| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
5.1.3 Operations
The abstract key types can be used to access signing and signature verification operations with the underlying keys.
- Function: int gnutls_pubkey_verify_data2 (gnutls_pubkey_t pubkey, gnutls_sign_algorithm_t algo, unsigned int flags, const gnutls_datum_t * data, const gnutls_datum_t * signature)
pubkey: Holds the public key
algo: The signature algorithm used
flags: Zero or one of
gnutls_pubkey_flags_tdata: holds the signed data
signature: contains the signature
This function will verify the given signed data, using the parameters from the certificate.
Returns: In case of a verification failure
GNUTLS_E_PK_SIG_VERIFY_FAILEDis returned, and zero or positive code on success.Since: 3.0
- Function: int gnutls_pubkey_verify_hash2 (gnutls_pubkey_t key, gnutls_sign_algorithm_t algo, unsigned int flags, const gnutls_datum_t * hash, const gnutls_datum_t * signature)
key: Holds the public key
algo: The signature algorithm used
flags: Zero or one of
gnutls_pubkey_flags_thash: holds the hash digest to be verified
signature: contains the signature
This function will verify the given signed digest, using the parameters from the public key. Note that unlike
gnutls_privkey_sign_hash(), this function accepts a signature algorithm instead of a digest algorithm. You can usegnutls_pk_to_sign()to get the appropriate value.Returns: In case of a verification failure
GNUTLS_E_PK_SIG_VERIFY_FAILEDis returned, and zero or positive code on success.Since: 3.0
- Function: int gnutls_pubkey_encrypt_data (gnutls_pubkey_t key, unsigned int flags, const gnutls_datum_t * plaintext, gnutls_datum_t * ciphertext)
key: Holds the public key
flags: should be 0 for now
plaintext: The data to be encrypted
ciphertext: contains the encrypted data
This function will encrypt the given data, using the public key.
Returns: On success,
GNUTLS_E_SUCCESS(0) is returned, otherwise a negative error value.Since: 3.0
- Function: int gnutls_privkey_sign_data (gnutls_privkey_t signer, gnutls_digest_algorithm_t hash, unsigned int flags, const gnutls_datum_t * data, gnutls_datum_t * signature)
signer: Holds the key
hash: should be a digest algorithm
flags: Zero or one of
gnutls_privkey_flags_tdata: holds the data to be signed
signature: will contain the signature allocate with
gnutls_malloc()This function will sign the given data using a signature algorithm supported by the private key. Signature algorithms are always used together with a hash functions. Different hash functions may be used for the RSA algorithm, but only the SHA family for the DSA keys.
You may use
gnutls_pubkey_get_preferred_hash_algorithm()to determine the hash algorithm.Returns: On success,
GNUTLS_E_SUCCESS(0) is returned, otherwise a negative error value.Since: 2.12.0
- Function: int gnutls_privkey_sign_hash (gnutls_privkey_t signer, gnutls_digest_algorithm_t hash_algo, unsigned int flags, const gnutls_datum_t * hash_data, gnutls_datum_t * signature)
signer: Holds the signer’s key
hash_algo: The hash algorithm used
flags: Zero or one of
gnutls_privkey_flags_thash_data: holds the data to be signed
signature: will contain newly allocated signature
This function will sign the given hashed data using a signature algorithm supported by the private key. Signature algorithms are always used together with a hash functions. Different hash functions may be used for the RSA algorithm, but only SHA-XXX for the DSA keys.
You may use
gnutls_pubkey_get_preferred_hash_algorithm()to determine the hash algorithm.Note that if
GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSAflag is specified this function will ignorehash_algoand perform a raw PKCS1 signature.Returns: On success,
GNUTLS_E_SUCCESS(0) is returned, otherwise a negative error value.Since: 2.12.0
- Function: int gnutls_privkey_decrypt_data (gnutls_privkey_t key, unsigned int flags, const gnutls_datum_t * ciphertext, gnutls_datum_t * plaintext)
key: Holds the key
flags: zero for now
ciphertext: holds the data to be decrypted
plaintext: will contain the decrypted data, allocated with
gnutls_malloc()This function will decrypt the given data using the algorithm supported by the private key.
Returns: On success,
GNUTLS_E_SUCCESS(0) is returned, otherwise a negative error value.Since: 2.12.0
Signing existing structures, such as certificates, CRLs, or certificate requests, as well as associating public keys with structures is also possible using the key abstractions.
- Function: int gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key)
crq: should contain a
gnutls_x509_crq_tstructurekey: holds a public key
This function will set the public parameters from the given public key to the request.
Returns: On success,
GNUTLS_E_SUCCESS(0) is returned, otherwise a negative error value.Since: 2.12.0
- Function: int gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key)
crt: should contain a
gnutls_x509_crt_tstructurekey: holds a public key
This function will set the public parameters from the given public key to the request.
Returns: On success,
GNUTLS_E_SUCCESS(0) is returned, otherwise a negative error value.Since: 2.12.0
int gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, gnutls_privkey_t issuer_key, gnutls_digest_algorithm_t dig, unsigned int flags)int gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, gnutls_privkey_t issuer_key, gnutls_digest_algorithm_t dig, unsigned int flags)int gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, gnutls_privkey_t key, gnutls_digest_algorithm_t dig, unsigned int flags)
| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
This document was generated on May 31, 2014 using texi2html 5.0.