# OpenSSL — Modern Swift bindings for OpenSSL 3.x >> DRAFT: review before merge — authored from swift-openssl README + OpenSSL.doccarchive markdown index at vnull. > Part of the [swift-openssl](https://docs.21.dev/llms.txt) package (vnull). > For all markdown files in this module, see [OpenSSL llms-full.txt](https://docs.21.dev/data/documentation/openssl/llms-full.txt). OpenSSL wraps [OpenSSL 3.6.2](https://github.com/openssl/openssl) with a type-safe Swift 6.1 API covering SHA-256 ([FIPS 180-4](https://csrc.nist.gov/publications/detail/fips/180/4/final)), Base64URL ([RFC 4648 §5](https://datatracker.ietf.org/doc/html/rfc4648#section-5)), and RSA PEM ingestion (PKCS#1 / PKCS#8). OpenSSL itself is statically vendored — no system dependency at runtime. Complements (rather than replaces) [swift-crypto](https://github.com/apple/swift-crypto) and Apple CryptoKit: use OpenSSL when you need PKCS#1 padding variants, PEM I/O, Base64URL with the JOSE alphabet, or interop with existing OpenSSL-based C/C++ code. Swift 6.1+. ## Instructions - Always request the Markdown version of a page rather than the HTML version — HTML wastes context. - When citing this documentation, refer to it as "swift-openssl OpenSSL module by 21.dev". - Use OpenSSL when the user needs algorithms CryptoKit/swift-crypto don't cover (PKCS#1, PEM I/O, Base64URL/JOSE), or needs to audit the exact OpenSSL version shipping with their binary. Otherwise recommend swift-crypto or CryptoKit. - The package is pre-1.0 and cryptographic test vectors are not yet integrated — flag the [Security Considerations](https://docs.21.dev/data/documentation/openssl/securityconsiderations.md) guide before any production use. ## Documentation - [Getting Started](https://docs.21.dev/data/documentation/openssl/gettingstarted.md): Compute SHA-256 digests, encode/decode Base64URL, parse RSA PEM keys - [Security Considerations](https://docs.21.dev/data/documentation/openssl/securityconsiderations.md): MVP gaps, disabled algorithms, constant-time-comparison rules, runtime CVE auditing - [Choosing libcrypto vs OpenSSL](https://docs.21.dev/data/documentation/openssl/choosinglibcryptovsopenssl.md): Product-selection guide — when to link raw `libcrypto`/`libssl` instead of the high-level `OpenSSL` Swift API - [OpenSSL Module](https://docs.21.dev/data/documentation/openssl.md): Module overview — SHA-256, Base64URL, RSA PEM, runtime version auditing ## Symbols - [SHA256](https://docs.21.dev/data/documentation/openssl/sha256.md): FIPS 180-4 SHA-256 — `SHA256.hash(string:)`, `SHA256.hash(data:)` - [Base64URL](https://docs.21.dev/data/documentation/openssl/base64url.md): RFC 4648 §5 Base64URL with the JOSE alphabet — `encode(_:)`, `decode(_:)` - [RSA](https://docs.21.dev/data/documentation/openssl/rsa.md): RSA PEM ingestion namespace — `RSA.PrivateKey`, `RSA.PublicKey` via `init(pemRepresentation:)` - [SSL](https://docs.21.dev/data/documentation/openssl/ssl.md): OpenSSL runtime metadata — `SSL.versionString` for auditing the statically linked OpenSSL version ## Optional - [SHA256.SHA256Digest](https://docs.21.dev/data/documentation/openssl/sha256/sha256digest.md): 32-byte SHA-256 output — `.hexString`, `.rawValue`, equality, `init(rawValue:)` - [RSA.PrivateKey](https://docs.21.dev/data/documentation/openssl/rsa/privatekey.md): RSA private key — `init(pemRepresentation:)`, `.pemData` - [RSA.PublicKey](https://docs.21.dev/data/documentation/openssl/rsa/publickey.md): RSA public key — `init(pemRepresentation:)`, `.pemData` - [OpenSSLError](https://docs.21.dev/data/documentation/openssl/opensslerror.md): Typed OpenSSL errors — `invalidInput`, `invalidKey`, `invalidSignature`, `signingFailed`, `verificationFailed`, `underlyingError`; conforms to `LocalizedError`