EVP_PKEY_keygen(3) OpenSSL EVP_PKEY_keygen(3) NNAAMMEE EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data - key and parameter generation functions SSYYNNOOPPSSIISS #include int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); DDEESSCCRRIIPPTTIIOONN The _E_V_P___P_K_E_Y___k_e_y_g_e_n___i_n_i_t_(_) function initializes a public key algorithm context using key ppkkeeyy for a key genration operation. The _E_V_P___P_K_E_Y___k_e_y_g_e_n_(_) function performs a key generation operation, the generated key is written to ppppkkeeyy. The functions _E_V_P___P_K_E_Y___p_a_r_a_m_g_e_n___i_n_i_t_(_) and _E_V_P___P_K_E_Y___p_a_r_a_m_g_e_n_(_) are sim- ilar except parameters are generated. The function _E_V_P___P_K_E_Y___s_e_t___c_b_(_) sets the key or parameter generation callback to ccbb. The function _E_V_P___P_K_E_Y___C_T_X___g_e_t___c_b_(_) returns the key or parameter generation callback. The function _E_V_P___P_K_E_Y___C_T_X___g_e_t___k_e_y_g_e_n___i_n_f_o_(_) returns parameters associ- ated with the generation operation. If iiddxx is -1 the total number of parameters available is returned. Any non negative value returns the value of that parameter. _E_V_P___P_K_E_Y___C_T_X___g_e_n___k_e_y_g_e_n___i_n_f_o_(_) with a non-neg- ative value for iiddxx should only be called within the generation call- back. If the callback returns 0 then the key genration operation is aborted and an error occurs. This might occur during a time consuming operation where a user clicks on a "cancel" button. The functions _E_V_P___P_K_E_Y___C_T_X___s_e_t___a_p_p___d_a_t_a_(_) and _E_V_P___P_K_E_Y___C_T_X___g_e_t___a_p_p___d_a_t_a_(_) set and retrieve an opaque pointer. This can be used to set some application defined value which can be retrieved in the callback: for example a handle which is used to update a "progress dialog". NNOOTTEESS After the call to _E_V_P___P_K_E_Y___k_e_y_g_e_n___i_n_i_t_(_) or _E_V_P___P_K_E_Y___p_a_r_a_m_g_e_n___i_n_i_t_(_) algorithm specific control operations can be performed to set any appropriate parameters for the operation. The functions _E_V_P___P_K_E_Y___k_e_y_g_e_n_(_) and _E_V_P___P_K_E_Y___p_a_r_a_m_g_e_n_(_) can be called more than once on the same context if several operations are performed using the same parameters. The meaning of the parameters passed to the callback will depend on the algorithm and the specifiic implementation of the algorithm. Some might not give any useful information at all during key or parameter genera- tion. Others might not even call the callback. The operation performed by key or parameter generation depends on the algorithm used. In some cases (e.g. EC with a supplied named curve) the "generation" option merely sets the appropriate fields in an EVP_PKEY structure. In OpenSSL an EVP_PKEY structure containing a private key also contains the public key components and parameters (if any). An OpenSSL private key is equivalent to what some libraries call a "key pair". A private key can be used in functions which require the use of a public key or parameters. RREETTUURRNN VVAALLUUEESS _E_V_P___P_K_E_Y___k_e_y_g_e_n___i_n_i_t_(_), _E_V_P___P_K_E_Y___p_a_r_a_m_g_e_n___i_n_i_t_(_), _E_V_P___P_K_E_Y___k_e_y_g_e_n_(_) and _E_V_P___P_K_E_Y___p_a_r_a_m_g_e_n_(_) return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm. EEXXAAMMPPLLEESS Generate a 2048 bit RSA key: #include #include EVP_PKEY_CTX *ctx; EVP_PKEY *pkey = NULL; ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); if (!ctx) /* Error occurred */ if (EVP_PKEY_keygen_init(ctx) <= 0) /* Error */ if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) /* Error */ /* Generate key */ if (EVP_PKEY_keygen(ctx, &pkey) <= 0) /* Error */ Generate a key from a set of parameters: #include #include EVP_PKEY_CTX *ctx; EVP_PKEY *pkey = NULL, *param; /* Assumed param is set up already */ ctx = EVP_PKEY_CTX_new(param); if (!ctx) /* Error occurred */ if (EVP_PKEY_keygen_init(ctx) <= 0) /* Error */ /* Generate key */ if (EVP_PKEY_keygen(ctx, &pkey) <= 0) /* Error */ Example of generation callback for OpenSSL public key implementations: /* Application data is a BIO to output status to */ EVP_PKEY_CTX_set_app_data(ctx, status_bio); static int genpkey_cb(EVP_PKEY_CTX *ctx) { char c='*'; BIO *b = EVP_PKEY_CTX_get_app_data(ctx); int p; p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); if (p == 0) c='.'; if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; BIO_write(b,&c,1); (void)BIO_flush(b); return 1; } SSEEEE AALLSSOO _E_V_P___P_K_E_Y___C_T_X___n_e_w(3), _E_V_P___P_K_E_Y___e_n_c_r_y_p_t(3), _E_V_P___P_K_E_Y___d_e_c_r_y_p_t(3), _E_V_P___P_K_E_Y___s_i_g_n(3), _E_V_P___P_K_E_Y___v_e_r_i_f_y(3), _E_V_P___P_K_E_Y___v_e_r_i_f_y___r_e_c_o_v_e_r(3), _E_V_P___P_K_E_Y___d_e_r_i_v_e(3) HHIISSTTOORRYY These functions were first added to OpenSSL 1.0.0. 1.0.1u 2016-09-22 EVP_PKEY_keygen(3)