gnutls-extra.html
Prev
ch01.html
Up
index.html
Home
GNU TLS API Reference Manual
gnutls-pkcs12.html
Next
x509
x509 —
Synopsis
#define
gnutls-x509.html#HASH-OID-SHA1:CAPS
HASH_OID_SHA1
#define
gnutls-x509.html#HASH-OID-MD5:CAPS
HASH_OID_MD5
#define
gnutls-x509.html#HASH-OID-MD2:CAPS
HASH_OID_MD2
#define
gnutls-x509.html#HASH-OID-RMD160:CAPS
HASH_OID_RMD160
gnutls-gnutls.html#gnutls-x509-crl-int
gnutls_x509_crl_int
;
gnutls-gnutls.html#gnutls-x509-crt-int
gnutls_x509_crt_int
;
enum
gnutls-x509.html#gnutls-certificate-import-flags
gnutls_certificate_import_flags
;
#define
gnutls-x509.html#MAX-PRIV-PARAMS-SIZE:CAPS
MAX_PRIV_PARAMS_SIZE
#define
gnutls-x509.html#DSA-PRIVATE-PARAMS:CAPS
DSA_PRIVATE_PARAMS
#define
gnutls-x509.html#DSA-PUBLIC-PARAMS:CAPS
DSA_PUBLIC_PARAMS
#define
gnutls-x509.html#RSA-PRIVATE-PARAMS:CAPS
RSA_PRIVATE_PARAMS
#define
gnutls-x509.html#RSA-PUBLIC-PARAMS:CAPS
RSA_PUBLIC_PARAMS
gnutls-gnutls.html#gnutls-x509-privkey-int
gnutls_x509_privkey_int
;
int
gnutls-x509.html#gnutls-x509-crt-get-issuer-dn-by-oid
gnutls_x509_crt_get_issuer_dn_by_oid
(
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert,
const char *oid,
int indx,
unsigned int raw_flag,
../shishi/shishi-shishi.html#void
void
*buf,
size_t *sizeof_buf);
int
gnutls-x509.html#gnutls-x509-crt-get-subject-alt-name
gnutls_x509_crt_get_subject_alt_name
(
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert,
unsigned int seq,
../shishi/shishi-shishi.html#void
void
*ret,
size_t *ret_size,
unsigned int *critical);
int
gnutls-x509.html#gnutls-x509-crt-get-dn-by-oid
gnutls_x509_crt_get_dn_by_oid
(
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert,
const char *oid,
int indx,
unsigned int raw_flag,
../shishi/shishi-shishi.html#void
void
*buf,
size_t *sizeof_buf);
int
gnutls-x509.html#gnutls-x509-crt-get-ca-status
gnutls_x509_crt_get_ca_status
(
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert,
unsigned int *critical);
int
gnutls-x509.html#gnutls-x509-crt-get-pk-algorithm
gnutls_x509_crt_get_pk_algorithm
(
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert,
unsigned int *bits);
int
gnutls-x509.html#gnutls-x509-crt-get-serial
gnutls_x509_crt_get_serial
(
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert,
../shishi/shishi-shishi.html#void
void
*result,
size_t *result_size);
int
gnutls-x509.html#gnutls-x509-crt-check-revocation
gnutls_x509_crt_check_revocation
(
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert,
const
gnutls-gnutls.html#gnutls-x509-crl-t
gnutls_x509_crl_t
*crl_list,
int crl_list_length);
int
gnutls-x509.html#gnutls-x509-crl-get-crt-count
gnutls_x509_crl_get_crt_count
(
gnutls-gnutls.html#gnutls-x509-crl-t
gnutls_x509_crl_t
crl);
int
gnutls-x509.html#gnutls-x509-crl-get-crt-serial
gnutls_x509_crl_get_crt_serial
(
gnutls-gnutls.html#gnutls-x509-crl-t
gnutls_x509_crl_t
crl,
int indx,
unsigned char *serial,
size_t *serial_size,
time_t *tim);
../shishi/shishi-shishi.html#void
void
gnutls-x509.html#gnutls-x509-crl-deinit
gnutls_x509_crl_deinit
(
gnutls-gnutls.html#gnutls-x509-crl-t
gnutls_x509_crl_t
crl);
int
gnutls-x509.html#gnutls-x509-crl-init
gnutls_x509_crl_init
(
gnutls-gnutls.html#gnutls-x509-crl-t
gnutls_x509_crl_t
*crl);
int
gnutls-x509.html#gnutls-x509-crl-import
gnutls_x509_crl_import
(
gnutls-gnutls.html#gnutls-x509-crl-t
gnutls_x509_crl_t
crl,
const
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*data,
gnutls-gnutls.html#gnutls-x509-crt-fmt-t
gnutls_x509_crt_fmt_t
format);
int
gnutls-x509.html#gnutls-x509-crl-export
gnutls_x509_crl_export
(
gnutls-gnutls.html#gnutls-x509-crl-t
gnutls_x509_crl_t
crl,
gnutls-gnutls.html#gnutls-x509-crt-fmt-t
gnutls_x509_crt_fmt_t
format,
../shishi/shishi-shishi.html#void
void
*output_data,
size_t *output_data_size);
int
gnutls-x509.html#gnutls-x509-crt-init
gnutls_x509_crt_init
(
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
*cert);
../shishi/shishi-shishi.html#void
void
gnutls-x509.html#gnutls-x509-crt-deinit
gnutls_x509_crt_deinit
(
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert);
int
gnutls-x509.html#gnutls-x509-crt-import
gnutls_x509_crt_import
(
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert,
const
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*data,
gnutls-gnutls.html#gnutls-x509-crt-fmt-t
gnutls_x509_crt_fmt_t
format);
int
gnutls-x509.html#gnutls-x509-crt-export
gnutls_x509_crt_export
(
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert,
gnutls-gnutls.html#gnutls-x509-crt-fmt-t
gnutls_x509_crt_fmt_t
format,
../shishi/shishi-shishi.html#void
void
*output_data,
size_t *output_data_size);
int
gnutls-x509.html#gnutls-x509-crt-get-key-usage
gnutls_x509_crt_get_key_usage
(
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert,
unsigned int *key_usage,
unsigned int *critical);
int
gnutls-x509.html#gnutls-x509-crt-get-version
gnutls_x509_crt_get_version
(
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert);
int
gnutls-x509.html#gnutls-x509-privkey-init
gnutls_x509_privkey_init
(
gnutls-gnutls.html#gnutls-x509-privkey-t
gnutls_x509_privkey_t
*key);
../shishi/shishi-shishi.html#void
void
gnutls-x509.html#gnutls-x509-privkey-deinit
gnutls_x509_privkey_deinit
(
gnutls-gnutls.html#gnutls-x509-privkey-t
gnutls_x509_privkey_t
key);
int
gnutls-x509.html#gnutls-x509-privkey-generate
gnutls_x509_privkey_generate
(
gnutls-gnutls.html#gnutls-x509-privkey-t
gnutls_x509_privkey_t
key,
gnutls-gnutls.html#gnutls-pk-algorithm-t
gnutls_pk_algorithm_t
algo,
unsigned int bits,
unsigned int flags);
int
gnutls-x509.html#gnutls-x509-privkey-import
gnutls_x509_privkey_import
(
gnutls-gnutls.html#gnutls-x509-privkey-t
gnutls_x509_privkey_t
key,
const
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*data,
gnutls-gnutls.html#gnutls-x509-crt-fmt-t
gnutls_x509_crt_fmt_t
format);
int
gnutls-x509.html#gnutls-x509-privkey-get-pk-algorithm
gnutls_x509_privkey_get_pk_algorithm
(
gnutls-gnutls.html#gnutls-x509-privkey-t
gnutls_x509_privkey_t
key);
int
gnutls-x509.html#gnutls-x509-privkey-import-rsa-raw
gnutls_x509_privkey_import_rsa_raw
(
gnutls-gnutls.html#gnutls-x509-privkey-t
gnutls_x509_privkey_t
key,
const
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*m,
const
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*e,
const
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*d,
const
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*p,
const
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*q,
const
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*u);
int
gnutls-x509.html#gnutls-x509-privkey-export-rsa-raw
gnutls_x509_privkey_export_rsa_raw
(
gnutls-gnutls.html#gnutls-x509-privkey-t
gnutls_x509_privkey_t
key,
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*m,
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*e,
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*d,
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*p,
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*q,
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*u);
int
gnutls-x509.html#gnutls-x509-privkey-export
gnutls_x509_privkey_export
(
gnutls-gnutls.html#gnutls-x509-privkey-t
gnutls_x509_privkey_t
key,
gnutls-gnutls.html#gnutls-x509-crt-fmt-t
gnutls_x509_crt_fmt_t
format,
../shishi/shishi-shishi.html#void
void
*output_data,
size_t *output_data_size);
#define
gnutls-x509.html#GNUTLS-CRL-REASON-UNUSED:CAPS
GNUTLS_CRL_REASON_UNUSED
#define
gnutls-x509.html#GNUTLS-CRL-REASON-KEY-COMPROMISE:CAPS
GNUTLS_CRL_REASON_KEY_COMPROMISE
#define
gnutls-x509.html#GNUTLS-CRL-REASON-CA-COMPROMISE:CAPS
GNUTLS_CRL_REASON_CA_COMPROMISE
#define
gnutls-x509.html#GNUTLS-CRL-REASON-AFFILIATION-CHANGED:CAPS
GNUTLS_CRL_REASON_AFFILIATION_CHANGED
#define
gnutls-x509.html#GNUTLS-CRL-REASON-SUPERSEEDED:CAPS
GNUTLS_CRL_REASON_SUPERSEEDED
#define
gnutls-x509.html#GNUTLS-CRL-REASON-CESSATION-OF-OPERATION:CAPS
GNUTLS_CRL_REASON_CESSATION_OF_OPERATION
#define
gnutls-x509.html#GNUTLS-CRL-REASON-CERTIFICATE-HOLD:CAPS
GNUTLS_CRL_REASON_CERTIFICATE_HOLD
#define
gnutls-x509.html#GNUTLS-CRL-REASON-PRIVILEGE-WITHDRAWN:CAPS
GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN
#define
gnutls-x509.html#GNUTLS-CRL-REASON-AA-COMPROMISE:CAPS
GNUTLS_CRL_REASON_AA_COMPROMISE
Description
Details
HASH_OID_SHA1
#define     HASH_OID_SHA1
HASH_OID_MD5
#define     HASH_OID_MD5
HASH_OID_MD2
#define     HASH_OID_MD2
HASH_OID_RMD160
#define     HASH_OID_RMD160
gnutls_x509_crl_int
typedef struct {
ASN1_TYPE crl;
} gnutls_x509_crl_int;
gnutls_x509_crt_int
typedef struct {
ASN1_TYPE cert;
int use_extensions;
} gnutls_x509_crt_int;
enum gnutls_certificate_import_flags
typedef enum gnutls_certificate_import_flags {
GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED=1
} gnutls_certificate_import_flags;
MAX_PRIV_PARAMS_SIZE
#define     MAX_PRIV_PARAMS_SIZE
DSA_PRIVATE_PARAMS
#define     DSA_PRIVATE_PARAMS
DSA_PUBLIC_PARAMS
#define     DSA_PUBLIC_PARAMS
RSA_PRIVATE_PARAMS
#define     RSA_PRIVATE_PARAMS
RSA_PUBLIC_PARAMS
#define     RSA_PUBLIC_PARAMS
gnutls_x509_privkey_int
typedef struct {
mpi_t params[MAX_PRIV_PARAMS_SIZE];	/* the size of params depends on the public
* key algorithm
*/
/*
* RSA: [0] is modulus
*      [1] is public exponent
*      [2] is private exponent
*      [3] is prime1 (p)
*      [4] is prime2 (q)
*      [5] is coefficient (u == inverse of p mod q)
*          note that other packages used inverse of q mod p,
*          so we need to perform conversions.
* DSA: [0] is p
*      [1] is q
*      [2] is g
*      [3] is y (public key)
*      [4] is x (private key)
*/
int params_size;		/* holds the number of params */
gnutls_pk_algorithm_t pk_algorithm;
int crippled;		/* The crippled keys will not use the ASN1_TYPE key.
* The encoding will only be performed at the export
* phase, to optimize copying etc. Cannot be used with
* the exported API (used internally only).
*/
ASN1_TYPE key;
} gnutls_x509_privkey_int;
gnutls_x509_crt_get_issuer_dn_by_oid ()
int         gnutls_x509_crt_get_issuer_dn_by_oid
(
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert,
const char *oid,
int indx,
unsigned int raw_flag,
../shishi/shishi-shishi.html#void
void
*buf,
size_t *sizeof_buf);
This function will extract the part of the name of the Certificate
issuer specified by the given OID. The output, if the raw flag is not
used, will be encoded as described in RFC2253. Thus a string that is
ASCII or UTF-8 encoded, depending on the certificate data.
Some helper macros with popular OIDs can be found in gnutls/x509.h
If raw flag is zero, this function will only return known OIDs as
text. Other OIDs will be DER encoded, as described in RFC2253 --
in hex format with a '\#' prefix.  You can check about known OIDs
using
gnutls_x509_dn_oid_known()
.
If
buf
is null then only the size will be filled.
cert
:
oid
:
indx
:
raw_flag
:
buf
:
sizeof_buf
:
Returns
:
gnutls_x509_crt_get_subject_alt_name ()
int         gnutls_x509_crt_get_subject_alt_name
(
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert,
unsigned int seq,
../shishi/shishi-shishi.html#void
void
*ret,
size_t *ret_size,
unsigned int *critical);
This function will return the alternative names, contained in the
given certificate.
This is specified in X509v3 Certificate Extensions.
GNUTLS will return the Alternative name (2.5.29.17), or a negative
error code.
cert
:
seq
:
ret
:
ret_size
:
critical
:
Returns
:
gnutls_x509_crt_get_dn_by_oid ()
int         gnutls_x509_crt_get_dn_by_oid   (
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert,
const char *oid,
int indx,
unsigned int raw_flag,
../shishi/shishi-shishi.html#void
void
*buf,
size_t *sizeof_buf);
This function will extract the part of the name of the Certificate
subject specified by the given OID. The output, if the raw flag is not
used, will be encoded as described in RFC2253. Thus a string that is
ASCII or UTF-8 encoded, depending on the certificate data.
Some helper macros with popular OIDs can be found in gnutls/x509.h
If raw flag is zero, this function will only return known OIDs as
text. Other OIDs will be DER encoded, as described in RFC2253 --
in hex format with a '\#' prefix.  You can check about known OIDs
using
gnutls_x509_dn_oid_known()
.
If
buf
is null then only the size will be filled.
cert
:
oid
:
indx
:
raw_flag
:
buf
:
sizeof_buf
:
Returns
:
gnutls_x509_crt_get_ca_status ()
int         gnutls_x509_crt_get_ca_status   (
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert,
unsigned int *critical);
This function will return certificates CA status, by reading the
basicConstraints X.509 extension (2.5.29.19). If the certificate is a CA a positive
value will be returned, or zero if the certificate does not have
CA flag set.
A negative value may be returned in case of parsing error.
If the certificate does not contain the basicConstraints extension
GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
cert
:
critical
:
Returns
:
gnutls_x509_crt_get_pk_algorithm ()
int         gnutls_x509_crt_get_pk_algorithm
(
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert,
unsigned int *bits);
This function will return the public key algorithm of an X.509
certificate.
If bits is non null, it should have enough size to hold the parameters
size in bits. For RSA the bits returned is the modulus.
For DSA the bits returned are of the public
exponent.
cert
:
bits
:
Returns
:
gnutls_x509_crt_get_serial ()
int         gnutls_x509_crt_get_serial      (
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert,
../shishi/shishi-shishi.html#void
void
*result,
size_t *result_size);
This function will return the X.509 certificate's serial number.
This is obtained by the X509 Certificate serialNumber
field. Serial is not always a 32 or 64bit number. Some CAs use
large serial numbers, thus it may be wise to handle it as something
opaque.
cert
:
result
:
result_size
:
Returns
:
gnutls_x509_crt_check_revocation ()
int         gnutls_x509_crt_check_revocation
(
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert,
const
gnutls-gnutls.html#gnutls-x509-crl-t
gnutls_x509_crl_t
*crl_list,
int crl_list_length);
This function will return check if the given certificate is revoked.
It is assumed that the CRLs have been verified before.
cert
:
crl_list
:
crl_list_length
:
Returns
:
gnutls_x509_crl_get_crt_count ()
int         gnutls_x509_crl_get_crt_count   (
gnutls-gnutls.html#gnutls-x509-crl-t
gnutls_x509_crl_t
crl);
This function will return the number of revoked certificates in the
given CRL.
crl
:
Returns
:
gnutls_x509_crl_get_crt_serial ()
int         gnutls_x509_crl_get_crt_serial  (
gnutls-gnutls.html#gnutls-x509-crl-t
gnutls_x509_crl_t
crl,
int indx,
unsigned char *serial,
size_t *serial_size,
time_t *tim);
This function will return the serial number of the specified, by
the index, revoked certificate.
crl
:
indx
:
serial
:
serial_size
:
tim
:
Returns
:
gnutls_x509_crl_deinit ()
../shishi/shishi-shishi.html#void
void
gnutls_x509_crl_deinit          (
gnutls-gnutls.html#gnutls-x509-crl-t
gnutls_x509_crl_t
crl);
This function will deinitialize a CRL structure.
crl
:
gnutls_x509_crl_init ()
int         gnutls_x509_crl_init            (
gnutls-gnutls.html#gnutls-x509-crl-t
gnutls_x509_crl_t
*crl);
This function will initialize a CRL structure. CRL stands for
Certificate Revocation List. A revocation list usually contains
lists of certificate serial numbers that have been revoked
by an Authority. The revocation lists are always signed with
the authority's private key.
crl
:
Returns
:
gnutls_x509_crl_import ()
int         gnutls_x509_crl_import          (
gnutls-gnutls.html#gnutls-x509-crl-t
gnutls_x509_crl_t
crl,
const
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*data,
gnutls-gnutls.html#gnutls-x509-crt-fmt-t
gnutls_x509_crt_fmt_t
format);
This function will convert the given DER or PEM encoded CRL
to the native gnutls_x509_crl_t format. The output will be stored in 'crl'.
If the CRL is PEM encoded it should have a header of "X509 CRL".
crl
:
data
:
format
:
Returns
:
gnutls_x509_crl_export ()
int         gnutls_x509_crl_export          (
gnutls-gnutls.html#gnutls-x509-crl-t
gnutls_x509_crl_t
crl,
gnutls-gnutls.html#gnutls-x509-crt-fmt-t
gnutls_x509_crt_fmt_t
format,
../shishi/shishi-shishi.html#void
void
*output_data,
size_t *output_data_size);
This function will export the revocation list to DER or PEM format.
If the buffer provided is not long enough to hold the output, then
GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
If the structure is PEM encoded, it will have a header
of "BEGIN X509 CRL".
crl
:
format
:
output_data
:
output_data_size
:
Returns
:
gnutls_x509_crt_init ()
int         gnutls_x509_crt_init            (
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
*cert);
This function will initialize an X.509 certificate structure.
cert
:
Returns
:
gnutls_x509_crt_deinit ()
../shishi/shishi-shishi.html#void
void
gnutls_x509_crt_deinit          (
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert);
This function will deinitialize a CRL structure.
cert
:
gnutls_x509_crt_import ()
int         gnutls_x509_crt_import          (
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert,
const
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*data,
gnutls-gnutls.html#gnutls-x509-crt-fmt-t
gnutls_x509_crt_fmt_t
format);
This function will convert the given DER or PEM encoded Certificate
to the native gnutls_x509_crt_t format. The output will be stored in
cert
.
If the Certificate is PEM encoded it should have a header of "X509 CERTIFICATE", or
"CERTIFICATE".
cert
:
data
:
format
:
Returns
:
gnutls_x509_crt_export ()
int         gnutls_x509_crt_export          (
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert,
gnutls-gnutls.html#gnutls-x509-crt-fmt-t
gnutls_x509_crt_fmt_t
format,
../shishi/shishi-shishi.html#void
void
*output_data,
size_t *output_data_size);
This function will export the certificate to DER or PEM format.
If the buffer provided is not long enough to hold the output, then
*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
be returned.
If the structure is PEM encoded, it will have a header
of "BEGIN CERTIFICATE".
cert
:
format
:
output_data
:
output_data_size
:
Returns
:
gnutls_x509_crt_get_key_usage ()
int         gnutls_x509_crt_get_key_usage   (
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert,
unsigned int *key_usage,
unsigned int *critical);
This function will return certificate's key usage, by reading the
keyUsage X.509 extension (2.5.29.15). The key usage value will ORed values of the:
GNUTLS_KEY_DIGITAL_SIGNATURE, GNUTLS_KEY_NON_REPUDIATION,
GNUTLS_KEY_KEY_ENCIPHERMENT, GNUTLS_KEY_DATA_ENCIPHERMENT,
GNUTLS_KEY_KEY_AGREEMENT, GNUTLS_KEY_KEY_CERT_SIGN,
GNUTLS_KEY_CRL_SIGN, GNUTLS_KEY_ENCIPHER_ONLY,
GNUTLS_KEY_DECIPHER_ONLY.
A negative value may be returned in case of parsing error.
If the certificate does not contain the keyUsage extension
GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
cert
:
key_usage
:
critical
:
Returns
:
gnutls_x509_crt_get_version ()
int         gnutls_x509_crt_get_version     (
gnutls-gnutls.html#gnutls-x509-crt-t
gnutls_x509_crt_t
cert);
This function will return the version of the specified Certificate.
cert
:
Returns
:
gnutls_x509_privkey_init ()
int         gnutls_x509_privkey_init        (
gnutls-gnutls.html#gnutls-x509-privkey-t
gnutls_x509_privkey_t
*key);
This function will initialize an private key structure.
key
:
Returns
:
gnutls_x509_privkey_deinit ()
../shishi/shishi-shishi.html#void
void
gnutls_x509_privkey_deinit      (
gnutls-gnutls.html#gnutls-x509-privkey-t
gnutls_x509_privkey_t
key);
This function will deinitialize a private key structure.
key
:
gnutls_x509_privkey_generate ()
int         gnutls_x509_privkey_generate    (
gnutls-gnutls.html#gnutls-x509-privkey-t
gnutls_x509_privkey_t
key,
gnutls-gnutls.html#gnutls-pk-algorithm-t
gnutls_pk_algorithm_t
algo,
unsigned int bits,
unsigned int flags);
This function will generate a random private key. Note that
this function must be called on an empty private key.
key
:
algo
:
bits
:
flags
:
Returns
:
gnutls_x509_privkey_import ()
int         gnutls_x509_privkey_import      (
gnutls-gnutls.html#gnutls-x509-privkey-t
gnutls_x509_privkey_t
key,
const
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*data,
gnutls-gnutls.html#gnutls-x509-crt-fmt-t
gnutls_x509_crt_fmt_t
format);
This function will convert the given DER or PEM encoded key
to the native gnutls_x509_privkey_t format. The output will be stored in
key
.
If the key is PEM encoded it should have a header of "RSA PRIVATE KEY", or
"DSA PRIVATE KEY".
key
:
data
:
format
:
Returns
:
gnutls_x509_privkey_get_pk_algorithm ()
int         gnutls_x509_privkey_get_pk_algorithm
(
gnutls-gnutls.html#gnutls-x509-privkey-t
gnutls_x509_privkey_t
key);
This function will return the public key algorithm of a private
key.
key
:
Returns
:
gnutls_x509_privkey_import_rsa_raw ()
int         gnutls_x509_privkey_import_rsa_raw
(
gnutls-gnutls.html#gnutls-x509-privkey-t
gnutls_x509_privkey_t
key,
const
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*m,
const
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*e,
const
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*d,
const
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*p,
const
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*q,
const
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*u);
This function will convert the given RSA raw parameters
to the native gnutls_x509_privkey_t format. The output will be stored in
key
.
key
:
m
:
e
:
d
:
p
:
q
:
u
:
Returns
:
gnutls_x509_privkey_export_rsa_raw ()
int         gnutls_x509_privkey_export_rsa_raw
(
gnutls-gnutls.html#gnutls-x509-privkey-t
gnutls_x509_privkey_t
key,
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*m,
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*e,
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*d,
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*p,
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*q,
gnutls-gnutls.html#gnutls-datum-t
gnutls_datum_t
*u);
This function will export the RSA private key's parameters found in the given
structure. The new parameters will be allocated using
gnutls-gnutls.html#gnutls-malloc
gnutls_malloc()
and will be stored in the appropriate datum.
key
:
m
:
e
:
d
:
p
:
q
:
u
:
Returns
:
gnutls_x509_privkey_export ()
int         gnutls_x509_privkey_export      (
gnutls-gnutls.html#gnutls-x509-privkey-t
gnutls_x509_privkey_t
key,
gnutls-gnutls.html#gnutls-x509-crt-fmt-t
gnutls_x509_crt_fmt_t
format,
../shishi/shishi-shishi.html#void
void
*output_data,
size_t *output_data_size);
This function will export the private key to a PKCS1 structure for
RSA keys, or an integer sequence for DSA keys. The DSA keys are in
the same format with the parameters used by openssl.
If the buffer provided is not long enough to hold the output, then
*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
be returned.
If the structure is PEM encoded, it will have a header
of "BEGIN RSA PRIVATE KEY".
key
:
format
:
output_data
:
output_data_size
:
Returns
:
GNUTLS_CRL_REASON_UNUSED
#define     GNUTLS_CRL_REASON_UNUSED
GNUTLS_CRL_REASON_KEY_COMPROMISE
#define     GNUTLS_CRL_REASON_KEY_COMPROMISE
GNUTLS_CRL_REASON_CA_COMPROMISE
#define     GNUTLS_CRL_REASON_CA_COMPROMISE
GNUTLS_CRL_REASON_AFFILIATION_CHANGED
#define     GNUTLS_CRL_REASON_AFFILIATION_CHANGED
GNUTLS_CRL_REASON_SUPERSEEDED
#define     GNUTLS_CRL_REASON_SUPERSEEDED
GNUTLS_CRL_REASON_CESSATION_OF_OPERATION
#define     GNUTLS_CRL_REASON_CESSATION_OF_OPERATION
GNUTLS_CRL_REASON_CERTIFICATE_HOLD
#define     GNUTLS_CRL_REASON_CERTIFICATE_HOLD
GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN
#define     GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN
GNUTLS_CRL_REASON_AA_COMPROMISE
#define     GNUTLS_CRL_REASON_AA_COMPROMISE
gnutls-extra.html
<< extra
gnutls-pkcs12.html
pkcs12 >>
