Check-in [d371821677]
Overview
Comment:More documentation updates
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | crypto
Files: files | file ages | folders
SHA3-256: d371821677e569421d5c73a1631b1db786408f1fb341024cf8e1d2e41dd67500
User & Date: bohagan on 2023-12-28 05:05:00
Other Links: branch diff | manifest | tags
Context
2023-12-29
03:09
Merged in master changes check-in: d2d04c75a0 user: bohagan tags: crypto
2023-12-28
05:05
More documentation updates check-in: d371821677 user: bohagan tags: crypto
03:57
Added random bytes test cases check-in: 7a89ccc39d user: bohagan tags: crypto
Changes
134
135
136
137
138
139
140
141

142
143
144
145
146
147
148
149
150
151
152
153

154

155
156
157
158
159
160
161
134
135
136
137
138
139
140

141
142
143
144
145
146
147
148
149
150
151
152
153
154

155
156
157
158
159
160
161
162







-
+












+
-
+







    <dd>Name of hash function (aka message digest) to use.
    See <a href="#tls::digests"><b>tls::digests</b></a> command for the valid values.</dd>
</dl>

<dl>
    <dt><a name="-info"><strong>-info</strong> <em>string</em></a></dt>
    <dd>Optional context and application specific information. Can be a binary
    or text string. </dd>
    or text string. Max length is 1024 bytes for OpenSSL 1.1 and 2048 bytes for 3.0.</dd>
</dl>

<dl>
    <dt><a name="-iterations"><strong>-iterations</strong> <em>count</em></a></dt>
    <dd>Number (integer &gt; 0) of iterations to use in deriving the encryption
    key. Default is 2048. Some <a href="#KDF"><b>KDF</b></a> implementations
    require an iteration count.</dd>
</dl>

<dl>
    <dt><a name="-iv"><strong>-iv</strong> <em>string</em></a></dt>
    <dd>Initialization vector (IV) to use. Required for some ciphers and GMAC.
    Other MACs use a fixed IV.
    Cipher modes CBC, CFB, and OFB all need an IV while ECB and CTR modes do not.
    Cipher modes CBC, CFB, and OFB all need an IV, while ECB and CTR modes do not.
    A new, random IV should be created for each use. Think of the IV as a nonce
    (number used once), it's public but random and unpredictable. See the
   <a href="#tls::cipher"><b>tls::cipher</b></a> for iv_length and when
   required (length > 0). Max is 16 bytes. If not set, it will default to \x00
   fill data.</dd>
</dl>

325
326
327
328
329
330
331
332



333
334
335
336
337
338
339
326
327
328
329
330
331
332

333
334
335
336
337
338
339
340
341
342







-
+
+
+







<h3><a name="COMMANDS">COMMANDS</a></h3>

<p>The following commands provide access to the OpenSSL cryptography functions.</p>

<dl>

<h4><a name="Info">Info Commands</a></h4>

These commands provide information about the available ciphers, digests, etc. and their properties.
<br>
<br>
    <dt><a name="tls::cipher"><strong>tls::cipher</strong> <em>name</em></a></dt>
    <dd>Returns a list of property name and value pairs describing cipher
	<i>name</i>. Properties are:</dd>
    <blockquote><table>
	<tr><td><b>nid</b></td><td>Internal id of cipher. This is the same as <i>name</i>.<td></tr>
	<tr><td><b>name</b></td><td>Name or alias of the cipher.<td></tr>
	<tr><td><b>description</b></td><td>Description of the cipher. OpenSSL 3.0+ only.<td></tr>
389
390
391
392
393
394
395
396



397
398
399
400
401
402
403
392
393
394
395
396
397
398

399
400
401
402
403
404
405
406
407
408







-
+
+
+








    <dt><a name="tls::version"><strong>tls::version</strong></a></dt>
    <dd>Returns the OpenSSL version string.</dd>

<br>

<h4><a name="MD_MAC">Message Digest (MD) and Message Authentication Code (MAC) Commands</a></h4>

These commands calculate a message digest or message authentication code for data.
<br>
<br>
    <dt><a name="tls::cmac"><strong>tls::cmac</strong>
	<em>?</em><b>-cipher</b><em>? name</em>
	<b>-key</b> <em>key ?</em>
	<b>-bin</b>|<b>-hex</b>
	<em>?[</em><b>-chan</b> <em>channelId |</em> <b>-command</b> <em>cmdName |</em>
	<b>-file</b> <em>filename | ?</em><b>-data</b><em>? data]</em></a></dt>
    <dd>Calculate the Cipher-based Message Authentication Code (CMAC) where
459
460
461
462
463
464
465
466



467
468
469
470
471
472
473
464
465
466
467
468
469
470

471
472
473
474
475
476
477
478
479
480







-
+
+
+








    <dt><a name="tls::unstack"><strong>tls::unstack</strong> <em>channelId</em></a></dt>
    <dd>Removes the top level cryptographic transform from channel <em>channelId</em>.</dd>

<br>

<h4><a name="Cipher">Encryption and Decryption Commands</a></h4>

These commands encrypt plaintext into ciphertext or vice versa.
<br>
<br>
    <dt><a name="tls::encrypt"><strong>tls::encrypt</strong>
	<em>?</em><b>-cipher</b><em>? name</em>
	<b>-digest</b> <em>name</em>
	<b>-key</b> <em>key ?</em>
	<b>-iv</b> <em>string?</em>
	<em>[</em><b>-chan</b> <em>channelId |</em> <b>-command</b> <em>cmdName |</em>
	<b>-infile</b> <em>filename</em> <b>-outfile</b> <em>filename |</em>
546
547
548
549
550
551
552
553

554
555
556
557
558
559
560
553
554
555
556
557
558
559

560
561
562
563
564
565
566
567







-
+







	must be a positive integer less than or equal
	to ((2^32-1) * 32) / (128 * r). Default is 1.<td></tr>
    </table></blockquote>

<br>

<h4><a name="RAND">Random Bytes Commands</a></h4>
These commands provide randomly generated byte strings.
These commands provide randomly generated byte strings for use when random data is needed.
<br>
<br>
    <dt><a name="tls::random"><strong>tls::random</strong>
	<em>?</em><b>-private</b><em>? length</em></a></dt>
    <dd>Generate <i>length</i> random bytes using a cryptographically secure
	pseudo random generator (CSPRNG). OpenSSL uses a security level of 256
	bits. Will return an error if a trusted entropy source such as the OS