@deftypefun {int} {gnutls_x509_privkey_export_pkcs8} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}, void * @var{output_data}, size_t * @var{output_data_size})
@var{key}: Holds the key
@var{format}: the format of output params. One of PEM or DER.
@var{password}: the password that will be used to encrypt the key.
@var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t
@var{output_data}: will contain a private key PEM or DER encoded
@var{output_data_size}: holds the size of output_data (and will be
replaced by the actual size of parameters)
This function will export the private key to a PKCS8 structure.
Both RSA and DSA keys can be exported. For DSA keys we use
PKCS @code{11} definitions. If the flags do not specify the encryption
cipher, then the default 3DES (PBES2) will be used.
The @code{password} can be either ASCII or UTF-8 in the default PBES2
encryption schemas, or ASCII for the PKCS12 schemas.
If the buffer provided is not long enough to hold the output, then
*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
be returned.
If the structure is PEM encoded, it will have a header
of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if
encryption is not used.
@strong{Returns:} In case of failure a negative error code will be
returned, and 0 on success.
@end deftypefun