|
NAME | SYNOPSIS | ARGUMENTS | DESCRIPTION | RETURNS | SINCE | REPORTING BUGS | COPYRIGHT | SEE ALSO | COLOPHON |
gnutls_certificate_set_rawpk_key_mem(3)lsls_certificate_set_rawpk_key_mem(3)
gnutls_certificate_set_rawpk_key_mem - API function
#include <gnutls/gnutls.h>
int
gnutls_certificate_set_rawpk_key_mem(gnutls_certificate_credentials_t
cred, const gnutls_datum_t* spki, const gnutls_datum_t* pkey,
gnutls_x509_crt_fmt_t format, const char* pass, unsigned int
key_usage, const char ** names, unsigned int names_length, unsigned
int flags);
gnutls_certificate_credentials_t cred
is a gnutls_certificate_credentials_t type.
const gnutls_datum_t* spki
contains a raw public key in PKIX.SubjectPublicKeyInfo
format.
const gnutls_datum_t* pkey
contains a raw private key.
gnutls_x509_crt_fmt_t format
encoding of the keys. DER or PEM.
const char* pass
an optional password to unlock the private key pkey.
unsigned int key_usage
An ORed sequence of GNUTLS_KEY_* flags.
const char ** names
is an array of DNS names belonging to the public-key
(NULL if none).
unsigned int names_length
holds the length of the names list.
unsigned int flags
an ORed sequence of gnutls_pkcs_encrypt_flags_t. These
apply to the private key pkey.
This function sets a public/private keypair in the
gnutls_certificate_credentials_t type to be used for authentication
and/or encryption. spki and privkey should match otherwise set
signatures cannot be validated. In case of no match this function
returns GNUTLS_E_CERTIFICATE_KEY_MISMATCH. This function should be
called once for the client because there is currently no mechanism to
determine which raw public-key to select for the peer when there are
multiple present. Multiple raw public keys for the server can be
distinghuished by setting the names .
Note here that spki is a raw public-key as defined in RFC7250. It
means that there is no surrounding certificate that holds the public
key and that there is therefore no direct mechanism to prove the
authenticity of this key. The keypair can be used during a TLS
handshake but its authenticity should be established via a different
mechanism (e.g. TOFU or known fingerprint).
The supported formats are basic unencrypted key, PKCS8, PKCS12, and
the openssl format and will be autodetected.
If the raw public-key and the private key are given in PEM encoding
then the strings that hold their values must be null terminated.
Key usage (as defined by X.509 extension (2.5.29.15)) can be
explicitly set because there is no certificate structure around the
key to define this value. See for more info
gnutls_x509_crt_get_key_usage().
Note that, this function by default returns zero on success and a
negative value on error. Since 3.5.6, when the flag
GNUTLS_CERTIFICATE_API_V2 is set using gnutls_certificate_set_flags()
it returns an index (greater or equal to zero). That index can be
used in other functions to refer to the added key-pair.
On success, GNUTLS_E_SUCCESS (0) is returned, in case the key pair
does not match GNUTLS_E_CERTIFICATE_KEY_MISMATCH is returned, in
other erroneous cases a different negative error code is returned.
3.6.6
Report bugs to <bugs@gnutls.org>.
Home page: https://www.gnutls.org
Copyright © 2001-2019 Free Software Foundation, Inc., and others.
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.
The full documentation for gnutls is maintained as a Texinfo manual.
If the /usr/share/doc/gnutls/ directory does not contain the HTML
form visit
https://www.gnutls.org/manual/
This page is part of the GnuTLS (GnuTLS Transport Layer Security
Library) project. Information about the project can be found at
⟨http://www.gnutls.org/⟩. If you have a bug report for this manual
page, send it to bugs@gnutls.org. This page was obtained from the
tarball gnutls-3.6.9.tar.xz fetched from
⟨http://www.gnutls.org/download.html⟩ on 2020-08-13. If you discover
any rendering problems in this HTML version of the page, or you
believe there is a better or more up-to-date source for the page, or
you have corrections or improvements to the information in this
COLOPHON (which is not part of the original manual page), send a mail
to man-pages@man7.org
gnutls 3.g6n.u9tls_certificate_set_rawpk_key_mem(3)