manpagez: man pages & more
info gnutls
Home | html | info | man
[ << ] [ < ] [ Up ] [ > ] [ >> ]         [Top] [Contents] [Index] [ ? ]

4.1.2.2 Verifying an OpenPGP certificate

The verification functions of OpenPGP keys, included in GnuTLS, are simple ones, and do not use the features of the “web of trust”. For that reason, if the verification needs are complex, the assistance of external tools like GnuPG and GPGME(6) is recommended.

In GnuTLS there is a verification function for OpenPGP certificates, the gnutls_openpgp_crt_verify_ring. This checks an OpenPGP key against a given set of public keys (keyring) and returns the key status. The key verification status is the same as in X.509 certificates, although the meaning and interpretation are different. For example an OpenPGP key may be valid, if the self signature is ok, even if no signers were found. The meaning of verification status flags is the same as in the X.509 certificates (see Figure 4.3).

Function: int gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key, gnutls_openpgp_keyring_t keyring, unsigned int flags, unsigned int * verify)

key: the structure that holds the key.

keyring: holds the keyring to check against

flags: unused (should be 0)

verify: will hold the certificate verification output.

Verify all signatures in the key, using the given set of keys (keyring).

The key verification output will be put in verify and will be one or more of the gnutls_certificate_status_t enumerated elements bitwise or’d.

Note that this function does not verify using any "web of trust". You may use GnuPG for that purpose, or any other external PGP application.

Returns: GNUTLS_E_SUCCESS on success, or an error code.

Function: int gnutls_openpgp_crt_verify_self (gnutls_openpgp_crt_t key, unsigned int flags, unsigned int * verify)

key: the structure that holds the key.

flags: unused (should be 0)

verify: will hold the key verification output.

Verifies the self signature in the key. The key verification output will be put in verify and will be one or more of the gnutls_certificate_status_t enumerated elements bitwise or’d.

Returns: GNUTLS_E_SUCCESS on success, or an error code.

[ << ] [ < ] [ Up ] [ > ] [ >> ]         [Top] [Contents] [Index] [ ? ]

This document was generated on February 9, 2014 using texi2html 5.0. 

© manpagez.com 2000-2025
Individual documents may contain additional copyright information.