NAME
PEM_write, PEM_write_bio, PEM_read, PEM_read_bio, PEM_do_header, PEM_get_EVP_CIPHER_INFO - PEM encoding routines
SYNOPSIS
#include <openssl/pem.h>
int PEM_write(FILE *fp, const char *name, const char *header,
const unsigned char *data, long len)
int PEM_write_bio(BIO *bp, const char *name, const char *header,
const unsigned char *data, long len)
int PEM_read(FILE *fp, char **name, char **header,
unsigned char **data, long *len);
int PEM_read_bio(BIO *bp, char **name, char **header,
unsigned char **data, long *len);
int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cinfo);
int PEM_do_header(EVP_CIPHER_INFO *cinfo, unsigned char *data, long *len,
pem_password_cb *cb, void *u);
DESCRIPTION
These functions read and write PEM-encoded objects, using the PEM type name, any additional header information, and the raw data of length len.
PEM is the term used for binary content encoding first defined in IETF RFC 1421. The content is a series of base64-encoded lines, surrounded by begin/end markers each on their own line. For example:
-----BEGIN PRIVATE KEY-----
MIICdg....
... bhTQ==
-----END PRIVATE KEY-----
Optional header line(s) may appear after the begin line, and their existence depends on the type of object being written or read.
PEM_write() writes to the file fp, while PEM_write_bio() writes to the BIO bp. The name is the name to use in the marker, the header is the header value or NULL, and data and len specify the data and its length.
The final data buffer is typically an ASN.1 object which can be decoded with the d2i function appropriate to the type name; see PEM_read_PrivateKey(3). On successful completion the data is decrypted in place, and len is updated to indicate the plaintext length. This function is deprecated, see NOTES below.
If the data is a priori known to not be encrypted, then neither PEM_do_header() nor PEM_get_EVP_CIPHER_INFO() need be called.
RETURN VALUES
PEM_read() and PEM_read_bio() return 1 on success and 0 on failure, the latter includes the case when no more PEM objects remain in the input file. To distinguish end of file from more serious errors the caller must peek at the error stack and check for PEM_R_NO_START_LINE, which indicates that no more PEM objects were found. See ERR_GET_REASON(3).
PEM_get_EVP_CIPHER_INFO() and PEM_do_header() return 1 on success, and 0 on failure. The data is likely meaningless if these functions fail.
NOTES
The PEM_get_EVP_CIPHER_INFO() and PEM_do_header() functions are deprecated. This is because the underlying PEM encryption format is obsolete, and should be avoided. It uses an encryption format with an OpenSSL-specific key-derivation function, which employs MD5 with an iteration count of 1! Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5 v2.0 PBE. See d2i_PKCS8PrivateKey_bio(3).
PEM_do_header() makes no assumption regarding the pass phrase received from the password callback. It will simply be treated as a byte sequence.
SEE ALSO
ERR_GET_LIB(3), passphrase-encoding(7)
COPYRIGHT
Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.