Next: Operations, Previous: Abstract public keys, Up: Abstract key types [Contents][Index]
An abstract gnutls_privkey_t
can be initialized
using the functions below. It can be imported through
an existing structure like gnutls_x509_privkey_t
,
but unlike public keys it cannot be exported. That is
to allow abstraction over keys stored in hardware that
makes available only operations.
int gnutls_privkey_import_x509 (gnutls_privkey_t pkey, gnutls_x509_privkey_t key, unsigned int flags)
int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey, gnutls_openpgp_privkey_t key, unsigned int flags)
int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey, gnutls_pkcs11_privkey_t key, unsigned int flags)
Other helper functions that allow directly importing from raw X.509 or OpenPGP structures are shown below. Again, as with public keys, private keys can be imported from a hardware module using URLs.
int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey, const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format, const char * password, unsigned int flags)
int gnutls_privkey_import_openpgp_raw (gnutls_privkey_t pkey, const gnutls_datum_t * data, gnutls_openpgp_crt_fmt_t format, const gnutls_openpgp_keyid_t keyid, const char * password)
key: A key of type gnutls_privkey_t
url: A PKCS 11 url
flags: should be zero
This function will import a PKCS11 or TPM URL as a
private key. The supported URL types can be checked
using gnutls_url_is_supported()
.
Returns: On success, GNUTLS_E_SUCCESS
(0) is returned, otherwise a
negative error value.
Since: 3.1.0
int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key, unsigned int * bits)
gnutls_privkey_type_t gnutls_privkey_get_type (gnutls_privkey_t key)
int gnutls_privkey_status (gnutls_privkey_t key)
In order to support cryptographic operations using an external API, the following function is provided. This allows for a simple extensibility API without resorting to PKCS #11.
pkey: The private key
pk: The public key algorithm
userdata: private data to be provided to the callbacks
sign_func: callback for signature operations
decrypt_func: callback for decryption operations
deinit_func: a deinitialization function
flags: Flags for the import
This function will associate the given callbacks with the
gnutls_privkey_t
structure. At least one of the two callbacks
must be non-null. If a deinitialization function is provided
then flags is assumed to contain GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
.
Note that the signing function is supposed to "raw" sign data, i.e.,
without any hashing or preprocessing. In case of RSA the DigestInfo
will be provided, and the signing function is expected to do the PKCS 1
1.5 padding and the exponentiation.
Returns: On success, GNUTLS_E_SUCCESS
(0) is returned, otherwise a
negative error value.
Since: 3.1
Next: Operations, Previous: Abstract public keys, Up: Abstract key types [Contents][Index]