| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
5.1.2 Private keys
An abstract gnutls_privkey_t can be initialized
using the functions below. It can be imported through
an existing structure like gnutls_x509_privkey_t,
but unlike public keys it cannot be exported. That is
to allow abstraction over keys stored in hardware that
makes available only operations.
int gnutls_privkey_import_x509 (gnutls_privkey_t pkey, gnutls_x509_privkey_t key, unsigned int flags)int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey, gnutls_openpgp_privkey_t key, unsigned int flags)int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey, gnutls_pkcs11_privkey_t key, unsigned int flags)
Other helper functions that allow directly importing from raw X.509 or OpenPGP structures are shown below. Again, as with public keys, private keys can be imported from a hardware module using URLs.
int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey, const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format, const char * password, unsigned int flags)int gnutls_privkey_import_openpgp_raw (gnutls_privkey_t pkey, const gnutls_datum_t * data, gnutls_openpgp_crt_fmt_t format, const gnutls_openpgp_keyid_t keyid, const char * password)
- Function: int gnutls_privkey_import_url (gnutls_privkey_t key, const char * url, unsigned int flags)
key: A key of type
gnutls_privkey_turl: A PKCS 11 url
flags: should be zero
This function will import a PKCS11 or TPM URL as a private key. The supported URL types can be checked using
gnutls_url_is_supported().Returns: On success,
GNUTLS_E_SUCCESS(0) is returned, otherwise a negative error value.Since: 3.1.0
int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key, unsigned int * bits)gnutls_privkey_type_t gnutls_privkey_get_type (gnutls_privkey_t key)int gnutls_privkey_status (gnutls_privkey_t key)
In order to support cryptographic operations using an external API, the following function is provided. This allows for a simple extensibility API without resorting to PKCS #11.
- Function: int gnutls_privkey_import_ext2 (gnutls_privkey_t pkey, gnutls_pk_algorithm_t pk, void * userdata, gnutls_privkey_sign_func sign_func, gnutls_privkey_decrypt_func decrypt_func, gnutls_privkey_deinit_func deinit_func, unsigned int flags)
pkey: The private key
pk: The public key algorithm
userdata: private data to be provided to the callbacks
sign_func: callback for signature operations
decrypt_func: callback for decryption operations
deinit_func: a deinitialization function
flags: Flags for the import
This function will associate the given callbacks with the
gnutls_privkey_tstructure. At least one of the two callbacks must be non-null. If a deinitialization function is provided then flags is assumed to containGNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE.Note that the signing function is supposed to "raw" sign data, i.e., without any hashing or preprocessing. In case of RSA the DigestInfo will be provided, and the signing function is expected to do the PKCS
11.5 padding and the exponentiation.Returns: On success,
GNUTLS_E_SUCCESS(0) is returned, otherwise a negative error value.Since: 3.1
| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
This document was generated on May 31, 2014 using texi2html 5.0.