.\" $NetBSD: openssl-glossary.7,v 1.2 2023/05/31 19:42:44 christos Exp $
.\"
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.43)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "OPENSSL-GLOSSARY 7"
.TH OPENSSL-GLOSSARY 7 "2023-05-07" "3.0.9" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
openssl\-glossary \- An OpenSSL Glossary
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
.IP "Algorithm" 4
.IX Item "Algorithm"
Cryptograpic primitives such as the \s-1SHA256\s0 digest, or \s-1AES\s0 encryption are
referred to in OpenSSL as \*(L"algorithms\*(R". There can be more than one
implementation for any given algorithm available for use.
.Sp
\&\fBcrypto\fR\|(7)
.IP "\s-1ASN.1, ASN1\s0" 4
.IX Item "ASN.1, ASN1"
\&\s-1ASN.1\s0 (\*(L"Abstract Syntax Notation One\*(R") is a notation for describing abstract
types and values. It is defined in the ITU-T documents X.680 to X.683:
.Sp
<https://www.itu.int/rec/T\-REC\-X.680>,
<https://www.itu.int/rec/T\-REC\-X.681>,
<https://www.itu.int/rec/T\-REC\-X.682>,
<https://www.itu.int/rec/T\-REC\-X.683>
.IP "Base Provider" 4
.IX Item "Base Provider"
An OpenSSL Provider that contains encoders and decoders for OpenSSL keys. All
the algorithm implementations in the Base Provider are also available in the
Default Provider.
.Sp
\&\fBOSSL_PROVIDER\-base\fR\|(7)
.IP "Decoder" 4
.IX Item "Decoder"
A decoder is a type of algorithm used for decoding keys and parameters from some
external format such as \s-1PEM\s0 or \s-1DER.\s0
.Sp
\&\fBOSSL_DECODER_CTX_new_for_pkey\fR\|(3)
.IP "Default Provider" 4
.IX Item "Default Provider"
An OpenSSL Provider that contains the most commmon OpenSSL algorithm
implementations. It is loaded by default if no other provider is available. All
the algorithm implementations in the Base Provider are also available in the
Default Provider.
.Sp
\&\fBOSSL_PROVIDER\-default\fR\|(7)
.ie n .IP "\s-1DER\s0 (""Distinguished Encoding Rules"")" 4
.el .IP "\s-1DER\s0 (``Distinguished Encoding Rules'')" 4
.IX Item "DER (Distinguished Encoding Rules)"
\&\s-1DER\s0 is a binary encoding of data, structured according to an \s-1ASN.1\s0
specification. This is a common encoding used for cryptographic objects
such as private and public keys, certificates, CRLs, ...
.Sp
It is defined in ITU-T document X.690:
.Sp
<https://www.itu.int/rec/T\-REC\-X.690>
.IP "Encoder" 4
.IX Item "Encoder"
An encoder is a type of algorithm used for encoding keys and parameters to some
external format such as \s-1PEM\s0 or \s-1DER.\s0
.Sp
\&\fBOSSL_ENCODER_CTX_new_for_pkey\fR\|(3)
.IP "Explicit Fetching" 4
.IX Item "Explicit Fetching"
Explicit Fetching is a type of Fetching (see Fetching). Explicit Fetching is
where a function call is made to obtain an algorithm object representing an
implementation such as \fBEVP_MD_fetch\fR\|(3) or \fBEVP_CIPHER_fetch\fR\|(3)
.IP "Fetching" 4
.IX Item "Fetching"
Fetching is the process of looking through the available algorithm
implementations, applying selection criteria (via a property query string), and
finally choosing the implementation that will be used.
.Sp
Also see Explicit Fetching and Implict Fetching.
.Sp
\&\fBcrypto\fR\|(7)
.IP "\s-1FIPS\s0 Provider" 4
.IX Item "FIPS Provider"
An OpenSSL Provider that contains OpenSSL algorithm implementations that have
been validated according to the \s-1FIPS 140\-2\s0 standard.
.Sp
\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7)
.IP "Implicit Fetching" 4
.IX Item "Implicit Fetching"
Implicit Fetching is a type of Fetching (see Fetching). Implicit Fetching is
where an algorithm object with no associated implementation is used such as the
return value from \fBEVP_sha256\fR\|(3) or \fBEVP_aes_128_cbc\fR\|(3). With implicit
fetching an implementation is fetched automatically using default selection
criteria the first time the algorithm is used.
.IP "Legacy Provider" 4
.IX Item "Legacy Provider"
An OpenSSL Provider that contains algorithm implementations that are considered
insecure or are no longer in common use.
.Sp
\&\fBOSSL_PROVIDER\-legacy\fR\|(7)
.IP "Library Context" 4
.IX Item "Library Context"
A Library Context in OpenSSL is represented by the type \fB\s-1OSSL_LIB_CTX\s0\fR. It can
be thought of as a scope within which configuration options apply. If an
application does not explicitly create a library context then the \*(L"default\*(R"
one is used. Many OpenSSL functions can take a library context as an argument.
A \s-1NULL\s0 value can always be passed to indicate the default library context.
.Sp
\&\s-1\fBOSSL_LIB_CTX\s0\fR\|(3)
.IP "\s-1MSBLOB\s0" 4
.IX Item "MSBLOB"
\&\s-1MSBLOB\s0 is a Microsoft specific binary format for \s-1RSA\s0 and \s-1DSA\s0 keys, both
private and public. This form is never passphrase protected.
.IP "Null Provider" 4
.IX Item "Null Provider"
An OpenSSL Provider that contains no algorithm implementations. This can be
useful to prevent the default provider from being automatically loaded in a
library context.
.Sp
\&\fBOSSL_PROVIDER\-null\fR\|(7)
.IP "Operation" 4
.IX Item "Operation"
An operation is a group of OpenSSL functions with a common purpose such as
encryption, or digesting.
.Sp
\&\fBcrypto\fR\|(7)
.ie n .IP "\s-1PEM\s0 (""Privacy Enhanced Message"")" 4
.el .IP "\s-1PEM\s0 (``Privacy Enhanced Message'')" 4
.IX Item "PEM (Privacy Enhanced Message)"
\&\s-1PEM\s0 is a format used for encoding of binary content into a mail and \s-1ASCII\s0
friendly form. The content is a series of base64\-encoded lines, surrounded
by begin/end markers each on their own line. For example:
.Sp
.Vb 4
\& \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
\& MIICdg....
\& ... bhTQ==
\& \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
.Ve
.Sp
Optional header line(s) may appear after the begin line, and their existence
depends on the type of object being written or read.
.Sp
For all OpenSSL uses, the binary content is expected to be a \s-1DER\s0 encoded
structure.
.Sp
This is defined in \s-1IETF RFC 1421:\s0
.Sp
<https://tools.ietf.org/html/rfc1421>
.IP "PKCS#8" 4
.IX Item "PKCS#8"
PKCS#8 is a specification of \s-1ASN.1\s0 structures that OpenSSL uses for storing
or transmitting any private key in a key type agnostic manner.
There are two structures worth noting for OpenSSL use, one that contains the
key data in unencrypted form (known as \*(L"PrivateKeyInfo\*(R") and an encrypted
wrapper structure (known as \*(L"EncryptedPrivateKeyInfo\*(R").
.Sp
This is specified in \s-1RFC 5208:\s0
.Sp
<https://tools.ietf.org/html/rfc5208>
.IP "Property" 4
.IX Item "Property"
A property is a way of classifying and selecting algorithm implementations.
A property is a key/value pair expressed as a string. For example all algorithm
implementations in the default provider have the property \*(L"provider=default\*(R".
An algorithm implementation can have multiple properties defined against it.
.Sp
Also see Property Query String.
.Sp
\&\fBproperty\fR\|(7)
.IP "Property Query String" 4
.IX Item "Property Query String"
A property query string is a string containing a sequence of properties that
can be used to select an algorithm implementation. For example the query string
\&\*(L"provider=example,foo=bar\*(R" will select algorithms from the \*(L"example\*(R" provider
that have a \*(L"foo\*(R" property defined for them with a value of \*(L"bar\*(R".
.Sp
Property Query Strings are used during fetching. See Fetching.
.Sp
\&\fBproperty\fR\|(7)
.IP "Provider" 4
.IX Item "Provider"
A provider in OpenSSL is a component that groups together algorithm
implementations. Providers can come from OpenSSL itself or from third parties.
.Sp
\&\fBprovider\fR\|(7)
.IP "\s-1PVK\s0" 4
.IX Item "PVK"
\&\s-1PVK\s0 is a Microsoft specific binary format for \s-1RSA\s0 and \s-1DSA\s0 private keys.
This form may be passphrase protected.
.IP "SubjectPublicKeyInfo" 4
.IX Item "SubjectPublicKeyInfo"
SubjectPublicKeyInfo is an \s-1ASN.1\s0 structure that OpenSSL uses for storing and
transmitting any public key in a key type agnostic manner.
.Sp
This is specified as part of the specification for certificates, \s-1RFC 5280:\s0
.Sp
<https://tools.ietf.org/html/rfc5280>
.SH "HISTORY"
.IX Header "HISTORY"
This glossary was added in OpenSSL 3.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.