bf_decrypt
bf_decrypt( key, encrypted, plaintext var )
Blowfish decryption
Returns 1 on success, 0 on error
- key = the encryption key in ECB mode. the key must be 16 characters.
- plaintext = the text thats encrypted
- encrypted = if sucessful it will contain the results
|
bf_encrypt
bf_encrypt( key, plaintext, encrypted var )
Blowfish encryption
Returns 1 on success, 0 on error
- key = the encryption key in ECB mode. The key must be 16 characters.
- plaintext = the text thats encrypted
- encrypted = if sucessful it will contain the results
|
crypto_base64_decode
crypto_base64_decode( data )
Decodes and returns Base-64 decodes data.
Returns the decrypted data
- data = the information to decode
|
crypto_base64_encode
crypto_base64_encode( data )
Encodes and returns Base-64 encoded data.
Returns the encrypted data
- data = the information to encode
|
crypto_cipher_block_size
crypto_cipher_block_size( ciphername )
Programatically determine the block size attribute of the cipher specified by "ciphername".
returns the numeric size, in bytes, or -1 if an invalid "ciphername" is specified.
- ciphername = an OpenSSL cipher identifier, such as "aes-128-cbc" or "rc2-ofb".
|
crypto_cipher_iv_length
crypto_cipher_iv_length( ciphername )
Programatically determine the iv_length attribute of the cipher specified by "ciphername".
returns the numeric size, in bytes, or -1 if an invalid "ciphername" is specified.
- ciphername = an OpenSSL cipher identifier, such as "aes-128-cbc" or "rc2-ofb".
|
crypto_cipher_key_length
crypto_cipher_key_length( ciphername )
Programatically determine the key_length attribute of the cipher specified by "ciphername".
returns the numeric size, in bytes, or -1 if an invalid "ciphername" is specified.
- ciphername = an OpenSSL cipher identifier, such as "aes-128-cbc" or "rc2-ofb".
|
crypto_cipher_mode
crypto_cipher_mode( ciphername )
Returns the block mode of operation of the cipher specified by "ciphername."
- where ciphername = an OpenSSL cipher identifier, such as "aes-128-cbc" or "rc2-ofb"
|
crypto_digest_block_size
crypto_digest_block_size( digestname )
Programatically determines the block_size attribute of the digest algorithm specified by "digestname".
Returns the numeric size, in bytes, or -1 if an invalid "digestname" is specified.
- digestname = an OpenSSL digest identifier, such as "sha256" or "md5".
|
crypto_digest_size
crypto_digest_size( digestname )
Programatically determines the digest_size attribute of the digest algorithm specified by "digestname".
Returns the numeric size, in bytes, or -1 if an invalid "digestname" is specified.
- digestname = an OpenSSL digest identifier, such as "sha256" or "md5".
|
crypto_evp_decrypt
crypto_evp_decrypt( ciphername, key, iv, encrypted, plaintext var )
Decrypts "plaintext" using the block cipher specified by "ciphername", placing the decrypted data into "plaintext".
Return 1 on success, 0 on failure.
- ciphername = The OpenSSL identifier of the cipher, such as "bf-cbc" or "des-ede3-cbc".
- key = The key used for encryption.
- iv = The initialization vector used for encryption. returned by crypto_cipher_iv_length().
- encrypted = The ciphertext to be decrypted
- plaintext = [output] Receives the plaintext
|
crypto_evp_digest
crypto_evp_digest( digestname, buffer var, digest var )
Calculates the digest of "buffer" using digest algorithm "digestname", placing the calculated digest in "digest". The digest output is always in raw binary format, use miva_hex_encode() or crypto_base64_encode() if other output formats are desired.
Returns 1 on success or 0 if an invalid or unsupported "digestname" is specified.
- digestname = an OpenSSL digest identifier, such as "sha256" or "md5". buffer =
- digest =
|
crypto_evp_encrypt
crypto_evp_encrypt( ciphername, key, iv, plaintext, encrypted var )
Encrypts "plaintext" using the block cipher specified by "ciphername", placing the encrypted data into "encrypted".
returns 1 on success, 0 on failure
- ciphername = The OpenSSL identifier of the cipher, such as "bf-cbc" or "des-ede3-cbc".
- key = The encryption key. Must be exactly the number of bytes required by the cipher, as returned by crypto_cipher_key_length.
- iv = An initialization vector, if required by the cipher. Must be exactly the number of bytes required by the cipher, as returned by crypto_cipher_iv_length.
- plaintext = The text to be encrypted
- encrypted = [output] Receives the cipher text
|
crypto_evp_hmac
crypto_evp_hmac( digestname, key, buffer var, digest var )
Calculates the HMAC of "buffer" using digest algorithm "digestname" and key "key", placing the HMAC in "digest". The HMAC output is always in raw binary format, use miva_hex_encode() or crypto_base64_encode() if other output formats are desired.
Returns 1 on success or 0 if an invalid or unsupported "digestname" is specified.
- digestname = an OpenSSL digest identifier, such as "sha256" or "md5".
- buffer = The data that will be process.
- digest = The result of the HMAC function.
|
crypto_hmac_md5
crypto_hmac_md5( buffer var, key, format, result var )
Performs an HMAC-MD5 on "buffer" using key "key", storing the result in "result".
Returns 1 on success, 0 on error.
- buffer = the data that will be processed.
- key = the encryption key
- format = on of the literal string "hex" or "binary"
- result = the return data.
|
crypto_hmac_sha1
crypto_hmac_sha1( value, key, output_format, output)
Calculates an HMAC SHA-1 (Hash-based Message Authentication Code) of value
returns: 1 on success, 0 on failure (including OpenSSL not being available)
- value = value to hash by reference
- key = key to use to calculate the hmac
- output_format = 'hex' or 'binary'
- output = hmac_sha1 hash value.
|
crypto_hmac_sha256
crypto_hmac_sha256( buffer var, key, format, result var )
Calculates an HMAC SHA-256 (Hash-based Message Authentication Code) of buffer
Returns 1 on success, 0 on error or if on an unsuported platform.
- buffer = value to hash
- key = binary key to use to calculate the hmac
- format = "binary" or "hex"
- result = a variable used to store the results.
|
crypto_last_error
crypto_last_error()
Returns the error text from the last SSL error, or other internal errors in the crypto suite of functions. Use crypto_last_ssl_error() instead to get the code of the last SSL error. ⇨ Version 5.32 -- Previously if the crypto error originated from Miva Empresa, the returned error was always the same. If the crypto error was from OpenSSL then it would be lost after calling the function. Modified to always return the last crypto error.
Returns error text.
|
crypto_last_ssl_error
crypto_last_ssl_error()
Returns the Integer value of the last SSL error code. Use crypto_last_error() instead to get the text of the last SSL error.
Returns error code.
|
crypto_library_version
crypto_library_version( info )
|
crypto_md5
crypto_md5( buffer )
Calculates the MD5 hash of a string.
Returns the MD5 hash value.
- buffer = the data to be hashed.
|
crypto_md5_file
crypto_md5_file( file, location, hash var )
Calculates the md5 hash of a file
Returns 1 on success, 0 on failure.
- file = Name of file to calculate the hash of
- location = Location either "script" or "data"
- hash = MD5 hash value
|
crypto_pbkdf1
crypto_pbkdf1( digestname, password, salt, iterations, dklen, dk var )
Derives a key of "dklen" bytes using PBKDF1 from PKCS #5.
Returns 1 on success or 0 on error.
- digestname = The digest algorithm to use. Must be one of "md2", "md5" or "sha1". password = The password from which a key is to be derived.
- salt = Exactly 8 bytes of random data that are used as a salt.
- iterations = The number of iterations to perform.
- dklen = The desired output length of the derived key. May not be longer than the output digest size of the specified digest algorithm.
- dk = [output] Receives the derived key. The output is in raw binary.
|
crypto_pbkdf2
crypto_pbkdf2( digestname, password, salt, iterations, dklen, dk var )
Derives a key of "dklen" bytes using PBKDF2 from PKCS #5.
Returns 1 on success or 0 on error.
- digestname = The digest algorithm to use. May be any of the digests supported by the installed OpenSSL version.
- password = The password from which a key is to be derived.
- salt = Random data of any length that is used to salt the derivation. RFC 2898 recommends a minimum salt length of 8 bytes.
- iterations = The number of iterations to perform. RFC 2898 recommends at least 1000 iterations.
- dklen = The desired output length of the derived key. May be any positive value.
- dk = [output] Receives the derived key. The output is in raw binary.
|
crypto_rand_bytes
crypto_rand_bytes( n )
Generates n random bytes.
Returns a string of bytes
|
crypto_rand_set_rand_engine
crypto_rand_set_rand_engine( engine )
Specify the random number generating engine to use.
Return value: 1 on success, 0 on failure.
- engine = Name of the random number generator engine to use.
|
crypto_sha1
crypto_sha1( buffer var, format, result var )
Returns an SHA1 hash of buffer. Secure Hash Algorithm
Returns 1 on success, 0 on failure. (including OpenSSL not being available)
- buffer = value to hash by reference
- output_format = 'hex' or 'binary'. Anything else will result in binary output.
- output = returned sha1 hash value.
|
crypto_sha256
crypto_sha256( buffer var, format, result var )
Returns an SHA256 hash of buffer. Secure Hash Algorithm. May not be available on platforms running versions of OpenSSL Older than v0.9.8.
Returns 1 on success, 0 on failure. (including OpenSSL not being available)
- buffer = value to hash by reference
- output_format = 'hex' or 'binary'. Anything else will result in binary output.
- output = returned sha1 hash value.
|
crypto_xor
crypto_xor( buffer var, dest var )
Efficiently performs a byte-by-byte XOR of buffer and dest, storing the resulting data in "dest". If "buffer" is longer than "dest", any extra bytes are ignored.
Returns nothing.
- buffer = the data that will be processed.
- dest = the data that will processed against buffer and will contain the results.
|
rsa_free
rsa_free( rsa var )
Frees memory associated with a previously loaded RSA keypair.
Returns 1 on success, 0 on error.
- rsa = a handle returned by one of the rsa_load_xxx functions
|
rsa_generate_keypair
rsa_generate_keypair( pubkey_file, privkey_file, bits, e, passphrase )
Generates an RSA keypair, saving the public key in pubkey_file, the private key in privkey_file, and encrypting the private key with passphrase.
Returns 1 on success, 0 on error.
- pubkey_file = The name of the file in which the generated public key is stored
- privkey_file = The name of the file in which the generated private key is stored
- bits = The RSA modulus size, in bits
- e = The public key exponent. Must be an odd number, typically 3, 17 or 65537
- passphrase = The passphrase used to encrypt the private key
|
rsa_generate_keypair_mem
rsa_generate_keypair_mem( pubkey var, privkey var, bits, e, passphrase )
Generates an RSA keypair, returning the public and private keys in variables, and encrypting the private key with passphrase.
Returns 1 on success, 0 on error.
- pubkey = The variable which receives the generated public key
- privkey = The variable which receives the generated private key
- bits = The RSA modulus size, in bits
- e = The public key exponent. Must be an odd number, typically 3, 17 or 65537
- passphrase = The passphrase used to encrypt the private key
|
rsa_generate_keypair_mem_cipher
rsa_generate_keypair_mem_cipher( pubkey var, privkey var, bits, e, passphrase, ciphername )
Behaves identical to the legacy counterpart rsa_generate_keypair_mem() except that it allows the caller to specify the cipher used to encrypt the private key (the legacy function always uses des-ede3-cbc).
Returns 1 on success or 0 on error.
- pubkey = The variable which receives the generated public key
- privkey = The variable which receives the generated private key
- bits = The RSA modulus size, in bits
- e = The public key exponent. Must be an odd number, typically 3, 17 or 65537
- passphrase = The passphrase used to encrypt the private key
- ciphername = an OpenSSL cipher identifier, such as "aes-128-cbc"
|
rsa_load_privatekey
rsa_load_privatekey( privkey_file, rsa var, passphrase )
Load an encrypted RSA private key from a PKCS#8 file specified by privkey_file, and decrypt it using passphrase.
Returns 1 on success, 0 on error.
- privkey_file = The name of the file containing the encrypted private key
- rsa = A variable which receives an internal reference to the loaded RSA key
- passphrase = The passphrase used to decrypt the private key
|
rsa_load_privatekey_engine
rsa_load_privatekey_engine( engine, key_id, rsa var )
Load an encryption key based on a key id.
Return value: 1 on success, 0 on failure.
- engine = Name of the encryption engine to use.
-
key_id = identifier of the key to load
-
rsa = RSA private key associated with the engine and key ID.
|
rsa_load_privatekey_mem
rsa_load_privatekey_mem( privkey, rsa var, passphrase )
Loads an encrypted RSA private key from a memory buffer containing PKCS#8 data
Returns 1 on success, 0 on error.
- privkey = The encrypted private key information in PKCS#8 format
- rsa = A variable which receives an internal reference to the loaded RSA key
- passphrase = The passphrase used to decrypt the private key
|
rsa_load_publickey
rsa_load_publickey( pubkey_file, rsa var )
Load an RSA public key from a PKCS#1 file specified by "pubkey_file".
Returns 1 on success, 0 on error.
- pubkey_file = The name of the file containing the public key
- rsa = A variable which receives an internal reference to the loaded RSA key
|
rsa_load_publickey_engine
rsa_load_publickey_engine( engine, key_id, rsa var )
Load an encryption key based on a key id.
Return value: 1 on success, 0 on failure.
- engine = Name of the encryption engine to use.
-
key_id = identifier of the key to load
-
rsa = RSA public key associated with the engine and key ID.
|
rsa_load_publickey_mem
rsa_load_publickey_mem( pubkey, rsa var )
Loads an RSA public key from a memory buffer containing PKCS#1 data
Returns 1 on success, 0 on error.
- pubkey = The public key in PKCS#1 format
- rsa = A variable which receives an internal reference to the loaded RSA key
|
rsa_private_decrypt
rsa_private_decrypt( rsa, encrypted, plaintext var )
Decrypts data previously encrypted using the public key portion of an RSA keypair.
Returns 1 on success, 0 on error.
- rsa = The internal reference to the RSA private key used for decryption
- encrypted = The encrypted ciphertext, in raw binary format
- plaintext = A variable which receives the decrypted plaintext
|
rsa_private_encrypt
rsa_private_encrypt( rsa, plaintext, encrypted var )
Encrypts data using the private key portion of an RSA keypair.
Returns 1 on success, 0 on error.
- rsa = The internal reference to the RSA private key used for encryption
- plaintext = The data to be encrypted
- encrypted = A variable which receives the encrypted ciphertext in raw binary format
|
rsa_public_decrypt
rsa_public_decrypt( rsa, encrypted, plaintext var )
Decrypts data previously encrypted using the private key portion of an RSA keypair.
Returns 1 on success, 0 on error.
- rsa = The internal reference to the RSA public key used for decryption
- encrypted = The encrypted ciphertext, in raw binary format
- plaintext = A variable which receives the decrypted plaintext
|
rsa_public_encrypt
rsa_public_encrypt( rsa, plaintext, encrypted var )
Encrypts data using the public key portion of an RSA keypair.
Returns 1 on success, 0 on error.
- rsa = The internal reference to the RSA public key used for encryption
- plaintext = The data to be encrypted
- encrypted = A variable which receives the encrypted ciphertext in raw binary format
|
rsa_save_privatekey
rsa_save_privatekey( privkey_file, rsa var, passphrase )
Encrypts and writes a previously loaded RSA private key to a file in PKCS#8 format
Returns 1 on success, 0 on error.
- privkey_file = The name of the file in which the private key is to be stored
- rsa = The internal reference to the RSA private key to be saved
- passphrase = The passphrase used to encrypt the private key
|
rsa_save_privatekey_mem
rsa_save_privatekey_mem( privkey var, rsa var, passphrase )
Encrypts a previously loaded RSA private key and stores it into a variable in PKCS#8 format
Returns 1 on success, 0 on error.
- privkey = The variable which will receive the encrypted private key
- rsa = The internal reference to the RSA private key to be saved
- passphrase = The passphrase used to encrypt the private key
|
rsa_save_privatekey_mem_cipher
rsa_save_privatekey_mem_cipher( privkey var, rsa var, passphrase, ciphername )
Behaves identical to the legacy counterpart rsa_save_privatekey_mem() except that it allows the caller to specify the cipher used to encrypt the private key (the legacy function always uses des-ede3-cbc).
- ciphername = an OpenSSL cipher identifier that specifies the cipher to be used. Note that OpenSSL only permits a subset of its supported ciphers to be used for RSA key encryption. For example, only CBC mode ciphers are permitted.
|
rsa_sign
rsa_sign( rsa, buffer, signature var )
Generates a digital signature using SHA1 and an RSA private key
Returns 1 on success, 0 on failure. Requires OpenSSL 0.9.7 or greater.
- rsa = The internal reference to the RSA private key to be used
- buffer = The data to be signed
- signature = A variable which receives the signature in raw binary format
|
rsa_verify
rsa_verify( rsa, buffer, signature )
Verifies a digital signature previously generated by rsa_sign
Returns 1 on success, 0 on verification failure or error. Requires OpenSSL 0.9.7 or greater.
- rsa = The internal reference to the RSA public key used for verification
- buffer = The data for which the signature is to be verified
- signature = The signature to verify, in raw binary format
|
x509_create
x509_create( cert, x509 var )
Create an X509 Certificate from the PEM format data in "cert" where cert = PEM format certificate, x509 =Index into an internal array of certificates.
Returns 1 on sucess, 0 on error.
|
x509_free
x509_free( rsa var )
Deletes an x509 from the internal array of x509 certificates where x509 = Index into internal array of x509 certificates.
Returns 1 on success, 0 on error.
|
x509_load
x509_load( cert, x509 var )
Load an X509 Certificate from the file specified by "cert" where cert = File containing an x509 certificate, x509 = Index into an internal array of certificates.
Returns 1 on sucess, 0 on error.
|
x509_rsa_publickey
x509_rsa_publickey( x509 var, rsa var )
Extracts the RSA public key from the X509 specified by "x509" and stores it in "rsa" where x509 = Index into internal array of x509 certificates, rsa =Index into internal array of RSA public keys.
Returns 1 on success, 0 on error.
|
x509_verify
x509_verify( x509 var, trusted_certs )
Verifies that the X509 certificate specified by "x509" was issued by one of the X509 certificates (in PEM format) in "trusted_certs", where x509 = Index into internal array of certificates, trusted_certs = Certificates (in PEM text format) to find the x50
Returns 1 on successful find, 0 if certificate isn't in trusted_certs, or other error.
|
x509_load_mem
x509_load_mem( cert, x509 var )
Loads and parses the text of an x509 certificate, and gives a certificate reference that refers to the certificate in internal storage.
Returns 1 on success, 0 on failure
- cert = Text of the certificate
- x509 = Certificate reference. On success, this will be neither zero nor null
|
x509_get_subject_name
x509_get_subject_name( certref var, subjectname var )
Return X509 name information for the certificate referred to by the certificate reference.
Returns 1 on success, 0 on failure
- certref = Certificate reference returned from functions such as x509_load_mem
- subjectname = Structure with members named for the entry names (e.g., "commonName", "countryName", etc.)
|
x509_get_issuer_name
x509_get_issuer_name( certref var, issuername var )
Return X509 issuer information for the certificate referred to by the certificate reference.
Returns 1 on success, 0 on failure
- certref = Certificate reference returned from functions such as x509_load_mem
- issuername = Structure with members named for the entry names (e.g., "commonName", "countryName", etc.)
|
x509_get_extensions
x509_get_extensions( certref var, extensions var )
Return X509 extension information for the certificate referred to by the certificate reference.
Returns 1 on success, 0 on failure
- certref = Certificate reference returned from functions such as x509_load_mem
- extensions = Structure with members named for the entry names (e.g., "data", "oid", etc.)
|
x509_digest
x509_digest( x509 var, digestname, digest var )
Return the digest of the given certificate referred to by the certificate reference, using the specified hash algorithm.
Returns 1 on success, 0 on failure
- x509 = Certificate reference returned from functions such as x509_load_mem
- digestname = Hash algorithm name, such as "md5" or "sha256". Supported digest algorithms will vary between OpenSSL installations
- digest = Hash value of the certificate
|
x509_pubkey_digest
x509_pubkey_digest( x509 var, digestname, digest var )
Return the digest of the public key portion of the given certificate referred to by the certificate reference, using the specified hash algorithm.
Returns 1 on success, 0 on failure
- x509 = Certificate reference returned from functions such as x509_load_mem
- digestname = Hash algorithm name, such as "md5" or "sha256". Supported digest algorithms will vary between OpenSSL installations
- digest = Hash value of the public key of the certificate
|
crypto_evp_encrypt_auth
crypto_evp_encrypt_auth( ciphername, key, iv, aad, plaintext, encrypted var, tag var )
Encrypt the data in "plaintext" using the ciphername, key, and initial vector, returning the encrypted data in "encrypted" and a tag value in "tag" to be used to ensure that the ciphertext and AAD are not tampered with in transit.
Returns 1 on success, 0 on failure
- ciphername = Name of cipher to use. An example is "aes-256-gcm"
- key = Key value
- iv = Initial vector
- aad = Additional authenticated data
- plaintext = Plaintext to encrypt
- encrypted = Resulting encrypted value
- tag = tag value
|
pkcs7_load_mem
pkcs7_load_mem( cert, format, pkcs7 var )
Load a list of PKCS7 structures in the specified format into memory, and return a structure reference that refers to the structure(s) in internal storage.
Returns 1 on success, 0 on failure
- cert = Text of a list of pkcs7 structures
- format = Format of the structure(s) passed in. Valid values are "der", "pem", or "pkcs12", with "der" used if the format is missing or any other values are passed
- pkcs7 = Structure array reference. On success, this will be neither zero nor null
|
pkcs7_get_certs
pkcs7_get_certs( pkcs7 var, x509s var )
Given a structure reference such as returned from pkcs7_load_mem, return certificate references for the x509 certificates that are embedded therein.
Returns Count of array elements returned, -1 on failure
- pkcs7 = Structure reference
- x509s = Array of x509 certificate references
|
pkcs7_verify
pkcs7_verify( pkcs7 var, root_x509 var, content )
Given a pkcs7 structure reference and root x509 certificate reference, verify the pkcs7 structure and the signed content (if provided).
Returns 1 on success, 0 on failure
- pkcs7 = PKCS7 structure reference
- root_x509 = Root x509 certificate reference
- content = Optional content if not present in the PKCS structure
|
pkcs7_free
pkcs7_free( pkcs7 var )
Remove a pkcs7 structure from internal memory. The passed pkcs7 structure reference is unchanged on failure (invalid reference) or set to 0 on success.
Returns 1 on success, 0 on failure
- pkcs7 = PKCS7 structure reference
|
evp_pkey_load_mem
evp_pkey_load_mem( data, format, passphrase, pkey var )
Given a EVP PKEY structure in the given format and a passphrase, verifies the PKEY structure and stores it in internal storage, and returns a reference to the internal storage. ⇨ Version 5.32 -- now supports the DER and PEM formats.
Returns 1 on success, 0 on failure
- data = EVP PKEY structure text
- format = Format of the PKEY structure text. Only "pkcs12" is supported
- passphrase = Passphrase for the PKEY structure
- pkey = Structure reference
|
evp_pkey_load_pubkey_mem
evp_pkey_load_pubkey_mem( data, format, pkey var )
Given EVP PKEY information in the given format, parse and load the public key from it and return a reference to the internal storage.
Returns 1 on success, 0 on failure
- data = EVP PKEY text
- format = Format of the EVP PKEY text. Valid values are "pem" and "der"
- pkey = Structure reference to internal storage
|
evp_pkey_derive
evp_pkey_derive( privkey var, peer var, key var )
Given structure references to a EVP PKEY structure with a secret key and a peer public key, derive a shared secret key and return the text in "key".
Returns 1 on success, 0 on failure
- privkey = EVP PKEY structure reference
- peer = EVP PKEY structure reference
- key = Returned text of shared secret key
|
evp_pkey_free
evp_pkey_free( key var )
Remove an EVP_PKEY structure from internal memory. The passed EVP_PKEY structure reference is unchanged on failure (invalid reference) or set to 0 on success.
Returns 1 on success, 0 on failure
- key = EVP_PKEY structure reference
|
crypto_next_error
crypto_next_error()
A string value containing the appropriate crypto error
|
crypto_clear_error
crypto_clear_error()
Clear out all crypto errors.
|
crypto_evp_sign
crypto_evp_sign( digestname, privkey, buffer, signature var )
1 on success, 0 on failure
|
crypto_evp_verify
crypto_evp_verify( digestname, pubkey, buffer, signature )
1 on success, 0 on failure
|
evp_pkey_load_pubkey_x509
evp_pkey_load_pubkey_x509( x509 var, pkey var )
Loads a PKEY reference from an x509 public key reference
1 on success, 0 on failure
- x509 = Certificate reference returned from functions such as x509_load_mem
- pkey = Structure reference
|