
271 for DSA key parameters, it will be a Dss-Parms structure as defined in
272 RFC2459, and for DH key parameters, it will be a PKCS#3 DHparameter
273 structure. These functions only exist for the BIO type.
274 The DSAparams functions process DSA parameters using a DSA structure.
276 The parameters are encoded using a Dss-Parms structure as defined in
277 RFC2459.
278 The DHparams functions process DH parameters using a DH structure. The
280 parameters are encoded using a PKCS#3 DHparameter structure.
281 The X509 functions process an X509 certificate using an X509 structure.
283 They will also process a trusted X509 certificate but any trust
284 settings are discarded.
285 The X509_AUX functions process a trusted X509 certificate using an X509
287 structure.
288 The X509_REQ and X509_REQ_NEW functions process a PKCS#10 certificate
290 request using an X509_REQ structure. The X509_REQ write functions use
291 CERTIFICATE REQUEST in the header whereas the X509_REQ_NEW functions
292 use NEW CERTIFICATE REQUEST (as required by some CAs). The X509_REQ
293 read functions will handle either form so there are no X509_REQ_NEW
294 read functions.
295 The X509_CRL functions process an X509 CRL using an X509_CRL structure.
297 The PKCS7 functions process a PKCS#7 ContentInfo using a PKCS7
299 structure.
300
302 The PEM functions have many common arguments.
303 The bp BIO parameter (if present) specifies the BIO to read from or
305 write to.
306 The fp FILE parameter (if present) specifies the FILE pointer to read
308 from or write to.
309 The PEM read functions all take an argument TYPE **x and return a TYPE
311 * pointer. Where TYPE is whatever structure the function uses. If x is
312 NULL then the parameter is ignored. If x is not NULL but *x is NULL
313 then the structure returned will be written to *x. If neither x nor *x
314 is NULL then an attempt is made to reuse the structure at *x (but see
315 BUGS and EXAMPLES sections). Irrespective of the value of x a pointer
316 to the structure is always returned (or NULL if an error occurred).
317 The PEM functions which write private keys take an enc parameter which
319 specifies the encryption algorithm to use, encryption is done at the
320 PEM level. If this parameter is set to NULL then the private key is
321 written in unencrypted form.
322 The cb argument is the callback to use when querying for the pass
324 phrase used for encrypted PEM structures (normally only private keys).
325 For the PEM write routines if the kstr parameter is not NULL then klen
327 bytes at kstr are used as the passphrase and cb is ignored.
328 If the cb parameters is set to NULL and the u parameter is not NULL
330 then the u parameter is interpreted as a NUL terminated string to use
331 as the passphrase. If both cb and u are NULL then the default callback
332 routine is used which will typically prompt for the passphrase on the
333 current terminal with echoing turned off.
334 The default passphrase callback is sometimes inappropriate (for example
336 in a GUI application) so an alternative can be supplied. The callback
337 routine has the following form:
338 int cb(char *buf, int size, int rwflag, void *u);
340 buf is the buffer to write the passphrase to. size is the maximum
342 length of the passphrase (i.e. the size of buf). rwflag is a flag which
343 is set to 0 when reading and 1 when writing. A typical routine will ask
344 the user to verify the passphrase (for example by prompting for it
345 twice) if rwflag is 1. The u parameter has the same value as the u
346 parameter passed to the PEM routine. It allows arbitrary data to be
347 passed to the callback by the application (for example a window handle
348 in a GUI application). The callback must return the number of
349 characters in the passphrase or -1 if an error occurred. The passphrase
350 can be arbitrary data; in the case where it is a string, it is not NUL
351 terminated. See the "EXAMPLES" section below.
352 Some implementations may need to use cryptographic algorithms during
354 their operation. If this is the case and libctx and propq parameters
355 have been passed then any algorithm fetches will use that library
356 context and property query string. Otherwise the default library
357 context and property query string will be used.
358
360 The PEM reading functions will skip any extraneous content or PEM data
361 of a different type than they expect. This allows for example having a
362 certificate (or multiple certificates) and a key in the PEM format in a
363 single file.
364 The old PrivateKey write routines are retained for compatibility. New
366 applications should write private keys using the
367 PEM_write_bio_PKCS8PrivateKey() or PEM_write_PKCS8PrivateKey() routines
368 because they are more secure (they use an iteration count of 2048
369 whereas the traditional routines use a count of 1) unless compatibility
370 with older versions of OpenSSL is important.
371 The PrivateKey read routines can be used in all applications because
373 they handle all formats transparently.
374 A frequent cause of problems is attempting to use the PEM routines like
376 this:
377 X509 *x;
379 PEM_read_bio_X509(bp, &x, 0, NULL);
381 this is a bug because an attempt will be made to reuse the data at x
383 which is an uninitialised pointer.
384 These functions make no assumption regarding the pass phrase received
386 from the password callback. It will simply be treated as a byte
387 sequence.
388
390 These old PrivateKey routines use a non standard technique for
391 encryption.
392 The private key (or other data) takes the following form:
394 -----BEGIN RSA PRIVATE KEY-----
396 Proc-Type: 4,ENCRYPTED
397 DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89
398 ...base64 encoded data...
400 -----END RSA PRIVATE KEY-----
401 The line beginning with Proc-Type contains the version and the
403 protection on the encapsulated data. The line beginning DEK-Info
404 contains two comma separated values: the encryption algorithm name as
405 used by EVP_get_cipherbyname() and an initialization vector used by the
406 cipher encoded as a set of hexadecimal digits. After those two lines is
407 the base64-encoded encrypted data.
408 The encryption key is derived using EVP_BytesToKey(). The cipher's
410 initialization vector is passed to EVP_BytesToKey() as the salt
411 parameter. Internally, PKCS5_SALT_LEN bytes of the salt are used
412 (regardless of the size of the initialization vector). The user's
413 password is passed to EVP_BytesToKey() using the data and datal
414 parameters. Finally, the library uses an iteration count of 1 for
415 EVP_BytesToKey().
416 The key derived by EVP_BytesToKey() along with the original
418 initialization vector is then used to decrypt the encrypted data. The
419 iv produced by EVP_BytesToKey() is not utilized or needed, and NULL
420 should be passed to the function.
421 The pseudo code to derive the key would look similar to:
423 EVP_CIPHER* cipher = EVP_des_ede3_cbc();
425 EVP_MD* md = EVP_md5();
426 unsigned int nkey = EVP_CIPHER_get_key_length(cipher);
428 unsigned int niv = EVP_CIPHER_get_iv_length(cipher);
429 unsigned char key[nkey];
430 unsigned char iv[niv];
431 memcpy(iv, HexToBin("3F17F5316E2BAC89"), niv);
433 rc = EVP_BytesToKey(cipher, md, iv /*salt*/, pword, plen, 1, key, NULL /*iv*/);
434 if (rc != nkey)
435 /* Error */
436 /* On success, use key and iv to initialize the cipher */
438
440 The PEM read routines in some versions of OpenSSL will not correctly
441 reuse an existing structure. Therefore, the following:
442 PEM_read_bio_X509(bp, &x, 0, NULL);
444 where x already contains a valid certificate, may not work, whereas:
446 X509_free(x);
448 x = PEM_read_bio_X509(bp, NULL, 0, NULL);
449 is guaranteed to work. It is always acceptable for x to contain a newly
451 allocated, empty X509 object (for example allocated via
452 X509_new_ex(3)).
453
455 The read routines return either a pointer to the structure read or NULL
456 if an error occurred.
457 The write routines return 1 for success or 0 for failure.
459
461 Although the PEM routines take several arguments in almost all
462 applications most of them are set to 0 or NULL.
463 To read a certificate with a library context in PEM format from a BIO:
465 X509 *x = X509_new_ex(libctx, NULL);
467 if (x == NULL)
469 /* Error */
470 if (PEM_read_bio_X509(bp, &x, 0, NULL) == NULL)
472 /* Error */
473 Read a certificate in PEM format from a BIO:
475 X509 *x;
477 x = PEM_read_bio_X509(bp, NULL, 0, NULL);
479 if (x == NULL)
480 /* Error */
481 Alternative method:
483 X509 *x = NULL;
485 if (!PEM_read_bio_X509(bp, &x, 0, NULL))
487 /* Error */
488 Write a certificate to a BIO:
490 if (!PEM_write_bio_X509(bp, x))
492 /* Error */
493 Write a private key (using traditional format) to a BIO using triple
495 DES encryption, the pass phrase is prompted for:
496 if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL))
498 /* Error */
499 Write a private key (using PKCS#8 format) to a BIO using triple DES
501 encryption, using the pass phrase "hello":
502 if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),
504 NULL, 0, 0, "hello"))
505 /* Error */
506 Read a private key from a BIO using a pass phrase callback:
508 key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
510 if (key == NULL)
511 /* Error */
512 Skeleton pass phrase callback:
514 int pass_cb(char *buf, int size, int rwflag, void *u)
516 {
517 /* We'd probably do something else if 'rwflag' is 1 */
519 printf("Enter pass phrase for \"%s\"\n", (char *)u);
520 /* get pass phrase, length 'len' into 'tmp' */
522 char *tmp = "hello";
523 if (tmp == NULL) /* An error occurred */
524 return -1;
525 size_t len = strlen(tmp);
527 if (len > size)
529 len = size;
530 memcpy(buf, tmp, len);
531 return len;
532 }
533
535 EVP_EncryptInit(3), EVP_BytesToKey(3), passphrase-encoding(7)
536
538 The old Netscape certificate sequences were no longer documented in
539 OpenSSL 1.1.0; applications should use the PKCS7 standard instead as
540 they will be formally deprecated in a future releases.
541 PEM_read_bio_PrivateKey_ex(), PEM_read_PrivateKey_ex(),
543 PEM_read_bio_PUBKEY_ex(), PEM_read_PUBKEY_ex() and
544 PEM_read_bio_Parameters_ex() were introduced in OpenSSL 3.0.
545 The functions PEM_read_bio_RSAPrivateKey(), PEM_read_RSAPrivateKey(),
547 PEM_write_bio_RSAPrivateKey(), PEM_write_RSAPrivateKey(),
548 PEM_read_bio_RSAPublicKey(), PEM_read_RSAPublicKey(),
549 PEM_write_bio_RSAPublicKey(), PEM_write_RSAPublicKey(),
550 PEM_read_bio_RSA_PUBKEY(), PEM_read_RSA_PUBKEY(),
551 PEM_write_bio_RSA_PUBKEY(), PEM_write_RSA_PUBKEY(),
552 PEM_read_bio_DSAPrivateKey(), PEM_read_DSAPrivateKey(),
553 PEM_write_bio_DSAPrivateKey(), PEM_write_DSAPrivateKey(),
554 PEM_read_bio_DSA_PUBKEY(), PEM_read_DSA_PUBKEY(),
555 PEM_write_bio_DSA_PUBKEY(), PEM_write_DSA_PUBKEY();
556 PEM_read_bio_DSAparams(), PEM_read_DSAparams(),
557 PEM_write_bio_DSAparams(), PEM_write_DSAparams(),
558 PEM_read_bio_DHparams(), PEM_read_DHparams(), PEM_write_bio_DHparams()
559 and PEM_write_DHparams() were deprecated in 3.0.
560
562 Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
563 Licensed under the Apache License 2.0 (the "License"). You may not use
565 this file except in compliance with the License. You can obtain a copy
566 in the file LICENSE in the source distribution or at
567 <https://www.openssl.org/source/license.html>.
5683.0.5 2022-07-05 PEM_READ_BIO_PRIVATEKEY(3ossl)