5.4 Abstract key types
Since there are many forms of a public or private keys supported by GnuTLS such as
X.509, OpenPGP, or PKCS #11 it is desirable to allow common operations
on them. For these reasons the abstract gnutls_privkey_t and gnutls_pubkey_t were
introduced in gnutls/abstract.h header. Those types are initialized using a specific type of key and then can be used to
perform operations in an abstract way. For example in order for someone to sign an X.509 certificate
with a key that resides in a smart he has to follow the steps below:
| | #inlude <gnutls/abstract.h>
#inlude <gnutls/pkcs11.h>
void sign_cert( gnutls_x509_crt_t to_be_signed)
{
gnutls_pkcs11_privkey_t ca_key;
gnutls_x509_crt_t ca_cert;
gnutls_privkey_t abs_key;
/* load the PKCS #11 key and certificates */
gnutls_pkcs11_privkey_init(&ca_key);
gnutls_pkcs11_privkey_import_url(ca_key, key_url);
gnutls_x509_crt_init(&ca_cert);
gnutls_x509_crt_import_pkcs11_url(&ca_cert, cert_url);
/* initialize the abstract key */
gnutls_privkey_init(&abs_key);
gnutls_privkey_import_pkcs11(abs_key, ca_key);
/* sign the certificate to be signed */
gnutls_x509_crt_privkey_sign(to_be_signed, ca_cert, ca_key,
GNUTLS_DIG_SHA1, 0);
}
|
