|
Packit |
aea12f |
.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
|
|
Packit Service |
991b93 |
.TH "gnutls_certificate_set_rawpk_key_file" 3 "3.6.14" "gnutls" "gnutls"
|
|
Packit |
aea12f |
.SH NAME
|
|
Packit |
aea12f |
gnutls_certificate_set_rawpk_key_file \- API function
|
|
Packit |
aea12f |
.SH SYNOPSIS
|
|
Packit |
aea12f |
.B #include <gnutls/gnutls.h>
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.BI "int gnutls_certificate_set_rawpk_key_file(gnutls_certificate_credentials_t " cred ", const char* " rawpkfile ", const char* " privkeyfile ", gnutls_x509_crt_fmt_t " format ", const char * " pass ", unsigned int " key_usage ", const char ** " names ", unsigned int " names_length ", unsigned int " privkey_flags ", unsigned int " pkcs11_flags ");"
|
|
Packit |
aea12f |
.SH ARGUMENTS
|
|
Packit |
aea12f |
.IP "gnutls_certificate_credentials_t cred" 12
|
|
Packit |
aea12f |
is a \fBgnutls_certificate_credentials_t\fP type.
|
|
Packit |
aea12f |
.IP "const char* rawpkfile" 12
|
|
Packit |
aea12f |
contains a raw public key in
|
|
Packit |
aea12f |
PKIX.SubjectPublicKeyInfo format.
|
|
Packit |
aea12f |
.IP "const char* privkeyfile" 12
|
|
Packit |
aea12f |
contains a file path to a private key.
|
|
Packit |
aea12f |
.IP "gnutls_x509_crt_fmt_t format" 12
|
|
Packit |
aea12f |
encoding of the keys. DER or PEM.
|
|
Packit |
aea12f |
.IP "const char * pass" 12
|
|
Packit |
aea12f |
an optional password to unlock the private key privkeyfile.
|
|
Packit |
aea12f |
.IP "unsigned int key_usage" 12
|
|
Packit |
aea12f |
an ORed sequence of \fBGNUTLS_KEY_\fP* flags.
|
|
Packit |
aea12f |
.IP "const char ** names" 12
|
|
Packit |
aea12f |
is an array of DNS names belonging to the public\-key (NULL if none).
|
|
Packit |
aea12f |
.IP "unsigned int names_length" 12
|
|
Packit |
aea12f |
holds the length of the names list.
|
|
Packit |
aea12f |
.IP "unsigned int privkey_flags" 12
|
|
Packit |
aea12f |
an ORed sequence of \fBgnutls_pkcs_encrypt_flags_t\fP.
|
|
Packit |
aea12f |
These apply to the private key pkey.
|
|
Packit |
aea12f |
.IP "unsigned int pkcs11_flags" 12
|
|
Packit |
aea12f |
one of gnutls_pkcs11_obj_flags. These apply to URLs.
|
|
Packit |
aea12f |
.SH "DESCRIPTION"
|
|
Packit |
aea12f |
This function sets a public/private keypair read from file in the
|
|
Packit |
aea12f |
\fBgnutls_certificate_credentials_t\fP type to be used for authentication
|
|
Packit |
aea12f |
and/or encryption. \fIspki\fP and \fIprivkey\fP should match otherwise set
|
|
Packit |
aea12f |
signatures cannot be validated. In case of no match this function
|
|
Packit |
aea12f |
returns \fBGNUTLS_E_CERTIFICATE_KEY_MISMATCH\fP. This function should
|
|
Packit |
aea12f |
be called once for the client because there is currently no mechanism
|
|
Packit |
aea12f |
to determine which raw public\-key to select for the peer when there
|
|
Packit |
aea12f |
are multiple present. Multiple raw public keys for the server can be
|
|
Packit |
aea12f |
distinghuished by setting the \fInames\fP .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note here that \fIspki\fP is a raw public\-key as defined
|
|
Packit |
aea12f |
in RFC7250. It means that there is no surrounding certificate that
|
|
Packit |
aea12f |
holds the public key and that there is therefore no direct mechanism
|
|
Packit |
aea12f |
to prove the authenticity of this key. The keypair can be used during
|
|
Packit |
aea12f |
a TLS handshake but its authenticity should be established via a
|
|
Packit |
aea12f |
different mechanism (e.g. TOFU or known fingerprint).
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The supported formats are basic unencrypted key, PKCS8, PKCS12,
|
|
Packit |
aea12f |
and the openssl format and will be autodetected.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If the raw public\-key and the private key are given in PEM encoding
|
|
Packit |
aea12f |
then the strings that hold their values must be null terminated.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Key usage (as defined by X.509 extension (2.5.29.15)) can be explicitly
|
|
Packit |
aea12f |
set because there is no certificate structure around the key to define
|
|
Packit |
aea12f |
this value. See for more info \fBgnutls_x509_crt_get_key_usage()\fP.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note that, this function by default returns zero on success and a
|
|
Packit |
aea12f |
negative value on error. Since 3.5.6, when the flag \fBGNUTLS_CERTIFICATE_API_V2\fP
|
|
Packit |
aea12f |
is set using \fBgnutls_certificate_set_flags()\fP it returns an index
|
|
Packit |
aea12f |
(greater or equal to zero). That index can be used in other functions
|
|
Packit |
aea12f |
to refer to the added key\-pair.
|
|
Packit |
aea12f |
.SH "RETURNS"
|
|
Packit |
aea12f |
On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, in case the
|
|
Packit |
aea12f |
key pair does not match \fBGNUTLS_E_CERTIFICATE_KEY_MISMATCH\fP is returned,
|
|
Packit |
aea12f |
in other erroneous cases a different negative error code is returned.
|
|
Packit |
aea12f |
.SH "SINCE"
|
|
Packit |
aea12f |
3.6.6
|
|
Packit |
aea12f |
.SH "REPORTING BUGS"
|
|
Packit |
aea12f |
Report bugs to <bugs@gnutls.org>.
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
Home page: https://www.gnutls.org
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.SH COPYRIGHT
|
|
Packit Service |
991b93 |
Copyright \(co 2001- Free Software Foundation, Inc., and others.
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
Copying and distribution of this file, with or without modification,
|
|
Packit |
aea12f |
are permitted in any medium without royalty provided the copyright
|
|
Packit |
aea12f |
notice and this notice are preserved.
|
|
Packit |
aea12f |
.SH "SEE ALSO"
|
|
Packit |
aea12f |
The full documentation for
|
|
Packit |
aea12f |
.B gnutls
|
|
Packit |
aea12f |
is maintained as a Texinfo manual.
|
|
Packit |
aea12f |
If the /usr/share/doc/gnutls/
|
|
Packit |
aea12f |
directory does not contain the HTML form visit
|
|
Packit |
aea12f |
.B
|
|
Packit |
aea12f |
.IP https://www.gnutls.org/manual/
|
|
Packit |
aea12f |
.PP
|