Index Index for
Section 3
Index Alphabetical
listing for E
Bottom of page Bottom of
page		 

EVP_SealInit(3)


NAME

  EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption


SYNOPSIS

  #include <openssl/evp.h>

  int EVP_SealInit(
	  EVP_CIPHER_CTX *ctx,
	  EVP_CIPHER *type,
	  unsigned char **ek,
	  int *ekl,
	  unsigned char *iv,
	  EVP_PKEY **pubk,
	  int npubk );

  int EVP_SealUpdate(
	  EVP_CIPHER_CTX *ctx,
	  unsigned char *out,
	  int *outl,
	  unsigned char *in,
	  int inl );

  int EVP_SealFinal(
	  EVP_CIPHER_CTX *ctx,
	  unsigned char *out,
	  int *outl );


DESCRIPTION

  The EVP envelope routines are a high level interface to envelope
  encryption.  They generate a random key and then envelope it by using
  public key encryption.  Data can then be encrypted using this key.

  The EVP_SealInit() function initializes a cipher context ctx for encryption
  with cipher type using a random secret key and IV supplied in the iv
  parameter.  The type is normally supplied by a function such as
  EVP_des_cbc(). The secret key is encrypted using one or more public keys.
  This allows the same encrypted data to be decrypted using any of the
  corresponding private keys. The ek is an array of buffers where the public
  key encrypted secret key will be written. Each buffer must contain enough
  room for the corresponding encrypted key: that is, ek[i] must have room for
  EVP_PKEY_size(pubk[i]) bytes. The actual size of each encrypted secret key
  is written to the array ekl. The pubk is an array of npubk public keys.

  The EVP_SealUpdate() and EVP_SealFinal() functions have the same properties
  as the EVP_EncryptUpdate() and EVP_EncryptFinal() functions, as  documented
  on the  EVP_EncryptInit(3)reference page.


NOTES

  Because a random secret key is generated the random number generator must
  be seeded before calling EVP_SealInit().

  The public key must be RSA because it is the only OpenSSL public key
  algorithm that supports key transport.

  Envelope encryption is the usual method of using public key encryption on
  large amounts of data. This is because public key encryption is slow but
  symmetric encryption is fast. So symmetric encryption is used for bulk
  encryption and the small random symmetric key used is transferred using
  public key encryption.

  It is possible to call EVP_SealInit() twice in the same way as
  EVP_EncryptInit(). The first call should have npubk set to 0 and (after
  setting any cipher parameters) it should be called again with type set to
  NULL.


RETURN VALUES

  The EVP_SealInit() function returns 0 on error or npubk if successful.

  The EVP_SealUpdate() and EVP_SealFinal() functions return 1 for success and
  0 for failure.


SEE ALSO

  Functions: evp(3), rand_ssl(3), EVP_EncryptInit(3), EVP_OpenInit(3)

Index Index for
Section 3
Index Alphabetical
listing for E
Top of page Top of
page