OpenSSL Encryption Library


Encryption Resources

Name -- Syntax / Description
crypto_base64_decode
crypto_base64_decode( data )
Decodes and returns Base-64 decodes data.
Returns the decrypted data
  • data = the information to decode
crypto_base64_encode
crypto_base64_encode( data )
Encodes and returns Base-64 encoded data.
Returns the encrypted data
  • data = the information to encode
crypto_cipher_block_size
crypto_cipher_block_size( ciphername )
Programatically determine the block size attribute of the cipher specified by "ciphername".
returns the numeric size, in bytes, or -1 if an invalid "ciphername" is specified.
  • ciphername = an OpenSSL cipher identifier, such as "aes-128-cbc" or "rc2-ofb".
crypto_cipher_iv_length
crypto_cipher_iv_length( ciphername )
Programatically determine the iv_length attribute of the cipher specified by "ciphername".
returns the numeric size, in bytes, or -1 if an invalid "ciphername" is specified.
  • ciphername = an OpenSSL cipher identifier, such as "aes-128-cbc" or "rc2-ofb".
crypto_cipher_key_length
crypto_cipher_key_length( ciphername )
Programatically determine the key_length attribute of the cipher specified by "ciphername".
returns the numeric size, in bytes, or -1 if an invalid "ciphername" is specified.
  • ciphername = an OpenSSL cipher identifier, such as "aes-128-cbc" or "rc2-ofb".
crypto_cipher_mode
crypto_cipher_mode( ciphername )
Returns the block mode of operation of the cipher specified by "ciphername."
  • where ciphername = an OpenSSL cipher identifier, such as "aes-128-cbc" or "rc2-ofb"
crypto_digest_block_size
crypto_digest_block_size( digestname )
Programatically determines the block_size attribute of the digest algorithm specified by "digestname".
Returns the numeric size, in bytes, or -1 if an invalid "digestname" is specified.
  • digestname = an OpenSSL digest identifier, such as "sha256" or "md5".
crypto_digest_size
crypto_digest_size( digestname )
Programatically determines the digest_size attribute of the digest algorithm specified by "digestname".
Returns the numeric size, in bytes, or -1 if an invalid "digestname" is specified.
  • digestname = an OpenSSL digest identifier, such as "sha256" or "md5".
crypto_evp_decrypt
crypto_evp_decrypt( ciphername, key, iv, encrypted, plaintext var )
Decrypts "plaintext" using the block cipher specified by "ciphername", placing the decrypted data into "plaintext".
Return 1 on success, 0 on failure.
  • ciphername = The OpenSSL identifier of the cipher, such as "bf-cbc" or "des-ede3-cbc".
  • key = The key used for encryption.
  • iv = The initialization vector used for encryption. returned by crypto_cipher_iv_length().
  • encrypted = The ciphertext to be decrypted
  • plaintext = [output] Receives the plaintext
crypto_evp_digest
crypto_evp_digest( digestname, buffer var, digest var )
Calculates the digest of "buffer" using digest algorithm "digestname", placing the calculated digest in "digest". The digest output is always in raw binary format, use miva_hex_encode() or crypto_base64_encode() if other output formats are desired.
Returns 1 on success or 0 if an invalid or unsupported "digestname" is specified.
  • digestname = an OpenSSL digest identifier, such as "sha256" or "md5". buffer =
  • digest =
crypto_evp_encrypt
crypto_evp_encrypt( ciphername, key, iv, plaintext, encrypted var )
Encrypts "plaintext" using the block cipher specified by "ciphername", placing the encrypted data into "encrypted".
returns 1 on success, 0 on failure
  • ciphername = The OpenSSL identifier of the cipher, such as "bf-cbc" or "des-ede3-cbc".
  • key = The encryption key. Must be exactly the number of bytes required by the cipher, as returned by crypto_cipher_key_length.
  • iv = An initialization vector, if required by the cipher. Must be exactly the number of bytes required by the cipher, as returned by crypto_cipher_iv_length.
  • plaintext = The text to be encrypted
  • encrypted = [output] Receives the cipher text
crypto_evp_hmac
crypto_evp_hmac( digestname, key, buffer var, digest var )
Calculates the HMAC of "buffer" using digest algorithm "digestname" and key "key", placing the HMAC in "digest". The HMAC output is always in raw binary format, use miva_hex_encode() or crypto_base64_encode() if other output formats are desired.
Returns 1 on success or 0 if an invalid or unsupported "digestname" is specified.
  • digestname = an OpenSSL digest identifier, such as "sha256" or "md5".
  • buffer = The data that will be process.
  • digest = The result of the HMAC function.
crypto_hmac_md5
crypto_hmac_md5( buffer var, key, format, result var )
Performs an HMAC-MD5 on "buffer" using key "key", storing the result in "result".
Returns 1 on success, 0 on error.
  • buffer = the data that will be processed.
  • key = the encryption key
  • format = on of the literal string "hex" or "binary"
  • result = the return data.
crypto_hmac_sha1
crypto_hmac_sha1( value, key, output_format, output)
Calculates an HMAC SHA-1 (Hash-based Message Authentication Code) of value
returns: 1 on success, 0 on failure (including OpenSSL not being available)
  • value = value to hash by reference
  • key = key to use to calculate the hmac
  • output_format = 'hex' or 'binary'
  • output = hmac_sha1 hash value.
crypto_hmac_sha256
crypto_hmac_sha256( buffer var, key, format, result var )
Calculates an HMAC SHA-256 (Hash-based Message Authentication Code) of buffer
Returns 1 on success, 0 on error or if on an unsuported platform.
  • buffer = value to hash
  • key = binary key to use to calculate the hmac
  • format = "binary" or "hex"
  • result = a variable used to store the results.
crypto_last_error
crypto_last_error()
Returns the error text from the last SSL error, or other internal errors in the crypto suite of functions. Use crypto_last_ssl_error() instead to get the code of the last SSL error. ⇨ Version 5.32 -- Previously if the crypto error originated from Miva Empresa, the returned error was always the same. If the crypto error was from OpenSSL then it would be lost after calling the function. Modified to always return the last crypto error.
Returns error text.
crypto_last_ssl_error
crypto_last_ssl_error()
Returns the Integer value of the last SSL error code. Use crypto_last_error() instead to get the text of the last SSL error.
Returns error code.
crypto_library_version
crypto_library_version( info )
crypto_md5
crypto_md5( buffer )
Calculates the MD5 hash of a string.
Returns the MD5 hash value.
  • buffer = the data to be hashed.
crypto_md5_file
crypto_md5_file( file, location, hash var )
Calculates the md5 hash of a file
Returns 1 on success, 0 on failure.
  • file = Name of file to calculate the hash of
  • location = Location either "script" or "data"
  • hash = MD5 hash value
crypto_pbkdf1
crypto_pbkdf1( digestname, password, salt, iterations, dklen, dk var )
Derives a key of "dklen" bytes using PBKDF1 from PKCS #5.
Returns 1 on success or 0 on error.
  • digestname = The digest algorithm to use. Must be one of "md2", "md5" or "sha1". password = The password from which a key is to be derived.
  • salt = Exactly 8 bytes of random data that are used as a salt.
  • iterations = The number of iterations to perform.
  • dklen = The desired output length of the derived key. May not be longer than the output digest size of the specified digest algorithm.
  • dk = [output] Receives the derived key. The output is in raw binary.
crypto_pbkdf2
crypto_pbkdf2( digestname, password, salt, iterations, dklen, dk var )
Derives a key of "dklen" bytes using PBKDF2 from PKCS #5.
Returns 1 on success or 0 on error.
  • digestname = The digest algorithm to use. May be any of the digests supported by the installed OpenSSL version.
  • password = The password from which a key is to be derived.
  • salt = Random data of any length that is used to salt the derivation. RFC 2898 recommends a minimum salt length of 8 bytes.
  • iterations = The number of iterations to perform. RFC 2898 recommends at least 1000 iterations.
  • dklen = The desired output length of the derived key. May be any positive value.
  • dk = [output] Receives the derived key. The output is in raw binary.
crypto_rand_bytes
crypto_rand_bytes( n )
Generates n random bytes.
Returns a string of bytes
  • n = the number of bytes
crypto_rand_set_rand_engine
crypto_rand_set_rand_engine( engine )
Specify the random number generating engine to use.
Return value: 1 on success, 0 on failure.
  • engine = Name of the random number generator engine to use.
crypto_sha1
crypto_sha1( buffer var, format, result var )
Returns an SHA1 hash of buffer. Secure Hash Algorithm
Returns 1 on success, 0 on failure. (including OpenSSL not being available)
  • buffer = value to hash by reference
  • output_format = 'hex' or 'binary'. Anything else will result in binary output.
  • output = returned sha1 hash value.
crypto_sha256
crypto_sha256( buffer var, format, result var )
Returns an SHA256 hash of buffer. Secure Hash Algorithm. May not be available on platforms running versions of OpenSSL Older than v0.9.8.
Returns 1 on success, 0 on failure. (including OpenSSL not being available)
  • buffer = value to hash by reference
  • output_format = 'hex' or 'binary'. Anything else will result in binary output.
  • output = returned sha1 hash value.
crypto_xor
crypto_xor( buffer var, dest var )
Efficiently performs a byte-by-byte XOR of buffer and dest, storing the resulting data in "dest". If "buffer" is longer than "dest", any extra bytes are ignored.
Returns nothing.
  • buffer = the data that will be processed.
  • dest = the data that will processed against buffer and will contain the results.
crypto_evp_encrypt_auth
crypto_evp_encrypt_auth( ciphername, key, iv, aad, plaintext, encrypted var, tag var )
Encrypt the data in "plaintext" using the ciphername, key, and initial vector, returning the encrypted data in "encrypted" and a tag value in "tag" to be used to ensure that the ciphertext and AAD are not tampered with in transit.
Returns 1 on success, 0 on failure
  • ciphername = Name of cipher to use. An example is "aes-256-gcm"
  • key = Key value
  • iv = Initial vector
  • aad = Additional authenticated data
  • plaintext = Plaintext to encrypt
  • encrypted = Resulting encrypted value
  • tag = tag value
evp_pkey_load_mem
evp_pkey_load_mem( data, format, passphrase, pkey var )
Given a EVP PKEY structure in the given format and a passphrase, verifies the PKEY structure and stores it in internal storage, and returns a reference to the internal storage. ⇨ Version 5.32 -- now supports the DER and PEM formats.
Returns 1 on success, 0 on failure
  • data = EVP PKEY structure text
  • format = Format of the PKEY structure text. Only "pkcs12" is supported
  • passphrase = Passphrase for the PKEY structure
  • pkey = Structure reference
evp_pkey_load_pubkey_mem
evp_pkey_load_pubkey_mem( data, format, pkey var )
Given EVP PKEY information in the given format, parse and load the public key from it and return a reference to the internal storage.
Returns 1 on success, 0 on failure
  • data = EVP PKEY text
  • format = Format of the EVP PKEY text. Valid values are "pem" and "der"
  • pkey = Structure reference to internal storage
evp_pkey_derive
evp_pkey_derive( privkey var, peer var, key var )
Given structure references to a EVP PKEY structure with a secret key and a peer public key, derive a shared secret key and return the text in "key".
Returns 1 on success, 0 on failure
  • privkey = EVP PKEY structure reference
  • peer = EVP PKEY structure reference
  • key = Returned text of shared secret key
evp_pkey_free
evp_pkey_free( key var )
Remove an EVP_PKEY structure from internal memory. The passed EVP_PKEY structure reference is unchanged on failure (invalid reference) or set to 0 on success.
Returns 1 on success, 0 on failure
  • key = EVP_PKEY structure reference
crypto_next_error
crypto_next_error()
A string value containing the appropriate crypto error
  • Parameters: None
crypto_clear_error
crypto_clear_error()
Clear out all crypto errors.
  • Parameters: None
crypto_evp_sign
crypto_evp_sign( digestname, privkey, buffer, signature var )
1 on success, 0 on failure
  • digestname = Hash algorithm name, such as "md5" or "sha256". Supported digest algorithms will vary between OpenSSL installations
  • privkey = EVP PKEY structure reference
  • buffer = The data to sign
  • signature = The signed output signature
crypto_evp_verify
crypto_evp_verify( digestname, pubkey, buffer, signature )
1 on success, 0 on failure
  • digestname - Hash algorithm name, such as "md5" or "sha256". Supported digest algorithms will vary between OpenSSL installations
  • pubkey - EVP PKEY structure reference
  • buffer - The data to verify
  • signature - The signature to verify
evp_pkey_load_pubkey_x509
evp_pkey_load_pubkey_x509( x509 var, pkey var )
Loads a PKEY reference from an x509 public key reference
1 on success, 0 on failure
  • x509 = Certificate reference returned from functions such as x509_load_mem
  • pkey = Structure reference
User Annotations: crypto