1EVP_PKEY_SET1_RSA(3ossl)            OpenSSL           EVP_PKEY_SET1_RSA(3ossl)
2
3
4

NAME

6       EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH,
7       EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA,
8       EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get0_RSA,
9       EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY,
10       EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH,
11       EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305,
12       EVP_PKEY_assign_SIPHASH, EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305,
13       EVP_PKEY_get0_siphash, EVP_PKEY_get0, EVP_PKEY_type, EVP_PKEY_get_id,
14       EVP_PKEY_get_base_id, EVP_PKEY_set1_engine, EVP_PKEY_get0_engine,
15       EVP_PKEY_id, EVP_PKEY_base_id - EVP_PKEY assignment functions
16

SYNOPSIS

18        #include <openssl/evp.h>
19
20        int EVP_PKEY_get_id(const EVP_PKEY *pkey);
21        int EVP_PKEY_get_base_id(const EVP_PKEY *pkey);
22        int EVP_PKEY_type(int type);
23
24        #define EVP_PKEY_id EVP_PKEY_get_id
25        #define EVP_PKEY_base_id EVP_PKEY_get_base_id
26
27       The following functions have been deprecated since OpenSSL 3.0, and can
28       be hidden entirely by defining OPENSSL_API_COMPAT with a suitable
29       version value, see openssl_user_macros(7):
30
31        int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key);
32        int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key);
33        int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key);
34        int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
35
36        RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
37        DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
38        DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
39        EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
40
41        const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
42        const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len);
43        const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len);
44        const RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
45        const DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey);
46        const DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
47        const EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
48        void *EVP_PKEY_get0(const EVP_PKEY *pkey);
49
50        int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key);
51        int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
52        int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
53        int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
54        int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
55        int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
56
57        ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey);
58        int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine);
59

DESCRIPTION

61       EVP_PKEY_get_base_id() returns the type of pkey. For example an RSA key
62       will return EVP_PKEY_RSA.
63
64       EVP_PKEY_get_id() returns the actual NID associated with pkey only if
65       the pkey type isn't implemented just in a provider(7).  Historically
66       keys using the same algorithm could use different NIDs.  For example an
67       RSA key could use the NIDs corresponding to the NIDs NID_rsaEncryption
68       (equivalent to EVP_PKEY_RSA) or NID_rsa (equivalent to EVP_PKEY_RSA2).
69       The use of alternative non-standard NIDs is now rare so EVP_PKEY_RSA2
70       et al are not often seen in practice.  EVP_PKEY_get_id() returns -1
71       (EVP_PKEY_KEYMGMT) if the pkey is only implemented in a provider(7).
72
73       EVP_PKEY_type() returns the underlying type of the NID type. For
74       example EVP_PKEY_type(EVP_PKEY_RSA2) will return EVP_PKEY_RSA.
75
76       EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
77       EVP_PKEY_set1_EC_KEY() set the key referenced by pkey to key. These
78       functions are deprecated. Applications should instead use
79       EVP_PKEY_fromdata(3).
80
81       EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
82       EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and
83       EVP_PKEY_assign_SIPHASH() set the referenced key to key however these
84       use the supplied key internally and so key will be freed when the
85       parent pkey is freed. These macros are deprecated. Applications should
86       instead read an EVP_PKEY directly using the OSSL_DECODER APIs (see
87       OSSL_DECODER_CTX_new_for_pkey(3)), or construct an EVP_PKEY from data
88       using EVP_PKEY_fromdata(3).
89
90       EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
91       EVP_PKEY_get1_EC_KEY() return the referenced key in pkey or NULL if the
92       key is not of the correct type. The returned key must be freed after
93       use.  These functions are deprecated. Applications should instead use
94       the EVP_PKEY directly where possible. If access to the low level key
95       parameters is required then applications should use
96       EVP_PKEY_get_params(3) and other similar functions. To write an
97       EVP_PKEY out use the OSSL_ENCODER APIs (see
98       OSSL_ENCODER_CTX_new_for_pkey(3)).
99
100       EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(),
101       EVP_PKEY_get0_siphash(), EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(),
102       EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() return the referenced key
103       in pkey or NULL if the key is not of the correct type. The reference
104       count of the returned key is not incremented and so the key must not be
105       freed after use. These functions are deprecated. Applications should
106       instead use the EVP_PKEY directly where possible. If access to the low
107       level key parameters is required then applications should use
108       EVP_PKEY_get_params(3) and other similar functions.  To write an
109       EVP_PKEY out use the OSSL_ENCODER APIs (see
110       OSSL_ENCODER_CTX_new_for_pkey(3)). EVP_PKEY_get0() returns a pointer to
111       the legacy key or NULL if the key is not legacy.
112
113       Note that if an EVP_PKEY was not constructed using one of the
114       deprecated functions such as EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(),
115       EVP_PKEY_set1_DH() or EVP_PKEY_set1_EC_KEY(), or via the similarly
116       named EVP_PKEY_assign macros described above then the internal key will
117       be managed by a provider (see provider(7)). In that case the key
118       returned by EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(),
119       EVP_PKEY_get1_DH(), EVP_PKEY_get1_EC_KEY(), EVP_PKEY_get0_hmac(),
120       EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(), EVP_PKEY_get0_RSA(),
121       EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() or EVP_PKEY_get0_EC_KEY() will
122       be a cached copy of the provider's key. Subsequent updates to the
123       provider's key will not be reflected back in the cached copy, and
124       updates made by an application to the returned key will not be
125       reflected back in the provider's key. Subsequent calls to
126       EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
127       EVP_PKEY_get1_EC_KEY() will always return the cached copy returned by
128       the first call.
129
130       EVP_PKEY_get0_engine() returns a reference to the ENGINE handling pkey.
131       This function is deprecated. Applications should use providers instead
132       of engines (see provider(7) for details).
133
134       EVP_PKEY_set1_engine() sets the ENGINE handling pkey to engine. It must
135       be called after the key algorithm and components are set up.  If engine
136       does not include an EVP_PKEY_METHOD for pkey an error occurs. This
137       function is deprecated. Applications should use providers instead of
138       engines (see provider(7) for details).
139

WARNINGS

141       The following functions are only reliable with EVP_PKEYs that have been
142       assigned an internal key with EVP_PKEY_assign_*():
143
144       EVP_PKEY_get_id(), EVP_PKEY_get_base_id(), EVP_PKEY_type()
145
146       For EVP_PKEY key type checking purposes, EVP_PKEY_is_a(3) is more
147       generic.
148
149       For purposes of retrieving the name of the EVP_PKEY the function
150       EVP_PKEY_get0_type_name(3) is more generally useful.
151
152       The keys returned from the functions EVP_PKEY_get0_RSA(),
153       EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() were
154       changed to have a "const" return type in OpenSSL 3.0. As described
155       above the keys returned may be cached copies of the key held in a
156       provider. Due to this, and unlike in earlier versions of OpenSSL, they
157       should be considered read-only copies of the key.  Updates to these
158       keys will not be reflected back in the provider side key. The
159       EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
160       EVP_PKEY_get1_EC_KEY() functions were not changed to have a "const"
161       return type in order that applications can "free" the return value.
162       However applications should still consider them as read-only copies.
163

NOTES

165       In accordance with the OpenSSL naming convention the key obtained from
166       or assigned to the pkey using the 1 functions must be freed as well as
167       pkey.
168
169       EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
170       EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and
171       EVP_PKEY_assign_SIPHASH() are implemented as macros.
172
173       EVP_PKEY_assign_EC_KEY() looks at the curve name id to determine if the
174       passed EC_KEY is an SM2(7) key, and will set the EVP_PKEY type to
175       EVP_PKEY_SM2 in that case, instead of EVP_PKEY_EC.
176
177       Most applications wishing to know a key type will simply call
178       EVP_PKEY_get_base_id() and will not care about the actual type: which
179       will be identical in almost all cases.
180
181       Previous versions of this document suggested using
182       EVP_PKEY_type(pkey->type) to determine the type of a key. Since
183       EVP_PKEY is now opaque this is no longer possible: the equivalent is
184       EVP_PKEY_get_base_id(pkey).
185
186       EVP_PKEY_set1_engine() is typically used by an ENGINE returning an HSM
187       key as part of its routine to load a private key.
188

RETURN VALUES

190       EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
191       EVP_PKEY_set1_EC_KEY() return 1 for success or 0 for failure.
192
193       EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
194       EVP_PKEY_get1_EC_KEY() return the referenced key or NULL if an error
195       occurred.
196
197       EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
198       EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and
199       EVP_PKEY_assign_SIPHASH() return 1 for success and 0 for failure.
200
201       EVP_PKEY_get_base_id(), EVP_PKEY_get_id() and EVP_PKEY_type() return a
202       key type or NID_undef (equivalently EVP_PKEY_NONE) on error.
203
204       EVP_PKEY_set1_engine() returns 1 for success and 0 for failure.
205

SEE ALSO

207       EVP_PKEY_new(3), SM2(7)
208

HISTORY

210       The EVP_PKEY_id() and EVP_PKEY_base_id() functions were renamed to
211       include "get" in their names in OpenSSL 3.0, respectively. The old
212       names are kept as non-deprecated alias macros.
213
214       EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH,
215       EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA,
216       EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get0_RSA,
217       EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY,
218       EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH,
219       EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305,
220       EVP_PKEY_assign_SIPHASH, EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305,
221       EVP_PKEY_get0_siphash, EVP_PKEY_set1_engine and EVP_PKEY_get0_engine
222       were deprecated in OpenSSL 3.0.
223
224       The return value from EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA,
225       EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY were made const in OpenSSL 3.0.
226
227       The function EVP_PKEY_set_alias_type() was previously documented on
228       this page.  It was removed in OpenSSL 3.0.
229
231       Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
232
233       Licensed under the Apache License 2.0 (the "License").  You may not use
234       this file except in compliance with the License.  You can obtain a copy
235       in the file LICENSE in the source distribution or at
236       <https://www.openssl.org/source/license.html>.
237
238
239
2403.0.9                             2023-07-27          EVP_PKEY_SET1_RSA(3ossl)
Impressum