• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1=pod
2
3=head1 NAME
4
5openssl-glossary - An OpenSSL Glossary
6
7=head1 DESCRIPTION
8
9=for comment Please keep the items in case-insensitive alphabetical order
10
11=over 4
12
13=item Algorithm
14
15Cryptograpic primitives such as the SHA256 digest, or AES encryption are
16referred to in OpenSSL as "algorithms". There can be more than one
17implementation for any given algorithm available for use.
18
19L<crypto(7)>
20
21=item ASN.1, ASN1
22
23ASN.1 ("Abstract Syntax Notation One") is a notation for describing abstract
24types and values.  It is defined in the ITU-T documents X.680 to X.683:
25
26L<https://www.itu.int/rec/T-REC-X.680>,
27L<https://www.itu.int/rec/T-REC-X.681>,
28L<https://www.itu.int/rec/T-REC-X.682>,
29L<https://www.itu.int/rec/T-REC-X.683>
30
31=item Base Provider
32
33An OpenSSL Provider that contains encoders and decoders for OpenSSL keys.  All
34the algorithm implementations in the Base Provider are also available in the
35Default Provider.
36
37L<OSSL_PROVIDER-base(7)>
38
39=item Decoder
40
41A decoder is a type of algorithm used for decoding keys and parameters from some
42external format such as PEM or DER.
43
44L<OSSL_DECODER_CTX_new_for_pkey(3)>
45
46=item Default Provider
47
48An OpenSSL Provider that contains the most commmon OpenSSL algorithm
49implementations. It is loaded by default if no other provider is available. All
50the algorithm implementations in the Base Provider are also available in the
51Default Provider.
52
53L<OSSL_PROVIDER-default(7)>
54
55=item DER ("Distinguished Encoding Rules")
56
57DER is a binary encoding of data, structured according to an ASN.1
58specification.  This is a common encoding used for cryptographic objects
59such as private and public keys, certificates, CRLs, ...
60
61It is defined in ITU-T document X.690:
62
63L<https://www.itu.int/rec/T-REC-X.690>
64
65=item Encoder
66
67An encoder is a type of algorithm used for encoding keys and parameters to some
68external format such as PEM or DER.
69
70L<OSSL_ENCODER_CTX_new_for_pkey(3)>
71
72=item Explicit Fetching
73
74Explicit Fetching is a type of Fetching (see Fetching). Explicit Fetching is
75where a function call is made to obtain an algorithm object representing an
76implementation such as L<EVP_MD_fetch(3)> or L<EVP_CIPHER_fetch(3)>
77
78=item Fetching
79
80Fetching is the process of looking through the available algorithm
81implementations, applying selection criteria (via a property query string), and
82finally choosing the implementation that will be used.
83
84Also see Explicit Fetching and Implict Fetching.
85
86L<crypto(7)>
87
88=item FIPS Provider
89
90An OpenSSL Provider that contains OpenSSL algorithm implementations that have
91been validated according to the FIPS 140-2 standard.
92
93L<OSSL_PROVIDER-FIPS(7)>
94
95=item Implicit Fetching
96
97Implicit Fetching is a type of Fetching (see Fetching). Implicit Fetching is
98where an algorithm object with no associated implementation is used such as the
99return value from L<EVP_sha256(3)> or L<EVP_aes_128_cbc(3)>. With implicit
100fetching an implementation is fetched automatically using default selection
101criteria the first time the algorithm is used.
102
103=item Legacy Provider
104
105An OpenSSL Provider that contains algorithm implementations that are considered
106insecure or are no longer in common use.
107
108L<OSSL_PROVIDER-legacy(7)>
109
110=item Library Context
111
112A Library Context in OpenSSL is represented by the type B<OSSL_LIB_CTX>. It can
113be thought of as a scope within which configuration options apply. If an
114application does not explicitly create a library context then the "default"
115one is used. Many OpenSSL functions can take a library context as an argument.
116A NULL value can always be passed to indicate the default library context.
117
118L<OSSL_LIB_CTX(3)>
119
120=item MSBLOB
121
122MSBLOB is a Microsoft specific binary format for RSA and DSA keys, both
123private and public.  This form is never passphrase protected.
124
125=item Null Provider
126
127An OpenSSL Provider that contains no algorithm implementations. This can be
128useful to prevent the default provider from being automatically loaded in a
129library context.
130
131L<OSSL_PROVIDER-null(7)>
132
133=item Operation
134
135An operation is a group of OpenSSL functions with a common purpose such as
136encryption, or digesting.
137
138L<crypto(7)>
139
140=item PEM ("Privacy Enhanced Message")
141
142PEM is a format used for encoding of binary content into a mail and ASCII
143friendly form.  The content is a series of base64-encoded lines, surrounded
144by begin/end markers each on their own line.  For example:
145
146 -----BEGIN PRIVATE KEY-----
147 MIICdg....
148 ... bhTQ==
149 -----END PRIVATE KEY-----
150
151Optional header line(s) may appear after the begin line, and their existence
152depends on the type of object being written or read.
153
154For all OpenSSL uses, the binary content is expected to be a DER encoded
155structure.
156
157This is defined in IETF RFC 1421:
158
159L<https://tools.ietf.org/html/rfc1421>
160
161=item PKCS#8
162
163PKCS#8 is a specification of ASN.1 structures that OpenSSL uses for storing
164or transmitting any private key in a key type agnostic manner.
165There are two structures worth noting for OpenSSL use, one that contains the
166key data in unencrypted form (known as "PrivateKeyInfo") and an encrypted
167wrapper structure (known as "EncryptedPrivateKeyInfo").
168
169This is specified in RFC 5208:
170
171L<https://tools.ietf.org/html/rfc5208>
172
173=item Property
174
175A property is a way of classifying and selecting algorithm implementations.
176A property is a key/value pair expressed as a string. For example all algorithm
177implementations in the default provider have the property "provider=default".
178An algorithm implementation can have multiple properties defined against it.
179
180Also see Property Query String.
181
182L<property(7)>
183
184=item Property Query String
185
186A property query string is a string containing a sequence of properties that
187can be used to select an algorithm implementation. For example the query string
188"provider=example,foo=bar" will select algorithms from the "example" provider
189that have a "foo" property defined for them with a value of "bar".
190
191Property Query Strings are used during fetching. See Fetching.
192
193L<property(7)>
194
195=item Provider
196
197A provider in OpenSSL is a component that groups together algorithm
198implementations. Providers can come from OpenSSL itself or from third parties.
199
200L<provider(7)>
201
202=item PVK
203
204PVK is a Microsoft specific binary format for RSA and DSA private keys.
205This form may be passphrase protected.
206
207=item SubjectPublicKeyInfo
208
209SubjectPublicKeyInfo is an ASN.1 structure that OpenSSL uses for storing and
210transmitting any public key in a key type agnostic manner.
211
212This is specified as part of the specification for certificates, RFC 5280:
213
214L<https://tools.ietf.org/html/rfc5280>
215
216=back
217
218=head1 HISTORY
219
220This glossary was added in OpenSSL 3.0.
221
222=head1 COPYRIGHT
223
224Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
225
226Licensed under the Apache License 2.0 (the "License").  You may not use
227this file except in compliance with the License.  You can obtain a copy
228in the file LICENSE in the source distribution or at
229L<https://www.openssl.org/source/license.html>.
230
231=cut
232