| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
5.3.3 Using keys
Importing keys
The TPM keys can be used directly by the abstract key types and do not require any special structures. Moreover functions like gnutls_certificate_set_x509_key_file2 can access TPM URLs.
int gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey, const gnutls_datum_t * fdata, gnutls_tpmkey_fmt_t format, const char * srk_password, const char * key_password, unsigned int flags)int gnutls_pubkey_import_tpm_raw (gnutls_pubkey_t pkey, const gnutls_datum_t * fdata, gnutls_tpmkey_fmt_t format, const char * srk_password, unsigned int flags)
- Function: int gnutls_privkey_import_tpm_url (gnutls_privkey_t pkey, const char * url, const char * srk_password, const char * key_password, unsigned int flags)
pkey: The private key
url: The URL of the TPM key to be imported
srk_password: The password for the SRK key (optional)
key_password: A password for the key (optional)
flags: One of the GNUTLS_PRIVKEY_* flags
This function will import the given private key to the abstract
gnutls_privkey_tstructure.Note that unless
GNUTLS_PRIVKEY_DISABLE_CALLBACKSis specified, if incorrect (or NULL) passwords are given the PKCS11 callback functions will be used to obtain the correct passwords. Otherwise if the SRK password is wrongGNUTLS_E_TPM_SRK_PASSWORD_ERRORis returned and if the key password is wrong or not provided thenGNUTLS_E_TPM_KEY_PASSWORD_ERRORis returned.Returns: On success,
GNUTLS_E_SUCCESS(0) is returned, otherwise a negative error value.Since: 3.1.0
- Function: int gnutls_pubkey_import_tpm_url (gnutls_pubkey_t pkey, const char * url, const char * srk_password, unsigned int flags)
pkey: The public key
url: The URL of the TPM key to be imported
srk_password: The password for the SRK key (optional)
flags: should be zero
This function will import the given private key to the abstract
gnutls_privkey_tstructure.Note that unless
GNUTLS_PUBKEY_DISABLE_CALLBACKSis specified, if incorrect (or NULL) passwords are given the PKCS11 callback functions will be used to obtain the correct passwords. Otherwise if the SRK password is wrongGNUTLS_E_TPM_SRK_PASSWORD_ERRORis returned.Returns: On success,
GNUTLS_E_SUCCESS(0) is returned, otherwise a negative error value.Since: 3.1.0
Listing and deleting keys
The registered keys (that are stored in the TPM) can be listed using one of the following functions. Those keys are unfortunately only identified by their UUID and have no label or other human friendly identifier. Keys can be deleted from permament storage using gnutls_tpm_privkey_delete.
int gnutls_tpm_get_registered (gnutls_tpm_key_list_t * list)void gnutls_tpm_key_list_deinit (gnutls_tpm_key_list_t list)int gnutls_tpm_key_list_get_url (gnutls_tpm_key_list_t list, unsigned int idx, char ** url, unsigned int flags)
- Function: int gnutls_tpm_privkey_delete (const char * url, const char * srk_password)
url: the URL describing the key
srk_password: a password for the SRK key
This function will unregister the private key from the TPM chip.
Returns: On success,
GNUTLS_E_SUCCESS(0) is returned, otherwise a negative error value.Since: 3.1.0
| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
This document was generated on May 31, 2014 using texi2html 5.0.