|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_x509_privkey_generate2} (gnutls_x509_privkey_t @var{key}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}, const gnutls_keygen_data_st * @var{data}, unsigned @var{data_size})
|
|
Packit Service |
4684c1 |
@var{key}: a key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{algo}: is one of the algorithms in @code{gnutls_pk_algorithm_t} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{bits}: the size of the modulus
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: Must be zero or flags from @code{gnutls_privkey_flags_t} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{data}: Allow specifying @code{gnutls_keygen_data_st} types such as the seed to be used.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{data_size}: The number of @code{data} available.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will generate a random private key. Note that this
|
|
Packit Service |
4684c1 |
function must be called on an initialized private key.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The flag @code{GNUTLS_PRIVKEY_FLAG_PROVABLE}
|
|
Packit Service |
4684c1 |
instructs the key generation process to use algorithms like Shawe-Taylor
|
|
Packit Service |
4684c1 |
(from FIPS PUB186-4) which generate provable parameters out of a seed
|
|
Packit Service |
4684c1 |
for RSA and DSA keys. On DSA keys the PQG parameters are generated using the
|
|
Packit Service |
4684c1 |
seed, while on RSA the two primes. To specify an explicit seed
|
|
Packit Service |
4684c1 |
(by default a random seed is used), use the @code{data} with a @code{GNUTLS_KEYGEN_SEED}
|
|
Packit Service |
4684c1 |
type.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Note that when generating an elliptic curve key, the curve
|
|
Packit Service |
4684c1 |
can be substituted in the place of the bits parameter using the
|
|
Packit Service |
4684c1 |
@code{GNUTLS_CURVE_TO_BITS()} macro.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
To export the generated keys in memory or in files it is recommended to use the
|
|
Packit Service |
4684c1 |
PKCS@code{8} form as it can handle all key types, and can store additional parameters
|
|
Packit Service |
4684c1 |
such as the seed, in case of provable RSA or DSA keys.
|
|
Packit Service |
4684c1 |
Generated keys can be exported in memory using @code{gnutls_privkey_export_x509()} ,
|
|
Packit Service |
4684c1 |
and then with @code{gnutls_x509_privkey_export2_pkcs8()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
If key generation is part of your application, avoid setting the number
|
|
Packit Service |
4684c1 |
of bits directly, and instead use @code{gnutls_sec_param_to_pk_bits()} .
|
|
Packit Service |
4684c1 |
That way the generated keys will adapt to the security levels
|
|
Packit Service |
4684c1 |
of the underlying GnuTLS library.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
See also @code{gnutls_privkey_generate2()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|