1gnutls_certificate_set_rawpk_key_mem(g3n)utglnsutls_certificate_set_rawpk_key_mem(3)
2
3
4

NAME

6       gnutls_certificate_set_rawpk_key_mem - API function
7

SYNOPSIS

9       #include <gnutls/gnutls.h>
10
11       int     gnutls_certificate_set_rawpk_key_mem(gnutls_certificate_creden‐
12       tials_t cred, const gnutls_datum_t* spki, const  gnutls_datum_t*  pkey,
13       gnutls_x509_crt_fmt_t format, const char* pass, unsigned int key_usage,
14       const char ** names, unsigned int names_length, unsigned int flags);
15

ARGUMENTS

17       gnutls_certificate_credentials_t cred
18                   is a gnutls_certificate_credentials_t type.
19
20       const gnutls_datum_t* spki
21                   contains a raw public key in PKIX.SubjectPublicKeyInfo for‐
22                   mat.
23
24       const gnutls_datum_t* pkey
25                   contains a raw private key.
26
27       gnutls_x509_crt_fmt_t format
28                   encoding of the keys. DER or PEM.
29
30       const char* pass
31                   an optional password to unlock the private key pkey.
32
33       unsigned int key_usage
34                   An ORed sequence of GNUTLS_KEY_* flags.
35
36       const char ** names
37                   is  an array of DNS names belonging to the public-key (NULL
38                   if none).
39
40       unsigned int names_length
41                   holds the length of the names list.
42
43       unsigned int flags
44                   an ORed sequence of gnutls_pkcs_encrypt_flags_t.  These ap‐
45                   ply to the private key pkey.
46

DESCRIPTION

48       This  function  sets  a  public/private  keypair in the gnutls_certifi‐
49       cate_credentials_t type to be used for  authentication  and/or  encryp‐
50       tion.   spki  and  privkey should match otherwise set signatures cannot
51       be validated. In case of no match this function  returns  GNUTLS_E_CER‐
52       TIFICATE_KEY_MISMATCH.  This  function  should  be  called once for the
53       client because there is currently no mechanism to determine  which  raw
54       public-key to select for the peer when there are multiple present. Mul‐
55       tiple raw public keys for the server can be distinghuished  by  setting
56       the  names .
57
58       Note  here  that   spki  is  a raw public-key as defined in RFC7250. It
59       means that there is no surrounding certificate that  holds  the  public
60       key  and  that  there is therefore no direct mechanism to prove the au‐
61       thenticity of this key. The keypair can be used during a TLS  handshake
62       but  its  authenticity  should be established via a different mechanism
63       (e.g. TOFU or known fingerprint).
64
65       The supported formats are basic unencrypted key, PKCS8, PKCS12, and the
66       openssl format and will be autodetected.
67
68       If  the  raw  public-key  and the private key are given in PEM encoding
69       then the strings that hold their values must be null terminated.
70
71       Key usage (as defined by X.509 extension (2.5.29.15)) can be explicitly
72       set  because there is no certificate structure around the key to define
73       this value. See for more info gnutls_x509_crt_get_key_usage().
74
75       Note that, this function by default returns zero on success and a nega‐
76       tive  value  on  error.  Since  3.5.6,  when  the  flag GNUTLS_CERTIFI‐
77       CATE_API_V2 is set using gnutls_certificate_set_flags() it  returns  an
78       index (greater or equal to zero). That index can be used in other func‐
79       tions to refer to the added key-pair.
80

RETURNS

82       On success, GNUTLS_E_SUCCESS (0) is returned, in case the key pair does
83       not match GNUTLS_E_CERTIFICATE_KEY_MISMATCH is returned, in other erro‐
84       neous cases a different negative error code is returned.
85

SINCE

87       3.6.6
88

REPORTING BUGS

90       Report bugs to <bugs@gnutls.org>.
91       Home page: https://www.gnutls.org
92
93
95       Copyright © 2001- Free Software Foundation, Inc., and others.
96       Copying and distribution of this file, with  or  without  modification,
97       are  permitted in any medium without royalty provided the copyright no‐
98       tice and this notice are preserved.
99

SEE ALSO

101       The full documentation for gnutls is maintained as  a  Texinfo  manual.
102       If  the /usr/share/doc/gnutls/ directory does not contain the HTML form
103       visit
104
105       https://www.gnutls.org/manual/
106
107gnutls                               3.7g.n6utls_certificate_set_rawpk_key_mem(3)
Impressum