Scroll to navigation

X509_GET_PUBKEY(3) Library Functions Manual X509_GET_PUBKEY(3)

NAME

X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY, X509_get0_pubkey_bitstr, X509_REQ_get_pubkey, X509_REQ_get0_pubkey, X509_REQ_set_pubkey, X509_extract_key, X509_REQ_extract_keyget or set certificate or certificate request public key

SYNOPSIS

#include <openssl/x509.h>

EVP_PKEY *
X509_get_pubkey(X509 *x);

EVP_PKEY *
X509_get0_pubkey(const X509 *x);

int
X509_set_pubkey(X509 *x, EVP_PKEY *pkey);

X509_PUBKEY *
X509_get_X509_PUBKEY(const X509 *x);

ASN1_BIT_STRING *
X509_get0_pubkey_bitstr(const X509 *x);

EVP_PKEY *
X509_REQ_get_pubkey(X509_REQ *req);

EVP_PKEY *
X509_REQ_get0_pubkey(X509_REQ *req);

int
X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);

EVP_PKEY *
X509_extract_key(X509 *x);

EVP_PKEY *
X509_REQ_extract_key(X509_REQ *req);

DESCRIPTION

() attempts to decode the public key for certificate x. If successful, it returns the public key as an EVP_PKEY pointer with its reference count incremented: this means the returned key must be freed up after use. () is similar except that it does not increment the reference count of the returned EVP_PKEY, so it must not be freed up after use.

() returns an internal pointer to the SubjectPublicKeyInfo structure contained in x. The returned value must not be freed up after use.

() returns an internal pointer to just the public key contained in this SubjectPublicKeyInfo structure, without the information about the algorithm used.

() attempts to set the public key for certificate x to pkey. The key pkey should be freed up after use.

(), (), and () are similar but operate on certificate request req.

The first time a public key is decoded, the EVP_PKEY structure is cached in the certificate or certificate request itself. Subsequent calls return the cached structure with its reference count incremented to improve performance.

() and () are deprecated aliases for X509_get_pubkey() and X509_REQ_get_pubkey(), respectively, implemented as macros.

RETURN VALUES

X509_get_pubkey(), X509_get0_pubkey(), X509_get_X509_PUBKEY(), X509_get0_pubkey_bitstr(), X509_REQ_get_pubkey(), X509_REQ_get0_pubkey(), X509_extract_key(), and X509_REQ_extract_key() return a public key or NULL if an error occurred.

X509_set_pubkey() and X509_REQ_set_pubkey() return 1 for success or 0 for failure.

In some cases of failure of X509_get0_pubkey(), X509_set_pubkey(), X509_REQ_get_pubkey(), X509_REQ_get0_pubkey(), and X509_REQ_set_pubkey(), the reason can be determined with ERR_get_error(3).

ERRORS

X509_get_pubkey(), X509_get0_pubkey(), X509_REQ_get_pubkey(), X509_extract_key(), and X509_REQ_extract_key() provide diagnostics as documented for X509_PUBKEY_get(3). If x or req is NULL or contains no certificate information, they fail without pushing an error onto the stack.

X509_get_X509_PUBKEY() provides no diagnostics and crashes by accessing a NULL pointer if x is NULL or contains no certificate information,

X509_get0_pubkey_bitstr() provides no diagnostics and fails without pushing an error onto the stack if x is NULL, but it crashes by accessing a NULL pointer if x contains no certificate information.

SEE ALSO

d2i_X509(3), X509_CRL_get0_by_serial(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509_PUBKEY_new(3), X509_REQ_new(3), X509_sign(3), X509_verify_cert(3), X509V3_get_d2i(3)

STANDARDS

RFC 5280, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, section 4.1 Basic Certificate Fields

RFC 2986: PKCS #10: Certification Request Syntax Specification, section 4.1 CertificationRequestInfo

HISTORY

X509_extract_key() and X509_REQ_extract_key() first appeared in SSLeay 0.5.1 but returned a pointer to an RSA object before SSLeay 0.6.0. X509_get_pubkey(), X509_set_pubkey(), X509_REQ_get_pubkey(), and X509_REQ_set_pubkey() first appeared in SSLeay 0.6.5. X509_get_X509_PUBKEY() first appeared in SSLeay 0.8.0. These functions have been available since OpenBSD 2.4.

X509_get0_pubkey_bitstr() first appeared in OpenSSL 0.9.7 and has been available since OpenBSD 3.4.

X509_get0_pubkey() first appeared in OpenSSL 1.1.0 and has been available since OpenBSD 6.3. X509_REQ_get0_pubkey() first appeared in OpenSSL 1.1.0 and has been available since OpenBSD 7.1.

March 31, 2022 Linux 6.4.0-150600.23.30-default