.\" $OpenBSD: PEM_read_bio_PrivateKey.3,v 1.21 2023/04/25 18:57:57 tb Exp $
.\" full merge up to:
.\" OpenSSL man3/PEM_read_bio_PrivateKey.pod 18bad535 Apr 9 15:13:55 2019 +0100
.\" OpenSSL man3/PEM_read_CMS.pod 83cf7abf May 29 13:07:08 2018 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2001-2004, 2009, 2013-2016 The OpenSSL Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in
.\"    the documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\"    software must display the following acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\"    endorse or promote products derived from this software without
.\"    prior written permission. For written permission, please contact
.\"    openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\"    nor may "OpenSSL" appear in their names without prior written
.\"    permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\"    acknowledgment:
.\"    "This product includes software developed by the OpenSSL Project
.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: April 25 2023 $
.Dt PEM_READ_BIO_PRIVATEKEY 3
.Os
.Sh NAME
.Nm PEM_read_bio_PrivateKey ,
.Nm PEM_read_PrivateKey ,
.Nm PEM_write_bio_PrivateKey ,
.Nm PEM_write_PrivateKey ,
.Nm PEM_write_bio_PKCS8PrivateKey ,
.Nm PEM_write_PKCS8PrivateKey ,
.Nm PEM_write_bio_PKCS8PrivateKey_nid ,
.Nm PEM_write_PKCS8PrivateKey_nid ,
.Nm PEM_read_bio_PKCS8 ,
.Nm PEM_read_PKCS8 ,
.Nm PEM_write_bio_PKCS8 ,
.Nm PEM_write_PKCS8 ,
.Nm PEM_read_bio_PKCS8_PRIV_KEY_INFO ,
.Nm PEM_read_PKCS8_PRIV_KEY_INFO ,
.Nm PEM_write_bio_PKCS8_PRIV_KEY_INFO ,
.Nm PEM_write_PKCS8_PRIV_KEY_INFO ,
.Nm PEM_read_bio_PUBKEY ,
.Nm PEM_read_PUBKEY ,
.Nm PEM_write_bio_PUBKEY ,
.Nm PEM_write_PUBKEY ,
.Nm PEM_read_bio_RSAPrivateKey ,
.Nm PEM_read_RSAPrivateKey ,
.Nm PEM_write_bio_RSAPrivateKey ,
.Nm PEM_write_RSAPrivateKey ,
.Nm PEM_read_bio_RSAPublicKey ,
.Nm PEM_read_RSAPublicKey ,
.Nm PEM_write_bio_RSAPublicKey ,
.Nm PEM_write_RSAPublicKey ,
.Nm PEM_read_bio_RSA_PUBKEY ,
.Nm PEM_read_RSA_PUBKEY ,
.Nm PEM_write_bio_RSA_PUBKEY ,
.Nm PEM_write_RSA_PUBKEY ,
.Nm PEM_read_bio_DSAPrivateKey ,
.Nm PEM_read_DSAPrivateKey ,
.Nm PEM_write_bio_DSAPrivateKey ,
.Nm PEM_write_DSAPrivateKey ,
.Nm PEM_read_bio_DSA_PUBKEY ,
.Nm PEM_read_DSA_PUBKEY ,
.Nm PEM_write_bio_DSA_PUBKEY ,
.Nm PEM_write_DSA_PUBKEY ,
.Nm PEM_read_bio_DSAparams ,
.Nm PEM_read_DSAparams ,
.Nm PEM_write_bio_DSAparams ,
.Nm PEM_write_DSAparams ,
.Nm PEM_read_bio_DHparams ,
.Nm PEM_read_DHparams ,
.Nm PEM_write_bio_DHparams ,
.Nm PEM_write_DHparams ,
.Nm PEM_read_bio_ECPKParameters ,
.Nm PEM_read_ECPKParameters ,
.Nm PEM_write_bio_ECPKParameters ,
.Nm PEM_write_ECPKParameters ,
.Nm PEM_read_bio_ECPrivateKey ,
.Nm PEM_read_ECPrivateKey ,
.Nm PEM_write_bio_ECPrivateKey ,
.Nm PEM_write_ECPrivateKey ,
.Nm PEM_read_bio_EC_PUBKEY ,
.Nm PEM_read_EC_PUBKEY ,
.Nm PEM_write_bio_EC_PUBKEY ,
.Nm PEM_write_EC_PUBKEY ,
.Nm PEM_read_bio_X509 ,
.Nm PEM_read_X509 ,
.Nm PEM_write_bio_X509 ,
.Nm PEM_write_X509 ,
.Nm PEM_read_bio_X509_AUX ,
.Nm PEM_read_X509_AUX ,
.Nm PEM_write_bio_X509_AUX ,
.Nm PEM_write_X509_AUX ,
.Nm PEM_read_bio_X509_REQ ,
.Nm PEM_read_X509_REQ ,
.Nm PEM_write_bio_X509_REQ ,
.Nm PEM_write_X509_REQ ,
.Nm PEM_write_bio_X509_REQ_NEW ,
.Nm PEM_write_X509_REQ_NEW ,
.Nm PEM_read_bio_X509_CRL ,
.Nm PEM_read_X509_CRL ,
.Nm PEM_write_bio_X509_CRL ,
.Nm PEM_write_X509_CRL ,
.Nm PEM_read_bio_PKCS7 ,
.Nm PEM_read_PKCS7 ,
.Nm PEM_write_bio_PKCS7 ,
.Nm PEM_write_PKCS7 ,
.Nm PEM_read_CMS ,
.Nm PEM_read_bio_CMS ,
.Nm PEM_write_CMS ,
.Nm PEM_write_bio_CMS
.Nd PEM routines
.Sh SYNOPSIS
.In openssl/pem.h
.Ft EVP_PKEY *
.Fo PEM_read_bio_PrivateKey
.Fa "BIO *bp"
.Fa "EVP_PKEY **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft EVP_PKEY *
.Fo PEM_read_PrivateKey
.Fa "FILE *fp"
.Fa "EVP_PKEY **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_PrivateKey
.Fa "BIO *bp"
.Fa "EVP_PKEY *x"
.Fa "const EVP_CIPHER *enc"
.Fa "unsigned char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_PrivateKey
.Fa "FILE *fp"
.Fa "EVP_PKEY *x"
.Fa "const EVP_CIPHER *enc"
.Fa "unsigned char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_PKCS8PrivateKey
.Fa "BIO *bp"
.Fa "EVP_PKEY *x"
.Fa "const EVP_CIPHER *enc"
.Fa "char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_PKCS8PrivateKey
.Fa "FILE *fp"
.Fa "EVP_PKEY *x"
.Fa "const EVP_CIPHER *enc"
.Fa "char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_PKCS8PrivateKey_nid
.Fa "BIO *bp"
.Fa "EVP_PKEY *x"
.Fa "int nid"
.Fa "char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_PKCS8PrivateKey_nid
.Fa "FILE *fp"
.Fa "EVP_PKEY *x"
.Fa "int nid"
.Fa "char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft X509_SIG *
.Fo PEM_read_bio_PKCS8
.Fa "BIO *bp"
.Fa "X509_SIG **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft X509_SIG *
.Fo PEM_read_PKCS8
.Fa "FILE *fp"
.Fa "X509_SIG **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_PKCS8
.Fa "BIO *bp"
.Fa "X509_SIG *x"
.Fc
.Ft int
.Fo PEM_write_PKCS8
.Fa "FILE *fp"
.Fa "X509_SIG *x"
.Fc
.Ft PKCS8_PRIV_KEY_INFO *
.Fo PEM_read_bio_PKCS8_PRIV_KEY_INFO
.Fa "BIO *bp"
.Fa "PKCS8_PRIV_KEY_INFO **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft PKCS8_PRIV_KEY_INFO *
.Fo PEM_read_PKCS8_PRIV_KEY_INFO
.Fa "FILE *fp"
.Fa "PKCS8_PRIV_KEY_INFO **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_PKCS8_PRIV_KEY_INFO
.Fa "BIO *bp"
.Fa "PKCS8_PRIV_KEY_INFO *x"
.Fc
.Ft int
.Fo PEM_write_PKCS8_PRIV_KEY_INFO
.Fa "FILE *fp"
.Fa "PKCS8_PRIV_KEY_INFO *x"
.Fc
.Ft EVP_PKEY *
.Fo PEM_read_bio_PUBKEY
.Fa "BIO *bp"
.Fa "EVP_PKEY **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft EVP_PKEY *
.Fo PEM_read_PUBKEY
.Fa "FILE *fp"
.Fa "EVP_PKEY **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_PUBKEY
.Fa "BIO *bp"
.Fa "EVP_PKEY *x"
.Fc
.Ft int
.Fo PEM_write_PUBKEY
.Fa "FILE *fp"
.Fa "EVP_PKEY *x"
.Fc
.Ft RSA *
.Fo PEM_read_bio_RSAPrivateKey
.Fa "BIO *bp"
.Fa "RSA **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft RSA *
.Fo PEM_read_RSAPrivateKey
.Fa "FILE *fp"
.Fa "RSA **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_RSAPrivateKey
.Fa "BIO *bp"
.Fa "RSA *x"
.Fa "const EVP_CIPHER *enc"
.Fa "unsigned char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_RSAPrivateKey
.Fa "FILE *fp"
.Fa "RSA *x"
.Fa "const EVP_CIPHER *enc"
.Fa "unsigned char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft RSA *
.Fo PEM_read_bio_RSAPublicKey
.Fa "BIO *bp"
.Fa "RSA **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft RSA *
.Fo PEM_read_RSAPublicKey
.Fa "FILE *fp"
.Fa "RSA **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_RSAPublicKey
.Fa "BIO *bp"
.Fa "RSA *x"
.Fc
.Ft int
.Fo PEM_write_RSAPublicKey
.Fa "FILE *fp"
.Fa "RSA *x"
.Fc
.Ft RSA *
.Fo PEM_read_bio_RSA_PUBKEY
.Fa "BIO *bp"
.Fa "RSA **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft RSA *
.Fo PEM_read_RSA_PUBKEY
.Fa "FILE *fp"
.Fa "RSA **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_RSA_PUBKEY
.Fa "BIO *bp"
.Fa "RSA *x"
.Fc
.Ft int
.Fo PEM_write_RSA_PUBKEY
.Fa "FILE *fp"
.Fa "RSA *x"
.Fc
.Ft DSA *
.Fo PEM_read_bio_DSAPrivateKey
.Fa "BIO *bp"
.Fa "DSA **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft DSA *
.Fo PEM_read_DSAPrivateKey
.Fa "FILE *fp"
.Fa "DSA **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_DSAPrivateKey
.Fa "BIO *bp"
.Fa "DSA *x"
.Fa "const EVP_CIPHER *enc"
.Fa "unsigned char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_DSAPrivateKey
.Fa "FILE *fp"
.Fa "DSA *x"
.Fa "const EVP_CIPHER *enc"
.Fa "unsigned char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft DSA *
.Fo PEM_read_bio_DSA_PUBKEY
.Fa "BIO *bp"
.Fa "DSA **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft DSA *
.Fo PEM_read_DSA_PUBKEY
.Fa "FILE *fp"
.Fa "DSA **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_DSA_PUBKEY
.Fa "BIO *bp"
.Fa "DSA *x"
.Fc
.Ft int
.Fo PEM_write_DSA_PUBKEY
.Fa "FILE *fp"
.Fa "DSA *x"
.Fc
.Ft DSA *
.Fo PEM_read_bio_DSAparams
.Fa "BIO *bp"
.Fa "DSA **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft DSA *
.Fo PEM_read_DSAparams
.Fa "FILE *fp"
.Fa "DSA **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_DSAparams
.Fa "BIO *bp"
.Fa "DSA *x"
.Fc
.Ft int
.Fo PEM_write_DSAparams
.Fa "FILE *fp"
.Fa "DSA *x"
.Fc
.Ft DH *
.Fo PEM_read_bio_DHparams
.Fa "BIO *bp"
.Fa "DH **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft DH *
.Fo PEM_read_DHparams
.Fa "FILE *fp"
.Fa "DH **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_DHparams
.Fa "BIO *bp"
.Fa "DH *x"
.Fc
.Ft int
.Fo PEM_write_DHparams
.Fa "FILE *fp"
.Fa "DH *x"
.Fc
.Ft EC_GROUP *
.Fo PEM_read_bio_ECPKParameters
.Fa "BIO *bp"
.Fa "EC_GROUP **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft EC_GROUP *
.Fo PEM_read_ECPKParameters
.Fa "FILE *fp"
.Fa "EC_GROUP **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_ECPKParameters
.Fa "BIO *bp"
.Fa "const EC_GROUP *x"
.Fc
.Ft int
.Fo PEM_write_ECPKParameters
.Fa "FILE *fp"
.Fa "const EC_GROUP *x"
.Fc
.Ft EC_KEY *
.Fo PEM_read_bio_ECPrivateKey
.Fa "BIO *bp"
.Fa "EC_KEY **key"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft EC_KEY *
.Fo PEM_read_ECPrivateKey
.Fa "FILE *fp"
.Fa "EC_KEY **eckey"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_ECPrivateKey
.Fa "BIO *bp"
.Fa "EC_KEY *x"
.Fa "const EVP_CIPHER *enc"
.Fa "unsigned char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_ECPrivateKey
.Fa "FILE *fp"
.Fa "EC_KEY *x"
.Fa "const EVP_CIPHER *enc"
.Fa "unsigned char *kstr"
.Fa "int klen"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft EC_KEY *
.Fo PEM_read_bio_EC_PUBKEY
.Fa "BIO *bp"
.Fa "EC_KEY **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft EC_KEY *
.Fo PEM_read_EC_PUBKEY
.Fa "FILE *fp"
.Fa "EC_KEY **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_EC_PUBKEY
.Fa "BIO *bp"
.Fa "EC_KEY *x"
.Fc
.Ft int
.Fo PEM_write_EC_PUBKEY
.Fa "FILE *fp"
.Fa "EC_KEY *x"
.Fc
.Ft X509 *
.Fo PEM_read_bio_X509
.Fa "BIO *bp"
.Fa "X509 **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft X509 *
.Fo PEM_read_X509
.Fa "FILE *fp"
.Fa "X509 **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_X509
.Fa "BIO *bp"
.Fa "X509 *x"
.Fc
.Ft int
.Fo PEM_write_X509
.Fa "FILE *fp"
.Fa "X509 *x"
.Fc
.Ft X509 *
.Fo PEM_read_bio_X509_AUX
.Fa "BIO *bp"
.Fa "X509 **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft X509 *
.Fo PEM_read_X509_AUX
.Fa "FILE *fp"
.Fa "X509 **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_X509_AUX
.Fa "BIO *bp"
.Fa "X509 *x"
.Fc
.Ft int
.Fo PEM_write_X509_AUX
.Fa "FILE *fp"
.Fa "X509 *x"
.Fc
.Ft X509_REQ *
.Fo PEM_read_bio_X509_REQ
.Fa "BIO *bp"
.Fa "X509_REQ **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft X509_REQ *
.Fo PEM_read_X509_REQ
.Fa "FILE *fp"
.Fa "X509_REQ **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_X509_REQ
.Fa "BIO *bp"
.Fa "X509_REQ *x"
.Fc
.Ft int
.Fo PEM_write_X509_REQ
.Fa "FILE *fp"
.Fa "X509_REQ *x"
.Fc
.Ft int
.Fo PEM_write_bio_X509_REQ_NEW
.Fa "BIO *bp"
.Fa "X509_REQ *x"
.Fc
.Ft int
.Fo PEM_write_X509_REQ_NEW
.Fa "FILE *fp"
.Fa "X509_REQ *x"
.Fc
.Ft X509_CRL *
.Fo PEM_read_bio_X509_CRL
.Fa "BIO *bp"
.Fa "X509_CRL **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft X509_CRL *
.Fo PEM_read_X509_CRL
.Fa "FILE *fp"
.Fa "X509_CRL **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_X509_CRL
.Fa "BIO *bp"
.Fa "X509_CRL *x"
.Fc
.Ft int
.Fo PEM_write_X509_CRL
.Fa "FILE *fp"
.Fa "X509_CRL *x"
.Fc
.Ft PKCS7 *
.Fo PEM_read_bio_PKCS7
.Fa "BIO *bp"
.Fa "PKCS7 **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft PKCS7 *
.Fo PEM_read_PKCS7
.Fa "FILE *fp"
.Fa "PKCS7 **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_bio_PKCS7
.Fa "BIO *bp"
.Fa "PKCS7 *x"
.Fc
.Ft int
.Fo PEM_write_PKCS7
.Fa "FILE *fp"
.Fa "PKCS7 *x"
.Fc
.In openssl/cms.h
.Ft CMS_ContentInfo *
.Fo PEM_read_CMS
.Fa "FILE *fp"
.Fa "CMS_ContentInfo **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft CMS_ContentInfo *
.Fo PEM_read_bio_CMS
.Fa "BIO *bp"
.Fa "CMS_ContentInfo **x"
.Fa "pem_password_cb *cb"
.Fa "void *u"
.Fc
.Ft int
.Fo PEM_write_CMS
.Fa "FILE *fp"
.Fa "const CMS_ContentInfo *x"
.Fc
.Ft int
.Fo PEM_write_bio_CMS
.Fa "BIO *bp"
.Fa "const CMS_ContentInfo *x"
.Fc
.Sh DESCRIPTION
The PEM functions read or write structures in PEM format.
In this sense PEM format is simply base64-encoded data surrounded by
header lines; see
.Xr PEM_read 3
for more details.
.Pp
For more details about the meaning of arguments see the
.Sx PEM function arguments
section.
.Pp
Each operation has four functions associated with it.
For brevity the term
.Dq Ar TYPE No functions
will be used to collectively refer to the
.Fn PEM_read_bio_TYPE ,
.Fn PEM_read_TYPE ,
.Fn PEM_write_bio_TYPE ,
and
.Fn PEM_write_TYPE
functions.
If no set of specific functions exists for a given type,
.Xr PEM_ASN1_read 3
can be used instead.
.Pp
The
.Sy PrivateKey
functions read or write a private key in PEM format using an
.Vt EVP_PKEY
structure.
The write routines use "traditional" private key format and can handle
both RSA and DSA private keys.
The read functions can additionally transparently handle PKCS#8 format
encrypted and unencrypted keys too.
.Pp
.Fn PEM_write_bio_PKCS8PrivateKey
and
.Fn PEM_write_PKCS8PrivateKey
write a private key in an
.Vt EVP_PKEY
structure in PKCS#8
.Vt EncryptedPrivateKeyInfo
format using PKCS#5 v2.0 password based encryption algorithms.
The
.Fa enc
argument specifies the encryption algorithm to use: unlike all other PEM
routines, the encryption is applied at the PKCS#8 level and not in the
PEM headers.
If
.Fa enc
is
.Dv NULL ,
then no encryption is used and a PKCS#8
.Vt PrivateKeyInfo
structure is used instead.
.Pp
.Fn PEM_write_bio_PKCS8PrivateKey_nid
and
.Fn PEM_write_PKCS8PrivateKey_nid
also write out a private key as a PKCS#8
.Vt EncryptedPrivateKeyInfo .
However they use PKCS#5 v1.5 or PKCS#12 encryption algorithms instead.
The algorithm to use is specified in the
.Fa nid
parameter and should be the NID of the corresponding OBJECT IDENTIFIER.
.Pp
The
.Sy PKCS8
functions process an encrypted private key using an
.Vt X509_SIG
structure and the
.Xr d2i_X509_SIG 3
function.
.Pp
The
.Sy PKCS8_PRIV_KEY_INFO
functions process a private key using a
.Vt PKCS8_PRIV_KEY_INFO
structure.
.Pp
The
.Sy PUBKEY
functions process a public key using an
.Vt EVP_PKEY
structure.
The public key is encoded as an ASN.1
.Vt SubjectPublicKeyInfo
structure.
.Pp
The
.Sy RSAPrivateKey
functions process an RSA private key using an
.Vt RSA
structure.
They handle the same formats as the
.Sy PrivateKey
functions, but an error occurs if the private key is not RSA.
.Pp
The
.Sy RSAPublicKey
functions process an RSA public key using an
.Vt RSA
structure.
The public key is encoded using a PKCS#1
.Vt RSAPublicKey
structure.
.Pp
The
.Sy RSA_PUBKEY
functions also process an RSA public key using an
.Vt RSA
structure.
However the public key is encoded using an ASN.1
.Vt SubjectPublicKeyInfo
structure and an error occurs if the public key is not RSA.
.Pp
The
.Sy DSAPrivateKey
functions process a DSA private key using a
.Vt DSA
structure.
They handle the same formats as the
.Sy PrivateKey
functions but an error occurs if the private key is not DSA.
.Pp
The
.Sy DSA_PUBKEY
functions process a DSA public key using a
.Vt DSA
structure.
The public key is encoded using an ASN.1
.Vt SubjectPublicKeyInfo
structure and an error occurs if the public key is not DSA.
.Pp
The
.Sy DSAparams
functions process DSA parameters using a
.Vt DSA
structure.
The parameters are encoded using a Dss-Parms structure as defined in RFC 2459.
.Pp
The
.Sy DHparams
functions process DH parameters using a
.Vt DH
structure.
The parameters are encoded using a PKCS#3 DHparameter structure.
.Pp
The
.Sy ECPKParameters
functions process EC parameters using an
.Vt EC_GROUP
structure and the
.Xr d2i_ECPKParameters 3
function.
.Pp
The
.Sy ECPrivateKey
functions process an EC private key using an
.Vt EC_KEY
structure.
.Pp
The
.Sy EC_PUBKEY
functions process an EC public key using an
.Vt EC_KEY
structure.
.Pp
The
.Sy X509
functions process an X509 certificate using an
.Vt X509
structure.
They will also process a trusted X509 certificate but any trust settings
are discarded.
.Pp
The
.Sy X509_AUX
functions process a trusted X509 certificate using an
.Vt X509
structure.
The
.Xr X509_check_trust 3
manual explains how the auxiliary trust information is used.
.Pp
The
.Sy X509_REQ
and
.Sy X509_REQ_NEW
functions process a PKCS#10 certificate request using an
.Vt X509_REQ
structure.
The
.Sy X509_REQ
write functions use CERTIFICATE REQUEST in the header whereas the
.Sy X509_REQ_NEW
functions use NEW CERTIFICATE REQUEST (as required by some CAs).
The
.Sy X509_REQ
read functions will handle either form so there are no
.Sy X509_REQ_NEW
read functions.
.Pp
The
.Sy X509_CRL
functions process an X509 CRL using an
.Vt X509_CRL
structure.
.Pp
The
.Sy PKCS7
functions process a PKCS#7
.Vt ContentInfo
using a
.Vt PKCS7
structure.
.Pp
The
.Sy CMS
functions process a
.Vt CMS_ContentInfo
structure.
.Pp
The old
.Sy PrivateKey
write routines are retained for compatibility.
New applications should write private keys using the
.Fn PEM_write_bio_PKCS8PrivateKey
or
.Fn PEM_write_PKCS8PrivateKey
routines because they are more secure (they use an iteration count of
2048 whereas the traditional routines use a count of 1) unless
compatibility with older versions of OpenSSL is important.
.Pp
The
.Sy PrivateKey
read routines can be used in all applications because they handle all
formats transparently.
.Ss PEM function arguments
The PEM functions have many common arguments.
.Pp
The
.Fa bp
parameter specifies the
.Vt BIO
to read from or write to.
.Pp
The
.Fa fp
parameter specifies the
.Vt FILE
pointer to read from or write to.
.Pp
The PEM read functions all take a pointer to pointer argument
.Fa x
and return a pointer of the same type.
If
.Fa x
is
.Dv NULL ,
then the parameter is ignored.
If
.Fa x
is not
.Dv NULL
but
.Pf * Fa x
is
.Dv NULL ,
then the structure returned will be written to
.Pf * Fa x .
If neither
.Fa x
nor
.Pf * Fa x
are
.Dv NULL ,
then an attempt is made to reuse the structure at
.Pf * Fa x ,
but see the
.Sx BUGS
and
.Sx EXAMPLES
sections.
Irrespective of the value of
.Fa x ,
a pointer to the structure is always returned, or
.Dv NULL
if an error occurred.
.Pp
The PEM functions which write private keys take an
.Fa enc
parameter, which specifies the encryption algorithm to use.
Encryption is done at the PEM level.
If this parameter is set to
.Dv NULL ,
then the private key is written in unencrypted form.
.Pp
The optional arguments
.Fa u
and
.Fa cb
are a passphrase used for encrypting a PEM structure
or a callback to obtain the passphrase; see
.Xr pem_password_cb 3
for details.
.Pp
For the PEM write routines, if the
.Fa kstr
parameter is not
.Dv NULL ,
then
.Fa klen
bytes at
.Fa kstr
are used as the passphrase and
.Fa cb
is ignored.
.Ss PEM encryption format
This old
.Sy PrivateKey
routines use a non-standard technique for encryption.
.Pp
The private key (or other data) takes the following form:
.Bd -literal -offset indent
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89

\&...base64 encoded data...
-----END RSA PRIVATE KEY-----
.Ed
.Pp
The line beginning with
.Dq DEK-Info
contains two comma separated pieces of information:
the encryption algorithm name as used by
.Xr EVP_get_cipherbyname 3
and an 8-byte salt encoded as a set of hexadecimal digits.
.Pp
After this is the base64-encoded encrypted data.
.Pp
The encryption key is determined using
.Xr EVP_BytesToKey 3 ,
using the salt and an iteration count of 1.
The IV used is the value of the salt and *not* the IV returned by
.Xr EVP_BytesToKey 3 .
.Sh RETURN VALUES
The read routines return either a pointer to the structure read or
.Dv NULL
if an error occurred.
.Pp
The write routines return 1 for success or 0 for failure.
.Sh EXAMPLES
Although the PEM routines take several arguments, in almost all
applications most of them are set to 0 or
.Dv NULL .
.Pp
Read a certificate in PEM format from a
.Vt BIO :
.Bd -literal -offset indent
X509 *x;
x = PEM_read_bio_X509(bp, NULL, 0, NULL);
if (x == NULL) {
	/* Error */
}
.Ed
.Pp
Alternative method:
.Bd -literal -offset indent
X509 *x = NULL;
if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
	/* Error */
}
.Ed
.Pp
Write a certificate to a
.Vt BIO :
.Bd -literal -offset indent
if (!PEM_write_bio_X509(bp, x)) {
	/* Error */
}
.Ed
.Pp
Write an unencrypted private key to a
.Vt FILE :
.Bd -literal -offset indent
if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) {
	/* Error */
}
.Ed
.Pp
Write a private key (using traditional format) to a
.Vt BIO
using triple DES encryption; the pass phrase is prompted for:
.Bd -literal -offset indent
if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(),
    NULL, 0, 0, NULL)) {
	/* Error */
}
.Ed
.Pp
Write a private key (using PKCS#8 format) to a
.Vt BIO
using triple DES encryption, using the pass phrase "hello":
.Bd -literal -offset indent
if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),
    NULL, 0, 0, "hello")) {
	/* Error */
}
.Ed
.Pp
Read a private key from a
.Vt BIO
using the pass phrase "hello":
.Bd -literal -offset indent
key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello");
if (key == NULL) {
	/* Error */
}
.Ed
.Pp
Read a private key from a
.Vt BIO
using a pass phrase callback:
.Bd -literal -offset indent
key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
if (key == NULL) {
	/* Error */
}
.Ed
.Pp
Skeleton pass phrase callback:
.Bd -literal -offset indent
int
pass_cb(char *buf, int size, int rwflag, void *u)
{
	char	*tmp;
	size_t	 len;

	/* We'd probably do something else if 'rwflag' is 1 */
	printf("Enter pass phrase for \e"%s\e"\en", u);

	/*
	 * Instead of the following line, get the passphrase
	 * from the user in some way.
	 */
	tmp = "hello";
	if (tmp == NULL) /* An error occurred. */
		return -1;

	len = strlen(tmp);
	if (len == 0) /* Treat an empty passphrase as an error, too. */
		return -1;

	/* if too long, truncate */
	if (len > size)
		len = size;
	memcpy(buf, tmp, len);
	return len;
}
.Ed
.Sh SEE ALSO
.Xr BIO_new 3 ,
.Xr DSA_new 3 ,
.Xr PEM_ASN1_read 3 ,
.Xr PEM_bytes_read_bio 3 ,
.Xr PEM_read 3 ,
.Xr PEM_read_SSL_SESSION 3 ,
.Xr PEM_write_bio_CMS_stream 3 ,
.Xr PEM_write_bio_PKCS7_stream 3 ,
.Xr PEM_X509_INFO_read 3 ,
.Xr RSA_new 3 ,
.Xr X509_CRL_new 3 ,
.Xr X509_REQ_new 3 ,
.Xr X509_SIG_new 3
.Sh HISTORY
.Fn PEM_read_X509
and
.Fn PEM_write_X509
appeared in SSLeay 0.4 or earlier.
.Fn PEM_read_X509_REQ ,
.Fn PEM_write_X509_REQ ,
.Fn PEM_read_X509_CRL ,
and
.Fn PEM_write_X509_CRL
first appeared in SSLeay 0.4.4.
.Fn PEM_read_RSAPrivateKey ,
.Fn PEM_write_RSAPrivateKey ,
.Fn PEM_read_DHparams ,
.Fn PEM_write_DHparams ,
.Fn PEM_read_PKCS7 ,
and
.Fn PEM_write_PKCS7
first appeared in SSLeay 0.5.1.
.Fn PEM_read_bio_PrivateKey ,
.Fn PEM_read_PrivateKey ,
.Fn PEM_read_bio_RSAPrivateKey ,
.Fn PEM_write_bio_RSAPrivateKey ,
.Fn PEM_read_bio_DSAPrivateKey ,
.Fn PEM_read_DSAPrivateKey ,
.Fn PEM_write_bio_DSAPrivateKey ,
.Fn PEM_write_DSAPrivateKey ,
.Fn PEM_read_bio_DHparams ,
.Fn PEM_write_bio_DHparams ,
.Fn PEM_read_bio_X509 ,
.Fn PEM_write_bio_X509 ,
.Fn PEM_read_bio_X509_REQ ,
.Fn PEM_write_bio_X509_REQ ,
.Fn PEM_read_bio_X509_CRL ,
.Fn PEM_write_bio_X509_CRL ,
.Fn PEM_read_bio_PKCS7 ,
and
.Fn PEM_write_bio_PKCS7
first appeared in SSLeay 0.6.0.
.Fn PEM_write_bio_PrivateKey ,
.Fn PEM_write_PrivateKey ,
.Fn PEM_read_bio_DSAparams ,
.Fn PEM_read_DSAparams ,
.Fn PEM_write_bio_DSAparams ,
and
.Fn PEM_write_DSAparams
first appeared in SSLeay 0.8.0.
.Fn PEM_read_bio_RSAPublicKey ,
.Fn PEM_read_RSAPublicKey ,
.Fn PEM_write_bio_RSAPublicKey ,
and
.Fn PEM_write_RSAPublicKey
first appeared in SSLeay 0.8.1.
All these functions have been available since
.Ox 2.4 .
.Pp
.Fn PEM_write_bio_PKCS8PrivateKey ,
.Fn PEM_write_PKCS8PrivateKey ,
.Fn PEM_read_bio_PKCS8 ,
.Fn PEM_read_PKCS8 ,
.Fn PEM_write_bio_PKCS8 ,
.Fn PEM_write_PKCS8 ,
.Fn PEM_read_bio_PKCS8_PRIV_KEY_INFO ,
.Fn PEM_read_PKCS8_PRIV_KEY_INFO ,
.Fn PEM_write_bio_PKCS8_PRIV_KEY_INFO ,
.Fn PEM_write_PKCS8_PRIV_KEY_INFO ,
.Pp
.Fn PEM_write_bio_PKCS8PrivateKey_nid ,
.Fn PEM_write_PKCS8PrivateKey_nid ,
.Fn PEM_read_bio_PUBKEY ,
.Fn PEM_read_PUBKEY ,
.Fn PEM_write_bio_PUBKEY ,
.Fn PEM_write_PUBKEY ,
.Fn PEM_read_bio_RSA_PUBKEY ,
.Fn PEM_read_RSA_PUBKEY ,
.Fn PEM_write_bio_RSA_PUBKEY ,
.Fn PEM_write_RSA_PUBKEY ,
.Fn PEM_read_bio_DSA_PUBKEY ,
.Fn PEM_read_DSA_PUBKEY ,
.Fn PEM_write_bio_DSA_PUBKEY ,
.Fn PEM_write_DSA_PUBKEY ,
.Fn PEM_write_bio_X509_REQ_NEW ,
.Fn PEM_write_X509_REQ_NEW ,
.Fn PEM_read_bio_X509_AUX ,
.Fn PEM_read_X509_AUX ,
.Fn PEM_write_bio_X509_AUX ,
and
.Fn PEM_write_X509_AUX
first appeared in OpenSSL 0.9.5 and have been available since
.Ox 2.7 .
.Pp
.Fn PEM_read_bio_ECPKParameters ,
.Fn PEM_read_ECPKParameters ,
.Fn PEM_write_bio_ECPKParameters ,
.Fn PEM_write_ECPKParameters ,
.Fn PEM_read_bio_ECPrivateKey ,
.Fn PEM_read_ECPrivateKey ,
.Fn PEM_write_bio_ECPrivateKey ,
.Fn PEM_write_ECPrivateKey ,
.Fn PEM_read_bio_EC_PUBKEY ,
.Fn PEM_read_EC_PUBKEY ,
.Fn PEM_write_bio_EC_PUBKEY ,
and
.Fn PEM_write_EC_PUBKEY
first appeared in OpenSSL 0.9.8 and have been available since
.Ox 4.5 .
.Pp
.Fn PEM_read_CMS ,
.Fn PEM_read_bio_CMS ,
.Fn PEM_write_CMS ,
and
.Fn PEM_write_bio_CMS
first appeared in OpenSSL 0.9.8h and have been available since
.Ox 6.7 .
.Sh CAVEATS
A frequent cause of problems is attempting to use the PEM routines like
this:
.Bd -literal -offset indent
X509 *x;
PEM_read_bio_X509(bp, &x, 0, NULL);
.Ed
.Pp
This is a bug because an attempt will be made to reuse the data at
.Fa x ,
which is an uninitialised pointer.
.Pp
These functions make no assumption regarding the pass phrase received
from the password callback.
It will simply be treated as a byte sequence.
.Sh BUGS
The PEM read routines in some versions of OpenSSL will not correctly
reuse an existing structure.
Therefore
.Pp
.Dl PEM_read_bio_X509(bp, &x, 0, NULL);
.Pp
where
.Fa x
already contains a valid certificate may not work, whereas
.Bd -literal -offset indent
X509_free(x);
x = PEM_read_bio_X509(bp, NULL, 0, NULL);
.Ed
.Pp
is guaranteed to work.