gnutls-extra.htmlPrev ch01.htmlUp index.htmlHome GNU TLS API Reference Manual gnutls-pkcs12.htmlNext #top_of_pageTop                    | 
                  
#descDescription x509
x509 — 
Synopsis
#define     
gnutls-x509.html#HASH-OID-SHA1:CAPSHASH_OID_SHA1 #define     
gnutls-x509.html#HASH-OID-MD5:CAPSHASH_OID_MD5 #define     
gnutls-x509.html#HASH-OID-MD2:CAPSHASH_OID_MD2 #define     
gnutls-x509.html#HASH-OID-RMD160:CAPSHASH_OID_RMD160             
gnutls-gnutls.html#gnutls-x509-crl-intgnutls_x509_crl_int ;
            
gnutls-gnutls.html#gnutls-x509-crt-intgnutls_x509_crt_int ;
#define     
gnutls-x509.html#MAX-PRIV-PARAMS-SIZE:CAPSMAX_PRIV_PARAMS_SIZE #define     
gnutls-x509.html#DSA-PRIVATE-PARAMS:CAPSDSA_PRIVATE_PARAMS #define     
gnutls-x509.html#DSA-PUBLIC-PARAMS:CAPSDSA_PUBLIC_PARAMS #define     
gnutls-x509.html#RSA-PRIVATE-PARAMS:CAPSRSA_PRIVATE_PARAMS #define     
gnutls-x509.html#RSA-PUBLIC-PARAMS:CAPSRSA_PUBLIC_PARAMS             
gnutls-gnutls.html#gnutls-x509-privkey-intgnutls_x509_privkey_int ;
int         
gnutls-x509.html#gnutls-x509-crt-get-issuer-dn-by-oidgnutls_x509_crt_get_issuer_dn_by_oid                                             (
gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert,
                                             const char *oid,
                                             int indx,
                                             unsigned int raw_flag,
                                             
../gss/gss-ext.html#voidvoid  *buf,
                                             size_t *sizeof_buf);
int         
gnutls-x509.html#gnutls-x509-crt-get-subject-alt-namegnutls_x509_crt_get_subject_alt_name                                             (
gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert,
                                             unsigned int seq,
                                             
../gss/gss-ext.html#voidvoid  *ret,
                                             size_t *ret_size,
                                             unsigned int *critical);
int         
gnutls-x509.html#gnutls-x509-crt-get-dn-by-oidgnutls_x509_crt_get_dn_by_oid    ( gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert,
                                             const char *oid,
                                             int indx,
                                             unsigned int raw_flag,
                                             
../gss/gss-ext.html#voidvoid  *buf,
                                             size_t *sizeof_buf);
int         
gnutls-x509.html#gnutls-x509-crt-get-ca-statusgnutls_x509_crt_get_ca_status    ( gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert,
                                             unsigned int *critical);
int         
gnutls-x509.html#gnutls-x509-crt-get-pk-algorithmgnutls_x509_crt_get_pk_algorithm                                             (
gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert,
                                             unsigned int *bits);
int         
gnutls-x509.html#gnutls-x509-crt-get-serialgnutls_x509_crt_get_serial       ( gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert,
                                             
../gss/gss-ext.html#voidvoid  *result,
                                             size_t *result_size);
int         
gnutls-x509.html#gnutls-x509-crt-check-revocationgnutls_x509_crt_check_revocation                                             (
gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert,
                                             const 
gnutls-gnutls.html#gnutls-x509-crl-tgnutls_x509_crl_t  *crl_list,
                                             int crl_list_length);
int         
gnutls-x509.html#gnutls-x509-crl-get-crt-countgnutls_x509_crl_get_crt_count    ( gnutls-gnutls.html#gnutls-x509-crl-tgnutls_x509_crl_t  crl);
int         
gnutls-x509.html#gnutls-x509-crl-get-crt-serialgnutls_x509_crl_get_crt_serial   ( gnutls-gnutls.html#gnutls-x509-crl-tgnutls_x509_crl_t  crl,
                                             int indx,
                                             unsigned char *serial,
                                             size_t *serial_size,
                                             time_t *t);
../gss/gss-ext.html#voidvoid         gnutls-x509.html#gnutls-x509-crl-deinitgnutls_x509_crl_deinit           ( gnutls-gnutls.html#gnutls-x509-crl-tgnutls_x509_crl_t  crl);
int         
gnutls-x509.html#gnutls-x509-crl-initgnutls_x509_crl_init             ( gnutls-gnutls.html#gnutls-x509-crl-tgnutls_x509_crl_t  *crl);
int         
gnutls-x509.html#gnutls-x509-crl-importgnutls_x509_crl_import           ( gnutls-gnutls.html#gnutls-x509-crl-tgnutls_x509_crl_t  crl,
                                             const 
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *data,
                                             
gnutls-gnutls.html#gnutls-x509-crt-fmt-tgnutls_x509_crt_fmt_t  format);
int         
gnutls-x509.html#gnutls-x509-crl-exportgnutls_x509_crl_export           ( gnutls-gnutls.html#gnutls-x509-crl-tgnutls_x509_crl_t  crl,
                                             
gnutls-gnutls.html#gnutls-x509-crt-fmt-tgnutls_x509_crt_fmt_t  format,
                                             
../gss/gss-ext.html#voidvoid  *output_data,
                                             size_t *output_data_size);
int         
gnutls-x509.html#gnutls-x509-crt-initgnutls_x509_crt_init             ( gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  *cert);
../gss/gss-ext.html#voidvoid         gnutls-x509.html#gnutls-x509-crt-deinitgnutls_x509_crt_deinit           ( gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert);
int         
gnutls-x509.html#gnutls-x509-crt-importgnutls_x509_crt_import           ( gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert,
                                             const 
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *data,
                                             
gnutls-gnutls.html#gnutls-x509-crt-fmt-tgnutls_x509_crt_fmt_t  format);
int         
gnutls-x509.html#gnutls-x509-crt-exportgnutls_x509_crt_export           ( gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert,
                                             
gnutls-gnutls.html#gnutls-x509-crt-fmt-tgnutls_x509_crt_fmt_t  format,
                                             
../gss/gss-ext.html#voidvoid  *output_data,
                                             size_t *output_data_size);
int         
gnutls-x509.html#gnutls-x509-crt-get-key-usagegnutls_x509_crt_get_key_usage    ( gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert,
                                             unsigned int *key_usage,
                                             unsigned int *critical);
int         
gnutls-x509.html#gnutls-x509-crt-get-signature-algorithmgnutls_x509_crt_get_signature_algorithm                                             (
gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert);
int         
gnutls-x509.html#gnutls-x509-crt-get-versiongnutls_x509_crt_get_version      ( gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert);
int         
gnutls-x509.html#gnutls-x509-privkey-initgnutls_x509_privkey_init         ( gnutls-gnutls.html#gnutls-x509-privkey-tgnutls_x509_privkey_t  *key);
../gss/gss-ext.html#voidvoid         gnutls-x509.html#gnutls-x509-privkey-deinitgnutls_x509_privkey_deinit       ( gnutls-gnutls.html#gnutls-x509-privkey-tgnutls_x509_privkey_t  key);
int         
gnutls-x509.html#gnutls-x509-privkey-generategnutls_x509_privkey_generate     ( gnutls-gnutls.html#gnutls-x509-privkey-tgnutls_x509_privkey_t  key,
                                             
gnutls-gnutls.html#gnutls-pk-algorithm-tgnutls_pk_algorithm_t  algo,
                                             unsigned int bits,
                                             unsigned int flags);
int         
gnutls-x509.html#gnutls-x509-privkey-importgnutls_x509_privkey_import       ( gnutls-gnutls.html#gnutls-x509-privkey-tgnutls_x509_privkey_t  key,
                                             const 
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *data,
                                             
gnutls-gnutls.html#gnutls-x509-crt-fmt-tgnutls_x509_crt_fmt_t  format);
int         
gnutls-x509.html#gnutls-x509-privkey-get-pk-algorithmgnutls_x509_privkey_get_pk_algorithm                                             (
gnutls-gnutls.html#gnutls-x509-privkey-tgnutls_x509_privkey_t  key);
int         
gnutls-x509.html#gnutls-x509-privkey-import-rsa-rawgnutls_x509_privkey_import_rsa_raw                                             (
gnutls-gnutls.html#gnutls-x509-privkey-tgnutls_x509_privkey_t  key,
                                             const 
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *m,
                                             const 
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *e,
                                             const 
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *d,
                                             const 
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *p,
                                             const 
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *q,
                                             const 
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *u);
int         
gnutls-x509.html#gnutls-x509-privkey-export-rsa-rawgnutls_x509_privkey_export_rsa_raw                                             (
gnutls-gnutls.html#gnutls-x509-privkey-tgnutls_x509_privkey_t  key,
                                             
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *m,
                                             
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *e,
                                             
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *d,
                                             
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *p,
                                             
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *q,
                                             
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *u);
int         
gnutls-x509.html#gnutls-x509-privkey-exportgnutls_x509_privkey_export       ( gnutls-gnutls.html#gnutls-x509-privkey-tgnutls_x509_privkey_t  key,
                                             
gnutls-gnutls.html#gnutls-x509-crt-fmt-tgnutls_x509_crt_fmt_t  format,
                                             
../gss/gss-ext.html#voidvoid  *output_data,
                                             size_t *output_data_size);
#define     
gnutls-x509.html#GNUTLS-CRL-REASON-UNUSED:CAPSGNUTLS_CRL_REASON_UNUSED #define     
gnutls-x509.html#GNUTLS-CRL-REASON-KEY-COMPROMISE:CAPSGNUTLS_CRL_REASON_KEY_COMPROMISE #define     
gnutls-x509.html#GNUTLS-CRL-REASON-CA-COMPROMISE:CAPSGNUTLS_CRL_REASON_CA_COMPROMISE #define     
gnutls-x509.html#GNUTLS-CRL-REASON-AFFILIATION-CHANGED:CAPSGNUTLS_CRL_REASON_AFFILIATION_CHANGED #define     
gnutls-x509.html#GNUTLS-CRL-REASON-SUPERSEEDED:CAPSGNUTLS_CRL_REASON_SUPERSEEDED #define     
gnutls-x509.html#GNUTLS-CRL-REASON-CESSATION-OF-OPERATION:CAPSGNUTLS_CRL_REASON_CESSATION_OF_OPERATION #define     
gnutls-x509.html#GNUTLS-CRL-REASON-CERTIFICATE-HOLD:CAPSGNUTLS_CRL_REASON_CERTIFICATE_HOLD #define     
gnutls-x509.html#GNUTLS-CRL-REASON-PRIVILEGE-WITHDRAWN:CAPSGNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN #define     
gnutls-x509.html#GNUTLS-CRL-REASON-AA-COMPROMISE:CAPSGNUTLS_CRL_REASON_AA_COMPROMISE Description
Details
HASH_OID_SHA1
#define     HASH_OID_SHA1
HASH_OID_MD5
#define     HASH_OID_MD5
HASH_OID_MD2
#define     HASH_OID_MD2
HASH_OID_RMD160
#define     HASH_OID_RMD160
gnutls_x509_crl_int
typedef struct {
    ASN1_TYPE crl;
} gnutls_x509_crl_int;
gnutls_x509_crt_int
typedef struct {
    ASN1_TYPE cert;
    int use_extensions;
} gnutls_x509_crt_int;
MAX_PRIV_PARAMS_SIZE
#define     MAX_PRIV_PARAMS_SIZE
DSA_PRIVATE_PARAMS
#define     DSA_PRIVATE_PARAMS
DSA_PUBLIC_PARAMS
#define     DSA_PUBLIC_PARAMS
RSA_PRIVATE_PARAMS
#define     RSA_PRIVATE_PARAMS
RSA_PUBLIC_PARAMS
#define     RSA_PUBLIC_PARAMS
gnutls_x509_privkey_int
typedef struct {
    mpi_t params[MAX_PRIV_PARAMS_SIZE];	/* the size of params depends on the public 
					 * key algorithm 
					 */
    /*
     * RSA: [0] is modulus
     *      [1] is public exponent
     *      [2] is private exponent
     *      [3] is prime1 (p)
     *      [4] is prime2 (q)
     *      [5] is coefficient (u == inverse of p mod q)
     *          note that other packages used inverse of q mod p,
     *          so we need to perform conversions.
     * DSA: [0] is p
     *      [1] is q
     *      [2] is g
     *      [3] is y (public key)
     *      [4] is x (private key)
     */
    int params_size;		/* holds the number of params */
    gnutls_pk_algorithm_t pk_algorithm;
    int crippled;		/* The crippled keys will not use the ASN1_TYPE key.
				 * The encoding will only be performed at the export
				 * phase, to optimize copying etc. Cannot be used with
				 * the exported API (used internally only).
				 */
    ASN1_TYPE key;
} gnutls_x509_privkey_int;
gnutls_x509_crt_get_issuer_dn_by_oid ()
int         gnutls_x509_crt_get_issuer_dn_by_oid
                                            (
gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert,
                                             const char *oid,
                                             int indx,
                                             unsigned int raw_flag,
                                             
../gss/gss-ext.html#voidvoid  *buf,
                                             size_t *sizeof_buf);
This function will extract the part of the name of the Certificate
issuer specified by the given OID. The output, if the raw flag is not
used, will be encoded as described in RFC2253. Thus a string that is
ASCII or UTF-8 encoded, depending on the certificate data.
Some helper macros with popular OIDs can be found in gnutls/x509.h
If raw flag is zero, this function will only return known OIDs as
text. Other OIDs will be DER encoded, as described in RFC2253 --
in hex format with a '\#' prefix.  You can check about known OIDs
using 
gnutls_x509_dn_oid_known().
If 
buf is null then only the size will be filled.
cert : oid : indx : raw_flag : buf : sizeof_buf : Returns : gnutls_x509_crt_get_subject_alt_name ()
int         gnutls_x509_crt_get_subject_alt_name
                                            (
gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert,
                                             unsigned int seq,
                                             
../gss/gss-ext.html#voidvoid  *ret,
                                             size_t *ret_size,
                                             unsigned int *critical);
This function will return the alternative names, contained in the
given certificate.
This is specified in X509v3 Certificate Extensions. 
GNUTLS will return the Alternative name (2.5.29.17), or a negative
error code.
cert : seq : ret : ret_size : critical : Returns : gnutls_x509_crt_get_dn_by_oid ()
int         gnutls_x509_crt_get_dn_by_oid   ( gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert,
                                             const char *oid,
                                             int indx,
                                             unsigned int raw_flag,
                                             
../gss/gss-ext.html#voidvoid  *buf,
                                             size_t *sizeof_buf);
This function will extract the part of the name of the Certificate
subject specified by the given OID. The output, if the raw flag is not
used, will be encoded as described in RFC2253. Thus a string that is
ASCII or UTF-8 encoded, depending on the certificate data.
Some helper macros with popular OIDs can be found in gnutls/x509.h
If raw flag is zero, this function will only return known OIDs as
text. Other OIDs will be DER encoded, as described in RFC2253 --
in hex format with a '\#' prefix.  You can check about known OIDs
using 
gnutls_x509_dn_oid_known().
If 
buf is null then only the size will be filled.
cert : oid : indx : raw_flag : buf : sizeof_buf : Returns : gnutls_x509_crt_get_ca_status ()
int         gnutls_x509_crt_get_ca_status   ( gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert,
                                             unsigned int *critical);
This function will return certificates CA status, by reading the
basicConstraints X.509 extension (2.5.29.19). If the certificate is a CA a positive
value will be returned, or zero if the certificate does not have
CA flag set. 
A negative value may be returned in case of parsing error.
If the certificate does not contain the basicConstraints extension
GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
cert : critical : Returns : gnutls_x509_crt_get_pk_algorithm ()
int         gnutls_x509_crt_get_pk_algorithm
                                            (
gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert,
                                             unsigned int *bits);
This function will return the public key algorithm of an X.509 
certificate.
If bits is non null, it should have enough size to hold the parameters
size in bits. For RSA the bits returned is the modulus. 
For DSA the bits returned are of the public
exponent.
cert : bits : Returns : gnutls_x509_crt_get_serial ()
int         gnutls_x509_crt_get_serial      ( gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert,
                                             
../gss/gss-ext.html#voidvoid  *result,
                                             size_t *result_size);
This function will return the X.509 certificate's serial number. 
This is obtained by the X509 Certificate serialNumber
field. Serial is not always a 32 or 64bit number. Some CAs use
large serial numbers, thus it may be wise to handle it as something
opaque.
cert : result : result_size : Returns : gnutls_x509_crt_check_revocation ()
int         gnutls_x509_crt_check_revocation
                                            (
gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert,
                                             const 
gnutls-gnutls.html#gnutls-x509-crl-tgnutls_x509_crl_t  *crl_list,
                                             int crl_list_length);
This function will return check if the given certificate is revoked.
It is assumed that the CRLs have been verified before.
cert : crl_list : crl_list_length : Returns : gnutls_x509_crl_get_crt_count ()
int         gnutls_x509_crl_get_crt_count   ( gnutls-gnutls.html#gnutls-x509-crl-tgnutls_x509_crl_t  crl);This function will return the number of revoked certificates in the
given CRL.
crl : Returns : gnutls_x509_crl_get_crt_serial ()
int         gnutls_x509_crl_get_crt_serial  ( gnutls-gnutls.html#gnutls-x509-crl-tgnutls_x509_crl_t  crl,
                                             int indx,
                                             unsigned char *serial,
                                             size_t *serial_size,
                                             time_t *t);
This function will return the serial number of the specified, by
the index, revoked certificate.
crl : indx : serial : serial_size : t : Returns : gnutls_x509_crl_deinit ()
../gss/gss-ext.html#voidvoid         gnutls_x509_crl_deinit          ( gnutls-gnutls.html#gnutls-x509-crl-tgnutls_x509_crl_t  crl);This function will deinitialize a CRL structure.
crl : gnutls_x509_crl_init ()
int         gnutls_x509_crl_init            ( gnutls-gnutls.html#gnutls-x509-crl-tgnutls_x509_crl_t  *crl);This function will initialize a CRL structure. CRL stands for
Certificate Revocation List. A revocation list usually contains
lists of certificate serial numbers that have been revoked
by an Authority. The revocation lists are always signed with
the authority's private key.
crl : Returns : gnutls_x509_crl_import ()
int         gnutls_x509_crl_import          ( gnutls-gnutls.html#gnutls-x509-crl-tgnutls_x509_crl_t  crl,
                                             const 
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *data,
                                             
gnutls-gnutls.html#gnutls-x509-crt-fmt-tgnutls_x509_crt_fmt_t  format);This function will convert the given DER or PEM encoded CRL
to the native gnutls_x509_crl_t format. The output will be stored in 'crl'.
If the CRL is PEM encoded it should have a header of "X509 CRL".
crl : data : format : Returns : gnutls_x509_crl_export ()
int         gnutls_x509_crl_export          ( gnutls-gnutls.html#gnutls-x509-crl-tgnutls_x509_crl_t  crl,
                                             
gnutls-gnutls.html#gnutls-x509-crt-fmt-tgnutls_x509_crt_fmt_t  format,
                                             
../gss/gss-ext.html#voidvoid  *output_data,
                                             size_t *output_data_size);
This function will export the revocation list to DER or PEM format.
If the buffer provided is not long enough to hold the output, then
GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
If the structure is PEM encoded, it will have a header
of "BEGIN X509 CRL".
crl : format : output_data : output_data_size : Returns : gnutls_x509_crt_init ()
int         gnutls_x509_crt_init            ( gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  *cert);This function will initialize an X.509 certificate structure.
cert : Returns : gnutls_x509_crt_deinit ()
../gss/gss-ext.html#voidvoid         gnutls_x509_crt_deinit          ( gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert);This function will deinitialize a CRL structure.
cert : gnutls_x509_crt_import ()
int         gnutls_x509_crt_import          ( gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert,
                                             const 
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *data,
                                             
gnutls-gnutls.html#gnutls-x509-crt-fmt-tgnutls_x509_crt_fmt_t  format);This function will convert the given DER or PEM encoded Certificate
to the native gnutls_x509_crt_t format. The output will be stored in 
cert.
If the Certificate is PEM encoded it should have a header of "X509 CERTIFICATE", or
"CERTIFICATE".
cert : data : format : Returns : gnutls_x509_crt_export ()
int         gnutls_x509_crt_export          ( gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert,
                                             
gnutls-gnutls.html#gnutls-x509-crt-fmt-tgnutls_x509_crt_fmt_t  format,
                                             
../gss/gss-ext.html#voidvoid  *output_data,
                                             size_t *output_data_size);
This function will export the certificate to DER or PEM format.
If the buffer provided is not long enough to hold the output, then
*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
be returned.
If the structure is PEM encoded, it will have a header
of "BEGIN CERTIFICATE".
cert : format : output_data : output_data_size : Returns : gnutls_x509_crt_get_key_usage ()
int         gnutls_x509_crt_get_key_usage   ( gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert,
                                             unsigned int *key_usage,
                                             unsigned int *critical);
This function will return certificate's key usage, by reading the 
keyUsage X.509 extension (2.5.29.15). The key usage value will ORed values of the:
GNUTLS_KEY_DIGITAL_SIGNATURE, GNUTLS_KEY_NON_REPUDIATION,
GNUTLS_KEY_KEY_ENCIPHERMENT, GNUTLS_KEY_DATA_ENCIPHERMENT,
GNUTLS_KEY_KEY_AGREEMENT, GNUTLS_KEY_KEY_CERT_SIGN,
GNUTLS_KEY_CRL_SIGN, GNUTLS_KEY_ENCIPHER_ONLY,
GNUTLS_KEY_DECIPHER_ONLY.
A negative value may be returned in case of parsing error.
If the certificate does not contain the keyUsage extension
GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
cert : key_usage : critical : Returns : gnutls_x509_crt_get_signature_algorithm ()
int         gnutls_x509_crt_get_signature_algorithm
                                            (
gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert);This function will return a value of the gnutls_sign_algorithm_t enumeration that 
is the signature algorithm.
cert : Returns : gnutls_x509_crt_get_version ()
int         gnutls_x509_crt_get_version     ( gnutls-gnutls.html#gnutls-x509-crt-tgnutls_x509_crt_t  cert);This function will return the version of the specified Certificate.
cert : Returns : gnutls_x509_privkey_init ()
int         gnutls_x509_privkey_init        ( gnutls-gnutls.html#gnutls-x509-privkey-tgnutls_x509_privkey_t  *key);This function will initialize an private key structure.
key : Returns : gnutls_x509_privkey_deinit ()
../gss/gss-ext.html#voidvoid         gnutls_x509_privkey_deinit      ( gnutls-gnutls.html#gnutls-x509-privkey-tgnutls_x509_privkey_t  key);This function will deinitialize a private key structure.
key : gnutls_x509_privkey_generate ()
int         gnutls_x509_privkey_generate    ( gnutls-gnutls.html#gnutls-x509-privkey-tgnutls_x509_privkey_t  key,
                                             
gnutls-gnutls.html#gnutls-pk-algorithm-tgnutls_pk_algorithm_t  algo,
                                             unsigned int bits,
                                             unsigned int flags);
This function will generate a random private key. Note that
this function must be called on an empty private key.
key : algo : bits : flags : Returns : gnutls_x509_privkey_import ()
int         gnutls_x509_privkey_import      ( gnutls-gnutls.html#gnutls-x509-privkey-tgnutls_x509_privkey_t  key,
                                             const 
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *data,
                                             
gnutls-gnutls.html#gnutls-x509-crt-fmt-tgnutls_x509_crt_fmt_t  format);This function will convert the given DER or PEM encoded key
to the native gnutls_x509_privkey_t format. The output will be stored in 
key .
If the key is PEM encoded it should have a header of "RSA PRIVATE KEY", or
"DSA PRIVATE KEY".
key : data : format : Returns : gnutls_x509_privkey_get_pk_algorithm ()
int         gnutls_x509_privkey_get_pk_algorithm
                                            (
gnutls-gnutls.html#gnutls-x509-privkey-tgnutls_x509_privkey_t  key);This function will return the public key algorithm of a private
key.
key : Returns : gnutls_x509_privkey_import_rsa_raw ()
int         gnutls_x509_privkey_import_rsa_raw
                                            (
gnutls-gnutls.html#gnutls-x509-privkey-tgnutls_x509_privkey_t  key,
                                             const 
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *m,
                                             const 
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *e,
                                             const 
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *d,
                                             const 
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *p,
                                             const 
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *q,
                                             const 
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *u);This function will convert the given RSA raw parameters
to the native gnutls_x509_privkey_t format. The output will be stored in 
key.
key : m : e : d : p : q : u : Returns : gnutls_x509_privkey_export_rsa_raw ()
int         gnutls_x509_privkey_export_rsa_raw
                                            (
gnutls-gnutls.html#gnutls-x509-privkey-tgnutls_x509_privkey_t  key,
                                             
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *m,
                                             
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *e,
                                             
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *d,
                                             
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *p,
                                             
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *q,
                                             
gnutls-gnutls.html#gnutls-datum-tgnutls_datum_t  *u);This function will export the RSA private key's parameters found in the given
structure. The new parameters will be allocated using
gnutls-gnutls.html#gnutls-mallocgnutls_malloc()  and will be stored in the appropriate datum.
key : m : e : d : p : q : u : Returns : gnutls_x509_privkey_export ()
int         gnutls_x509_privkey_export      ( gnutls-gnutls.html#gnutls-x509-privkey-tgnutls_x509_privkey_t  key,
                                             
gnutls-gnutls.html#gnutls-x509-crt-fmt-tgnutls_x509_crt_fmt_t  format,
                                             
../gss/gss-ext.html#voidvoid  *output_data,
                                             size_t *output_data_size);
This function will export the private key to a PKCS1 structure for
RSA keys, or an integer sequence for DSA keys. The DSA keys are in
the same format with the parameters used by openssl.
If the buffer provided is not long enough to hold the output, then
*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
be returned.
If the structure is PEM encoded, it will have a header
of "BEGIN RSA PRIVATE KEY".
key : format : output_data : output_data_size : Returns : GNUTLS_CRL_REASON_UNUSED
#define     GNUTLS_CRL_REASON_UNUSED
GNUTLS_CRL_REASON_KEY_COMPROMISE
#define     GNUTLS_CRL_REASON_KEY_COMPROMISE
GNUTLS_CRL_REASON_CA_COMPROMISE
#define     GNUTLS_CRL_REASON_CA_COMPROMISE
GNUTLS_CRL_REASON_AFFILIATION_CHANGED
#define     GNUTLS_CRL_REASON_AFFILIATION_CHANGED
GNUTLS_CRL_REASON_SUPERSEEDED
#define     GNUTLS_CRL_REASON_SUPERSEEDED
GNUTLS_CRL_REASON_CESSATION_OF_OPERATION
#define     GNUTLS_CRL_REASON_CESSATION_OF_OPERATION
GNUTLS_CRL_REASON_CERTIFICATE_HOLD
#define     GNUTLS_CRL_REASON_CERTIFICATE_HOLD
GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN
#define     GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN
GNUTLS_CRL_REASON_AA_COMPROMISE
#define     GNUTLS_CRL_REASON_AA_COMPROMISE
