RC4_set_key.3ossl - Man Page

RC4 encryption


 #include <openssl/rc4.h>

The following functions have been deprecated since OpenSSL 3.0, and can be hidden entirely by defining OPENSSL_API_COMPAT with a suitable version value, see openssl_user_macros(7):

 void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);

 void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
          unsigned char *outdata);


All of the functions described on this page are deprecated. Applications should instead use EVP_EncryptInit_ex(3), EVP_EncryptUpdate(3) and EVP_EncryptFinal_ex(3) or the equivalently named decrypt functions.

This library implements the Alleged RC4 cipher, which is described for example in Applied Cryptography.  It is believed to be compatible with RC4[TM], a proprietary cipher of RSA Security Inc.

RC4 is a stream cipher with variable key length.  Typically, 128 bit (16 byte) keys are used for strong encryption, but shorter insecure key sizes have been widely used due to export restrictions.

RC4 consists of a key setup phase and the actual encryption or decryption phase.

RC4_set_key() sets up the RC4_KEY key using the len bytes long key at data.

RC4() encrypts or decrypts the len bytes of data at indata using key and places the result at outdata.  Repeated RC4() calls with the same key yield a continuous key stream.

Since RC4 is a stream cipher (the input is XORed with a pseudo-random key stream to produce the output), decryption uses the same function calls as encryption.

Return Values

RC4_set_key() and RC4() do not return values.


Applications should use the higher level functions EVP_EncryptInit(3) etc. instead of calling these functions directly.

It is difficult to securely use stream ciphers. For example, do not perform multiple encryptions using the same key stream.

See Also



All of these functions were deprecated in OpenSSL 3.0.

Referenced By

The man page RC4.3ossl(3) is an alias of RC4_set_key.3ossl(3).

2023-10-26 3.1.4 OpenSSL