1PEM_READ(3ossl)                     OpenSSL                    PEM_READ(3ossl)
2
3
4

NAME

6       PEM_write, PEM_write_bio, PEM_read, PEM_read_bio, PEM_do_header,
7       PEM_get_EVP_CIPHER_INFO - PEM encoding routines
8

SYNOPSIS

10        #include <openssl/pem.h>
11
12        int PEM_write(FILE *fp, const char *name, const char *header,
13                      const unsigned char *data, long len);
14        int PEM_write_bio(BIO *bp, const char *name, const char *header,
15                          const unsigned char *data, long len);
16
17        int PEM_read(FILE *fp, char **name, char **header,
18                     unsigned char **data, long *len);
19        int PEM_read_bio(BIO *bp, char **name, char **header,
20                         unsigned char **data, long *len);
21
22        int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cinfo);
23        int PEM_do_header(EVP_CIPHER_INFO *cinfo, unsigned char *data, long *len,
24                          pem_password_cb *cb, void *u);
25

DESCRIPTION

27       These functions read and write PEM-encoded objects, using the PEM type
28       name, any additional header information, and the raw data of length
29       len.
30
31       PEM is the term used for binary content encoding first defined in IETF
32       RFC 1421.  The content is a series of base64-encoded lines, surrounded
33       by begin/end markers each on their own line.  For example:
34
35        -----BEGIN PRIVATE KEY-----
36        MIICdg....
37        ... bhTQ==
38        -----END PRIVATE KEY-----
39
40       Optional header line(s) may appear after the begin line, and their
41       existence depends on the type of object being written or read.
42
43       PEM_write() writes to the file fp, while PEM_write_bio() writes to the
44       BIO bp.  The name is the name to use in the marker, the header is the
45       header value or NULL, and data and len specify the data and its length.
46
47       The final data buffer is typically an ASN.1 object which can be decoded
48       with the d2i function appropriate to the type name; see d2i_X509(3) for
49       examples.
50
51       PEM_read() reads from the file fp, while PEM_read_bio() reads from the
52       BIO bp.  Both skip any non-PEM data that precedes the start of the next
53       PEM object.  When an object is successfully retrieved, the type name
54       from the "----BEGIN <type>-----" is returned via the name argument, any
55       encapsulation headers are returned in header and the base64-decoded
56       content and its length are returned via data and len respectively.  The
57       name, header and data pointers are allocated via OPENSSL_malloc() and
58       should be freed by the caller via OPENSSL_free() when no longer needed.
59
60       PEM_get_EVP_CIPHER_INFO() can be used to determine the data returned by
61       PEM_read() or PEM_read_bio() is encrypted and to retrieve the
62       associated cipher and IV.  The caller passes a pointer to structure of
63       type EVP_CIPHER_INFO via the cinfo argument and the header returned via
64       PEM_read() or PEM_read_bio().  If the call is successful 1 is returned
65       and the cipher and IV are stored at the address pointed to by cinfo.
66       When the header is malformed, or not supported or when the cipher is
67       unknown or some internal error happens 0 is returned.  This function is
68       deprecated, see NOTES below.
69
70       PEM_do_header() can then be used to decrypt the data if the header
71       indicates encryption.  The cinfo argument is a pointer to the structure
72       initialized by the previous call to PEM_get_EVP_CIPHER_INFO().  The
73       data and len arguments are those returned by the previous call to
74       PEM_read() or PEM_read_bio().  The cb and u arguments make it possible
75       to override the default password prompt function as described in
76       PEM_read_PrivateKey(3).  On successful completion the data is decrypted
77       in place, and len is updated to indicate the plaintext length.  This
78       function is deprecated, see NOTES below.
79
80       If the data is a priori known to not be encrypted, then neither
81       PEM_do_header() nor PEM_get_EVP_CIPHER_INFO() need be called.
82

RETURN VALUES

84       PEM_read() and PEM_read_bio() return 1 on success and 0 on failure, the
85       latter includes the case when no more PEM objects remain in the input
86       file.  To distinguish end of file from more serious errors the caller
87       must peek at the error stack and check for PEM_R_NO_START_LINE, which
88       indicates that no more PEM objects were found.  See
89       ERR_peek_last_error(3), ERR_GET_REASON(3).
90
91       PEM_get_EVP_CIPHER_INFO() and PEM_do_header() return 1 on success, and
92       0 on failure.  The data is likely meaningless if these functions fail.
93

NOTES

95       The PEM_get_EVP_CIPHER_INFO() and PEM_do_header() functions are
96       deprecated.  This is because the underlying PEM encryption format is
97       obsolete, and should be avoided.  It uses an encryption format with an
98       OpenSSL-specific key-derivation function, which employs MD5 with an
99       iteration count of 1!  Instead, private keys should be stored in PKCS#8
100       form, with a strong PKCS#5 v2.0 PBE.  See PEM_write_PrivateKey(3) and
101       d2i_PKCS8PrivateKey_bio(3).
102
103       PEM_do_header() makes no assumption regarding the pass phrase received
104       from the password callback.  It will simply be treated as a byte
105       sequence.
106

SEE ALSO

108       ERR_peek_last_error(3), ERR_GET_LIB(3), d2i_PKCS8PrivateKey_bio(3),
109       passphrase-encoding(7)
110
112       Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
113
114       Licensed under the Apache License 2.0 (the "License").  You may not use
115       this file except in compliance with the License.  You can obtain a copy
116       in the file LICENSE in the source distribution or at
117       <https://www.openssl.org/source/license.html>.
118
119
120
1213.1.1                             2023-08-31                   PEM_READ(3ossl)
Impressum