{ "mode": "man", "parameter": "life_cycle-pkey", "section": "7ssl", "url": "https://www.chedong.com/phpMan.php/man/life_cycle-pkey/7ssl/json", "generated": "2026-06-16T10:21:29Z", "sections": { "NAME": { "content": "lifecycle-pkey - The PKEY algorithm life-cycle\n", "subsections": [] }, "DESCRIPTION": { "content": "All public keys (PKEYs) go through a number of stages in their life-cycle:\n\nstart\nThis state represents the PKEY before it has been allocated. It is the starting state\nfor any life-cycle transitions.\n\nnewed\nThis state represents the PKEY after it has been allocated.\n\ndecapsulate\nThis state represents the PKEY when it is ready to perform a private key decapsulation\nopeartion.\n\ndecrypt\nThis state represents the PKEY when it is ready to decrypt some ciphertext.\n\nderive\nThis state represents the PKEY when it is ready to derive a shared secret.\n\ndigest sign\nThis state represents the PKEY when it is ready to perform a private key signature\noperation.\n\nencapsulate\nThis state represents the PKEY when it is ready to perform a public key encapsulation\nopeartion.\n\nencrypt\nThis state represents the PKEY when it is ready to encrypt some plaintext.\n\nkey generation\nThis state represents the PKEY when it is ready to generate a new public/private key.\n\nparameter generation\nThis state represents the PKEY when it is ready to generate key parameters.\n\nverify\nThis state represents the PKEY when it is ready to verify a public key signature.\n\nverify recover\nThis state represents the PKEY when it is ready to recover a public key signature data.\n\nfreed\nThis state is entered when the PKEY is freed. It is the terminal state for all life-\ncycle transitions.\n", "subsections": [ { "name": "State Transition Diagram", "content": "The usual life-cycle of a PKEY object is illustrated:\n+-------------+\n| |\n| start |\n| |\nEVPPKEYderive +-------------+\n+-------------+ EVPPKEYderivesetpeer |\n+-------------+\n| |----------------------------+ |\n+----------------------------| |\n| derive | | | | EVPPKEYverify\n| verify |\n| |<---------------------------+ |\n+--------------------------->| |\n+-------------+ |\n+-------------+\n^ |\n^\n| EVPPKEYderiveinit | EVPPKEYverifyinit\n|\n+---------------------------------------+ |\n+---------------------------------------+\n| | |\n+-------------+ | | |\n+-------------+\n| |----------------------------+ | | |\n+----------------------------| |\n| digest sign | EVPPKEYsign | | | | |\nEVPPKEYverifyrecover | verify |\n| |<---------------------------+ | | |\n+--------------------------->| recover |\n+-------------+ | | |\n+-------------+\n^ | | |\n^\n| EVPPKEYsigninit | | |\nEVPPKEYverifyrecoverinit |\n+---------------------------------+ | | |\n+---------------------------------+\n| | | | |\n+-------------+ | | | | |\n+-------------+\n| |----------------------------+ | | | | |\n+----------------------------| |\n| decapsulate | EVPPKEYdecapsulate | | | | | | | EVPPKEYdecrypt\n| decrypt |\n| |<---------------------------+ | | v | |\n+--------------------------->| |\n+-------------+ | +-------------+ |\n+-------------+\n^ +---| |---+\n^\n| EVPPKEYdecapsulateinit | | EVPPKEYdecryptinit\n|\n+-------------------------------------| newed\n|-------------------------------------+\n| |\n+---| |---+\n+-------------+ | +-------------+ |\n+-------------+\n| |----------------------------+ | | | |\n+----------------------------| |\n| encapsulate | EVPPKEYencapsulate | | | | | | EVPPKEYencrypt\n| encrypt |\n| |<---------------------------+ | | | |\n+--------------------------->| |\n+-------------+ | | | |\n+-------------+\n^ | | | |\n^\n| EVPPKEYencapsulateinit | | | | EVPPKEYencryptinit\n|\n+---------------------------------+ | |\n+---------------------------------+\n| |\n+---------------------------------------+\n+---------------------------------------+\n| EVPPKEYparamgeninit EVPPKEYkeygeninit\n|\nv\nv\n+-------------+\n+-------------+\n| |----------------------------+\n+----------------------------| |\n| parameter | | |\n| key |\n| generation |<---------------------------+\n+--------------------------->| generation |\n+-------------+ EVPPKEYparamgen EVPPKEYkeygen\n+-------------+\nEVPPKEYgen EVPPKEYgen\n\n\n+ - - - - - + +-----------+\n' ' EVPPKEYCTXfree | |\n' any state '------------------->| freed |\n' ' | |\n+ - - - - - + +-----------+\n" }, { "name": "Formal State Transitions", "content": "This section defines all of the legal state transitions. This is the canonical list.\nFunction Call\n---------------------------------------------------------------------- Current State\n----------------------------------------------------------------------\nstart newed digest verify verify\nencrypt decrypt derive encapsulate decapsulate parameter key\nfreed\nsign recover\ngeneration generation\nEVPPKEYCTXnew newed\nEVPPKEYCTXnewid newed\nEVPPKEYCTXnewfromname newed\nEVPPKEYCTXnewfrompkey newed\nEVPPKEYsigninit digest digest digest digest\ndigest digest digest digest digest digest digest\nsign sign sign sign\nsign sign sign sign sign sign sign\nEVPPKEYsign digest\nsign\nEVPPKEYverifyinit verify verify verify verify\nverify verify verify verify verify verify verify\nEVPPKEYverify verify\nEVPPKEYverifyrecoverinit verify verify verify verify\nverify verify verify verify verify verify verify\nrecover recover recover recover\nrecover recover recover recover recover recover recover\nEVPPKEYverifyrecover verify\nrecover\nEVPPKEYencryptinit encrypt encrypt encrypt encrypt\nencrypt encrypt encrypt encrypt encrypt encrypt encrypt\nEVPPKEYencrypt\nencrypt\nEVPPKEYdecryptinit decrypt decrypt decrypt decrypt\ndecrypt decrypt decrypt decrypt decrypt decrypt decrypt\nEVPPKEYdecrypt\ndecrypt\nEVPPKEYderiveinit derive derive derive derive\nderive derive derive derive derive derive derive\nEVPPKEYderivesetpeer\nderive\nEVPPKEYderive\nderive\nEVPPKEYencapsulateinit encapsulate encapsulate encapsulate encapsulate\nencapsulate encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate\nEVPPKEYencapsulate\nencapsulate\nEVPPKEYdecapsulateinit decapsulate decapsulate decapsulate decapsulate\ndecapsulate decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate\nEVPPKEYdecapsulate\ndecapsulate\nEVPPKEYparamgeninit parameter parameter parameter parameter\nparameter parameter parameter parameter parameter parameter parameter\ngeneration generation generation generation\ngeneration generation generation generation generation generation generation\nEVPPKEYparamgen\nparameter\ngeneration\nEVPPKEYkeygeninit key key key key\nkey key key key key key key\ngeneration generation generation generation\ngeneration generation generation generation generation generation generation\nEVPPKEYkeygen\nkey\ngeneration\nEVPPKEYgen\nparameter key\ngeneration\ngeneration\nEVPPKEYCTXgetparams newed digest verify verify\nencrypt decrypt derive encapsulate decapsulate parameter key\nsign recover\ngeneration generation\nEVPPKEYCTXsetparams newed digest verify verify\nencrypt decrypt derive encapsulate decapsulate parameter key\nsign recover\ngeneration generation\nEVPPKEYCTXgettableparams newed digest verify verify\nencrypt decrypt derive encapsulate decapsulate parameter key\nsign recover\ngeneration generation\nEVPPKEYCTXsettableparams newed digest verify verify\nencrypt decrypt derive encapsulate decapsulate parameter key\nsign recover\ngeneration generation\nEVPPKEYCTXfree freed freed freed freed freed\nfreed freed freed freed freed freed freed\n" } ] }, "NOTES": { "content": "At some point the EVP layer will begin enforcing the transitions described herein.\n", "subsections": [] }, "SEE ALSO": { "content": "EVPPKEYnew(3), EVPPKEYdecapsulate(3), EVPPKEYdecrypt(3), EVPPKEYencapsulate(3),\nEVPPKEYencrypt(3), EVPPKEYderive(3), EVPPKEYkeygen(3), EVPPKEYsign(3),\nEVPPKEYverify(3), EVPPKEYverifyrecover(3)\n", "subsections": [] }, "HISTORY": { "content": "The provider PKEY interface was introduced in OpenSSL 3.0.\n", "subsections": [] }, "COPYRIGHT": { "content": "Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.\n\nLicensed under the Apache License 2.0 (the \"License\"). You may not use this file except in\ncompliance with the License. You can obtain a copy in the file LICENSE in the source\ndistribution or at .\n\n\n\n3.0.2 2026-06-02 LIFECYCLE-PKEY(7SSL)", "subsections": [] } }, "summary": "lifecycle-pkey - The PKEY algorithm life-cycle", "flags": [], "examples": [], "see_also": [ { "name": "EVPPKEYnew", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPPKEYnew/3/json" }, { "name": "EVPPKEYdecapsulate", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPPKEYdecapsulate/3/json" }, { "name": "EVPPKEYdecrypt", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPPKEYdecrypt/3/json" }, { "name": "EVPPKEYencapsulate", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPPKEYencapsulate/3/json" }, { "name": "EVPPKEYencrypt", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPPKEYencrypt/3/json" }, { "name": "EVPPKEYderive", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPPKEYderive/3/json" }, { "name": "EVPPKEYkeygen", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPPKEYkeygen/3/json" }, { "name": "EVPPKEYsign", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPPKEYsign/3/json" }, { "name": "EVPPKEYverify", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPPKEYverify/3/json" }, { "name": "EVPPKEYverifyrecover", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPPKEYverifyrecover/3/json" } ] }