OpenSSL EVP Series 12 --- EVP_SEAL Series Function Introduction
--- Translation according to OpenSSL DOC / CRYPTO / EVP_SEALINIT.POD translation and its own understanding
(Author: DragonKing, Mail: wzhah@263.net, released in:
Http://openssl.126.com OpenSSL Professional Forum, Version: OpenSSL-0.9.7)
The series function is equivalent to completing the function of an electronic envelope, which generates a random key, then encapsulate the changed key using a public key, and the data can be encrypted using a random key.
Envelopes Envelopes must often be used when performing a lot of data transmission, because the public key algorithm is slow, but the symmetry algorithm is much more. Therefore, the transmission of the encryption key is generally used by the public key algorithm, and the symmetric encryption algorithm is used to actually perform data encryption.
Its definition is as follows (openssl / evp.h):
INT EVP_SEALINIT (EVP_CIPHER_CTX * CTX, EVP_CIPHER * TYPE, UNSIGNED Char ** EK,
INT * EKL, Unsigned Char * IV, EVP_PKEY ** PUBK, INT NPUBK;
INT EVP_SEALUPDATE (EVP_CIPHER_CTX * CTX, Unsigned Char * OUT,
INT * OUTL, UNSIGNED CHAR * IN, INT INL);
INT EVP_SEALFINAL (EVP_CIPHER_CTX * CTX, Unsigned Char * OUT,
INT * OUTL);
[EVP_SEALINIT]
This function initializes an encryption algorithm structure EVP_CIPHER_CTX, using the specified encryption algorithm, using a random key and initialization vector IV. In fact, the function calls the EVP_ENCRYPTINIT_EX function twice complete the initialization of the CTX structure. The parameter TYPE is an algorithm type, which is the same as the signature, and a function of the EVP_DES_CBC type. The random private key is encrypted by one or more public keys, which allows the key to decrypt the corresponding private key corresponding to the public key. The parameter EK is a cache sequence that stores a plurality of information after the key encrypted by the public key, so each cache space should be large enough, such as the cache space of EK [i] must be evp_pkey_size (Pubk [i]) So big. The length of each encrypted key is saved in the digital ekl. Parameter Pubk is a public key display that can contain multiple public keys. The function successfully executed returns NPUBK, and the failed returns 0.
Because the key of the function is randomly generated, the random number must be seeded before calling the function.
The public key used must be RSA because this is the only public key algorithm that supports key transfer in OpenSSL.
Like the EVP_Encryptinit function, this function can also be divided into two calls. When the first call is called, the parameter NPUBK should be set to NULL when the second call should be set.
[EVP_SEALUPDATE]
This function is a macro definition function, which is actually defined as follows:
#define EVP_SEALUPDATE (A, B, C, D, E) EVP_ENCRYPTUPDATE (A, B, C, D, E)
It can be seen that the functions and methods of use are the same as the EVP_ENCRYPTUPDATE function. Details see the articles described earlier. Successfully executed returns 1, otherwise returns 0.
[EVP_SEALFINAL]
