{ "content": [ { "type": "text", "text": "# openssl-glossary (man)\n\n**Summary:** openssl-glossary - An OpenSSL Glossary\n\n## Section Outline\n\n- **NAME** (2 lines)\n- **DESCRIPTION** (173 lines)\n- **HISTORY** (2 lines)\n- **COPYRIGHT** (9 lines)\n\n## Full Content\n\n### NAME\n\nopenssl-glossary - An OpenSSL Glossary\n\n### DESCRIPTION\n\nAlgorithm\nCryptograpic primitives such as the SHA256 digest, or AES encryption are referred to in\nOpenSSL as \"algorithms\". There can be more than one implementation for any given\nalgorithm available for use.\n\ncrypto(7)\n\nASN.1, ASN1\nASN.1 (\"Abstract Syntax Notation One\") is a notation for describing abstract types and\nvalues. It is defined in the ITU-T documents X.680 to X.683:\n\n, ,\n, \n\nBase Provider\nAn OpenSSL Provider that contains encoders and decoders for OpenSSL keys. All the\nalgorithm implementations in the Base Provider are also available in the Default\nProvider.\n\nOSSLPROVIDER-base(7)\n\nDecoder\nA decoder is a type of algorithm used for decoding keys and parameters from some external\nformat such as PEM or DER.\n\nOSSLDECODERCTXnewforpkey(3)\n\nDefault Provider\nAn OpenSSL Provider that contains the most commmon OpenSSL algorithm implementations. It\nis loaded by default if no other provider is available. All the algorithm implementations\nin the Base Provider are also available in the Default Provider.\n\nOSSLPROVIDER-default(7)\n\nDER (\"Distinguished Encoding Rules\")\nDER is a binary encoding of data, structured according to an ASN.1 specification. This\nis a common encoding used for cryptographic objects such as private and public keys,\ncertificates, CRLs, ...\n\nIt is defined in ITU-T document X.690:\n\n\n\nEncoder\nAn encoder is a type of algorithm used for encoding keys and parameters to some external\nformat such as PEM or DER.\n\nOSSLENCODERCTXnewforpkey(3)\n\nExplicit Fetching\nExplicit Fetching is a type of Fetching (see Fetching). Explicit Fetching is where a\nfunction call is made to obtain an algorithm object representing an implementation such\nas EVPMDfetch(3) or EVPCIPHERfetch(3)\n\nFetching\nFetching is the process of looking through the available algorithm implementations,\napplying selection criteria (via a property query string), and finally choosing the\nimplementation that will be used.\n\nAlso see Explicit Fetching and Implict Fetching.\n\ncrypto(7)\n\nFIPS Provider\nAn OpenSSL Provider that contains OpenSSL algorithm implementations that have been\nvalidated according to the FIPS 140-2 standard.\n\nOSSLPROVIDER-FIPS(7)\n\nImplicit Fetching\nImplicit Fetching is a type of Fetching (see Fetching). Implicit Fetching is where an\nalgorithm object with no associated implementation is used such as the return value from\nEVPsha256(3) or EVPaes128cbc(3). With implicit fetching an implementation is fetched\nautomatically using default selection criteria the first time the algorithm is used.\n\nLegacy Provider\nAn OpenSSL Provider that contains algorithm implementations that are considered insecure\nor are no longer in common use.\n\nOSSLPROVIDER-legacy(7)\n\nLibrary Context\nA Library Context in OpenSSL is represented by the type OSSLLIBCTX. It can be thought\nof as a scope within which configuration options apply. If an application does not\nexplicitly create a library context then the \"default\" one is used. Many OpenSSL\nfunctions can take a library context as an argument. A NULL value can always be passed\nto indicate the default library context.\n\nOSSLLIBCTX(3)\n\nMSBLOB\nMSBLOB is a Microsoft specific binary format for RSA and DSA keys, both private and\npublic. This form is never passphrase protected.\n\nNull Provider\nAn OpenSSL Provider that contains no algorithm implementations. This can be useful to\nprevent the default provider from being automatically loaded in a library context.\n\nOSSLPROVIDER-null(7)\n\nOperation\nAn operation is a group of OpenSSL functions with a common purpose such as encryption, or\ndigesting.\n\ncrypto(7)\n\nPEM (\"Privacy Enhanced Message\")\nPEM is a format used for encoding of binary content into a mail and ASCII friendly form.\nThe content is a series of base64-encoded lines, surrounded by begin/end markers each on\ntheir own line. For example:\n\n-----BEGIN PRIVATE KEY-----\nMIICdg....\n... bhTQ==\n-----END PRIVATE KEY-----\n\nOptional header line(s) may appear after the begin line, and their existence depends on\nthe type of object being written or read.\n\nFor all OpenSSL uses, the binary content is expected to be a DER encoded structure.\n\nThis is defined in IETF RFC 1421:\n\n\n\nPKCS#8\nPKCS#8 is a specification of ASN.1 structures that OpenSSL uses for storing or\ntransmitting any private key in a key type agnostic manner. There are two structures\nworth noting for OpenSSL use, one that contains the key data in unencrypted form (known\nas \"PrivateKeyInfo\") and an encrypted wrapper structure (known as\n\"EncryptedPrivateKeyInfo\").\n\nThis is specified in RFC 5208:\n\n\n\nProperty\nA property is a way of classifying and selecting algorithm implementations. A property\nis a key/value pair expressed as a string. For example all algorithm implementations in\nthe default provider have the property \"provider=default\". An algorithm implementation\ncan have multiple properties defined against it.\n\nAlso see Property Query String.\n\nproperty(7)\n\nProperty Query String\nA property query string is a string containing a sequence of properties that can be used\nto select an algorithm implementation. For example the query string\n\"provider=example,foo=bar\" will select algorithms from the \"example\" provider that have a\n\"foo\" property defined for them with a value of \"bar\".\n\nProperty Query Strings are used during fetching. See Fetching.\n\nproperty(7)\n\nProvider\nA provider in OpenSSL is a component that groups together algorithm implementations.\nProviders can come from OpenSSL itself or from third parties.\n\nprovider(7)\n\nPVK PVK is a Microsoft specific binary format for RSA and DSA private keys. This form may be\npassphrase protected.\n\nSubjectPublicKeyInfo\nSubjectPublicKeyInfo is an ASN.1 structure that OpenSSL uses for storing and transmitting\nany public key in a key type agnostic manner.\n\nThis is specified as part of the specification for certificates, RFC 5280:\n\n\n\n### HISTORY\n\nThis glossary was added in OpenSSL 3.0.\n\n### COPYRIGHT\n\nCopyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.\n\nLicensed under the Apache License 2.0 (the \"License\"). You may not use this file except in\ncompliance with the License. You can obtain a copy in the file LICENSE in the source\ndistribution or at .\n\n\n\n3.0.2 2026-04-07 OPENSSL-GLOSSARY(7SSL)\n\n" } ], "structuredContent": { "command": "openssl-glossary", "section": "", "mode": "man", "summary": "openssl-glossary - An OpenSSL Glossary", "synopsis": null, "tldr_summary": null, "tldr_examples": [], "tldr_source": null, "flags": [], "examples": [], "see_also": [], "section_outline": [ { "name": "NAME", "lines": 2, "subsections": [] }, { "name": "DESCRIPTION", "lines": 173, "subsections": [] }, { "name": "HISTORY", "lines": 2, "subsections": [] }, { "name": "COPYRIGHT", "lines": 9, "subsections": [] } ], "sections": { "NAME": { "content": "openssl-glossary - An OpenSSL Glossary\n", "subsections": [] }, "DESCRIPTION": { "content": "Algorithm\nCryptograpic primitives such as the SHA256 digest, or AES encryption are referred to in\nOpenSSL as \"algorithms\". There can be more than one implementation for any given\nalgorithm available for use.\n\ncrypto(7)\n\nASN.1, ASN1\nASN.1 (\"Abstract Syntax Notation One\") is a notation for describing abstract types and\nvalues. It is defined in the ITU-T documents X.680 to X.683:\n\n, ,\n, \n\nBase Provider\nAn OpenSSL Provider that contains encoders and decoders for OpenSSL keys. All the\nalgorithm implementations in the Base Provider are also available in the Default\nProvider.\n\nOSSLPROVIDER-base(7)\n\nDecoder\nA decoder is a type of algorithm used for decoding keys and parameters from some external\nformat such as PEM or DER.\n\nOSSLDECODERCTXnewforpkey(3)\n\nDefault Provider\nAn OpenSSL Provider that contains the most commmon OpenSSL algorithm implementations. It\nis loaded by default if no other provider is available. All the algorithm implementations\nin the Base Provider are also available in the Default Provider.\n\nOSSLPROVIDER-default(7)\n\nDER (\"Distinguished Encoding Rules\")\nDER is a binary encoding of data, structured according to an ASN.1 specification. This\nis a common encoding used for cryptographic objects such as private and public keys,\ncertificates, CRLs, ...\n\nIt is defined in ITU-T document X.690:\n\n\n\nEncoder\nAn encoder is a type of algorithm used for encoding keys and parameters to some external\nformat such as PEM or DER.\n\nOSSLENCODERCTXnewforpkey(3)\n\nExplicit Fetching\nExplicit Fetching is a type of Fetching (see Fetching). Explicit Fetching is where a\nfunction call is made to obtain an algorithm object representing an implementation such\nas EVPMDfetch(3) or EVPCIPHERfetch(3)\n\nFetching\nFetching is the process of looking through the available algorithm implementations,\napplying selection criteria (via a property query string), and finally choosing the\nimplementation that will be used.\n\nAlso see Explicit Fetching and Implict Fetching.\n\ncrypto(7)\n\nFIPS Provider\nAn OpenSSL Provider that contains OpenSSL algorithm implementations that have been\nvalidated according to the FIPS 140-2 standard.\n\nOSSLPROVIDER-FIPS(7)\n\nImplicit Fetching\nImplicit Fetching is a type of Fetching (see Fetching). Implicit Fetching is where an\nalgorithm object with no associated implementation is used such as the return value from\nEVPsha256(3) or EVPaes128cbc(3). With implicit fetching an implementation is fetched\nautomatically using default selection criteria the first time the algorithm is used.\n\nLegacy Provider\nAn OpenSSL Provider that contains algorithm implementations that are considered insecure\nor are no longer in common use.\n\nOSSLPROVIDER-legacy(7)\n\nLibrary Context\nA Library Context in OpenSSL is represented by the type OSSLLIBCTX. It can be thought\nof as a scope within which configuration options apply. If an application does not\nexplicitly create a library context then the \"default\" one is used. Many OpenSSL\nfunctions can take a library context as an argument. A NULL value can always be passed\nto indicate the default library context.\n\nOSSLLIBCTX(3)\n\nMSBLOB\nMSBLOB is a Microsoft specific binary format for RSA and DSA keys, both private and\npublic. This form is never passphrase protected.\n\nNull Provider\nAn OpenSSL Provider that contains no algorithm implementations. This can be useful to\nprevent the default provider from being automatically loaded in a library context.\n\nOSSLPROVIDER-null(7)\n\nOperation\nAn operation is a group of OpenSSL functions with a common purpose such as encryption, or\ndigesting.\n\ncrypto(7)\n\nPEM (\"Privacy Enhanced Message\")\nPEM is a format used for encoding of binary content into a mail and ASCII friendly form.\nThe content is a series of base64-encoded lines, surrounded by begin/end markers each on\ntheir own line. For example:\n\n-----BEGIN PRIVATE KEY-----\nMIICdg....\n... bhTQ==\n-----END PRIVATE KEY-----\n\nOptional header line(s) may appear after the begin line, and their existence depends on\nthe type of object being written or read.\n\nFor all OpenSSL uses, the binary content is expected to be a DER encoded structure.\n\nThis is defined in IETF RFC 1421:\n\n\n\nPKCS#8\nPKCS#8 is a specification of ASN.1 structures that OpenSSL uses for storing or\ntransmitting any private key in a key type agnostic manner. There are two structures\nworth noting for OpenSSL use, one that contains the key data in unencrypted form (known\nas \"PrivateKeyInfo\") and an encrypted wrapper structure (known as\n\"EncryptedPrivateKeyInfo\").\n\nThis is specified in RFC 5208:\n\n\n\nProperty\nA property is a way of classifying and selecting algorithm implementations. A property\nis a key/value pair expressed as a string. For example all algorithm implementations in\nthe default provider have the property \"provider=default\". An algorithm implementation\ncan have multiple properties defined against it.\n\nAlso see Property Query String.\n\nproperty(7)\n\nProperty Query String\nA property query string is a string containing a sequence of properties that can be used\nto select an algorithm implementation. For example the query string\n\"provider=example,foo=bar\" will select algorithms from the \"example\" provider that have a\n\"foo\" property defined for them with a value of \"bar\".\n\nProperty Query Strings are used during fetching. See Fetching.\n\nproperty(7)\n\nProvider\nA provider in OpenSSL is a component that groups together algorithm implementations.\nProviders can come from OpenSSL itself or from third parties.\n\nprovider(7)\n\nPVK PVK is a Microsoft specific binary format for RSA and DSA private keys. This form may be\npassphrase protected.\n\nSubjectPublicKeyInfo\nSubjectPublicKeyInfo is an ASN.1 structure that OpenSSL uses for storing and transmitting\nany public key in a key type agnostic manner.\n\nThis is specified as part of the specification for certificates, RFC 5280:\n\n\n", "subsections": [] }, "HISTORY": { "content": "This glossary was added in OpenSSL 3.0.\n", "subsections": [] }, "COPYRIGHT": { "content": "Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.\n\nLicensed under the Apache License 2.0 (the \"License\"). You may not use this file except in\ncompliance with the License. You can obtain a copy in the file LICENSE in the source\ndistribution or at .\n\n\n\n3.0.2 2026-04-07 OPENSSL-GLOSSARY(7SSL)", "subsections": [] } } } }