|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_add_provider
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_add_provider}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_add_provider} (const char * @var{name}, const char * @var{params})
|
|
Packit Service |
4684c1 |
@var{name}: The filename of the module
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{params}: should be NULL or a known string (see description)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will load and add a PKCS 11 module to the module
|
|
Packit Service |
4684c1 |
list used in gnutls. After this function is called the module will
|
|
Packit Service |
4684c1 |
be used for PKCS 11 operations.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
When loading a module to be used for certificate verification,
|
|
Packit Service |
4684c1 |
use the string 'trusted' as @code{params} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Note that this function is not thread safe.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_copy_attached_extension
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_copy_attached_extension}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_copy_attached_extension} (const char * @var{token_url}, gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{data}, const char * @var{label}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{token_url}: A PKCS @code{11} URL specifying a token
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{crt}: An X.509 certificate object
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{data}: the attached extension
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{label}: A name to be used for the attached extension (may be @code{NULL} )
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: One of GNUTLS_PKCS11_OBJ_FLAG_*
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will copy an the attached extension in @code{data} for
|
|
Packit Service |
4684c1 |
the certificate provided in @code{crt} in the PKCS @code{11} token specified
|
|
Packit Service |
4684c1 |
by the URL (typically a trust module). The extension must be in
|
|
Packit Service |
4684c1 |
RFC5280 Extension format.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.3.8
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_copy_pubkey
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_copy_pubkey}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_copy_pubkey} (const char * @var{token_url}, gnutls_pubkey_t @var{pubkey}, const char * @var{label}, const gnutls_datum_t * @var{cid}, unsigned int @var{key_usage}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{token_url}: A PKCS @code{11} URL specifying a token
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{pubkey}: The public key to copy
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{label}: The name to be used for the stored data
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{cid}: The CKA_ID to set for the object -if NULL, the ID will be derived from the public key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{key_usage}: One of GNUTLS_KEY_*
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: One of GNUTLS_PKCS11_OBJ_FLAG_*
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will copy a public key object into a PKCS @code{11} token specified by
|
|
Packit Service |
4684c1 |
a URL. Valid flags to mark the key: @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED} ,
|
|
Packit Service |
4684c1 |
@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE} , @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_CA} ,
|
|
Packit Service |
4684c1 |
@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.4.6
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_copy_secret_key
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_copy_secret_key}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_copy_secret_key} (const char * @var{token_url}, gnutls_datum_t * @var{key}, const char * @var{label}, unsigned int @var{key_usage}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{token_url}: A PKCS @code{11} URL specifying a token
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{key}: The raw key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{label}: A name to be used for the stored data
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{key_usage}: One of GNUTLS_KEY_*
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: One of GNUTLS_PKCS11_OBJ_FLAG_*
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will copy a raw secret (symmetric) key into a PKCS @code{11}
|
|
Packit Service |
4684c1 |
token specified by a URL. The key can be marked as sensitive or not.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_copy_x509_crt
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_copy_x509_crt}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_copy_x509_crt} (const char * @var{token_url}, gnutls_x509_crt_t @var{crt}, const char * @var{label}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{token_url}: A PKCS @code{11} URL specifying a token
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{crt}: A certificate
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{label}: A name to be used for the stored data
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: One of GNUTLS_PKCS11_OBJ_FLAG_*
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will copy a certificate into a PKCS @code{11} token specified by
|
|
Packit Service |
4684c1 |
a URL. The certificate can be marked as trusted or not.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_copy_x509_crt2
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_copy_x509_crt2}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_copy_x509_crt2} (const char * @var{token_url}, gnutls_x509_crt_t @var{crt}, const char * @var{label}, const gnutls_datum_t * @var{cid}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{token_url}: A PKCS @code{11} URL specifying a token
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{crt}: The certificate to copy
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{label}: The name to be used for the stored data
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{cid}: The CKA_ID to set for the object -if NULL, the ID will be derived from the public key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: One of GNUTLS_PKCS11_OBJ_FLAG_*
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will copy a certificate into a PKCS @code{11} token specified by
|
|
Packit Service |
4684c1 |
a URL. Valid flags to mark the certificate: @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED} ,
|
|
Packit Service |
4684c1 |
@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE} , @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_CA} ,
|
|
Packit Service |
4684c1 |
@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.4.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_copy_x509_privkey
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_copy_x509_privkey}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_copy_x509_privkey} (const char * @var{token_url}, gnutls_x509_privkey_t @var{key}, const char * @var{label}, unsigned int @var{key_usage}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{token_url}: A PKCS @code{11} URL specifying a token
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{key}: A private key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{label}: A name to be used for the stored data
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{key_usage}: One of GNUTLS_KEY_*
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will copy a private key into a PKCS @code{11} token specified by
|
|
Packit Service |
4684c1 |
a URL.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Since 3.6.3 the objects are marked as sensitive by default unless
|
|
Packit Service |
4684c1 |
@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE} is specified.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_copy_x509_privkey2
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_copy_x509_privkey2}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_copy_x509_privkey2} (const char * @var{token_url}, gnutls_x509_privkey_t @var{key}, const char * @var{label}, const gnutls_datum_t * @var{cid}, unsigned int @var{key_usage}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{token_url}: A PKCS @code{11} URL specifying a token
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{key}: A private key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{label}: A name to be used for the stored data
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{cid}: The CKA_ID to set for the object -if NULL, the ID will be derived from the public key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{key_usage}: One of GNUTLS_KEY_*
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will copy a private key into a PKCS @code{11} token specified by
|
|
Packit Service |
4684c1 |
a URL.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Since 3.6.3 the objects are marked as sensitive by default unless
|
|
Packit Service |
4684c1 |
@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE} is specified.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.4.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_crt_is_known
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_crt_is_known}
|
|
Packit Service |
4684c1 |
@deftypefun {unsigned} {gnutls_pkcs11_crt_is_known} (const char * @var{url}, gnutls_x509_crt_t @var{cert}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{url}: A PKCS 11 url identifying a token
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{cert}: is the certificate to find issuer for
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: Use zero or flags from @code{GNUTLS_PKCS11_OBJ_FLAG} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will check whether the provided certificate is stored
|
|
Packit Service |
4684c1 |
in the specified token. This is useful in combination with
|
|
Packit Service |
4684c1 |
@code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED} or
|
|
Packit Service |
4684c1 |
@code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED} ,
|
|
Packit Service |
4684c1 |
to check whether a CA is present or a certificate is blacklisted in
|
|
Packit Service |
4684c1 |
a trust PKCS @code{11} module.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function can be used with a @code{url} of "pkcs11:", and in that case all modules
|
|
Packit Service |
4684c1 |
will be searched. To restrict the modules to the marked as trusted in p11-kit
|
|
Packit Service |
4684c1 |
use the @code{GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE} flag.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Note that the flag @code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED} is
|
|
Packit Service |
4684c1 |
specific to p11-kit trust modules.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} If the certificate exists non-zero is returned, otherwise zero.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.3.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_deinit
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_deinit}
|
|
Packit Service |
4684c1 |
@deftypefun {void} {gnutls_pkcs11_deinit} ( @var{void})
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will deinitialize the PKCS 11 subsystem in gnutls.
|
|
Packit Service |
4684c1 |
This function is only needed if you need to deinitialize the
|
|
Packit Service |
4684c1 |
subsystem without calling @code{gnutls_global_deinit()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_delete_url
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_delete_url}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_delete_url} (const char * @var{object_url}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{object_url}: The URL of the object to delete.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will delete objects matching the given URL.
|
|
Packit Service |
4684c1 |
Note that not all tokens support the delete operation.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, the number of objects deleted is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_get_pin_function
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_get_pin_function}
|
|
Packit Service |
4684c1 |
@deftypefun {gnutls_pin_callback_t} {gnutls_pkcs11_get_pin_function} (void ** @var{userdata})
|
|
Packit Service |
4684c1 |
@var{userdata}: data to be supplied to callback
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return the callback function set using
|
|
Packit Service |
4684c1 |
@code{gnutls_pkcs11_set_pin_function()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} The function set or NULL otherwise.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.1.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_get_raw_issuer
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_get_raw_issuer}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_get_raw_issuer} (const char * @var{url}, gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{issuer}, gnutls_x509_crt_fmt_t @var{fmt}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{url}: A PKCS 11 url identifying a token
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{cert}: is the certificate to find issuer for
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{issuer}: Will hold the issuer if any in an allocated buffer.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{fmt}: The format of the exported issuer.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: Use zero or flags from @code{GNUTLS_PKCS11_OBJ_FLAG} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return the issuer of a given certificate, if it
|
|
Packit Service |
4684c1 |
is stored in the token. By default only marked as trusted issuers
|
|
Packit Service |
4684c1 |
are returned. If any issuer should be returned specify
|
|
Packit Service |
4684c1 |
@code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY} in @code{flags} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.2.7
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_get_raw_issuer_by_dn
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_get_raw_issuer_by_dn}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_get_raw_issuer_by_dn} (const char * @var{url}, const gnutls_datum_t * @var{dn}, gnutls_datum_t * @var{issuer}, gnutls_x509_crt_fmt_t @var{fmt}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{url}: A PKCS 11 url identifying a token
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{dn}: is the DN to search for
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{issuer}: Will hold the issuer if any in an allocated buffer.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{fmt}: The format of the exported issuer.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: Use zero or flags from @code{GNUTLS_PKCS11_OBJ_FLAG} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return the certificate with the given DN, if it
|
|
Packit Service |
4684c1 |
is stored in the token. By default only marked as trusted issuers
|
|
Packit Service |
4684c1 |
are returned. If any issuer should be returned specify
|
|
Packit Service |
4684c1 |
@code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY} in @code{flags} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The name of the function includes issuer because it can
|
|
Packit Service |
4684c1 |
be used to discover issuers of certificates.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.4.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_get_raw_issuer_by_subject_key_id
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_get_raw_issuer_by_subject_key_id}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_get_raw_issuer_by_subject_key_id} (const char * @var{url}, const gnutls_datum_t * @var{dn}, const gnutls_datum_t * @var{spki}, gnutls_datum_t * @var{issuer}, gnutls_x509_crt_fmt_t @var{fmt}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{url}: A PKCS 11 url identifying a token
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{dn}: is the DN to search for (may be @code{NULL} )
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{spki}: is the subject key ID to search for
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{issuer}: Will hold the issuer if any in an allocated buffer.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{fmt}: The format of the exported issuer.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: Use zero or flags from @code{GNUTLS_PKCS11_OBJ_FLAG} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return the certificate with the given DN and @code{spki} , if it
|
|
Packit Service |
4684c1 |
is stored in the token. By default only marked as trusted issuers
|
|
Packit Service |
4684c1 |
are returned. If any issuer should be returned specify
|
|
Packit Service |
4684c1 |
@code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY} in @code{flags} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The name of the function includes issuer because it can
|
|
Packit Service |
4684c1 |
be used to discover issuers of certificates.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.4.2
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_init
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_init}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_init} (unsigned int @var{flags}, const char * @var{deprecated_config_file})
|
|
Packit Service |
4684c1 |
@var{flags}: An ORed sequence of @code{GNUTLS_PKCS11_FLAG_} *
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{deprecated_config_file}: either NULL or the location of a deprecated
|
|
Packit Service |
4684c1 |
configuration file
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will initialize the PKCS 11 subsystem in gnutls. It will
|
|
Packit Service |
4684c1 |
read configuration files if @code{GNUTLS_PKCS11_FLAG_AUTO} is used or allow
|
|
Packit Service |
4684c1 |
you to independently load PKCS 11 modules using @code{gnutls_pkcs11_add_provider()}
|
|
Packit Service |
4684c1 |
if @code{GNUTLS_PKCS11_FLAG_MANUAL} is specified.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
You don't need to call this function since GnuTLS 3.3.0 because it is being called
|
|
Packit Service |
4684c1 |
during the first request PKCS 11 operation. That call will assume the @code{GNUTLS_PKCS11_FLAG_AUTO}
|
|
Packit Service |
4684c1 |
flag. If another flags are required then it must be called independently
|
|
Packit Service |
4684c1 |
prior to any PKCS 11 operation.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_obj_deinit
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_obj_deinit}
|
|
Packit Service |
4684c1 |
@deftypefun {void} {gnutls_pkcs11_obj_deinit} (gnutls_pkcs11_obj_t @var{obj})
|
|
Packit Service |
4684c1 |
@var{obj}: The type to be deinitialized
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will deinitialize a certificate structure.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_obj_export
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_obj_export}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_obj_export} (gnutls_pkcs11_obj_t @var{obj}, void * @var{output_data}, size_t * @var{output_data_size})
|
|
Packit Service |
4684c1 |
@var{obj}: Holds the object
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{output_data}: will contain the object data
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{output_data_size}: holds the size of output_data (and will be
|
|
Packit Service |
4684c1 |
replaced by the actual size of parameters)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will export the PKCS11 object data. It is normal for
|
|
Packit Service |
4684c1 |
data to be inaccessible and in that case @code{GNUTLS_E_INVALID_REQUEST}
|
|
Packit Service |
4684c1 |
will be returned.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
If the buffer provided is not long enough to hold the output, then
|
|
Packit Service |
4684c1 |
*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
|
|
Packit Service |
4684c1 |
be returned.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} In case of failure a negative error code will be
|
|
Packit Service |
4684c1 |
returned, and @code{GNUTLS_E_SUCCESS} (0) on success.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_obj_export2
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_obj_export2}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_obj_export2} (gnutls_pkcs11_obj_t @var{obj}, gnutls_datum_t * @var{out})
|
|
Packit Service |
4684c1 |
@var{obj}: Holds the object
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{out}: will contain the object data
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will export the PKCS11 object data. It is normal for
|
|
Packit Service |
4684c1 |
data to be inaccessible and in that case @code{GNUTLS_E_INVALID_REQUEST}
|
|
Packit Service |
4684c1 |
will be returned.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The output buffer is allocated using @code{gnutls_malloc()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} In case of failure a negative error code will be
|
|
Packit Service |
4684c1 |
returned, and @code{GNUTLS_E_SUCCESS} (0) on success.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.1.3
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_obj_export3
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_obj_export3}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_obj_export3} (gnutls_pkcs11_obj_t @var{obj}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{out})
|
|
Packit Service |
4684c1 |
@var{obj}: Holds the object
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{fmt}: The format of the exported data
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{out}: will contain the object data
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will export the PKCS11 object data. It is normal for
|
|
Packit Service |
4684c1 |
data to be inaccessible and in that case @code{GNUTLS_E_INVALID_REQUEST}
|
|
Packit Service |
4684c1 |
will be returned.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The output buffer is allocated using @code{gnutls_malloc()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} In case of failure a negative error code will be
|
|
Packit Service |
4684c1 |
returned, and @code{GNUTLS_E_SUCCESS} (0) on success.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.2.7
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_obj_export_url
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_obj_export_url}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_obj_export_url} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pkcs11_url_type_t @var{detailed}, char ** @var{url})
|
|
Packit Service |
4684c1 |
@var{obj}: Holds the PKCS 11 certificate
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{detailed}: non zero if a detailed URL is required
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{url}: will contain an allocated url
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will export a URL identifying the given object.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_obj_flags_get_str
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_obj_flags_get_str}
|
|
Packit Service |
4684c1 |
@deftypefun {char *} {gnutls_pkcs11_obj_flags_get_str} (unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{flags}: holds the flags
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function given an or-sequence of @code{GNUTLS_PKCS11_OBJ_FLAG_MARK} ,
|
|
Packit Service |
4684c1 |
will return an allocated string with its description. The string
|
|
Packit Service |
4684c1 |
needs to be deallocated using @code{gnutls_free()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} If flags is zero @code{NULL} is returned, otherwise an allocated string.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.3.7
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_obj_get_exts
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_obj_get_exts}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_obj_get_exts} (gnutls_pkcs11_obj_t @var{obj}, gnutls_x509_ext_st ** @var{exts}, unsigned int * @var{exts_size}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{obj}: should contain a @code{gnutls_pkcs11_obj_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{exts}: a pointer to a @code{gnutls_x509_ext_st} pointer
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{exts_size}: will be updated with the number of @code{exts}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: Or sequence of @code{GNUTLS_PKCS11_OBJ_} * flags
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return information about attached extensions
|
|
Packit Service |
4684c1 |
that associate to the provided object (which should be a certificate).
|
|
Packit Service |
4684c1 |
The extensions are the attached p11-kit trust module extensions.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Each element of @code{exts} must be deinitialized using @code{gnutls_x509_ext_deinit()}
|
|
Packit Service |
4684c1 |
while @code{exts} should be deallocated using @code{gnutls_free()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.3.8
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_obj_get_flags
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_obj_get_flags}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_obj_get_flags} (gnutls_pkcs11_obj_t @var{obj}, unsigned int * @var{oflags})
|
|
Packit Service |
4684c1 |
@var{obj}: The pkcs11 object
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{oflags}: Will hold the output flags
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return the flags of the object.
|
|
Packit Service |
4684c1 |
The @code{oflags} will be flags from @code{gnutls_pkcs11_obj_flags} . That is,
|
|
Packit Service |
4684c1 |
the @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_} * flags.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.3.7
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_obj_get_info
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_obj_get_info}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_obj_get_info} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pkcs11_obj_info_t @var{itype}, void * @var{output}, size_t * @var{output_size})
|
|
Packit Service |
4684c1 |
@var{obj}: should contain a @code{gnutls_pkcs11_obj_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{itype}: Denotes the type of information requested
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{output}: where output will be stored
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{output_size}: contains the maximum size of the output buffer and will be
|
|
Packit Service |
4684c1 |
overwritten with the actual size.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return information about the PKCS11 certificate
|
|
Packit Service |
4684c1 |
such as the label, id as well as token information where the key is
|
|
Packit Service |
4684c1 |
stored.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
When output is text, a null terminated string is written to @code{output} and its
|
|
Packit Service |
4684c1 |
string length is written to @code{output_size} (without null terminator). If the
|
|
Packit Service |
4684c1 |
buffer is too small, @code{output_size} will contain the expected buffer size
|
|
Packit Service |
4684c1 |
(with null terminator for text) and return @code{GNUTLS_E_SHORT_MEMORY_BUFFER} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
In versions previously to 3.6.0 this function included the null terminator
|
|
Packit Service |
4684c1 |
to @code{output_size} . After 3.6.0 the output size doesn't include the terminator character.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_obj_get_ptr
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_obj_get_ptr}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_obj_get_ptr} (gnutls_pkcs11_obj_t @var{obj}, void ** @var{ptr}, void ** @var{session}, void ** @var{ohandle}, unsigned long * @var{slot_id}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{obj}: should contain a @code{gnutls_pkcs11_obj_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{ptr}: will contain the CK_FUNCTION_LIST_PTR pointer (may be @code{NULL} )
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{session}: will contain the CK_SESSION_HANDLE of the object
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{ohandle}: will contain the CK_OBJECT_HANDLE of the object
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{slot_id}: the identifier of the slot (may be @code{NULL} )
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Obtains the PKCS@code{11} session handles of an object. @code{session} and @code{ohandle} must be deinitialized by the caller. The returned pointers are
|
|
Packit Service |
4684c1 |
independent of the @code{obj} lifetime.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code
|
|
Packit Service |
4684c1 |
on error.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.6.3
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_obj_get_type
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_obj_get_type}
|
|
Packit Service |
4684c1 |
@deftypefun {gnutls_pkcs11_obj_type_t} {gnutls_pkcs11_obj_get_type} (gnutls_pkcs11_obj_t @var{obj})
|
|
Packit Service |
4684c1 |
@var{obj}: Holds the PKCS 11 object
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return the type of the object being
|
|
Packit Service |
4684c1 |
stored in the structure.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} The type of the object
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_obj_import_url
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_obj_import_url}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_obj_import_url} (gnutls_pkcs11_obj_t @var{obj}, const char * @var{url}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{obj}: The structure to store the object
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{url}: a PKCS 11 url identifying the key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will "import" a PKCS 11 URL identifying an object (e.g. certificate)
|
|
Packit Service |
4684c1 |
to the @code{gnutls_pkcs11_obj_t} type. This does not involve any
|
|
Packit Service |
4684c1 |
parsing (such as X.509 or OpenPGP) since the @code{gnutls_pkcs11_obj_t} is
|
|
Packit Service |
4684c1 |
format agnostic. Only data are transferred.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
If the flag @code{GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT} is specified
|
|
Packit Service |
4684c1 |
any certificate read, will have its extensions overwritten by any
|
|
Packit Service |
4684c1 |
stapled extensions in the trust module.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_obj_init
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_obj_init}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_obj_init} (gnutls_pkcs11_obj_t * @var{obj})
|
|
Packit Service |
4684c1 |
@var{obj}: A pointer to the type to be initialized
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will initialize a pkcs11 certificate structure.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_obj_list_import_url3
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_obj_list_import_url3}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_obj_list_import_url3} (gnutls_pkcs11_obj_t * @var{p_list}, unsigned int * @var{n_list}, const char * @var{url}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{p_list}: An uninitialized object list (may be @code{NULL} )
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{n_list}: Initially should hold the maximum size of the list. Will contain the actual size.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{url}: A PKCS 11 url identifying a set of objects
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will initialize and set values to an object list
|
|
Packit Service |
4684c1 |
by using all objects identified by a PKCS 11 URL.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will enumerate all the objects specified by the PKCS@code{11} URL
|
|
Packit Service |
4684c1 |
provided. It expects an already allocated @code{p_list} which has * @code{n_list} elements,
|
|
Packit Service |
4684c1 |
and that value will be updated to the actual number of present objects. The
|
|
Packit Service |
4684c1 |
@code{p_list} objects will be initialized and set by this function.
|
|
Packit Service |
4684c1 |
To obtain a list of all available objects use a @code{url} of 'pkcs11:'.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
All returned objects must be deinitialized using @code{gnutls_pkcs11_obj_deinit()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The supported in this function @code{flags} are @code{GNUTLS_PKCS11_OBJ_FLAG_LOGIN} ,
|
|
Packit Service |
4684c1 |
@code{GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO} , @code{GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE} ,
|
|
Packit Service |
4684c1 |
@code{GNUTLS_PKCS11_OBJ_FLAG_CRT} , @code{GNUTLS_PKCS11_OBJ_FLAG_PUBKEY} , @code{GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY} ,
|
|
Packit Service |
4684c1 |
@code{GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY} , @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_CA} ,
|
|
Packit Service |
4684c1 |
@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED} , and since 3.5.1 the @code{GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
On versions of GnuTLS prior to 3.4.0 the equivalent function was
|
|
Packit Service |
4684c1 |
@code{gnutls_pkcs11_obj_list_import_url()} . That is also available on this version
|
|
Packit Service |
4684c1 |
as a macro which maps to this function.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.4.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_obj_list_import_url4
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_obj_list_import_url4}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_obj_list_import_url4} (gnutls_pkcs11_obj_t ** @var{p_list}, unsigned int * @var{n_list}, const char * @var{url}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{p_list}: An uninitialized object list (may be NULL)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{n_list}: It will contain the size of the list.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{url}: A PKCS 11 url identifying a set of objects
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will enumerate all the objects specified by the PKCS@code{11} URL
|
|
Packit Service |
4684c1 |
provided. It will initialize and set values to the object pointer list ( @code{p_list} )
|
|
Packit Service |
4684c1 |
provided. To obtain a list of all available objects use a @code{url} of 'pkcs11:'.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
All returned objects must be deinitialized using @code{gnutls_pkcs11_obj_deinit()} ,
|
|
Packit Service |
4684c1 |
and @code{p_list} must be deinitialized using @code{gnutls_free()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The supported in this function @code{flags} are @code{GNUTLS_PKCS11_OBJ_FLAG_LOGIN} ,
|
|
Packit Service |
4684c1 |
@code{GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO} , @code{GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE} ,
|
|
Packit Service |
4684c1 |
@code{GNUTLS_PKCS11_OBJ_FLAG_CRT} , @code{GNUTLS_PKCS11_OBJ_FLAG_PUBKEY} , @code{GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY} ,
|
|
Packit Service |
4684c1 |
@code{GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY} , @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_CA} ,
|
|
Packit Service |
4684c1 |
@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED} , and since 3.5.1 the @code{GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
On versions of GnuTLS prior to 3.4.0 the equivalent function was
|
|
Packit Service |
4684c1 |
@code{gnutls_pkcs11_obj_list_import_url2()} . That is also available on this version
|
|
Packit Service |
4684c1 |
as a macro which maps to this function.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.4.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_obj_set_info
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_obj_set_info}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_obj_set_info} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pkcs11_obj_info_t @var{itype}, const void * @var{data}, size_t @var{data_size}, unsigned @var{flags})
|
|
Packit Service |
4684c1 |
@var{obj}: should contain a @code{gnutls_pkcs11_obj_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{itype}: Denotes the type of information to be set
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{data}: the data to set
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{data_size}: the size of data
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will set attributes on the provided object.
|
|
Packit Service |
4684c1 |
Available options for @code{itype} are @code{GNUTLS_PKCS11_OBJ_LABEL} ,
|
|
Packit Service |
4684c1 |
@code{GNUTLS_PKCS11_OBJ_ID_HEX} , and @code{GNUTLS_PKCS11_OBJ_ID} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.4.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_obj_set_pin_function
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_obj_set_pin_function}
|
|
Packit Service |
4684c1 |
@deftypefun {void} {gnutls_pkcs11_obj_set_pin_function} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pin_callback_t @var{fn}, void * @var{userdata})
|
|
Packit Service |
4684c1 |
@var{obj}: The object structure
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{fn}: the callback
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{userdata}: data associated with the callback
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will set a callback function to be used when
|
|
Packit Service |
4684c1 |
required to access the object. This function overrides the global
|
|
Packit Service |
4684c1 |
set using @code{gnutls_pkcs11_set_pin_function()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.1.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_privkey_cpy
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_privkey_cpy}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_privkey_cpy} (gnutls_pkcs11_privkey_t @var{dst}, gnutls_pkcs11_privkey_t @var{src})
|
|
Packit Service |
4684c1 |
@var{dst}: The destination key, which should be initialized.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{src}: The source key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will copy a private key from source to destination
|
|
Packit Service |
4684c1 |
key. Destination has to be initialized.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.4.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_privkey_deinit
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_privkey_deinit}
|
|
Packit Service |
4684c1 |
@deftypefun {void} {gnutls_pkcs11_privkey_deinit} (gnutls_pkcs11_privkey_t @var{key})
|
|
Packit Service |
4684c1 |
@var{key}: the key to be deinitialized
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will deinitialize a private key structure.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_privkey_export_pubkey
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_privkey_export_pubkey}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_privkey_export_pubkey} (gnutls_pkcs11_privkey_t @var{pkey}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{data}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{pkey}: The private key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{fmt}: the format of output params. PEM or DER.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{data}: will hold the public key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: should be zero
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will extract the public key (modulus and public
|
|
Packit Service |
4684c1 |
exponent) from the private key specified by the @code{url} private key.
|
|
Packit Service |
4684c1 |
This public key will be stored in @code{pubkey} in the format specified
|
|
Packit Service |
4684c1 |
by @code{fmt} . @code{pubkey} should be deinitialized using @code{gnutls_free()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.3.7
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_privkey_export_url
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_privkey_export_url}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_privkey_export_url} (gnutls_pkcs11_privkey_t @var{key}, gnutls_pkcs11_url_type_t @var{detailed}, char ** @var{url})
|
|
Packit Service |
4684c1 |
@var{key}: Holds the PKCS 11 key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{detailed}: non zero if a detailed URL is required
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{url}: will contain an allocated url
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will export a URL identifying the given key.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_privkey_generate
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_privkey_generate}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_privkey_generate} (const char * @var{url}, gnutls_pk_algorithm_t @var{pk}, unsigned int @var{bits}, const char * @var{label}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{url}: a token URL
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{pk}: the public key algorithm
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{bits}: the security bits
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{label}: a label
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: should be zero
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will generate a private key in the specified
|
|
Packit Service |
4684c1 |
by the @code{url} token. The private key will be generate within
|
|
Packit Service |
4684c1 |
the token and will not be exportable.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_privkey_generate2
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_privkey_generate2}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_privkey_generate2} (const char * @var{url}, gnutls_pk_algorithm_t @var{pk}, unsigned int @var{bits}, const char * @var{label}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{pubkey}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{url}: a token URL
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{pk}: the public key algorithm
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{bits}: the security bits
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{label}: a label
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{fmt}: the format of output params. PEM or DER
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{pubkey}: will hold the public key (may be @code{NULL} )
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: zero or an OR'ed sequence of @code{GNUTLS_PKCS11_OBJ_FLAGs}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will generate a private key in the specified
|
|
Packit Service |
4684c1 |
by the @code{url} token. The private key will be generate within
|
|
Packit Service |
4684c1 |
the token and will not be exportable. This function will
|
|
Packit Service |
4684c1 |
store the DER-encoded public key in the SubjectPublicKeyInfo format
|
|
Packit Service |
4684c1 |
in @code{pubkey} . The @code{pubkey} should be deinitialized using @code{gnutls_free()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Note that when generating an elliptic curve key, the curve
|
|
Packit Service |
4684c1 |
can be substituted in the place of the bits parameter using the
|
|
Packit Service |
4684c1 |
@code{GNUTLS_CURVE_TO_BITS()} macro.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.1.5
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_privkey_generate3
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_privkey_generate3}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_privkey_generate3} (const char * @var{url}, gnutls_pk_algorithm_t @var{pk}, unsigned int @var{bits}, const char * @var{label}, const gnutls_datum_t * @var{cid}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{pubkey}, unsigned int @var{key_usage}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{url}: a token URL
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{pk}: the public key algorithm
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{bits}: the security bits
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{label}: a label
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{cid}: The CKA_ID to use for the new object
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{fmt}: the format of output params. PEM or DER
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{pubkey}: will hold the public key (may be @code{NULL} )
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{key_usage}: One of GNUTLS_KEY_*
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: zero or an OR'ed sequence of @code{GNUTLS_PKCS11_OBJ_FLAGs}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will generate a private key in the specified
|
|
Packit Service |
4684c1 |
by the @code{url} token. The private key will be generate within
|
|
Packit Service |
4684c1 |
the token and will not be exportable. This function will
|
|
Packit Service |
4684c1 |
store the DER-encoded public key in the SubjectPublicKeyInfo format
|
|
Packit Service |
4684c1 |
in @code{pubkey} . The @code{pubkey} should be deinitialized using @code{gnutls_free()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Note that when generating an elliptic curve key, the curve
|
|
Packit Service |
4684c1 |
can be substituted in the place of the bits parameter using the
|
|
Packit Service |
4684c1 |
@code{GNUTLS_CURVE_TO_BITS()} macro.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Since 3.6.3 the objects are marked as sensitive by default unless
|
|
Packit Service |
4684c1 |
@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE} is specified.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.4.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_privkey_get_info
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_privkey_get_info}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_privkey_get_info} (gnutls_pkcs11_privkey_t @var{pkey}, gnutls_pkcs11_obj_info_t @var{itype}, void * @var{output}, size_t * @var{output_size})
|
|
Packit Service |
4684c1 |
@var{pkey}: should contain a @code{gnutls_pkcs11_privkey_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{itype}: Denotes the type of information requested
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{output}: where output will be stored
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{output_size}: contains the maximum size of the output and will be overwritten with actual
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return information about the PKCS 11 private key such
|
|
Packit Service |
4684c1 |
as the label, id as well as token information where the key is stored. When
|
|
Packit Service |
4684c1 |
output is text it returns null terminated string although @code{output_size} contains
|
|
Packit Service |
4684c1 |
the size of the actual data only.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_privkey_get_pk_algorithm
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_privkey_get_pk_algorithm}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_privkey_get_pk_algorithm} (gnutls_pkcs11_privkey_t @var{key}, unsigned int * @var{bits})
|
|
Packit Service |
4684c1 |
@var{key}: should contain a @code{gnutls_pkcs11_privkey_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{bits}: if bits is non null it will hold the size of the parameters' in bits
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return the public key algorithm of a private
|
|
Packit Service |
4684c1 |
key.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on
|
|
Packit Service |
4684c1 |
success, or a negative error code on error.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_privkey_import_url
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_privkey_import_url}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_privkey_import_url} (gnutls_pkcs11_privkey_t @var{pkey}, const char * @var{url}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{pkey}: The private key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{url}: a PKCS 11 url identifying the key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will "import" a PKCS 11 URL identifying a private
|
|
Packit Service |
4684c1 |
key to the @code{gnutls_pkcs11_privkey_t} type. In reality since
|
|
Packit Service |
4684c1 |
in most cases keys cannot be exported, the private key structure
|
|
Packit Service |
4684c1 |
is being associated with the available operations on the token.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_privkey_init
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_privkey_init}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_privkey_init} (gnutls_pkcs11_privkey_t * @var{key})
|
|
Packit Service |
4684c1 |
@var{key}: A pointer to the type to be initialized
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will initialize an private key structure. This
|
|
Packit Service |
4684c1 |
structure can be used for accessing an underlying PKCS@code{11} object.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
In versions of GnuTLS later than 3.5.11 the object is protected
|
|
Packit Service |
4684c1 |
using locks and a single @code{gnutls_pkcs11_privkey_t} can be re-used
|
|
Packit Service |
4684c1 |
by many threads. However, for performance it is recommended to utilize
|
|
Packit Service |
4684c1 |
one object per key per thread.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_privkey_set_pin_function
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_privkey_set_pin_function}
|
|
Packit Service |
4684c1 |
@deftypefun {void} {gnutls_pkcs11_privkey_set_pin_function} (gnutls_pkcs11_privkey_t @var{key}, gnutls_pin_callback_t @var{fn}, void * @var{userdata})
|
|
Packit Service |
4684c1 |
@var{key}: The private key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{fn}: the callback
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{userdata}: data associated with the callback
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will set a callback function to be used when
|
|
Packit Service |
4684c1 |
required to access the object. This function overrides the global
|
|
Packit Service |
4684c1 |
set using @code{gnutls_pkcs11_set_pin_function()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.1.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_privkey_status
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_privkey_status}
|
|
Packit Service |
4684c1 |
@deftypefun {unsigned} {gnutls_pkcs11_privkey_status} (gnutls_pkcs11_privkey_t @var{key})
|
|
Packit Service |
4684c1 |
@var{key}: Holds the key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Checks the status of the private key token.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} this function will return non-zero if the token
|
|
Packit Service |
4684c1 |
holding the private key is still available (inserted), and zero otherwise.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.1.9
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_reinit
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_reinit}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_reinit} ( @var{void})
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will reinitialize the PKCS 11 subsystem in gnutls.
|
|
Packit Service |
4684c1 |
This is required by PKCS 11 when an application uses @code{fork()} . The
|
|
Packit Service |
4684c1 |
reinitialization function must be called on the child.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Note that since GnuTLS 3.3.0, the reinitialization of the PKCS @code{11}
|
|
Packit Service |
4684c1 |
subsystem occurs automatically after fork.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_set_pin_function
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_set_pin_function}
|
|
Packit Service |
4684c1 |
@deftypefun {void} {gnutls_pkcs11_set_pin_function} (gnutls_pin_callback_t @var{fn}, void * @var{userdata})
|
|
Packit Service |
4684c1 |
@var{fn}: The PIN callback, a @code{gnutls_pin_callback_t()} function.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{userdata}: data to be supplied to callback
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will set a callback function to be used when a PIN is
|
|
Packit Service |
4684c1 |
required for PKCS 11 operations. See
|
|
Packit Service |
4684c1 |
@code{gnutls_pin_callback_t()} on how the callback should behave.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_set_token_function
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_set_token_function}
|
|
Packit Service |
4684c1 |
@deftypefun {void} {gnutls_pkcs11_set_token_function} (gnutls_pkcs11_token_callback_t @var{fn}, void * @var{userdata})
|
|
Packit Service |
4684c1 |
@var{fn}: The token callback
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{userdata}: data to be supplied to callback
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will set a callback function to be used when a token
|
|
Packit Service |
4684c1 |
needs to be inserted to continue PKCS 11 operations.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_token_check_mechanism
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_token_check_mechanism}
|
|
Packit Service |
4684c1 |
@deftypefun {unsigned} {gnutls_pkcs11_token_check_mechanism} (const char * @var{url}, unsigned long @var{mechanism}, void * @var{ptr}, unsigned @var{psize}, unsigned @var{flags})
|
|
Packit Service |
4684c1 |
@var{url}: should contain a PKCS 11 URL
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{mechanism}: The PKCS @code{11} mechanism ID
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{ptr}: if set it should point to a CK_MECHANISM_INFO struct
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{psize}: the size of CK_MECHANISM_INFO struct (for safety)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: must be zero
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return whether a mechanism is supported
|
|
Packit Service |
4684c1 |
by the given token. If the mechanism is supported and
|
|
Packit Service |
4684c1 |
@code{ptr} is set, it will be updated with the token information.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} Non-zero if the mechanism is supported or zero otherwise.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.6.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_token_get_flags
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_token_get_flags}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_token_get_flags} (const char * @var{url}, unsigned int * @var{flags})
|
|
Packit Service |
4684c1 |
@var{url}: should contain a PKCS 11 URL
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: The output flags (GNUTLS_PKCS11_TOKEN_*)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return information about the PKCS 11 token flags.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The supported flags are: @code{GNUTLS_PKCS11_TOKEN_HW} and @code{GNUTLS_PKCS11_TOKEN_TRUSTED} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_token_get_info
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_token_get_info}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_token_get_info} (const char * @var{url}, gnutls_pkcs11_token_info_t @var{ttype}, void * @var{output}, size_t * @var{output_size})
|
|
Packit Service |
4684c1 |
@var{url}: should contain a PKCS 11 URL
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{ttype}: Denotes the type of information requested
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{output}: where output will be stored
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{output_size}: contains the maximum size of the output buffer and will be
|
|
Packit Service |
4684c1 |
overwritten with the actual size.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return information about the PKCS 11 token such
|
|
Packit Service |
4684c1 |
as the label, id, etc.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
When output is text, a null terminated string is written to @code{output} and its
|
|
Packit Service |
4684c1 |
string length is written to @code{output_size} (without null terminator). If the
|
|
Packit Service |
4684c1 |
buffer is too small, @code{output_size} will contain the expected buffer size
|
|
Packit Service |
4684c1 |
(with null terminator for text) and return @code{GNUTLS_E_SHORT_MEMORY_BUFFER} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code
|
|
Packit Service |
4684c1 |
on error.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_token_get_mechanism
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_token_get_mechanism}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_token_get_mechanism} (const char * @var{url}, unsigned int @var{idx}, unsigned long * @var{mechanism})
|
|
Packit Service |
4684c1 |
@var{url}: should contain a PKCS 11 URL
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{idx}: The index of the mechanism
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{mechanism}: The PKCS @code{11} mechanism ID
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return the names of the supported mechanisms
|
|
Packit Service |
4684c1 |
by the token. It should be called with an increasing index until
|
|
Packit Service |
4684c1 |
it return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_token_get_ptr
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_token_get_ptr}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_token_get_ptr} (const char * @var{url}, void ** @var{ptr}, unsigned long * @var{slot_id}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{url}: should contain a PKCS@code{11} URL identifying a token
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{ptr}: will contain the CK_FUNCTION_LIST_PTR pointer
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{slot_id}: will contain the slot_id (may be @code{NULL} )
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: should be zero
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return the function pointer of the specified
|
|
Packit Service |
4684c1 |
token by the URL. The returned pointers are valid until
|
|
Packit Service |
4684c1 |
gnutls is deinitialized, c.f. @code{_global_deinit()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code
|
|
Packit Service |
4684c1 |
on error.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.6.3
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_token_get_random
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_token_get_random}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_token_get_random} (const char * @var{token_url}, void * @var{rnddata}, size_t @var{len})
|
|
Packit Service |
4684c1 |
@var{token_url}: A PKCS @code{11} URL specifying a token
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{rnddata}: A pointer to the memory area to be filled with random data
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{len}: The number of bytes of randomness to request
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will get random data from the given token.
|
|
Packit Service |
4684c1 |
It will store rnddata and fill the memory pointed to by rnddata with
|
|
Packit Service |
4684c1 |
len random bytes from the token.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_token_get_url
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_token_get_url}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_token_get_url} (unsigned int @var{seq}, gnutls_pkcs11_url_type_t @var{detailed}, char ** @var{url})
|
|
Packit Service |
4684c1 |
@var{seq}: sequence number starting from 0
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{detailed}: non zero if a detailed URL is required
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{url}: will contain an allocated url
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return the URL for each token available
|
|
Packit Service |
4684c1 |
in system. The url has to be released using @code{gnutls_free()}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned,
|
|
Packit Service |
4684c1 |
@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} if the sequence number
|
|
Packit Service |
4684c1 |
exceeds the available tokens, otherwise a negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_token_init
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_token_init}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_token_init} (const char * @var{token_url}, const char * @var{so_pin}, const char * @var{label})
|
|
Packit Service |
4684c1 |
@var{token_url}: A PKCS @code{11} URL specifying a token
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{so_pin}: Security Officer's PIN
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{label}: A name to be used for the token
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will initialize (format) a token. If the token is
|
|
Packit Service |
4684c1 |
at a factory defaults state the security officer's PIN given will be
|
|
Packit Service |
4684c1 |
set to be the default. Otherwise it should match the officer's PIN.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_token_set_pin
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_token_set_pin}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_pkcs11_token_set_pin} (const char * @var{token_url}, const char * @var{oldpin}, const char * @var{newpin}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{token_url}: A PKCS @code{11} URL specifying a token
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{oldpin}: old user's PIN
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{newpin}: new user's PIN
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: one of @code{gnutls_pin_flag_t} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will modify or set a user or administrator's PIN for
|
|
Packit Service |
4684c1 |
the given token. If it is called to set a PIN for first time
|
|
Packit Service |
4684c1 |
the oldpin must be @code{NULL} . When setting the admin's PIN with the
|
|
Packit Service |
4684c1 |
@code{GNUTLS_PIN_SO} flag, the @code{oldpin} value must be provided (this requirement
|
|
Packit Service |
4684c1 |
is relaxed after GnuTLS 3.6.5 since which the PIN will be requested if missing).
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_pkcs11_type_get_name
|
|
Packit Service |
4684c1 |
@anchor{gnutls_pkcs11_type_get_name}
|
|
Packit Service |
4684c1 |
@deftypefun {const char *} {gnutls_pkcs11_type_get_name} (gnutls_pkcs11_obj_type_t @var{type})
|
|
Packit Service |
4684c1 |
@var{type}: Holds the PKCS 11 object type, a @code{gnutls_pkcs11_obj_type_t} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return a human readable description of the
|
|
Packit Service |
4684c1 |
PKCS11 object type @code{obj} . It will return "Unknown" for unknown
|
|
Packit Service |
4684c1 |
types.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} human readable string labeling the PKCS11 object type
|
|
Packit Service |
4684c1 |
@code{type} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_x509_crt_import_pkcs11
|
|
Packit Service |
4684c1 |
@anchor{gnutls_x509_crt_import_pkcs11}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_x509_crt_import_pkcs11} (gnutls_x509_crt_t @var{crt}, gnutls_pkcs11_obj_t @var{pkcs11_crt})
|
|
Packit Service |
4684c1 |
@var{crt}: A certificate of type @code{gnutls_x509_crt_t}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{pkcs11_crt}: A PKCS 11 object that contains a certificate
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will import a PKCS 11 certificate to a @code{gnutls_x509_crt_t}
|
|
Packit Service |
4684c1 |
structure.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading gnutls_x509_crt_list_import_pkcs11
|
|
Packit Service |
4684c1 |
@anchor{gnutls_x509_crt_list_import_pkcs11}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_x509_crt_list_import_pkcs11} (gnutls_x509_crt_t * @var{certs}, unsigned int @var{cert_max}, gnutls_pkcs11_obj_t * const @var{objs}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{certs}: A list of certificates of type @code{gnutls_x509_crt_t}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{cert_max}: The maximum size of the list
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{objs}: A list of PKCS 11 objects
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: 0 for now
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will import a PKCS 11 certificate list to a list of
|
|
Packit Service |
4684c1 |
@code{gnutls_x509_crt_t} type. These must not be initialized.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 2.12.0
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|