@c gnutls_privkey_flags_t
@table @code
@item GNUTLS_@-PRIVKEY_@-IMPORT_@-AUTO_@-RELEASE
When importing a private key, automatically
release it when the structure it was imported is released.
@item GNUTLS_@-PRIVKEY_@-IMPORT_@-COPY
Copy required values during import.
@item GNUTLS_@-PRIVKEY_@-DISABLE_@-CALLBACKS
The following flag disables call to PIN callbacks etc.
Only relevant to TPM keys.
@item GNUTLS_@-PRIVKEY_@-SIGN_@-FLAG_@-TLS1_@-RSA
Make an RSA signature on the hashed data as in the TLS protocol.
@item GNUTLS_@-PRIVKEY_@-FLAG_@-PROVABLE
When generating a key involving prime numbers, use provable primes; a seed may be required.
@item GNUTLS_@-PRIVKEY_@-FLAG_@-EXPORT_@-COMPAT
Keys generated or imported as provable require an extended format which cannot be read by previous versions
of gnutls or other applications. By setting this flag the key will be exported in a backwards compatible way,
even if the information about the seed used will be lost.
@item GNUTLS_@-PRIVKEY_@-SIGN_@-FLAG_@-RSA_@-PSS
Make an RSA signature on the hashed data with the PSS padding.
@item GNUTLS_@-PRIVKEY_@-FLAG_@-REPRODUCIBLE
Make a signature on the hashed data with reproducible parameters.
For RSA-PSS, that means to use empty salt instead of random value. To
verify a signature created using this flag, the corresponding SPKI needs
to be set on the public key. Use @code{gnutls_pubkey_set_spki()}  for that.
For ECDSA/DSA, it uses the deterministic construction of random parameter
according to RFC 6979. Note that this only supports the NIST curves and DSA
subgroup bits up to 512.
@item GNUTLS_@-PRIVKEY_@-FLAG_@-CA
The generated private key is going to be used as a CA (relevant for RSA-PSS keys).
@end table