1OPENSSL-GLOSSARY(7ossl) OpenSSL OPENSSL-GLOSSARY(7ossl)
2
6 openssl-glossary - An OpenSSL Glossary
7
9 Algorithm
10 Cryptograpic primitives such as the SHA256 digest, or AES
11 encryption are referred to in OpenSSL as "algorithms". There can be
12 more than one implementation for any given algorithm available for
13 use.
14 crypto(7)
16 ASN.1, ASN1
18 ASN.1 ("Abstract Syntax Notation One") is a notation for describing
19 abstract types and values. It is defined in the ITU-T documents
20 X.680 to X.683:
21 <https://www.itu.int/rec/T-REC-X.680>,
23 <https://www.itu.int/rec/T-REC-X.681>,
24 <https://www.itu.int/rec/T-REC-X.682>,
25 <https://www.itu.int/rec/T-REC-X.683>
26 Base Provider
28 An OpenSSL Provider that contains encoders and decoders for OpenSSL
29 keys. All the algorithm implementations in the Base Provider are
30 also available in the Default Provider.
31 OSSL_PROVIDER-base(7)
33 Decoder
35 A decoder is a type of algorithm used for decoding keys and
36 parameters from some external format such as PEM or DER.
37 OSSL_DECODER_CTX_new_for_pkey(3)
39 Default Provider
41 An OpenSSL Provider that contains the most commmon OpenSSL
42 algorithm implementations. It is loaded by default if no other
43 provider is available. All the algorithm implementations in the
44 Base Provider are also available in the Default Provider.
45 OSSL_PROVIDER-default(7)
47 DER ("Distinguished Encoding Rules")
49 DER is a binary encoding of data, structured according to an ASN.1
50 specification. This is a common encoding used for cryptographic
51 objects such as private and public keys, certificates, CRLs, ...
52 It is defined in ITU-T document X.690:
54 <https://www.itu.int/rec/T-REC-X.690>
56 Encoder
58 An encoder is a type of algorithm used for encoding keys and
59 parameters to some external format such as PEM or DER.
60 OSSL_ENCODER_CTX_new_for_pkey(3)
62 Explicit Fetching
64 Explicit Fetching is a type of Fetching (see Fetching). Explicit
65 Fetching is where a function call is made to obtain an algorithm
66 object representing an implementation such as EVP_MD_fetch(3) or
67 EVP_CIPHER_fetch(3)
68 Fetching
70 Fetching is the process of looking through the available algorithm
71 implementations, applying selection criteria (via a property query
72 string), and finally choosing the implementation that will be used.
73 Also see Explicit Fetching and Implict Fetching.
75 crypto(7)
77 FIPS Provider
79 An OpenSSL Provider that contains OpenSSL algorithm implementations
80 that have been validated according to the FIPS 140-2 standard.
81 OSSL_PROVIDER-FIPS(7)
83 Implicit Fetching
85 Implicit Fetching is a type of Fetching (see Fetching). Implicit
86 Fetching is where an algorithm object with no associated
87 implementation is used such as the return value from EVP_sha256(3)
88 or EVP_aes_128_cbc(3). With implicit fetching an implementation is
89 fetched automatically using default selection criteria the first
90 time the algorithm is used.
91 Legacy Provider
93 An OpenSSL Provider that contains algorithm implementations that
94 are considered insecure or are no longer in common use.
95 OSSL_PROVIDER-legacy(7)
97 Library Context
99 A Library Context in OpenSSL is represented by the type
100 OSSL_LIB_CTX. It can be thought of as a scope within which
101 configuration options apply. If an application does not explicitly
102 create a library context then the "default" one is used. Many
103 OpenSSL functions can take a library context as an argument. A
104 NULL value can always be passed to indicate the default library
105 context.
106 OSSL_LIB_CTX(3)
108 MSBLOB
110 MSBLOB is a Microsoft specific binary format for RSA and DSA keys,
111 both private and public. This form is never passphrase protected.
112 Null Provider
114 An OpenSSL Provider that contains no algorithm implementations.
115 This can be useful to prevent the default provider from being
116 automatically loaded in a library context.
117 OSSL_PROVIDER-null(7)
119 Operation
121 An operation is a group of OpenSSL functions with a common purpose
122 such as encryption, or digesting.
123 crypto(7)
125 PEM ("Privacy Enhanced Message")
127 PEM is a format used for encoding of binary content into a mail and
128 ASCII friendly form. The content is a series of base64-encoded
129 lines, surrounded by begin/end markers each on their own line. For
130 example:
131 -----BEGIN PRIVATE KEY-----
133 MIICdg....
134 ... bhTQ==
135 -----END PRIVATE KEY-----
136 Optional header line(s) may appear after the begin line, and their
138 existence depends on the type of object being written or read.
139 For all OpenSSL uses, the binary content is expected to be a DER
141 encoded structure.
142 This is defined in IETF RFC 1421:
144 <https://tools.ietf.org/html/rfc1421>
146 PKCS#8
148 PKCS#8 is a specification of ASN.1 structures that OpenSSL uses for
149 storing or transmitting any private key in a key type agnostic
150 manner. There are two structures worth noting for OpenSSL use, one
151 that contains the key data in unencrypted form (known as
152 "PrivateKeyInfo") and an encrypted wrapper structure (known as
153 "EncryptedPrivateKeyInfo").
154 This is specified in RFC 5208:
156 <https://tools.ietf.org/html/rfc5208>
158 Property
160 A property is a way of classifying and selecting algorithm
161 implementations. A property is a key/value pair expressed as a
162 string. For example all algorithm implementations in the default
163 provider have the property "provider=default". An algorithm
164 implementation can have multiple properties defined against it.
165 Also see Property Query String.
167 property(7)
169 Property Query String
171 A property query string is a string containing a sequence of
172 properties that can be used to select an algorithm implementation.
173 For example the query string "provider=example,foo=bar" will select
174 algorithms from the "example" provider that have a "foo" property
175 defined for them with a value of "bar".
176 Property Query Strings are used during fetching. See Fetching.
178 property(7)
180 Provider
182 A provider in OpenSSL is a component that groups together algorithm
183 implementations. Providers can come from OpenSSL itself or from
184 third parties.
185 provider(7)
187 PVK PVK is a Microsoft specific binary format for RSA and DSA private
189 keys. This form may be passphrase protected.
190 SubjectPublicKeyInfo
192 SubjectPublicKeyInfo is an ASN.1 structure that OpenSSL uses for
193 storing and transmitting any public key in a key type agnostic
194 manner.
195 This is specified as part of the specification for certificates,
197 RFC 5280:
198 <https://tools.ietf.org/html/rfc5280>
200
202 This glossary was added in OpenSSL 3.0.
203
205 Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
206 Licensed under the Apache License 2.0 (the "License"). You may not use
208 this file except in compliance with the License. You can obtain a copy
209 in the file LICENSE in the source distribution or at
210 <https://www.openssl.org/source/license.html>.
2113.0.5 2022-11-01 OPENSSL-GLOSSARY(7ossl)