|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_certificate_set_key
|
|
Packit |
aea12f |
@anchor{gnutls_certificate_set_key}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_certificate_set_key} (gnutls_certificate_credentials_t @var{res}, const char ** @var{names}, int @var{names_size}, gnutls_pcert_st * @var{pcert_list}, int @var{pcert_list_size}, gnutls_privkey_t @var{key})
|
|
Packit |
aea12f |
@var{res}: is a @code{gnutls_certificate_credentials_t} type.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{names}: is an array of DNS names belonging to the public-key (NULL if none)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{names_size}: holds the size of the names list
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{pcert_list}: contains a certificate list (chain) or raw public-key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{pcert_list_size}: holds the size of the certificate list
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{key}: is a @code{gnutls_privkey_t} key corresponding to the first public-key in pcert_list
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function sets a public/private key pair in the
|
|
Packit |
aea12f |
gnutls_certificate_credentials_t type. The given public key may be encapsulated
|
|
Packit |
aea12f |
in a certificate or can be given as a raw key. This function may be
|
|
Packit |
aea12f |
called more than once, in case multiple key pairs exist for
|
|
Packit |
aea12f |
the server. For clients that want to send more than their own end-
|
|
Packit |
aea12f |
entity certificate (e.g., also an intermediate CA cert), the full
|
|
Packit |
aea12f |
certificate chain must be provided in @code{pcert_list} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note that the @code{key} will become part of the credentials structure and must
|
|
Packit |
aea12f |
not be deallocated. It will be automatically deallocated when the @code{res} structure
|
|
Packit |
aea12f |
is deinitialized.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If this function fails, the @code{res} structure is at an undefined state and it must
|
|
Packit |
aea12f |
not be reused to load other keys or certificates.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note that, this function by default returns zero on success and a negative value on error.
|
|
Packit |
aea12f |
Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()}
|
|
Packit |
aea12f |
it returns an index (greater or equal to zero). That index can be used for other functions to refer to the added key-pair.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Since GnuTLS 3.6.6 this function also handles raw public keys.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior).
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_certificate_set_retrieve_function2
|
|
Packit |
aea12f |
@anchor{gnutls_certificate_set_retrieve_function2}
|
|
Packit |
aea12f |
@deftypefun {void} {gnutls_certificate_set_retrieve_function2} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function2 * @var{func})
|
|
Packit |
aea12f |
@var{cred}: is a @code{gnutls_certificate_credentials_t} type.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{func}: is the callback function
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function sets a callback to be called in order to retrieve the
|
|
Packit |
aea12f |
certificate to be used in the handshake. The callback will take control
|
|
Packit |
aea12f |
only if a certificate is requested by the peer.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The callback's function prototype is:
|
|
Packit |
aea12f |
int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs,
|
|
Packit |
aea12f |
const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_pcert_st** pcert,
|
|
Packit |
aea12f |
unsigned int *pcert_length, gnutls_privkey_t * pkey);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@code{req_ca_dn} is only used in X.509 certificates.
|
|
Packit |
aea12f |
Contains a list with the CA names that the server considers trusted.
|
|
Packit |
aea12f |
This is a hint and typically the client should send a certificate that is signed
|
|
Packit |
aea12f |
by one of these CAs. These names, when available, are DER encoded. To get a more
|
|
Packit |
aea12f |
meaningful value use the function @code{gnutls_x509_rdn_get()} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@code{pk_algos} contains a list with server's acceptable public key algorithms.
|
|
Packit |
aea12f |
The certificate returned should support the server's given algorithms.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@code{pcert} should contain a single certificate and public key or a list of them.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@code{pcert_length} is the size of the previous list.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@code{pkey} is the private key.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If the callback function is provided then gnutls will call it, in the
|
|
Packit |
aea12f |
handshake, after the certificate request message has been received.
|
|
Packit |
aea12f |
All the provided by the callback values will not be released or
|
|
Packit |
aea12f |
modified by gnutls.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
In server side pk_algos and req_ca_dn are NULL.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The callback function should set the certificate list to be sent,
|
|
Packit |
aea12f |
and return 0 on success. If no certificate was selected then the
|
|
Packit |
aea12f |
number of certificates should be set to zero. The value (-1)
|
|
Packit |
aea12f |
indicates error and the handshake will be terminated. If both certificates
|
|
Packit |
aea12f |
are set in the credentials and a callback is available, the callback
|
|
Packit |
aea12f |
takes predence.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_certificate_set_retrieve_function3
|
|
Packit |
aea12f |
@anchor{gnutls_certificate_set_retrieve_function3}
|
|
Packit |
aea12f |
@deftypefun {void} {gnutls_certificate_set_retrieve_function3} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function3 * @var{func})
|
|
Packit |
aea12f |
@var{cred}: is a @code{gnutls_certificate_credentials_t} type.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{func}: is the callback function
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function sets a callback to be called in order to retrieve the
|
|
Packit |
aea12f |
certificate and OCSP responses to be used in the handshake. @code{func} will
|
|
Packit |
aea12f |
be called only if the peer requests a certificate either during handshake
|
|
Packit |
aea12f |
or during post-handshake authentication.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The callback's function prototype is defined in `abstract.h':
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
int gnutls_certificate_retrieve_function3(
|
|
Packit Service |
991b93 |
gnutls_session_t,
|
|
Packit Service |
991b93 |
const struct gnutls_cert_retr_st *info,
|
|
Packit Service |
991b93 |
gnutls_pcert_st **certs,
|
|
Packit Service |
991b93 |
unsigned int *pcert_length,
|
|
Packit Service |
991b93 |
gnutls_ocsp_data_st **ocsp,
|
|
Packit Service |
991b93 |
unsigned int *ocsp_length,
|
|
Packit Service |
991b93 |
gnutls_privkey_t *privkey,
|
|
Packit Service |
991b93 |
unsigned int *flags);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The info field of the callback contains:
|
|
Packit |
aea12f |
@code{req_ca_dn} which is a list with the CA names that the server considers trusted.
|
|
Packit |
aea12f |
This is a hint and typically the client should send a certificate that is signed
|
|
Packit |
aea12f |
by one of these CAs. These names, when available, are DER encoded. To get a more
|
|
Packit |
aea12f |
meaningful value use the function @code{gnutls_x509_rdn_get()} .
|
|
Packit |
aea12f |
@code{pk_algos} contains a list with server's acceptable public key algorithms.
|
|
Packit |
aea12f |
The certificate returned should support the server's given algorithms.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The callback should fill-in the following values.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@code{pcert} should contain an allocated list of certificates and public keys.
|
|
Packit |
aea12f |
@code{pcert_length} is the size of the previous list.
|
|
Packit |
aea12f |
@code{ocsp} should contain an allocated list of OCSP responses.
|
|
Packit |
aea12f |
@code{ocsp_length} is the size of the previous list.
|
|
Packit |
aea12f |
@code{pkey} is the private key.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If flags in the callback are set to @code{GNUTLS_CERT_RETR_DEINIT_ALL} then
|
|
Packit |
aea12f |
all provided values must be allocated using @code{gnutls_malloc()} , and will
|
|
Packit |
aea12f |
be released by gnutls; otherwise they will not be touched by gnutls.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The callback function should set the certificate and OCSP response
|
|
Packit |
aea12f |
list to be sent, and return 0 on success. If no certificates are available,
|
|
Packit |
aea12f |
the @code{pcert_length} and @code{ocsp_length} should be set to zero. The return
|
|
Packit |
aea12f |
value (-1) indicates error and the handshake will be terminated. If both
|
|
Packit |
aea12f |
certificates are set in the credentials and a callback is available, the
|
|
Packit |
aea12f |
callback takes predence.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.6.3
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pcert_deinit
|
|
Packit |
aea12f |
@anchor{gnutls_pcert_deinit}
|
|
Packit |
aea12f |
@deftypefun {void} {gnutls_pcert_deinit} (gnutls_pcert_st * @var{pcert})
|
|
Packit |
aea12f |
@var{pcert}: The structure to be deinitialized
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will deinitialize a pcert structure.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pcert_export_openpgp
|
|
Packit |
aea12f |
@anchor{gnutls_pcert_export_openpgp}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pcert_export_openpgp} (gnutls_pcert_st * @var{pcert}, gnutls_openpgp_crt_t * @var{crt})
|
|
Packit |
aea12f |
@var{pcert}: The pcert structure.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{crt}: An initialized @code{gnutls_openpgp_crt_t} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function is no-op.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pcert_export_x509
|
|
Packit |
aea12f |
@anchor{gnutls_pcert_export_x509}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pcert_export_x509} (gnutls_pcert_st * @var{pcert}, gnutls_x509_crt_t * @var{crt})
|
|
Packit |
aea12f |
@var{pcert}: The pcert structure.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{crt}: An initialized @code{gnutls_x509_crt_t} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Converts the given @code{gnutls_pcert_t} type into a @code{gnutls_x509_crt_t} .
|
|
Packit |
aea12f |
This function only works if the type of @code{pcert} is @code{GNUTLS_CRT_X509} .
|
|
Packit |
aea12f |
When successful, the value written to @code{crt} must be freed with
|
|
Packit |
aea12f |
@code{gnutls_x509_crt_deinit()} when no longer needed.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pcert_import_openpgp
|
|
Packit |
aea12f |
@anchor{gnutls_pcert_import_openpgp}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pcert_import_openpgp} (gnutls_pcert_st * @var{pcert}, gnutls_openpgp_crt_t @var{crt}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pcert}: The pcert structure
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{crt}: The raw certificate to be imported
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: zero for now
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function is no-op.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pcert_import_openpgp_raw
|
|
Packit |
aea12f |
@anchor{gnutls_pcert_import_openpgp_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pcert_import_openpgp_raw} (gnutls_pcert_st * @var{pcert}, const gnutls_datum_t * @var{cert}, gnutls_openpgp_crt_fmt_t @var{format}, gnutls_openpgp_keyid_t @var{keyid}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pcert}: The pcert structure
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{cert}: The raw certificate to be imported
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{format}: The format of the certificate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{keyid}: The key ID to use (NULL for the master key)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: zero for now
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function is no-op.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pcert_import_rawpk
|
|
Packit |
aea12f |
@anchor{gnutls_pcert_import_rawpk}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pcert_import_rawpk} (gnutls_pcert_st* @var{pcert}, gnutls_pubkey_t @var{pubkey}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pcert}: The pcert structure to import the data into.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{pubkey}: The raw public-key in @code{gnutls_pubkey_t} format to be imported
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: zero for now
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This convenience function will import (i.e. convert) the given raw
|
|
Packit |
aea12f |
public key @code{pubkey} into a @code{gnutls_pcert_st} structure. The structure
|
|
Packit |
aea12f |
must be deinitialized afterwards using @code{gnutls_pcert_deinit()} . The
|
|
Packit |
aea12f |
given @code{pubkey} must not be deinitialized because it will be associated
|
|
Packit |
aea12f |
with the given @code{pcert} structure and will be deinitialized with it.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.6.6
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pcert_import_rawpk_raw
|
|
Packit |
aea12f |
@anchor{gnutls_pcert_import_rawpk_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pcert_import_rawpk_raw} (gnutls_pcert_st* @var{pcert}, const gnutls_datum_t* @var{rawpubkey}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{key_usage}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pcert}: The pcert structure to import the data into.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{rawpubkey}: The raw public-key in @code{gnutls_datum_t} format to be imported.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{format}: The format of the raw public-key. DER or PEM.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{key_usage}: An ORed sequence of @code{GNUTLS_KEY_} * flags.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: zero for now
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This convenience function will import (i.e. convert) the given raw
|
|
Packit |
aea12f |
public key @code{rawpubkey} into a @code{gnutls_pcert_st} structure. The structure
|
|
Packit |
aea12f |
must be deinitialized afterwards using @code{gnutls_pcert_deinit()} .
|
|
Packit |
aea12f |
Note that the caller is responsible for freeing @code{rawpubkey} . All necessary
|
|
Packit |
aea12f |
values will be copied into @code{pcert} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Key usage (as defined by X.509 extension (2.5.29.15)) can be explicitly
|
|
Packit |
aea12f |
set because there is no certificate structure around the key to define
|
|
Packit |
aea12f |
this value. See for more info @code{gnutls_x509_crt_get_key_usage()} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.6.6
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pcert_import_x509
|
|
Packit |
aea12f |
@anchor{gnutls_pcert_import_x509}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pcert_import_x509} (gnutls_pcert_st * @var{pcert}, gnutls_x509_crt_t @var{crt}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pcert}: The pcert structure
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{crt}: The certificate to be imported
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: zero for now
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This convenience function will import the given certificate to a
|
|
Packit |
aea12f |
@code{gnutls_pcert_st} structure. The structure must be deinitialized
|
|
Packit |
aea12f |
afterwards using @code{gnutls_pcert_deinit()} ;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pcert_import_x509_list
|
|
Packit |
aea12f |
@anchor{gnutls_pcert_import_x509_list}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pcert_import_x509_list} (gnutls_pcert_st * @var{pcert_list}, gnutls_x509_crt_t * @var{crt}, unsigned * @var{ncrt}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pcert_list}: The structures to store the certificates; must not contain initialized @code{gnutls_pcert_st} structures.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{crt}: The certificates to be imported
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{ncrt}: The number of certificates in @code{crt} ; will be updated if necessary
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: zero or @code{GNUTLS_X509_CRT_LIST_SORT}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This convenience function will import the given certificates to an
|
|
Packit |
aea12f |
already allocated set of @code{gnutls_pcert_st} structures. The structures must
|
|
Packit |
aea12f |
be deinitialized afterwards using @code{gnutls_pcert_deinit()} . @code{pcert_list} should contain space for at least @code{ncrt} elements.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
In the case @code{GNUTLS_X509_CRT_LIST_SORT} is specified and that
|
|
Packit |
aea12f |
function cannot sort the list, @code{GNUTLS_E_CERTIFICATE_LIST_UNSORTED}
|
|
Packit |
aea12f |
will be returned. Currently sorting can fail if the list size
|
|
Packit |
aea12f |
exceeds an internal constraint (16).
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pcert_import_x509_raw
|
|
Packit |
aea12f |
@anchor{gnutls_pcert_import_x509_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pcert_import_x509_raw} (gnutls_pcert_st * @var{pcert}, const gnutls_datum_t * @var{cert}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pcert}: The pcert structure
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{cert}: The raw certificate to be imported
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{format}: The format of the certificate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: zero for now
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This convenience function will import the given certificate to a
|
|
Packit |
aea12f |
@code{gnutls_pcert_st} structure. The structure must be deinitialized
|
|
Packit |
aea12f |
afterwards using @code{gnutls_pcert_deinit()} ;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pcert_list_import_x509_file
|
|
Packit |
aea12f |
@anchor{gnutls_pcert_list_import_x509_file}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pcert_list_import_x509_file} (gnutls_pcert_st * @var{pcert_list}, unsigned * @var{pcert_list_size}, const char * @var{file}, gnutls_x509_crt_fmt_t @var{format}, gnutls_pin_callback_t @var{pin_fn}, void * @var{pin_fn_userdata}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pcert_list}: The structures to store the certificates; must not contain initialized @code{gnutls_pcert_st} structures.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{pcert_list_size}: Initially must hold the maximum number of certs. It will be updated with the number of certs available.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{file}: A file or supported URI with the certificates to load
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{format}: @code{GNUTLS_X509_FMT_DER} or @code{GNUTLS_X509_FMT_PEM} if a file is given
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{pin_fn}: a PIN callback if not globally set
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{pin_fn_userdata}: parameter for the PIN callback
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: zero or flags from @code{gnutls_certificate_import_flags}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This convenience function will import a certificate chain from the given
|
|
Packit |
aea12f |
file or supported URI to @code{gnutls_pcert_st} structures. The structures
|
|
Packit |
aea12f |
must be deinitialized afterwards using @code{gnutls_pcert_deinit()} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will always return a sorted certificate chain.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value; if the @code{pcert} list doesn't have enough space
|
|
Packit |
aea12f |
@code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.6.3
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pcert_list_import_x509_raw
|
|
Packit |
aea12f |
@anchor{gnutls_pcert_list_import_x509_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pcert_list_import_x509_raw} (gnutls_pcert_st * @var{pcert_list}, unsigned int * @var{pcert_list_size}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pcert_list}: The structures to store the certificates; must not contain initialized @code{gnutls_pcert_st} structures.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{pcert_list_size}: Initially must hold the maximum number of certs. It will be updated with the number of certs available.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{data}: The certificates.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{format}: One of DER or PEM.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: must be (0) or an OR'd sequence of gnutls_certificate_import_flags.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will import the provided DER or PEM encoded certificates to an
|
|
Packit |
aea12f |
already allocated set of @code{gnutls_pcert_st} structures. The structures must
|
|
Packit |
aea12f |
be deinitialized afterwards using @code{gnutls_pcert_deinit()} . @code{pcert_list} should contain space for at least @code{pcert_list_size} elements.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If the Certificate is PEM encoded it should have a header of "X509
|
|
Packit |
aea12f |
CERTIFICATE", or "CERTIFICATE".
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value; if the @code{pcert} list doesn't have enough space
|
|
Packit |
aea12f |
@code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_decrypt_data
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_decrypt_data}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_decrypt_data} (gnutls_privkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{ciphertext}, gnutls_datum_t * @var{plaintext})
|
|
Packit |
aea12f |
@var{key}: Holds the key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: zero for now
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{ciphertext}: holds the data to be decrypted
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{plaintext}: will contain the decrypted data, allocated with @code{gnutls_malloc()}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will decrypt the given data using the algorithm
|
|
Packit |
aea12f |
supported by the private key.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_decrypt_data2
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_decrypt_data2}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_decrypt_data2} (gnutls_privkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{ciphertext}, unsigned char * @var{plaintext}, size_t @var{plaintext_size})
|
|
Packit |
aea12f |
@var{key}: Holds the key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: zero for now
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{ciphertext}: holds the data to be decrypted
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{plaintext}: a preallocated buffer that will be filled with the plaintext
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{plaintext_size}: in/out size of the plaintext
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will decrypt the given data using the algorithm
|
|
Packit |
aea12f |
supported by the private key. Unlike with @code{gnutls_privkey_decrypt_data()}
|
|
Packit |
aea12f |
this function operates in constant time and constant memory access.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.6.5
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_deinit
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_deinit}
|
|
Packit |
aea12f |
@deftypefun {void} {gnutls_privkey_deinit} (gnutls_privkey_t @var{key})
|
|
Packit |
aea12f |
@var{key}: The key to be deinitialized
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will deinitialize a private key structure.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_export_dsa_raw
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_export_dsa_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_export_dsa_raw} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{x})
|
|
Packit |
aea12f |
@var{key}: Holds the public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{p}: will hold the p
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{q}: will hold the q
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{g}: will hold the g
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{y}: will hold the y
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{x}: will hold the x
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the DSA private key's parameters found
|
|
Packit |
aea12f |
in the given structure. The new parameters will be allocated using
|
|
Packit |
aea12f |
@code{gnutls_malloc()} and will be stored in the appropriate datum.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_export_dsa_raw2
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_export_dsa_raw2}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_export_dsa_raw2} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{x}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{key}: Holds the public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{p}: will hold the p
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{q}: will hold the q
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{g}: will hold the g
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{y}: will hold the y
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{x}: will hold the x
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: flags from @code{gnutls_abstract_export_flags_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the DSA private key's parameters found
|
|
Packit |
aea12f |
in the given structure. The new parameters will be allocated using
|
|
Packit |
aea12f |
@code{gnutls_malloc()} and will be stored in the appropriate datum.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.6.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_export_ecc_raw
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_export_ecc_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_export_ecc_raw} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k})
|
|
Packit |
aea12f |
@var{key}: Holds the public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{curve}: will hold the curve
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{x}: will hold the x-coordinate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{y}: will hold the y-coordinate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{k}: will hold the private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the ECC private key's parameters found
|
|
Packit |
aea12f |
in the given structure. The new parameters will be allocated using
|
|
Packit |
aea12f |
@code{gnutls_malloc()} and will be stored in the appropriate datum.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
In EdDSA curves the @code{y} parameter will be @code{NULL} and the other parameters
|
|
Packit |
aea12f |
will be in the native format for the curve.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_export_ecc_raw2
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_export_ecc_raw2}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_export_ecc_raw2} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{key}: Holds the public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{curve}: will hold the curve
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{x}: will hold the x-coordinate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{y}: will hold the y-coordinate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{k}: will hold the private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: flags from @code{gnutls_abstract_export_flags_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the ECC private key's parameters found
|
|
Packit |
aea12f |
in the given structure. The new parameters will be allocated using
|
|
Packit |
aea12f |
@code{gnutls_malloc()} and will be stored in the appropriate datum.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
In EdDSA curves the @code{y} parameter will be @code{NULL} and the other parameters
|
|
Packit |
aea12f |
will be in the native format for the curve.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.6.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_export_gost_raw2
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_export_gost_raw2}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_export_gost_raw2} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_digest_algorithm_t * @var{digest}, gnutls_gost_paramset_t * @var{paramset}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{key}: Holds the public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{curve}: will hold the curve
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{digest}: will hold the digest
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{paramset}: will hold the GOST parameter set ID
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{x}: will hold the x-coordinate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{y}: will hold the y-coordinate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{k}: will hold the private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: flags from @code{gnutls_abstract_export_flags_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the GOST private key's parameters found
|
|
Packit |
aea12f |
in the given structure. The new parameters will be allocated using
|
|
Packit |
aea12f |
@code{gnutls_malloc()} and will be stored in the appropriate datum.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Note:} parameters will be stored with least significant byte first. On
|
|
Packit |
aea12f |
version 3.6.3 this was incorrectly returned in big-endian format.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.6.3
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_export_openpgp
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_export_openpgp}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_export_openpgp} (gnutls_privkey_t @var{pkey}, gnutls_openpgp_privkey_t * @var{key})
|
|
Packit |
aea12f |
@var{pkey}: The private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{key}: Location for the key to be exported.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function is no-op.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_export_pkcs11
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_export_pkcs11}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_export_pkcs11} (gnutls_privkey_t @var{pkey}, gnutls_pkcs11_privkey_t * @var{key})
|
|
Packit |
aea12f |
@var{pkey}: The private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{key}: Location for the key to be exported.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Converts the given abstract private key to a @code{gnutls_pkcs11_privkey_t}
|
|
Packit |
aea12f |
type. The key must be of type @code{GNUTLS_PRIVKEY_PKCS11} . The key
|
|
Packit |
aea12f |
returned in @code{key} must be deinitialized with
|
|
Packit |
aea12f |
@code{gnutls_pkcs11_privkey_deinit()} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_export_rsa_raw
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_export_rsa_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_export_rsa_raw} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}, gnutls_datum_t * @var{e1}, gnutls_datum_t * @var{e2})
|
|
Packit |
aea12f |
@var{key}: Holds the certificate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{m}: will hold the modulus
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{e}: will hold the public exponent
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{d}: will hold the private exponent
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{p}: will hold the first prime (p)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{q}: will hold the second prime (q)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{u}: will hold the coefficient
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{e1}: will hold e1 = d mod (p-1)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{e2}: will hold e2 = d mod (q-1)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the RSA private key's parameters found
|
|
Packit |
aea12f |
in the given structure. The new parameters will be allocated using
|
|
Packit |
aea12f |
@code{gnutls_malloc()} and will be stored in the appropriate datum. For
|
|
Packit |
aea12f |
EdDSA keys, the @code{y} value should be @code{NULL} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_export_rsa_raw2
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_export_rsa_raw2}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_export_rsa_raw2} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}, gnutls_datum_t * @var{e1}, gnutls_datum_t * @var{e2}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{key}: Holds the certificate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{m}: will hold the modulus
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{e}: will hold the public exponent
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{d}: will hold the private exponent
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{p}: will hold the first prime (p)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{q}: will hold the second prime (q)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{u}: will hold the coefficient
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{e1}: will hold e1 = d mod (p-1)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{e2}: will hold e2 = d mod (q-1)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: flags from @code{gnutls_abstract_export_flags_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the RSA private key's parameters found
|
|
Packit |
aea12f |
in the given structure. The new parameters will be allocated using
|
|
Packit |
aea12f |
@code{gnutls_malloc()} and will be stored in the appropriate datum.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.6.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_export_x509
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_export_x509}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_export_x509} (gnutls_privkey_t @var{pkey}, gnutls_x509_privkey_t * @var{key})
|
|
Packit |
aea12f |
@var{pkey}: The private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{key}: Location for the key to be exported.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Converts the given abstract private key to a @code{gnutls_x509_privkey_t}
|
|
Packit |
aea12f |
type. The abstract key must be of type @code{GNUTLS_PRIVKEY_X509} . The input
|
|
Packit |
aea12f |
@code{key} must not be initialized. The key returned in @code{key} should be deinitialized
|
|
Packit |
aea12f |
using @code{gnutls_x509_privkey_deinit()} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_generate
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_generate}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_generate} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pkey}: An initialized private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{algo}: is one of the algorithms in @code{gnutls_pk_algorithm_t} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{bits}: the size of the parameters to generate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: Must be zero or flags from @code{gnutls_privkey_flags_t} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will generate a random private key. Note that this
|
|
Packit |
aea12f |
function must be called on an initialized private key.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The flag @code{GNUTLS_PRIVKEY_FLAG_PROVABLE}
|
|
Packit |
aea12f |
instructs the key generation process to use algorithms like Shawe-Taylor
|
|
Packit |
aea12f |
(from FIPS PUB186-4) which generate provable parameters out of a seed
|
|
Packit |
aea12f |
for RSA and DSA keys. See @code{gnutls_privkey_generate2()} for more
|
|
Packit |
aea12f |
information.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note that when generating an elliptic curve key, the curve
|
|
Packit |
aea12f |
can be substituted in the place of the bits parameter using the
|
|
Packit |
aea12f |
@code{GNUTLS_CURVE_TO_BITS()} macro. The input to the macro is any curve from
|
|
Packit |
aea12f |
@code{gnutls_ecc_curve_t} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
For DSA keys, if the subgroup size needs to be specified check
|
|
Packit |
aea12f |
the @code{GNUTLS_SUBGROUP_TO_BITS()} macro.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
It is recommended to do not set the number of @code{bits} directly, use @code{gnutls_sec_param_to_pk_bits()} instead .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
See also @code{gnutls_privkey_generate2()} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_generate2
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_generate2}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_generate2} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}, const gnutls_keygen_data_st * @var{data}, unsigned @var{data_size})
|
|
Packit |
aea12f |
@var{pkey}: The private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{algo}: is one of the algorithms in @code{gnutls_pk_algorithm_t} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{bits}: the size of the modulus
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: Must be zero or flags from @code{gnutls_privkey_flags_t} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{data}: Allow specifying @code{gnutls_keygen_data_st} types such as the seed to be used.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{data_size}: The number of @code{data} available.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will generate a random private key. Note that this
|
|
Packit |
aea12f |
function must be called on an initialized private key.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The flag @code{GNUTLS_PRIVKEY_FLAG_PROVABLE}
|
|
Packit |
aea12f |
instructs the key generation process to use algorithms like Shawe-Taylor
|
|
Packit |
aea12f |
(from FIPS PUB186-4) which generate provable parameters out of a seed
|
|
Packit |
aea12f |
for RSA and DSA keys. On DSA keys the PQG parameters are generated using the
|
|
Packit |
aea12f |
seed, while on RSA the two primes. To specify an explicit seed
|
|
Packit |
aea12f |
(by default a random seed is used), use the @code{data} with a @code{GNUTLS_KEYGEN_SEED}
|
|
Packit |
aea12f |
type.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note that when generating an elliptic curve key, the curve
|
|
Packit |
aea12f |
can be substituted in the place of the bits parameter using the
|
|
Packit |
aea12f |
@code{GNUTLS_CURVE_TO_BITS()} macro.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
To export the generated keys in memory or in files it is recommended to use the
|
|
Packit |
aea12f |
PKCS@code{8} form as it can handle all key types, and can store additional parameters
|
|
Packit |
aea12f |
such as the seed, in case of provable RSA or DSA keys.
|
|
Packit |
aea12f |
Generated keys can be exported in memory using @code{gnutls_privkey_export_x509()} ,
|
|
Packit |
aea12f |
and then with @code{gnutls_x509_privkey_export2_pkcs8()} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If key generation is part of your application, avoid setting the number
|
|
Packit |
aea12f |
of bits directly, and instead use @code{gnutls_sec_param_to_pk_bits()} .
|
|
Packit |
aea12f |
That way the generated keys will adapt to the security levels
|
|
Packit |
aea12f |
of the underlying GnuTLS library.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.5.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_get_pk_algorithm
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_get_pk_algorithm}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_get_pk_algorithm} (gnutls_privkey_t @var{key}, unsigned int * @var{bits})
|
|
Packit |
aea12f |
@var{key}: should contain a @code{gnutls_privkey_t} type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{bits}: If set will return the number of bits of the parameters (may be NULL)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the public key algorithm of a private
|
|
Packit |
aea12f |
key and if possible will return a number of bits that indicates
|
|
Packit |
aea12f |
the security parameter of the key.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on
|
|
Packit |
aea12f |
success, or a negative error code on error.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_get_seed
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_get_seed}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_get_seed} (gnutls_privkey_t @var{key}, gnutls_digest_algorithm_t * @var{digest}, void * @var{seed}, size_t * @var{seed_size})
|
|
Packit |
aea12f |
@var{key}: should contain a @code{gnutls_privkey_t} type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{digest}: if non-NULL it will contain the digest algorithm used for key generation (if applicable)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{seed}: where seed will be copied to
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{seed_size}: originally holds the size of @code{seed} , will be updated with actual size
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the seed that was used to generate the
|
|
Packit |
aea12f |
given private key. That function will succeed only if the key was generated
|
|
Packit |
aea12f |
as a provable key.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.5.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_get_spki
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_get_spki}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_get_spki} (gnutls_privkey_t @var{privkey}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{privkey}: a public key of type @code{gnutls_privkey_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_privkey_spki_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: must be zero
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the public key information if available.
|
|
Packit |
aea12f |
The provided @code{spki} must be initialized.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.6.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_get_type
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_get_type}
|
|
Packit |
aea12f |
@deftypefun {gnutls_privkey_type_t} {gnutls_privkey_get_type} (gnutls_privkey_t @var{key})
|
|
Packit |
aea12f |
@var{key}: should contain a @code{gnutls_privkey_t} type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the type of the private key. This is
|
|
Packit |
aea12f |
actually the type of the subsystem used to set this private key.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} a member of the @code{gnutls_privkey_type_t} enumeration on
|
|
Packit |
aea12f |
success, or a negative error code on error.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_import_dsa_raw
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_import_dsa_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_import_dsa_raw} (gnutls_privkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{x})
|
|
Packit |
aea12f |
@var{key}: The structure to store the parsed key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{p}: holds the p
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{q}: holds the q
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{g}: holds the g
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{y}: holds the y
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{x}: holds the x
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will convert the given DSA raw parameters to the
|
|
Packit |
aea12f |
native @code{gnutls_privkey_t} format. The output will be stored
|
|
Packit |
aea12f |
in @code{key} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_import_ecc_raw
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_import_ecc_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_import_ecc_raw} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k})
|
|
Packit |
aea12f |
@var{key}: The key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{curve}: holds the curve
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{x}: holds the x-coordinate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{y}: holds the y-coordinate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{k}: holds the k (private key)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will convert the given elliptic curve parameters to the
|
|
Packit |
aea12f |
native @code{gnutls_privkey_t} format. The output will be stored
|
|
Packit |
aea12f |
in @code{key} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
In EdDSA curves the @code{y} parameter should be @code{NULL} and the @code{x} and @code{k} parameters
|
|
Packit |
aea12f |
must be in the native format for the curve.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_import_ext
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_import_ext}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_import_ext} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{pk}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_func}, gnutls_privkey_decrypt_func @var{decrypt_func}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pkey}: The private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{pk}: The public key algorithm
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{userdata}: private data to be provided to the callbacks
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{sign_func}: callback for signature operations
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{decrypt_func}: callback for decryption operations
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: Flags for the import
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will associate the given callbacks with the
|
|
Packit |
aea12f |
@code{gnutls_privkey_t} type. At least one of the two callbacks
|
|
Packit |
aea12f |
must be non-null.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note that the signing function is supposed to "raw" sign data, i.e.,
|
|
Packit |
aea12f |
without any hashing or preprocessing. In case of RSA the DigestInfo
|
|
Packit |
aea12f |
will be provided, and the signing function is expected to do the PKCS @code{1}
|
|
Packit |
aea12f |
1.5 padding and the exponentiation.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
See also @code{gnutls_privkey_import_ext3()} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_import_ext2
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_import_ext2}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_import_ext2} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{pk}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pkey}: The private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{pk}: The public key algorithm
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{userdata}: private data to be provided to the callbacks
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{sign_fn}: callback for signature operations
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{decrypt_fn}: callback for decryption operations
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{deinit_fn}: a deinitialization function
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: Flags for the import
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will associate the given callbacks with the
|
|
Packit |
aea12f |
@code{gnutls_privkey_t} type. At least one of the two callbacks
|
|
Packit |
aea12f |
must be non-null. If a deinitialization function is provided
|
|
Packit |
aea12f |
then flags is assumed to contain @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note that the signing function is supposed to "raw" sign data, i.e.,
|
|
Packit |
aea12f |
without any hashing or preprocessing. In case of RSA the DigestInfo
|
|
Packit |
aea12f |
will be provided, and the signing function is expected to do the PKCS @code{1}
|
|
Packit |
aea12f |
1.5 padding and the exponentiation.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
See also @code{gnutls_privkey_import_ext3()} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.1
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_import_ext3
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_import_ext3}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_import_ext3} (gnutls_privkey_t @var{pkey}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, gnutls_privkey_info_func @var{info_fn}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pkey}: The private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{userdata}: private data to be provided to the callbacks
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{sign_fn}: callback for signature operations
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{decrypt_fn}: callback for decryption operations
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{deinit_fn}: a deinitialization function
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{info_fn}: returns info about the public key algorithm (should not be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: Flags for the import
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will associate the given callbacks with the
|
|
Packit |
aea12f |
@code{gnutls_privkey_t} type. At least one of the two callbacks
|
|
Packit |
aea12f |
must be non-null. If a deinitialization function is provided
|
|
Packit |
aea12f |
then flags is assumed to contain @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note that the signing function is supposed to "raw" sign data, i.e.,
|
|
Packit |
aea12f |
without any hashing or preprocessing. In case of RSA the DigestInfo
|
|
Packit |
aea12f |
will be provided, and the signing function is expected to do the PKCS @code{1}
|
|
Packit |
aea12f |
1.5 padding and the exponentiation.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The @code{info_fn} must provide information on the algorithms supported by
|
|
Packit |
aea12f |
this private key, and should support the flags @code{GNUTLS_PRIVKEY_INFO_PK_ALGO} and
|
|
Packit |
aea12f |
@code{GNUTLS_PRIVKEY_INFO_SIGN_ALGO} . It must return -1 on unknown flags.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_import_ext4
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_import_ext4}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_import_ext4} (gnutls_privkey_t @var{pkey}, void * @var{userdata}, gnutls_privkey_sign_data_func @var{sign_data_fn}, gnutls_privkey_sign_hash_func @var{sign_hash_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, gnutls_privkey_info_func @var{info_fn}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pkey}: The private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{userdata}: private data to be provided to the callbacks
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{sign_data_fn}: callback for signature operations (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{sign_hash_fn}: callback for signature operations (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{decrypt_fn}: callback for decryption operations (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{deinit_fn}: a deinitialization function
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{info_fn}: returns info about the public key algorithm (should not be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: Flags for the import
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will associate the given callbacks with the
|
|
Packit |
aea12f |
@code{gnutls_privkey_t} type. At least one of the callbacks
|
|
Packit |
aea12f |
must be non-null. If a deinitialization function is provided
|
|
Packit |
aea12f |
then flags is assumed to contain @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note that in contrast with the signing function of
|
|
Packit |
aea12f |
@code{gnutls_privkey_import_ext3()} , the signing functions provided to this
|
|
Packit |
aea12f |
function take explicitly the signature algorithm as parameter and
|
|
Packit |
aea12f |
different functions are provided to sign the data and hashes.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The @code{sign_hash_fn} is to be called to sign pre-hashed data. The input
|
|
Packit |
aea12f |
to the callback is the output of the hash (such as SHA256) corresponding
|
|
Packit |
aea12f |
to the signature algorithm. For RSA PKCS@code{1} signatures, the signature
|
|
Packit |
aea12f |
algorithm can be set to @code{GNUTLS_SIGN_RSA_RAW} , and in that case the data
|
|
Packit |
aea12f |
should be handled as if they were an RSA PKCS@code{1} DigestInfo structure.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The @code{sign_data_fn} is to be called to sign data. The input data will be
|
|
Packit |
aea12f |
he data to be signed (and hashed), with the provided signature
|
|
Packit |
aea12f |
algorithm. This function is to be used for signature algorithms like
|
|
Packit |
aea12f |
Ed25519 which cannot take pre-hashed data as input.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
When both @code{sign_data_fn} and @code{sign_hash_fn} functions are provided they
|
|
Packit |
aea12f |
must be able to operate on all the supported signature algorithms,
|
|
Packit |
aea12f |
unless prohibited by the type of the algorithm (e.g., as with Ed25519).
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The @code{info_fn} must provide information on the signature algorithms supported by
|
|
Packit |
aea12f |
this private key, and should support the flags @code{GNUTLS_PRIVKEY_INFO_PK_ALGO} ,
|
|
Packit |
aea12f |
@code{GNUTLS_PRIVKEY_INFO_HAVE_SIGN_ALGO} and @code{GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS} .
|
|
Packit |
aea12f |
It must return -1 on unknown flags.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.6.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_import_gost_raw
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_import_gost_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_import_gost_raw} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, gnutls_digest_algorithm_t @var{digest}, gnutls_gost_paramset_t @var{paramset}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k})
|
|
Packit |
aea12f |
@var{key}: The key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{curve}: holds the curve
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{digest}: holds the digest
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{paramset}: holds the GOST parameter set ID
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{x}: holds the x-coordinate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{y}: holds the y-coordinate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{k}: holds the k (private key)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will convert the given GOST private key's parameters to the
|
|
Packit |
aea12f |
native @code{gnutls_privkey_t} format. The output will be stored
|
|
Packit |
aea12f |
in @code{key} . @code{digest} should be one of GNUTLS_DIG_GOSR_94,
|
|
Packit |
aea12f |
GNUTLS_DIG_STREEBOG_256 or GNUTLS_DIG_STREEBOG_512. If @code{paramset} is set to
|
|
Packit |
aea12f |
GNUTLS_GOST_PARAMSET_UNKNOWN default one will be selected depending on
|
|
Packit |
aea12f |
@code{digest} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Note:} parameters should be stored with least significant byte first. On
|
|
Packit |
aea12f |
version 3.6.3 big-endian format was used incorrectly.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.6.3
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_import_openpgp
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_import_openpgp}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_import_openpgp} (gnutls_privkey_t @var{pkey}, gnutls_openpgp_privkey_t @var{key}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pkey}: The private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{key}: The private key to be imported
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: Flags for the import
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function is no-op.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_import_openpgp_raw
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_import_openpgp_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_import_openpgp_raw} (gnutls_privkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_openpgp_crt_fmt_t @var{format}, const gnutls_openpgp_keyid_t @var{keyid}, const char * @var{password})
|
|
Packit |
aea12f |
@var{pkey}: The private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{data}: The private key data to be imported
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{format}: The format of the private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{keyid}: The key id to use (optional)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{password}: A password (optional)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function is no-op.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.1.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_import_pkcs11
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_import_pkcs11}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_import_pkcs11} (gnutls_privkey_t @var{pkey}, gnutls_pkcs11_privkey_t @var{key}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pkey}: The private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{key}: The private key to be imported
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: Flags for the import
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will import the given private key to the abstract
|
|
Packit |
aea12f |
@code{gnutls_privkey_t} type.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The @code{gnutls_pkcs11_privkey_t} object must not be deallocated
|
|
Packit |
aea12f |
during the lifetime of this structure.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@code{flags} might be zero or one of @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE}
|
|
Packit |
aea12f |
and @code{GNUTLS_PRIVKEY_IMPORT_COPY} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_import_pkcs11_url
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_import_pkcs11_url}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_import_pkcs11_url} (gnutls_privkey_t @var{key}, const char * @var{url})
|
|
Packit |
aea12f |
@var{key}: A key of type @code{gnutls_pubkey_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{url}: A PKCS 11 url
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will import a PKCS 11 private key to a @code{gnutls_private_key_t}
|
|
Packit |
aea12f |
type.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.1.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_import_rsa_raw
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_import_rsa_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_import_rsa_raw} (gnutls_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u}, const gnutls_datum_t * @var{e1}, const gnutls_datum_t * @var{e2})
|
|
Packit |
aea12f |
@var{key}: The structure to store the parsed key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{m}: holds the modulus
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{e}: holds the public exponent
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{d}: holds the private exponent
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{p}: holds the first prime (p)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{q}: holds the second prime (q)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{u}: holds the coefficient (optional)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{e1}: holds e1 = d mod (p-1) (optional)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{e2}: holds e2 = d mod (q-1) (optional)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will convert the given RSA raw parameters to the
|
|
Packit |
aea12f |
native @code{gnutls_privkey_t} format. The output will be stored in
|
|
Packit |
aea12f |
@code{key} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_import_tpm_raw
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_import_tpm_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_import_tpm_raw} (gnutls_privkey_t @var{pkey}, const gnutls_datum_t * @var{fdata}, gnutls_tpmkey_fmt_t @var{format}, const char * @var{srk_password}, const char * @var{key_password}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pkey}: The private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{fdata}: The TPM key to be imported
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{format}: The format of the private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{srk_password}: The password for the SRK key (optional)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{key_password}: A password for the key (optional)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: should be zero
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will import the given private key to the abstract
|
|
Packit |
aea12f |
@code{gnutls_privkey_t} type.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
With respect to passwords the same as in @code{gnutls_privkey_import_tpm_url()} apply.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.1.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_import_tpm_url
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_import_tpm_url}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_import_tpm_url} (gnutls_privkey_t @var{pkey}, const char * @var{url}, const char * @var{srk_password}, const char * @var{key_password}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pkey}: The private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{url}: The URL of the TPM key to be imported
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{srk_password}: The password for the SRK key (optional)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{key_password}: A password for the key (optional)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: One of the GNUTLS_PRIVKEY_* flags
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will import the given private key to the abstract
|
|
Packit |
aea12f |
@code{gnutls_privkey_t} type.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note that unless @code{GNUTLS_PRIVKEY_DISABLE_CALLBACKS}
|
|
Packit |
aea12f |
is specified, if incorrect (or NULL) passwords are given
|
|
Packit |
aea12f |
the PKCS11 callback functions will be used to obtain the
|
|
Packit |
aea12f |
correct passwords. Otherwise if the SRK password is wrong
|
|
Packit |
aea12f |
@code{GNUTLS_E_TPM_SRK_PASSWORD_ERROR} is returned and if the key password
|
|
Packit |
aea12f |
is wrong or not provided then @code{GNUTLS_E_TPM_KEY_PASSWORD_ERROR}
|
|
Packit |
aea12f |
is returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.1.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_import_url
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_import_url}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_import_url} (gnutls_privkey_t @var{key}, const char * @var{url}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{key}: A key of type @code{gnutls_privkey_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{url}: A PKCS 11 url
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: should be zero
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will import a PKCS11 or TPM URL as a
|
|
Packit |
aea12f |
private key. The supported URL types can be checked
|
|
Packit |
aea12f |
using @code{gnutls_url_is_supported()} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.1.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_import_x509
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_import_x509}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_import_x509} (gnutls_privkey_t @var{pkey}, gnutls_x509_privkey_t @var{key}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pkey}: The private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{key}: The private key to be imported
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: Flags for the import
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will import the given private key to the abstract
|
|
Packit |
aea12f |
@code{gnutls_privkey_t} type.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The @code{gnutls_x509_privkey_t} object must not be deallocated
|
|
Packit |
aea12f |
during the lifetime of this structure.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@code{flags} might be zero or one of @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE}
|
|
Packit |
aea12f |
and @code{GNUTLS_PRIVKEY_IMPORT_COPY} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_import_x509_raw
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_import_x509_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_import_x509_raw} (gnutls_privkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pkey}: The private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{data}: The private key data to be imported
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{format}: The format of the private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{password}: A password (optional)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will import the given private key to the abstract
|
|
Packit |
aea12f |
@code{gnutls_privkey_t} type.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The supported formats are basic unencrypted key, PKCS8, PKCS12,
|
|
Packit |
aea12f |
and the openssl format.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.1.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_init
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_init}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_init} (gnutls_privkey_t * @var{key})
|
|
Packit |
aea12f |
@var{key}: A pointer to the type to be initialized
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will initialize a private key object. The object can
|
|
Packit |
aea12f |
be used to generate, import, and perform cryptographic operations
|
|
Packit |
aea12f |
on the associated private key.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note that when the underlying private key is a PKCS@code{11} key (i.e.,
|
|
Packit |
aea12f |
when imported with a PKCS@code{11} URI), the limitations of @code{gnutls_pkcs11_privkey_init()}
|
|
Packit |
aea12f |
apply to this object as well. In versions of GnuTLS later than 3.5.11 the object
|
|
Packit |
aea12f |
is protected using locks and a single @code{gnutls_privkey_t} can be re-used
|
|
Packit |
aea12f |
by many threads. However, for performance it is recommended to utilize
|
|
Packit |
aea12f |
one object per key per thread.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_set_flags
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_set_flags}
|
|
Packit |
aea12f |
@deftypefun {void} {gnutls_privkey_set_flags} (gnutls_privkey_t @var{key}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{key}: A key of type @code{gnutls_privkey_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: flags from the @code{gnutls_privkey_flags}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will set flags for the specified private key, after
|
|
Packit |
aea12f |
it is generated. Currently this is useful for the @code{GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT}
|
|
Packit |
aea12f |
to allow exporting a "provable" private key in backwards compatible way.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.5.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_set_pin_function
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_set_pin_function}
|
|
Packit |
aea12f |
@deftypefun {void} {gnutls_privkey_set_pin_function} (gnutls_privkey_t @var{key}, gnutls_pin_callback_t @var{fn}, void * @var{userdata})
|
|
Packit |
aea12f |
@var{key}: A key of type @code{gnutls_privkey_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{fn}: the callback
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{userdata}: data associated with the callback
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will set a callback function to be used when
|
|
Packit |
aea12f |
required to access the object. This function overrides any other
|
|
Packit |
aea12f |
global PIN functions.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note that this function must be called right after initialization
|
|
Packit |
aea12f |
to have effect.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.1.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_set_spki
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_set_spki}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_set_spki} (gnutls_privkey_t @var{privkey}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{privkey}: a public key of type @code{gnutls_privkey_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_privkey_spki_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: must be zero
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will set the public key information.
|
|
Packit |
aea12f |
The provided @code{spki} must be initialized.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.6.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_sign_data
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_sign_data}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_sign_data} (gnutls_privkey_t @var{signer}, gnutls_digest_algorithm_t @var{hash}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{signature})
|
|
Packit |
aea12f |
@var{signer}: Holds the key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{hash}: should be a digest algorithm
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: Zero or one of @code{gnutls_privkey_flags_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{data}: holds the data to be signed
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{signature}: will contain the signature allocated with @code{gnutls_malloc()}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will sign the given data using a signature algorithm
|
|
Packit |
aea12f |
supported by the private key. Signature algorithms are always used
|
|
Packit |
aea12f |
together with a hash functions. Different hash functions may be
|
|
Packit |
aea12f |
used for the RSA algorithm, but only the SHA family for the DSA keys.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
You may use @code{gnutls_pubkey_get_preferred_hash_algorithm()} to determine
|
|
Packit |
aea12f |
the hash algorithm.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_sign_data2
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_sign_data2}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_sign_data2} (gnutls_privkey_t @var{signer}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{signature})
|
|
Packit |
aea12f |
@var{signer}: Holds the key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{algo}: The signature algorithm used
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: Zero or one of @code{gnutls_privkey_flags_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{data}: holds the data to be signed
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{signature}: will contain the signature allocated with @code{gnutls_malloc()}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will sign the given data using the specified signature
|
|
Packit |
aea12f |
algorithm. This function is an enhancement of @code{gnutls_privkey_sign_data()} ,
|
|
Packit |
aea12f |
as it allows utilizing a alternative signature algorithm where possible
|
|
Packit |
aea12f |
(e.g, use an RSA key with RSA-PSS).
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.6.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_sign_hash
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_sign_hash}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_sign_hash} (gnutls_privkey_t @var{signer}, gnutls_digest_algorithm_t @var{hash_algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash_data}, gnutls_datum_t * @var{signature})
|
|
Packit |
aea12f |
@var{signer}: Holds the signer's key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{hash_algo}: The hash algorithm used
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: Zero or one of @code{gnutls_privkey_flags_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{hash_data}: holds the data to be signed
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{signature}: will contain newly allocated signature
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will sign the given hashed data using a signature algorithm
|
|
Packit |
aea12f |
supported by the private key. Signature algorithms are always used
|
|
Packit |
aea12f |
together with a hash functions. Different hash functions may be
|
|
Packit |
aea12f |
used for the RSA algorithm, but only SHA-XXX for the DSA keys.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
You may use @code{gnutls_pubkey_get_preferred_hash_algorithm()} to determine
|
|
Packit |
aea12f |
the hash algorithm.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The flags may be @code{GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA} or @code{GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS} .
|
|
Packit |
aea12f |
In the former case this function will ignore @code{hash_algo} and perform a raw PKCS1 signature,
|
|
Packit |
aea12f |
and in the latter an RSA-PSS signature will be generated.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note that, not all algorithm support signing already hashed data. When
|
|
Packit |
aea12f |
signing with Ed25519, @code{gnutls_privkey_sign_data()} should be used.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_sign_hash2
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_sign_hash2}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_sign_hash2} (gnutls_privkey_t @var{signer}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash_data}, gnutls_datum_t * @var{signature})
|
|
Packit |
aea12f |
@var{signer}: Holds the signer's key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{algo}: The signature algorithm used
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: Zero or one of @code{gnutls_privkey_flags_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{hash_data}: holds the data to be signed
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{signature}: will contain newly allocated signature
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
This function will sign the given hashed data using the specified signature
|
|
Packit Service |
991b93 |
algorithm. This function is an enhancement of @code{gnutls_privkey_sign_hash()} ,
|
|
Packit Service |
991b93 |
as it allows utilizing a alternative signature algorithm where possible
|
|
Packit Service |
991b93 |
(e.g, use an RSA key with RSA-PSS).
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
The flags may be @code{GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA} .
|
|
Packit Service |
991b93 |
In that case this function will ignore @code{hash_algo} and perform a raw PKCS1 signature.
|
|
Packit Service |
991b93 |
Note that this flag is supported since 3.6.9.
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
Note also that, not all algorithm support signing already hashed data. When
|
|
Packit Service |
991b93 |
signing with Ed25519, @code{gnutls_privkey_sign_data2()} should be used instead.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.6.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_status
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_status}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_status} (gnutls_privkey_t @var{key})
|
|
Packit |
aea12f |
@var{key}: Holds the key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Checks the status of the private key token. This function
|
|
Packit |
aea12f |
is an actual wrapper over @code{gnutls_pkcs11_privkey_status()} , and
|
|
Packit |
aea12f |
if the private key is a PKCS @code{11} token it will check whether
|
|
Packit |
aea12f |
it is inserted or not.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} this function will return non-zero if the token
|
|
Packit |
aea12f |
holding the private key is still available (inserted), and zero otherwise.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.1.10
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_verify_params
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_verify_params}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_verify_params} (gnutls_privkey_t @var{key})
|
|
Packit |
aea12f |
@var{key}: should contain a @code{gnutls_privkey_t} type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will verify the private key parameters.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_privkey_verify_seed
|
|
Packit |
aea12f |
@anchor{gnutls_privkey_verify_seed}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_privkey_verify_seed} (gnutls_privkey_t @var{key}, gnutls_digest_algorithm_t @var{digest}, const void * @var{seed}, size_t @var{seed_size})
|
|
Packit |
aea12f |
@var{key}: should contain a @code{gnutls_privkey_t} type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{digest}: it contains the digest algorithm used for key generation (if applicable)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{seed}: the seed of the key to be checked with
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{seed_size}: holds the size of @code{seed}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will verify that the given private key was generated from
|
|
Packit |
aea12f |
the provided seed.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PRIVKEY_VERIFICATION_ERROR}
|
|
Packit |
aea12f |
is returned, and zero or positive code on success.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.5.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_deinit
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_deinit}
|
|
Packit |
aea12f |
@deftypefun {void} {gnutls_pubkey_deinit} (gnutls_pubkey_t @var{key})
|
|
Packit |
aea12f |
@var{key}: The key to be deinitialized
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will deinitialize a public key structure.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_encrypt_data
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_encrypt_data}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_encrypt_data} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{plaintext}, gnutls_datum_t * @var{ciphertext})
|
|
Packit |
aea12f |
@var{key}: Holds the public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: should be 0 for now
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{plaintext}: The data to be encrypted
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{ciphertext}: contains the encrypted data
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will encrypt the given data, using the public
|
|
Packit |
aea12f |
key. On success the @code{ciphertext} will be allocated using @code{gnutls_malloc()} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_export
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_export}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_export} (gnutls_pubkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})
|
|
Packit |
aea12f |
@var{key}: Holds the certificate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{format}: the format of output params. One of PEM or DER.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{output_data}: will contain a certificate PEM or DER encoded
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{output_data_size}: holds the size of output_data (and will be
|
|
Packit |
aea12f |
replaced by the actual size of parameters)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the public key to DER or PEM format.
|
|
Packit |
aea12f |
The contents of the exported data is the SubjectPublicKeyInfo
|
|
Packit |
aea12f |
X.509 structure.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If the buffer provided is not long enough to hold the output, then
|
|
Packit |
aea12f |
*output_data_size is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will
|
|
Packit |
aea12f |
be returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If the structure is PEM encoded, it will have a header
|
|
Packit |
aea12f |
of "BEGIN CERTIFICATE".
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} In case of failure a negative error code will be
|
|
Packit |
aea12f |
returned, and 0 on success.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_export2
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_export2}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_export2} (gnutls_pubkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out})
|
|
Packit |
aea12f |
@var{key}: Holds the certificate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{format}: the format of output params. One of PEM or DER.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{out}: will contain a certificate PEM or DER encoded
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the public key to DER or PEM format.
|
|
Packit |
aea12f |
The contents of the exported data is the SubjectPublicKeyInfo
|
|
Packit |
aea12f |
X.509 structure.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The output buffer will be allocated using @code{gnutls_malloc()} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If the structure is PEM encoded, it will have a header
|
|
Packit |
aea12f |
of "BEGIN CERTIFICATE".
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} In case of failure a negative error code will be
|
|
Packit |
aea12f |
returned, and 0 on success.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.1.3
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_export_dsa_raw
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_export_dsa_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_export_dsa_raw} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y})
|
|
Packit |
aea12f |
@var{key}: Holds the public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{p}: will hold the p (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{q}: will hold the q (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{g}: will hold the g (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{y}: will hold the y (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the DSA public key's parameters found in
|
|
Packit |
aea12f |
the given certificate. The new parameters will be allocated using
|
|
Packit |
aea12f |
@code{gnutls_malloc()} and will be stored in the appropriate datum.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function allows for @code{NULL} parameters since 3.4.1.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_export_dsa_raw2
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_export_dsa_raw2}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_export_dsa_raw2} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, unsigned @var{flags})
|
|
Packit |
aea12f |
@var{key}: Holds the public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{p}: will hold the p (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{q}: will hold the q (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{g}: will hold the g (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{y}: will hold the y (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: flags from @code{gnutls_abstract_export_flags_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the DSA public key's parameters found in
|
|
Packit |
aea12f |
the given certificate. The new parameters will be allocated using
|
|
Packit |
aea12f |
@code{gnutls_malloc()} and will be stored in the appropriate datum.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function allows for @code{NULL} parameters since 3.4.1.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.6.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_export_ecc_raw
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_export_ecc_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_export_ecc_raw} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y})
|
|
Packit |
aea12f |
@var{key}: Holds the public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{curve}: will hold the curve (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{x}: will hold x-coordinate (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{y}: will hold y-coordinate (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the ECC public key's parameters found in
|
|
Packit |
aea12f |
the given key. The new parameters will be allocated using
|
|
Packit |
aea12f |
@code{gnutls_malloc()} and will be stored in the appropriate datum.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
In EdDSA curves the @code{y} parameter will be @code{NULL} and the other parameters
|
|
Packit |
aea12f |
will be in the native format for the curve.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function allows for @code{NULL} parameters since 3.4.1.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_export_ecc_raw2
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_export_ecc_raw2}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_export_ecc_raw2} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{key}: Holds the public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{curve}: will hold the curve (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{x}: will hold x-coordinate (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{y}: will hold y-coordinate (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: flags from @code{gnutls_abstract_export_flags_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the ECC public key's parameters found in
|
|
Packit |
aea12f |
the given key. The new parameters will be allocated using
|
|
Packit |
aea12f |
@code{gnutls_malloc()} and will be stored in the appropriate datum.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
In EdDSA curves the @code{y} parameter will be @code{NULL} and the other parameters
|
|
Packit |
aea12f |
will be in the native format for the curve.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function allows for @code{NULL} parameters since 3.4.1.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.6.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_export_ecc_x962
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_export_ecc_x962}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_export_ecc_x962} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{parameters}, gnutls_datum_t * @var{ecpoint})
|
|
Packit |
aea12f |
@var{key}: Holds the public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{parameters}: DER encoding of an ANSI X9.62 parameters
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{ecpoint}: DER encoding of ANSI X9.62 ECPoint
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the ECC public key's parameters found in
|
|
Packit |
aea12f |
the given certificate. The new parameters will be allocated using
|
|
Packit |
aea12f |
@code{gnutls_malloc()} and will be stored in the appropriate datum.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_export_gost_raw2
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_export_gost_raw2}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_export_gost_raw2} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_digest_algorithm_t * @var{digest}, gnutls_gost_paramset_t * @var{paramset}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{key}: Holds the public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{curve}: will hold the curve (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{digest}: will hold the curve (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{paramset}: will hold the parameters id (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{x}: will hold the x-coordinate (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{y}: will hold the y-coordinate (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: flags from @code{gnutls_abstract_export_flags_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the GOST public key's parameters found in
|
|
Packit |
aea12f |
the given key. The new parameters will be allocated using
|
|
Packit |
aea12f |
@code{gnutls_malloc()} and will be stored in the appropriate datum.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Note:} parameters will be stored with least significant byte first. On
|
|
Packit |
aea12f |
version 3.6.3 this was incorrectly returned in big-endian format.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.6.3
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_export_rsa_raw
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_export_rsa_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_export_rsa_raw} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e})
|
|
Packit |
aea12f |
@var{key}: Holds the certificate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{m}: will hold the modulus (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{e}: will hold the public exponent (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the RSA public key's parameters found in
|
|
Packit |
aea12f |
the given structure. The new parameters will be allocated using
|
|
Packit |
aea12f |
@code{gnutls_malloc()} and will be stored in the appropriate datum.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function allows for @code{NULL} parameters since 3.4.1.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_export_rsa_raw2
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_export_rsa_raw2}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_export_rsa_raw2} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, unsigned @var{flags})
|
|
Packit |
aea12f |
@var{key}: Holds the certificate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{m}: will hold the modulus (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{e}: will hold the public exponent (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: flags from @code{gnutls_abstract_export_flags_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the RSA public key's parameters found in
|
|
Packit |
aea12f |
the given structure. The new parameters will be allocated using
|
|
Packit |
aea12f |
@code{gnutls_malloc()} and will be stored in the appropriate datum.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function allows for @code{NULL} parameters since 3.4.1.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.6.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_get_key_id
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_get_key_id}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_get_key_id} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size})
|
|
Packit |
aea12f |
@var{key}: Holds the public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: should be one of the flags from @code{gnutls_keyid_flags_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{output_data}: will contain the key ID
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{output_data_size}: holds the size of output_data (and will be
|
|
Packit |
aea12f |
replaced by the actual size of parameters)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return a unique ID that depends on the public
|
|
Packit |
aea12f |
key parameters. This ID can be used in checking whether a
|
|
Packit |
aea12f |
certificate corresponds to the given public key.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If the buffer provided is not long enough to hold the output, then
|
|
Packit |
aea12f |
*output_data_size is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will
|
|
Packit |
aea12f |
be returned. The output will normally be a SHA-1 hash output,
|
|
Packit |
aea12f |
which is 20 bytes.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} In case of failure a negative error code will be
|
|
Packit |
aea12f |
returned, and 0 on success.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_get_key_usage
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_get_key_usage}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_get_key_usage} (gnutls_pubkey_t @var{key}, unsigned int * @var{usage})
|
|
Packit |
aea12f |
@var{key}: should contain a @code{gnutls_pubkey_t} type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{usage}: If set will return the number of bits of the parameters (may be NULL)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the key usage of the public key.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_get_openpgp_key_id
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_get_openpgp_key_id}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_get_openpgp_key_id} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}, unsigned int * @var{subkey})
|
|
Packit |
aea12f |
@var{key}: Holds the public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: should be one of the flags from @code{gnutls_keyid_flags_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{output_data}: will contain the key ID
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{output_data_size}: holds the size of output_data (and will be
|
|
Packit |
aea12f |
replaced by the actual size of parameters)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{subkey}: ignored
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function is no-op.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_get_pk_algorithm
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_get_pk_algorithm}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_get_pk_algorithm} (gnutls_pubkey_t @var{key}, unsigned int * @var{bits})
|
|
Packit |
aea12f |
@var{key}: should contain a @code{gnutls_pubkey_t} type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{bits}: If set will return the number of bits of the parameters (may be NULL)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the public key algorithm of a public
|
|
Packit |
aea12f |
key and if possible will return a number of bits that indicates
|
|
Packit |
aea12f |
the security parameter of the key.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on
|
|
Packit |
aea12f |
success, or a negative error code on error.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_get_preferred_hash_algorithm
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_get_preferred_hash_algorithm}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_get_preferred_hash_algorithm} (gnutls_pubkey_t @var{key}, gnutls_digest_algorithm_t * @var{hash}, unsigned int * @var{mand})
|
|
Packit |
aea12f |
@var{key}: Holds the certificate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{hash}: The result of the call with the hash algorithm used for signature
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{mand}: If non zero it means that the algorithm MUST use this hash. May be NULL.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will read the certificate and return the appropriate digest
|
|
Packit |
aea12f |
algorithm to use for signing with this certificate. Some certificates (i.e.
|
|
Packit |
aea12f |
DSA might not be able to sign without the preferred algorithm).
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
To get the signature algorithm instead of just the hash use @code{gnutls_pk_to_sign()}
|
|
Packit |
aea12f |
with the algorithm of the certificate/key and the provided @code{hash} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} the 0 if the hash algorithm is found. A negative error code is
|
|
Packit |
aea12f |
returned on error.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_get_spki
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_get_spki}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_get_spki} (gnutls_pubkey_t @var{pubkey}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pubkey}: a public key of type @code{gnutls_pubkey_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_pubkey_spki_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: must be zero
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the public key information if available.
|
|
Packit |
aea12f |
The provided @code{spki} must be initialized.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.6.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_import
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_import}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_import} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})
|
|
Packit |
aea12f |
@var{key}: The public key.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{data}: The DER or PEM encoded certificate.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{format}: One of DER or PEM
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will import the provided public key in
|
|
Packit |
aea12f |
a SubjectPublicKeyInfo X.509 structure to a native
|
|
Packit |
aea12f |
@code{gnutls_pubkey_t} type. The output will be stored
|
|
Packit |
aea12f |
in @code{key} . If the public key is PEM encoded it should have a header
|
|
Packit |
aea12f |
of "PUBLIC KEY".
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_import_dsa_raw
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_import_dsa_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_import_dsa_raw} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y})
|
|
Packit |
aea12f |
@var{key}: The structure to store the parsed key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{p}: holds the p
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{q}: holds the q
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{g}: holds the g
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{y}: holds the y
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will convert the given DSA raw parameters to the
|
|
Packit |
aea12f |
native @code{gnutls_pubkey_t} format. The output will be stored
|
|
Packit |
aea12f |
in @code{key} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_import_ecc_raw
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_import_ecc_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_import_ecc_raw} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y})
|
|
Packit |
aea12f |
@var{key}: The structure to store the parsed key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{curve}: holds the curve
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{x}: holds the x-coordinate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{y}: holds the y-coordinate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will convert the given elliptic curve parameters to a
|
|
Packit |
aea12f |
@code{gnutls_pubkey_t} . The output will be stored in @code{key} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
In EdDSA curves the @code{y} parameter should be @code{NULL} and the @code{x} parameter must
|
|
Packit |
aea12f |
be the value in the native format for the curve.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_import_ecc_x962
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_import_ecc_x962}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_import_ecc_x962} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{parameters}, const gnutls_datum_t * @var{ecpoint})
|
|
Packit |
aea12f |
@var{key}: The structure to store the parsed key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{parameters}: DER encoding of an ANSI X9.62 parameters
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{ecpoint}: DER encoding of ANSI X9.62 ECPoint
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will convert the given elliptic curve parameters to a
|
|
Packit |
aea12f |
@code{gnutls_pubkey_t} . The output will be stored in @code{key} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_import_gost_raw
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_import_gost_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_import_gost_raw} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, gnutls_digest_algorithm_t @var{digest}, gnutls_gost_paramset_t @var{paramset}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y})
|
|
Packit |
aea12f |
@var{key}: The structure to store the parsed key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{curve}: holds the curve
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{digest}: holds the digest
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{paramset}: holds the parameters id
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{x}: holds the x-coordinate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{y}: holds the y-coordinate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will convert the given GOST public key's parameters to a
|
|
Packit |
aea12f |
@code{gnutls_pubkey_t} . The output will be stored in @code{key} . @code{digest} should be
|
|
Packit |
aea12f |
one of GNUTLS_DIG_GOSR_94, GNUTLS_DIG_STREEBOG_256 or
|
|
Packit |
aea12f |
GNUTLS_DIG_STREEBOG_512. If @code{paramset} is set to GNUTLS_GOST_PARAMSET_UNKNOWN
|
|
Packit |
aea12f |
default one will be selected depending on @code{digest} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Note:} parameters should be stored with least significant byte first. On
|
|
Packit |
aea12f |
version 3.6.3 big-endian format was used incorrectly.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.6.3
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_import_openpgp
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_import_openpgp}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_import_openpgp} (gnutls_pubkey_t @var{key}, gnutls_openpgp_crt_t @var{crt}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{key}: The public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{crt}: The certificate to be imported
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: should be zero
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function is no-op.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_import_openpgp_raw
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_import_openpgp_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_import_openpgp_raw} (gnutls_pubkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_openpgp_crt_fmt_t @var{format}, const gnutls_openpgp_keyid_t @var{keyid}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pkey}: The public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{data}: The public key data to be imported
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{format}: The format of the public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{keyid}: The key id to use (optional)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: Should be zero
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function is no-op.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.1.3
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_import_pkcs11
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_import_pkcs11}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_import_pkcs11} (gnutls_pubkey_t @var{key}, gnutls_pkcs11_obj_t @var{obj}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{key}: The public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{obj}: The parameters to be imported
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: should be zero
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Imports a public key from a pkcs11 key. This function will import
|
|
Packit |
aea12f |
the given public key to the abstract @code{gnutls_pubkey_t} type.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_import_privkey
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_import_privkey}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_import_privkey} (gnutls_pubkey_t @var{key}, gnutls_privkey_t @var{pkey}, unsigned int @var{usage}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{key}: The public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{pkey}: The private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{usage}: GNUTLS_KEY_* key usage flags.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: should be zero
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Imports the public key from a private. This function will import
|
|
Packit |
aea12f |
the given public key to the abstract @code{gnutls_pubkey_t} type.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note that in certain keys this operation may not be possible, e.g.,
|
|
Packit |
aea12f |
in other than RSA PKCS@code{11} keys.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_import_rsa_raw
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_import_rsa_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_import_rsa_raw} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e})
|
|
Packit |
aea12f |
@var{key}: The key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{m}: holds the modulus
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{e}: holds the public exponent
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will replace the parameters in the given structure.
|
|
Packit |
aea12f |
The new parameters should be stored in the appropriate
|
|
Packit |
aea12f |
gnutls_datum.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an negative error code.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_import_tpm_raw
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_import_tpm_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_import_tpm_raw} (gnutls_pubkey_t @var{pkey}, const gnutls_datum_t * @var{fdata}, gnutls_tpmkey_fmt_t @var{format}, const char * @var{srk_password}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pkey}: The public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{fdata}: The TPM key to be imported
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{format}: The format of the private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{srk_password}: The password for the SRK key (optional)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: One of the GNUTLS_PUBKEY_* flags
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will import the public key from the provided TPM key
|
|
Packit |
aea12f |
structure.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
With respect to passwords the same as in
|
|
Packit |
aea12f |
@code{gnutls_pubkey_import_tpm_url()} apply.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.1.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_import_tpm_url
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_import_tpm_url}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_import_tpm_url} (gnutls_pubkey_t @var{pkey}, const char * @var{url}, const char * @var{srk_password}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pkey}: The public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{url}: The URL of the TPM key to be imported
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{srk_password}: The password for the SRK key (optional)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: should be zero
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will import the given private key to the abstract
|
|
Packit |
aea12f |
@code{gnutls_privkey_t} type.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note that unless @code{GNUTLS_PUBKEY_DISABLE_CALLBACKS}
|
|
Packit |
aea12f |
is specified, if incorrect (or NULL) passwords are given
|
|
Packit |
aea12f |
the PKCS11 callback functions will be used to obtain the
|
|
Packit |
aea12f |
correct passwords. Otherwise if the SRK password is wrong
|
|
Packit |
aea12f |
@code{GNUTLS_E_TPM_SRK_PASSWORD_ERROR} is returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.1.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_import_url
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_import_url}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_import_url} (gnutls_pubkey_t @var{key}, const char * @var{url}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{key}: A key of type @code{gnutls_pubkey_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{url}: A PKCS 11 url
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will import a public key from the provided URL.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.1.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_import_x509
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_import_x509}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_import_x509} (gnutls_pubkey_t @var{key}, gnutls_x509_crt_t @var{crt}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{key}: The public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{crt}: The certificate to be imported
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: should be zero
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will import the given public key to the abstract
|
|
Packit |
aea12f |
@code{gnutls_pubkey_t} type.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_import_x509_crq
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_import_x509_crq}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_import_x509_crq} (gnutls_pubkey_t @var{key}, gnutls_x509_crq_t @var{crq}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{key}: The public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{crq}: The certificate to be imported
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: should be zero
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will import the given public key to the abstract
|
|
Packit |
aea12f |
@code{gnutls_pubkey_t} type.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.1.5
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_import_x509_raw
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_import_x509_raw}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_import_x509_raw} (gnutls_pubkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pkey}: The public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{data}: The public key data to be imported
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{format}: The format of the public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: should be zero
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will import the given public key to the abstract
|
|
Packit |
aea12f |
@code{gnutls_pubkey_t} type.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.1.3
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_init
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_init}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_init} (gnutls_pubkey_t * @var{key})
|
|
Packit |
aea12f |
@var{key}: A pointer to the type to be initialized
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will initialize a public key.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_print
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_print}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_print} (gnutls_pubkey_t @var{pubkey}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out})
|
|
Packit |
aea12f |
@var{pubkey}: The data to be printed
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{format}: Indicate the format to use
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{out}: Newly allocated datum with null terminated string.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will pretty print public key information, suitable for
|
|
Packit |
aea12f |
display to a human.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Only @code{GNUTLS_CRT_PRINT_FULL} and @code{GNUTLS_CRT_PRINT_FULL_NUMBERS}
|
|
Packit |
aea12f |
are implemented.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The output @code{out} needs to be deallocated using @code{gnutls_free()} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.1.5
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_set_key_usage
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_set_key_usage}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_set_key_usage} (gnutls_pubkey_t @var{key}, unsigned int @var{usage})
|
|
Packit |
aea12f |
@var{key}: a certificate of type @code{gnutls_x509_crt_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{usage}: an ORed sequence of the GNUTLS_KEY_* elements.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will set the key usage flags of the public key. This
|
|
Packit |
aea12f |
is only useful if the key is to be exported to a certificate or
|
|
Packit |
aea12f |
certificate request.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_set_pin_function
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_set_pin_function}
|
|
Packit |
aea12f |
@deftypefun {void} {gnutls_pubkey_set_pin_function} (gnutls_pubkey_t @var{key}, gnutls_pin_callback_t @var{fn}, void * @var{userdata})
|
|
Packit |
aea12f |
@var{key}: A key of type @code{gnutls_pubkey_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{fn}: the callback
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{userdata}: data associated with the callback
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will set a callback function to be used when
|
|
Packit |
aea12f |
required to access the object. This function overrides any other
|
|
Packit |
aea12f |
global PIN functions.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note that this function must be called right after initialization
|
|
Packit |
aea12f |
to have effect.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.1.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_set_spki
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_set_spki}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_set_spki} (gnutls_pubkey_t @var{pubkey}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{pubkey}: a public key of type @code{gnutls_pubkey_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_pubkey_spki_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: must be zero
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will set the public key information.
|
|
Packit |
aea12f |
The provided @code{spki} must be initialized.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.6.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_verify_data2
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_verify_data2}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_verify_data2} (gnutls_pubkey_t @var{pubkey}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature})
|
|
Packit |
aea12f |
@var{pubkey}: Holds the public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{algo}: The signature algorithm used
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{data}: holds the signed data
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{signature}: contains the signature
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will verify the given signed data, using the
|
|
Packit |
aea12f |
parameters from the certificate.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED}
|
|
Packit |
aea12f |
is returned, and zero or positive code on success. For known to be insecure
|
|
Packit |
aea12f |
signatures this function will return @code{GNUTLS_E_INSUFFICIENT_SECURITY} unless
|
|
Packit |
aea12f |
the flag @code{GNUTLS_VERIFY_ALLOW_BROKEN} is specified.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_verify_hash2
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_verify_hash2}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_verify_hash2} (gnutls_pubkey_t @var{key}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash}, const gnutls_datum_t * @var{signature})
|
|
Packit |
aea12f |
@var{key}: Holds the public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{algo}: The signature algorithm used
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{hash}: holds the hash digest to be verified
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{signature}: contains the signature
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will verify the given signed digest, using the
|
|
Packit |
aea12f |
parameters from the public key. Note that unlike @code{gnutls_privkey_sign_hash()} ,
|
|
Packit |
aea12f |
this function accepts a signature algorithm instead of a digest algorithm.
|
|
Packit |
aea12f |
You can use @code{gnutls_pk_to_sign()} to get the appropriate value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED}
|
|
Packit |
aea12f |
is returned, and zero or positive code on success. For known to be insecure
|
|
Packit |
aea12f |
signatures this function will return @code{GNUTLS_E_INSUFFICIENT_SECURITY} unless
|
|
Packit |
aea12f |
the flag @code{GNUTLS_VERIFY_ALLOW_BROKEN} is specified.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_pubkey_verify_params
|
|
Packit |
aea12f |
@anchor{gnutls_pubkey_verify_params}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_pubkey_verify_params} (gnutls_pubkey_t @var{key})
|
|
Packit |
aea12f |
@var{key}: should contain a @code{gnutls_pubkey_t} type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will verify the public key parameters.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.3.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_register_custom_url
|
|
Packit |
aea12f |
@anchor{gnutls_register_custom_url}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_register_custom_url} (const gnutls_custom_url_st * @var{st})
|
|
Packit |
aea12f |
@var{st}: A @code{gnutls_custom_url_st} structure
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Register a custom URL. This will affect the following functions:
|
|
Packit |
aea12f |
@code{gnutls_url_is_supported()} , @code{gnutls_privkey_import_url()} ,
|
|
Packit |
aea12f |
gnutls_pubkey_import_url, @code{gnutls_x509_crt_import_url()}
|
|
Packit |
aea12f |
and all functions that depend on
|
|
Packit |
aea12f |
them, e.g., @code{gnutls_certificate_set_x509_key_file2()} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The provided structure and callback functions must be valid throughout
|
|
Packit |
aea12f |
the lifetime of the process. The registration of an existing URL type
|
|
Packit |
aea12f |
will fail with @code{GNUTLS_E_INVALID_REQUEST} . Since GnuTLS 3.5.0 this function
|
|
Packit |
aea12f |
can be used to override the builtin URLs.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function is not thread safe.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} returns zero if the given structure was imported or a negative value otherwise.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_system_key_add_x509
|
|
Packit |
aea12f |
@anchor{gnutls_system_key_add_x509}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_system_key_add_x509} (gnutls_x509_crt_t @var{crt}, gnutls_x509_privkey_t @var{privkey}, const char * @var{label}, char ** @var{cert_url}, char ** @var{key_url})
|
|
Packit |
aea12f |
@var{crt}: the certificate to be added
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{privkey}: the key to be added
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{label}: the friendly name to describe the key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{cert_url}: if non-NULL it will contain an allocated value with the certificate URL
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{key_url}: if non-NULL it will contain an allocated value with the key URL
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will added the given key and certificate pair,
|
|
Packit |
aea12f |
to the system list.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_system_key_delete
|
|
Packit |
aea12f |
@anchor{gnutls_system_key_delete}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_system_key_delete} (const char * @var{cert_url}, const char * @var{key_url})
|
|
Packit |
aea12f |
@var{cert_url}: the URL of the certificate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{key_url}: the URL of the key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will delete the key and certificate pair.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_system_key_iter_deinit
|
|
Packit |
aea12f |
@anchor{gnutls_system_key_iter_deinit}
|
|
Packit |
aea12f |
@deftypefun {void} {gnutls_system_key_iter_deinit} (gnutls_system_key_iter_t @var{iter})
|
|
Packit |
aea12f |
@var{iter}: an iterator of system keys
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will deinitialize the iterator.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_system_key_iter_get_info
|
|
Packit |
aea12f |
@anchor{gnutls_system_key_iter_get_info}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_system_key_iter_get_info} (gnutls_system_key_iter_t * @var{iter}, unsigned @var{cert_type}, char ** @var{cert_url}, char ** @var{key_url}, char ** @var{label}, gnutls_datum_t * @var{der}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{iter}: an iterator of the system keys (must be set to @code{NULL} initially)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{cert_type}: A value of gnutls_certificate_type_t which indicates the type of certificate to look for
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{cert_url}: The certificate URL of the pair (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{key_url}: The key URL of the pair (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{label}: The friendly name (if any) of the pair (may be @code{NULL} )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{der}: if non-NULL the DER data of the certificate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: should be zero
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return on each call a certificate
|
|
Packit |
aea12f |
and key pair URLs, as well as a label associated with them,
|
|
Packit |
aea12f |
and the DER-encoded certificate. When the iteration is complete it will
|
|
Packit |
aea12f |
return @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Typically @code{cert_type} should be @code{GNUTLS_CRT_X509} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
All values set are allocated and must be cleared using @code{gnutls_free()} ,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.4.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_x509_crl_privkey_sign
|
|
Packit |
aea12f |
@anchor{gnutls_x509_crl_privkey_sign}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_x509_crl_privkey_sign} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{crl}: should contain a gnutls_x509_crl_t type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{issuer}: is the certificate of the certificate issuer
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{issuer_key}: holds the issuer's private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{dig}: The message digest to use. GNUTLS_DIG_SHA256 is the safe choice unless you know what you're doing.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: must be 0
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will sign the CRL with the issuer's private key, and
|
|
Packit |
aea12f |
will copy the issuer's information into the CRL.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This must be the last step in a certificate CRL since all
|
|
Packit |
aea12f |
the previously set parameters are now signed.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
A known limitation of this function is, that a newly-signed CRL will not
|
|
Packit |
aea12f |
be fully functional (e.g., for signature verification), until it
|
|
Packit |
aea12f |
is exported an re-imported.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
After GnuTLS 3.6.1 the value of @code{dig} may be @code{GNUTLS_DIG_UNKNOWN} ,
|
|
Packit |
aea12f |
and in that case, a suitable but reasonable for the key algorithm will be selected.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Since 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_x509_crq_privkey_sign
|
|
Packit |
aea12f |
@anchor{gnutls_x509_crq_privkey_sign}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_x509_crq_privkey_sign} (gnutls_x509_crq_t @var{crq}, gnutls_privkey_t @var{key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{crq}: should contain a @code{gnutls_x509_crq_t} type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{key}: holds a private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{dig}: The message digest to use, i.e., @code{GNUTLS_DIG_SHA1}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: must be 0
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will sign the certificate request with a private key.
|
|
Packit |
aea12f |
This must be the same key as the one used in
|
|
Packit |
aea12f |
@code{gnutls_x509_crt_set_key()} since a certificate request is self
|
|
Packit |
aea12f |
signed.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This must be the last step in a certificate request generation
|
|
Packit |
aea12f |
since all the previously set parameters are now signed.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
A known limitation of this function is, that a newly-signed request will not
|
|
Packit |
aea12f |
be fully functional (e.g., for signature verification), until it
|
|
Packit |
aea12f |
is exported an re-imported.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
After GnuTLS 3.6.1 the value of @code{dig} may be @code{GNUTLS_DIG_UNKNOWN} ,
|
|
Packit |
aea12f |
and in that case, a suitable but reasonable for the key algorithm will be selected.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code.
|
|
Packit |
aea12f |
@code{GNUTLS_E_ASN1_VALUE_NOT_FOUND} is returned if you didn't set all
|
|
Packit |
aea12f |
information in the certificate request (e.g., the version using
|
|
Packit |
aea12f |
@code{gnutls_x509_crq_set_version()} ).
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_x509_crq_set_pubkey
|
|
Packit |
aea12f |
@anchor{gnutls_x509_crq_set_pubkey}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_x509_crq_set_pubkey} (gnutls_x509_crq_t @var{crq}, gnutls_pubkey_t @var{key})
|
|
Packit |
aea12f |
@var{crq}: should contain a @code{gnutls_x509_crq_t} type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{key}: holds a public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will set the public parameters from the given public
|
|
Packit |
aea12f |
key to the request. The @code{key} can be deallocated after that.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_x509_crt_privkey_sign
|
|
Packit |
aea12f |
@anchor{gnutls_x509_crt_privkey_sign}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_x509_crt_privkey_sign} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{crt}: a certificate of type @code{gnutls_x509_crt_t}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{issuer}: is the certificate of the certificate issuer
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{issuer_key}: holds the issuer's private key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{dig}: The message digest to use, @code{GNUTLS_DIG_SHA256} is a safe choice
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: must be 0
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will sign the certificate with the issuer's private key, and
|
|
Packit |
aea12f |
will copy the issuer's information into the certificate.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This must be the last step in a certificate generation since all
|
|
Packit |
aea12f |
the previously set parameters are now signed.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
A known limitation of this function is, that a newly-signed certificate will not
|
|
Packit |
aea12f |
be fully functional (e.g., for signature verification), until it
|
|
Packit |
aea12f |
is exported an re-imported.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
After GnuTLS 3.6.1 the value of @code{dig} may be @code{GNUTLS_DIG_UNKNOWN} ,
|
|
Packit |
aea12f |
and in that case, a suitable but reasonable for the key algorithm will be selected.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading gnutls_x509_crt_set_pubkey
|
|
Packit |
aea12f |
@anchor{gnutls_x509_crt_set_pubkey}
|
|
Packit |
aea12f |
@deftypefun {int} {gnutls_x509_crt_set_pubkey} (gnutls_x509_crt_t @var{crt}, gnutls_pubkey_t @var{key})
|
|
Packit |
aea12f |
@var{crt}: should contain a @code{gnutls_x509_crt_t} type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{key}: holds a public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will set the public parameters from the given public
|
|
Packit |
aea12f |
key to the certificate. The @code{key} can be deallocated after that.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 2.12.0
|
|
Packit |
aea12f |
@end deftypefun
|
|
Packit |
aea12f |
|