gnutls_certificate_set_rawpk_key_file(3)

1gnutls_certificate_set_rawpk_key_fileg(n3ug)tnlustls_certificate_set_rawpk_key_file(3)
2
3
4

NAME

6       gnutls_certificate_set_rawpk_key_file - API function
7

SYNOPSIS

9       #include <gnutls/gnutls.h>
10
11       int    gnutls_certificate_set_rawpk_key_file(gnutls_certificate_creden‐
12       tials_t  cred,  const  char*  rawpkfile,   const   char*   privkeyfile,
13       gnutls_x509_crt_fmt_t  format,  const char * pass, unsigned int key_us‐
14       age, const char **  names,  unsigned  int  names_length,  unsigned  int
15       privkey_flags, unsigned int pkcs11_flags);
16

ARGUMENTS

18       gnutls_certificate_credentials_t cred
19                   is a gnutls_certificate_credentials_t type.
20
21       const char* rawpkfile
22                   contains a raw public key in PKIX.SubjectPublicKeyInfo for‐
23                   mat.
24
25       const char* privkeyfile
26                   contains a file path to a private key.
27
28       gnutls_x509_crt_fmt_t format
29                   encoding of the keys. DER or PEM.
30
31       const char * pass
32                   an optional password to unlock the private key privkeyfile.
33
34       unsigned int key_usage
35                   an ORed sequence of GNUTLS_KEY_* flags.
36
37       const char ** names
38                   is an array of DNS names belonging to the public-key  (NULL
39                   if none).
40
41       unsigned int names_length
42                   holds the length of the names list.
43
44       unsigned int privkey_flags
45                   an ORed sequence of gnutls_pkcs_encrypt_flags_t.  These ap‐
46                   ply to the private key pkey.
47
48       unsigned int pkcs11_flags
49                   one of gnutls_pkcs11_obj_flags. These apply to URLs.
50

DESCRIPTION

52       This function sets a public/private  keypair  read  from  file  in  the
53       gnutls_certificate_credentials_t  type  to  be  used for authentication
54       and/or encryption.  spki and  privkey should match otherwise set signa‐
55       tures  cannot  be  validated. In case of no match this function returns
56       GNUTLS_E_CERTIFICATE_KEY_MISMATCH. This function should be called  once
57       for  the  client  because  there is currently no mechanism to determine
58       which raw public-key to select for the peer  when  there  are  multiple
59       present.  Multiple raw public keys for the server can be distinghuished
60       by setting the  names .
61
62       Note here that  spki is a raw public-key  as  defined  in  RFC7250.  It
63       means  that  there  is no surrounding certificate that holds the public
64       key and that there is therefore no direct mechanism to  prove  the  au‐
65       thenticity  of this key. The keypair can be used during a TLS handshake
66       but its authenticity should be established via  a  different  mechanism
67       (e.g. TOFU or known fingerprint).
68
69       The supported formats are basic unencrypted key, PKCS8, PKCS12, and the
70       openssl format and will be autodetected.
71
72       If the raw public-key and the private key are  given  in  PEM  encoding
73       then the strings that hold their values must be null terminated.
74
75       Key usage (as defined by X.509 extension (2.5.29.15)) can be explicitly
76       set because there is no certificate structure around the key to  define
77       this value. See for more info gnutls_x509_crt_get_key_usage().
78
79       Note that, this function by default returns zero on success and a nega‐
80       tive value  on  error.  Since  3.5.6,  when  the  flag  GNUTLS_CERTIFI‐
81       CATE_API_V2  is  set using gnutls_certificate_set_flags() it returns an
82       index (greater or equal to zero). That index can be used in other func‐
83       tions to refer to the added key-pair.
84

RETURNS

86       On success, GNUTLS_E_SUCCESS (0) is returned, in case the key pair does
87       not match GNUTLS_E_CERTIFICATE_KEY_MISMATCH is returned, in other erro‐
88       neous cases a different negative error code is returned.
89

SINCE

91       3.6.6
92

REPORTING BUGS

94       Report bugs to <bugs@gnutls.org>.
95       Home page: https://www.gnutls.org
96
97

COPYRIGHT

99       Copyright © 2001- Free Software Foundation, Inc., and others.
100       Copying  and  distribution  of this file, with or without modification,
101       are permitted in any medium without royalty provided the copyright  no‐
102       tice and this notice are preserved.
103