EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption
int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk); int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
The EVP envelope routines are a high level interface to envelope encryption. They generate a random key and IV (if required) then ``envelope'' it by using public key encryption. Data can then be encrypted using this key.
The iv parameter is a buffer where the generated IV is written to. It must contain
enough room for the corresponding cipher's IV, as determined by (for
If the cipher does not require an IV then the iv parameter is ignored and can be NULL.
Because a random secret key is generated the random number generator must
be seeded before calling
The public key must be RSA because it is the only OpenSSL public key algorithm that supports key transport.
Envelope encryption is the usual method of using public key encryption on large amounts of data, this is because public key encryption is slow but symmetric encryption is fast. So symmetric encryption is used for bulk encryption and the small random symmetric key used is transferred using public key encryption.
It is possible to call