Imported Upstream version 3.0.30

[platform/upstream/gnutls.git] / doc / abstract-api.texi

@subheading gnutls_certificate_set_key
@anchor{gnutls_certificate_set_key}
@deftypefun {int} {gnutls_certificate_set_key} (gnutls_certificate_credentials_t @var{res}, const char** @var{names}, int @var{names_size}, gnutls_pcert_st * @var{pcert_list}, int @var{pcert_list_size}, gnutls_privkey_t @var{key})
@var{res}: is a @code{gnutls_certificate_credentials_t}  structure.

@var{names}: is an array of DNS name of the certificate (NULL if none)

@var{names_size}: holds the size of the names list

@var{pcert_list}: contains a certificate list (path) for the specified private key

@var{pcert_list_size}: holds the size of the certificate list

@var{key}: is a gnutls_x509_privkey_t key

This function sets a certificate/private key pair in the
gnutls_certificate_credentials_t structure.  This function may be
called more than once, in case multiple keys/certificates exist for
the server.  For clients that wants to send more than its own end
entity certificate (e.g., also an intermediate CA cert) then put
the certificate chain in  @code{pcert_list} . The  @code{pcert_list} and  @code{key} will
become part of the credentials structure and must not
be deallocated. They will be automatically deallocated when
 @code{res} is deinitialized.

@strong{Returns:} @code{GNUTLS_E_SUCCESS}  (0) on success, or a negative error code.

@strong{Since:} 3.0
@end deftypefun

@subheading gnutls_certificate_set_retrieve_function2
@anchor{gnutls_certificate_set_retrieve_function2}
@deftypefun {void} {gnutls_certificate_set_retrieve_function2} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function2 * @var{func})
@var{cred}: is a @code{gnutls_certificate_credentials_t}  structure.

@var{func}: is the callback function

This function sets a callback to be called in order to retrieve the
certificate to be used in the handshake.

The callback's function prototype is:
int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs,
const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_pcert_st** pcert,
unsigned int *pcert_length, gnutls_privkey_t * pkey);

 @code{req_ca_cert} is only used in X.509 certificates.
Contains a list with the CA names that the server considers trusted.
Normally we should send a certificate that is signed
by one of these CAs. These names are DER encoded. To get a more
meaningful value use the function @code{gnutls_x509_rdn_get()} .

 @code{pk_algos} contains a list with server's acceptable signature algorithms.
The certificate returned should support the server's given algorithms.

 @code{pcert} should contain a single certificate and public or a list of them.

 @code{pcert_length} is the size of the previous list.

 @code{pkey} is the private key.

If the callback function is provided then gnutls will call it, in the
handshake, after the certificate request message has been received.

In server side pk_algos and req_ca_dn are NULL.

The callback function should set the certificate list to be sent,
and return 0 on success. If no certificate was selected then the
number of certificates should be set to zero. The value (-1)
indicates error and the handshake will be terminated.

@strong{Since:} 3.0
@end deftypefun

@subheading gnutls_pcert_deinit
@anchor{gnutls_pcert_deinit}
@deftypefun {void} {gnutls_pcert_deinit} (gnutls_pcert_st * @var{pcert})
@var{pcert}: The structure to be deinitialized

This function will deinitialize a pcert structure.

@strong{Since:} 3.0
@end deftypefun

@subheading gnutls_pcert_import_openpgp
@anchor{gnutls_pcert_import_openpgp}
@deftypefun {int} {gnutls_pcert_import_openpgp} (gnutls_pcert_st* @var{pcert}, gnutls_openpgp_crt_t @var{crt}, unsigned int @var{flags})
@var{pcert}: The pcert structure

@var{crt}: The raw certificate to be imported

@var{flags}: zero for now

This convenience function will import the given certificate to a
@code{gnutls_pcert_st}  structure. The structure must be deinitialized
afterwards using @code{gnutls_pcert_deinit()} ;

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 3.0
@end deftypefun

@subheading gnutls_pcert_import_openpgp_raw
@anchor{gnutls_pcert_import_openpgp_raw}
@deftypefun {int} {gnutls_pcert_import_openpgp_raw} (gnutls_pcert_st * @var{pcert}, const gnutls_datum_t* @var{cert}, gnutls_openpgp_crt_fmt_t @var{format}, gnutls_openpgp_keyid_t @var{keyid}, unsigned int @var{flags})
@var{pcert}: The pcert structure

@var{cert}: The raw certificate to be imported

@var{format}: The format of the certificate

@var{keyid}: The key ID to use (NULL for the master key)

@var{flags}: zero for now

This convenience function will import the given certificate to a
@code{gnutls_pcert_st}  structure. The structure must be deinitialized
afterwards using @code{gnutls_pcert_deinit()} ;

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 3.0
@end deftypefun

@subheading gnutls_pcert_import_x509
@anchor{gnutls_pcert_import_x509}
@deftypefun {int} {gnutls_pcert_import_x509} (gnutls_pcert_st* @var{pcert}, gnutls_x509_crt_t @var{crt}, unsigned int @var{flags})
@var{pcert}: The pcert structure

@var{crt}: The raw certificate to be imported

@var{flags}: zero for now

This convenience function will import the given certificate to a
@code{gnutls_pcert_st}  structure. The structure must be deinitialized
afterwards using @code{gnutls_pcert_deinit()} ;

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 3.0
@end deftypefun

@subheading gnutls_pcert_import_x509_raw
@anchor{gnutls_pcert_import_x509_raw}
@deftypefun {int} {gnutls_pcert_import_x509_raw} (gnutls_pcert_st * @var{pcert}, const gnutls_datum_t* @var{cert}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags})
@var{pcert}: The pcert structure

@var{cert}: The raw certificate to be imported

@var{format}: The format of the certificate

@var{flags}: zero for now

This convenience function will import the given certificate to a
@code{gnutls_pcert_st}  structure. The structure must be deinitialized
afterwards using @code{gnutls_pcert_deinit()} ;

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 3.0
@end deftypefun

@subheading gnutls_pcert_list_import_x509_raw
@anchor{gnutls_pcert_list_import_x509_raw}
@deftypefun {int} {gnutls_pcert_list_import_x509_raw} (gnutls_pcert_st * @var{pcerts}, unsigned int * @var{pcert_max}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags})
@var{pcerts}: The structures to store the parsed certificate. Must not be initialized.

@var{pcert_max}: Initially must hold the maximum number of certs. It will be updated with the number of certs available.

@var{data}: The certificates.

@var{format}: One of DER or PEM.

@var{flags}: must be (0) or an OR'd sequence of gnutls_certificate_import_flags.

This function will convert the given PEM encoded certificate list
to the native gnutls_x509_crt_t format. The output will be stored
in  @code{certs} .  They will be automatically initialized.

If the Certificate is PEM encoded it should have a header of "X509
CERTIFICATE", or "CERTIFICATE".

@strong{Returns:} the number of certificates read or a negative error value.

@strong{Since:} 3.0
@end deftypefun

@subheading gnutls_privkey_decrypt_data
@anchor{gnutls_privkey_decrypt_data}
@deftypefun {int} {gnutls_privkey_decrypt_data} (gnutls_privkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{ciphertext}, gnutls_datum_t * @var{plaintext})
@var{key}: Holds the key

@var{flags}: zero for now

@var{ciphertext}: holds the data to be decrypted

@var{plaintext}: will contain the decrypted data, allocated with @code{gnutls_malloc()} 

This function will decrypt the given data using the algorithm
supported by the private key.

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_privkey_deinit
@anchor{gnutls_privkey_deinit}
@deftypefun {void} {gnutls_privkey_deinit} (gnutls_privkey_t @var{key})
@var{key}: The structure to be deinitialized

This function will deinitialize a private key structure.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_privkey_get_pk_algorithm
@anchor{gnutls_privkey_get_pk_algorithm}
@deftypefun {int} {gnutls_privkey_get_pk_algorithm} (gnutls_privkey_t @var{key}, unsigned int * @var{bits})
@var{key}: should contain a @code{gnutls_privkey_t}  structure

@var{bits}: If set will return the number of bits of the parameters (may be NULL)

This function will return the public key algorithm of a private
key and if possible will return a number of bits that indicates
the security parameter of the key.

@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t}  enumeration on
success, or a negative error code on error.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_privkey_get_type
@anchor{gnutls_privkey_get_type}
@deftypefun {gnutls_privkey_type_t} {gnutls_privkey_get_type} (gnutls_privkey_t @var{key})
@var{key}: should contain a @code{gnutls_privkey_t}  structure

This function will return the type of the private key. This is
actually the type of the subsystem used to set this private key.

@strong{Returns:} a member of the @code{gnutls_privkey_type_t}  enumeration on
success, or a negative error code on error.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_privkey_import_ext
@anchor{gnutls_privkey_import_ext}
@deftypefun {int} {gnutls_privkey_import_ext} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{pk}, void* @var{userdata}, gnutls_privkey_sign_func @var{sign_func}, gnutls_privkey_decrypt_func @var{decrypt_func}, unsigned int @var{flags})
@var{pkey}: The private key

@var{pk}: The public key algorithm

@var{userdata}: private data to be provided to the callbacks

@var{sign_func}: callback for signature operations

@var{decrypt_func}: callback for decryption operations

@var{flags}: Flags for the import

This function will associate the given callbacks with the
@code{gnutls_privkey_t}  structure. At least one of the two callbacks
must be non-null.

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 3.0
@end deftypefun

@subheading gnutls_privkey_import_openpgp
@anchor{gnutls_privkey_import_openpgp}
@deftypefun {int} {gnutls_privkey_import_openpgp} (gnutls_privkey_t @var{pkey}, gnutls_openpgp_privkey_t @var{key}, unsigned int @var{flags})
@var{pkey}: The private key

@var{key}: The private key to be imported

@var{flags}: Flags for the import

This function will import the given private key to the abstract
@code{gnutls_privkey_t}  structure.

The @code{gnutls_openpgp_privkey_t}  object must not be deallocated
during the lifetime of this structure. The subkey set as
preferred will be used, or the master key otherwise.

 @code{flags} might be zero or one of @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} 
and @code{GNUTLS_PRIVKEY_IMPORT_COPY} .

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_privkey_import_pkcs11
@anchor{gnutls_privkey_import_pkcs11}
@deftypefun {int} {gnutls_privkey_import_pkcs11} (gnutls_privkey_t @var{pkey}, gnutls_pkcs11_privkey_t @var{key}, unsigned int @var{flags})
@var{pkey}: The private key

@var{key}: The private key to be imported

@var{flags}: Flags for the import

This function will import the given private key to the abstract
@code{gnutls_privkey_t}  structure.

The @code{gnutls_pkcs11_privkey_t}  object must not be deallocated
during the lifetime of this structure.

 @code{flags} might be zero or one of @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} 
and @code{GNUTLS_PRIVKEY_IMPORT_COPY} .

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_privkey_import_x509
@anchor{gnutls_privkey_import_x509}
@deftypefun {int} {gnutls_privkey_import_x509} (gnutls_privkey_t @var{pkey}, gnutls_x509_privkey_t @var{key}, unsigned int @var{flags})
@var{pkey}: The private key

@var{key}: The private key to be imported

@var{flags}: Flags for the import

This function will import the given private key to the abstract
@code{gnutls_privkey_t}  structure.

The @code{gnutls_x509_privkey_t}  object must not be deallocated
during the lifetime of this structure.

 @code{flags} might be zero or one of @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} 
and @code{GNUTLS_PRIVKEY_IMPORT_COPY} .

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_privkey_init
@anchor{gnutls_privkey_init}
@deftypefun {int} {gnutls_privkey_init} (gnutls_privkey_t * @var{key})
@var{key}: The structure to be initialized

This function will initialize an private key structure.

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_privkey_sign_data
@anchor{gnutls_privkey_sign_data}
@deftypefun {int} {gnutls_privkey_sign_data} (gnutls_privkey_t @var{signer}, gnutls_digest_algorithm_t @var{hash}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{signature})
@var{signer}: Holds the key

@var{hash}: should be a digest algorithm

@var{flags}: should be 0 for now

@var{data}: holds the data to be signed

@var{signature}: will contain the signature allocate with @code{gnutls_malloc()} 

This function will sign the given data using a signature algorithm
supported by the private key. Signature algorithms are always used
together with a hash functions.  Different hash functions may be
used for the RSA algorithm, but only the SHA family for the DSA keys.

Use @code{gnutls_pubkey_get_preferred_hash_algorithm()}  to determine
the hash algorithm.

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_privkey_sign_hash
@anchor{gnutls_privkey_sign_hash}
@deftypefun {int} {gnutls_privkey_sign_hash} (gnutls_privkey_t @var{signer}, gnutls_digest_algorithm_t @var{hash_algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash_data}, gnutls_datum_t * @var{signature})
@var{signer}: Holds the signer's key

@var{hash_algo}: The hash algorithm used

@var{flags}: zero for now

@var{hash_data}: holds the data to be signed

@var{signature}: will contain newly allocated signature

This function will sign the given hashed data using a signature algorithm
supported by the private key. Signature algorithms are always used
together with a hash functions.  Different hash functions may be
used for the RSA algorithm, but only SHA-XXX for the DSA keys.

Use @code{gnutls_pubkey_get_preferred_hash_algorithm()}  to determine
the hash algorithm.

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_pubkey_deinit
@anchor{gnutls_pubkey_deinit}
@deftypefun {void} {gnutls_pubkey_deinit} (gnutls_pubkey_t @var{key})
@var{key}: The structure to be deinitialized

This function will deinitialize a public key structure.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_pubkey_encrypt_data
@anchor{gnutls_pubkey_encrypt_data}
@deftypefun {int} {gnutls_pubkey_encrypt_data} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{plaintext}, gnutls_datum_t * @var{ciphertext})
@var{key}: Holds the public key

@var{flags}: should be 0 for now

@var{plaintext}: The data to be encrypted

@var{ciphertext}: contains the encrypted data

This function will encrypt the given data, using the public
key.

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 3.0
@end deftypefun

@subheading gnutls_pubkey_export
@anchor{gnutls_pubkey_export}
@deftypefun {int} {gnutls_pubkey_export} (gnutls_pubkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})
@var{key}: Holds the certificate

@var{format}: the format of output params. One of PEM or DER.

@var{output_data}: will contain a certificate PEM or DER encoded

@var{output_data_size}: holds the size of output_data (and will be
replaced by the actual size of parameters)

This function will export the public key to DER or PEM format.
The contents of the exported data is the SubjectPublicKeyInfo
X.509 structure.

If the buffer provided is not long enough to hold the output, then
*output_data_size is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER}  will
be returned.

If the structure is PEM encoded, it will have a header
of "BEGIN CERTIFICATE".

@strong{Returns:} In case of failure a negative error code will be
returned, and 0 on success.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_pubkey_get_key_id
@anchor{gnutls_pubkey_get_key_id}
@deftypefun {int} {gnutls_pubkey_get_key_id} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size})
@var{key}: Holds the public key

@var{flags}: should be 0 for now

@var{output_data}: will contain the key ID

@var{output_data_size}: holds the size of output_data (and will be
replaced by the actual size of parameters)

This function will return a unique ID the depends on the public
key parameters. This ID can be used in checking whether a
certificate corresponds to the given public key.

If the buffer provided is not long enough to hold the output, then
*output_data_size is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER}  will
be returned.  The output will normally be a SHA-1 hash output,
which is 20 bytes.

@strong{Returns:} In case of failure a negative error code will be
returned, and 0 on success.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_pubkey_get_key_usage
@anchor{gnutls_pubkey_get_key_usage}
@deftypefun {int} {gnutls_pubkey_get_key_usage} (gnutls_pubkey_t @var{key}, unsigned int * @var{usage})
@var{key}: should contain a @code{gnutls_pubkey_t}  structure

@var{usage}: If set will return the number of bits of the parameters (may be NULL)

This function will return the key usage of the public key.

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_pubkey_get_openpgp_key_id
@anchor{gnutls_pubkey_get_openpgp_key_id}
@deftypefun {int} {gnutls_pubkey_get_openpgp_key_id} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}, unsigned int * @var{subkey})
@var{key}: Holds the public key

@var{flags}: should be 0 or @code{GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT} 

@var{output_data}: will contain the key ID

@var{output_data_size}: holds the size of output_data (and will be
replaced by the actual size of parameters)

@var{subkey}: Will be non zero if the key ID corresponds to a subkey

This function returns the OpenPGP key ID of the corresponding key.
The key is a unique ID that depends on the public
key parameters. 

If the flag @code{GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT}  is specified
this function returns the fingerprint of the master key.

If the buffer provided is not long enough to hold the output, then
*output_data_size is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER}  will
be returned.  The output is @code{GNUTLS_OPENPGP_KEYID_SIZE}  bytes long.

@strong{Returns:} In case of failure a negative error code will be
returned, and 0 on success.

@strong{Since:} 3.0
@end deftypefun

@subheading gnutls_pubkey_get_pk_algorithm
@anchor{gnutls_pubkey_get_pk_algorithm}
@deftypefun {int} {gnutls_pubkey_get_pk_algorithm} (gnutls_pubkey_t @var{key}, unsigned int * @var{bits})
@var{key}: should contain a @code{gnutls_pubkey_t}  structure

@var{bits}: If set will return the number of bits of the parameters (may be NULL)

This function will return the public key algorithm of a public
key and if possible will return a number of bits that indicates
the security parameter of the key.

@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t}  enumeration on
success, or a negative error code on error.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_pubkey_get_pk_dsa_raw
@anchor{gnutls_pubkey_get_pk_dsa_raw}
@deftypefun {int} {gnutls_pubkey_get_pk_dsa_raw} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y})
@var{key}: Holds the public key

@var{p}: will hold the p

@var{q}: will hold the q

@var{g}: will hold the g

@var{y}: will hold the y

This function will export the DSA public key's parameters found in
the given certificate.  The new parameters will be allocated using
@code{gnutls_malloc()}  and will be stored in the appropriate datum.

@strong{Returns:} @code{GNUTLS_E_SUCCESS}  on success, otherwise a negative error code.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_pubkey_get_pk_ecc_raw
@anchor{gnutls_pubkey_get_pk_ecc_raw}
@deftypefun {int} {gnutls_pubkey_get_pk_ecc_raw} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y})
@var{key}: Holds the public key

@var{curve}: will hold the curve

@var{x}: will hold x

@var{y}: will hold y

This function will export the ECC public key's parameters found in
the given certificate.  The new parameters will be allocated using
@code{gnutls_malloc()}  and will be stored in the appropriate datum.

@strong{Returns:} @code{GNUTLS_E_SUCCESS}  on success, otherwise a negative error code.

@strong{Since:} 3.0
@end deftypefun

@subheading gnutls_pubkey_get_pk_ecc_x962
@anchor{gnutls_pubkey_get_pk_ecc_x962}
@deftypefun {int} {gnutls_pubkey_get_pk_ecc_x962} (gnutls_pubkey_t @var{key}, gnutls_datum_t* @var{parameters}, gnutls_datum_t * @var{ecpoint})
@var{key}: Holds the public key

@var{parameters}: DER encoding of an ANSI X9.62 parameters

@var{ecpoint}: DER encoding of ANSI X9.62 ECPoint

This function will export the ECC public key's parameters found in
the given certificate.  The new parameters will be allocated using
@code{gnutls_malloc()}  and will be stored in the appropriate datum.

@strong{Returns:} @code{GNUTLS_E_SUCCESS}  on success, otherwise a negative error code.

@strong{Since:} 3.0
@end deftypefun

@subheading gnutls_pubkey_get_pk_rsa_raw
@anchor{gnutls_pubkey_get_pk_rsa_raw}
@deftypefun {int} {gnutls_pubkey_get_pk_rsa_raw} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e})
@var{key}: Holds the certificate

@var{m}: will hold the modulus

@var{e}: will hold the public exponent

This function will export the RSA public key's parameters found in
the given structure.  The new parameters will be allocated using
@code{gnutls_malloc()}  and will be stored in the appropriate datum.

@strong{Returns:} @code{GNUTLS_E_SUCCESS}  on success, otherwise a negative error code.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_pubkey_get_preferred_hash_algorithm
@anchor{gnutls_pubkey_get_preferred_hash_algorithm}
@deftypefun {int} {gnutls_pubkey_get_preferred_hash_algorithm} (gnutls_pubkey_t @var{key}, gnutls_digest_algorithm_t *                                             @var{hash}, unsigned int * @var{mand})
@var{key}: Holds the certificate

@var{hash}: The result of the call with the hash algorithm used for signature

@var{mand}: If non zero it means that the algorithm MUST use this hash. May be NULL.

This function will read the certifcate and return the appropriate digest
algorithm to use for signing with this certificate. Some certificates (i.e.
DSA might not be able to sign without the preferred algorithm).

@strong{Returns:} the 0 if the hash algorithm is found. A negative error code is
returned on error.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_pubkey_get_verify_algorithm
@anchor{gnutls_pubkey_get_verify_algorithm}
@deftypefun {int} {gnutls_pubkey_get_verify_algorithm} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{signature}, gnutls_digest_algorithm_t * @var{hash})
@var{key}: Holds the certificate

@var{signature}: contains the signature

@var{hash}: The result of the call with the hash algorithm used for signature

This function will read the certifcate and the signed data to
determine the hash algorithm used to generate the signature.

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_pubkey_import
@anchor{gnutls_pubkey_import}
@deftypefun {int} {gnutls_pubkey_import} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})
@var{key}: The structure to store the parsed public key. 

@var{data}: The DER or PEM encoded certificate. 

@var{format}: One of DER or PEM 

This function will import the provided public key in
a SubjectPublicKeyInfo X.509 structure to a native
@code{gnutls_pubkey_t}  structure. The output will be stored 
in  @code{key} . If the public key is PEM encoded it should have a header 
of "PUBLIC KEY". 

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_pubkey_import_dsa_raw
@anchor{gnutls_pubkey_import_dsa_raw}
@deftypefun {int} {gnutls_pubkey_import_dsa_raw} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y})
@var{key}: The structure to store the parsed key

@var{p}: holds the p

@var{q}: holds the q

@var{g}: holds the g

@var{y}: holds the y

This function will convert the given DSA raw parameters to the
native @code{gnutls_pubkey_t}  format.  The output will be stored
in  @code{key} .

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_pubkey_import_ecc_raw
@anchor{gnutls_pubkey_import_ecc_raw}
@deftypefun {int} {gnutls_pubkey_import_ecc_raw} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y})
@var{key}: The structure to store the parsed key

@var{curve}: holds the curve

@var{x}: holds the x

@var{y}: holds the y

This function will convert the given elliptic curve parameters to a
@code{gnutls_pubkey_t} .  The output will be stored in  @code{key} .

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 3.0
@end deftypefun

@subheading gnutls_pubkey_import_ecc_x962
@anchor{gnutls_pubkey_import_ecc_x962}
@deftypefun {int} {gnutls_pubkey_import_ecc_x962} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{parameters}, const gnutls_datum_t * @var{ecpoint})
@var{key}: The structure to store the parsed key

@var{parameters}: DER encoding of an ANSI X9.62 parameters

@var{ecpoint}: DER encoding of ANSI X9.62 ECPoint

This function will convert the given elliptic curve parameters to a
@code{gnutls_pubkey_t} .  The output will be stored in  @code{key} .

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 3.0
@end deftypefun

@subheading gnutls_pubkey_import_openpgp
@anchor{gnutls_pubkey_import_openpgp}
@deftypefun {int} {gnutls_pubkey_import_openpgp} (gnutls_pubkey_t @var{key}, gnutls_openpgp_crt_t @var{crt}, unsigned int @var{flags})
@var{key}: The public key

@var{crt}: The certificate to be imported

@var{flags}: should be zero

Imports a public key from an openpgp key. This function will import
the given public key to the abstract @code{gnutls_pubkey_t} 
structure. The subkey set as preferred will be imported or the
master key otherwise.

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_pubkey_import_pkcs11
@anchor{gnutls_pubkey_import_pkcs11}
@deftypefun {int} {gnutls_pubkey_import_pkcs11} (gnutls_pubkey_t @var{key}, gnutls_pkcs11_obj_t @var{obj}, unsigned int @var{flags})
@var{key}: The public key

@var{obj}: The parameters to be imported

@var{flags}: should be zero

Imports a public key from a pkcs11 key. This function will import
the given public key to the abstract @code{gnutls_pubkey_t}  structure.

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_pubkey_import_pkcs11_url
@anchor{gnutls_pubkey_import_pkcs11_url}
@deftypefun {int} {gnutls_pubkey_import_pkcs11_url} (gnutls_pubkey_t @var{key}, const char * @var{url}, unsigned int @var{flags})
@var{key}: A key of type @code{gnutls_pubkey_t} 

@var{url}: A PKCS 11 url

@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags

This function will import a PKCS 11 certificate to a @code{gnutls_pubkey_t} 
structure.

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_pubkey_import_privkey
@anchor{gnutls_pubkey_import_privkey}
@deftypefun {int} {gnutls_pubkey_import_privkey} (gnutls_pubkey_t @var{key}, gnutls_privkey_t @var{pkey}, unsigned int @var{usage}, unsigned int @var{flags})
@var{key}: The public key

@var{pkey}: The private key

@var{usage}: GNUTLS_KEY_* key usage flags.

@var{flags}: should be zero

Imports the public key from a private.  This function will import
the given public key to the abstract @code{gnutls_pubkey_t}  structure.

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_pubkey_import_rsa_raw
@anchor{gnutls_pubkey_import_rsa_raw}
@deftypefun {int} {gnutls_pubkey_import_rsa_raw} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e})
@var{key}: Is a structure will hold the parameters

@var{m}: holds the modulus

@var{e}: holds the public exponent

This function will replace the parameters in the given structure.
The new parameters should be stored in the appropriate
gnutls_datum.

@strong{Returns:} @code{GNUTLS_E_SUCCESS}  on success, or an negative error code.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_pubkey_import_x509
@anchor{gnutls_pubkey_import_x509}
@deftypefun {int} {gnutls_pubkey_import_x509} (gnutls_pubkey_t @var{key}, gnutls_x509_crt_t @var{crt}, unsigned int @var{flags})
@var{key}: The public key

@var{crt}: The certificate to be imported

@var{flags}: should be zero

This function will import the given public key to the abstract
@code{gnutls_pubkey_t}  structure.

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_pubkey_init
@anchor{gnutls_pubkey_init}
@deftypefun {int} {gnutls_pubkey_init} (gnutls_pubkey_t * @var{key})
@var{key}: The structure to be initialized

This function will initialize an public key structure.

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_pubkey_set_key_usage
@anchor{gnutls_pubkey_set_key_usage}
@deftypefun {int} {gnutls_pubkey_set_key_usage} (gnutls_pubkey_t @var{key}, unsigned int @var{usage})
@var{key}: a certificate of type @code{gnutls_x509_crt_t} 

@var{usage}: an ORed sequence of the GNUTLS_KEY_* elements.

This function will set the key usage flags of the public key. This
is only useful if the key is to be exported to a certificate or
certificate request.

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_pubkey_verify_data
@anchor{gnutls_pubkey_verify_data}
@deftypefun {int} {gnutls_pubkey_verify_data} (gnutls_pubkey_t @var{pubkey}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature})
@var{pubkey}: Holds the public key

@var{flags}: should be 0 for now

@var{data}: holds the signed data

@var{signature}: contains the signature

This function will verify the given signed data, using the
parameters from the certificate.

@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED}  
is returned, and zero or positive code on success.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_pubkey_verify_data2
@anchor{gnutls_pubkey_verify_data2}
@deftypefun {int} {gnutls_pubkey_verify_data2} (gnutls_pubkey_t @var{pubkey}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature})
@var{pubkey}: Holds the public key

@var{algo}: The signature algorithm used

@var{flags}: should be 0 for now

@var{data}: holds the signed data

@var{signature}: contains the signature

This function will verify the given signed data, using the
parameters from the certificate.

@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED}  
is returned, and zero or positive code on success.

@strong{Since:} 3.0
@end deftypefun

@subheading gnutls_pubkey_verify_hash
@anchor{gnutls_pubkey_verify_hash}
@deftypefun {int} {gnutls_pubkey_verify_hash} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash}, const gnutls_datum_t * @var{signature})
@var{key}: Holds the public key

@var{flags}: should be 0 for now

@var{hash}: holds the hash digest to be verified

@var{signature}: contains the signature

This function will verify the given signed digest, using the
parameters from the public key. 

Deprecated. This function cannot be easily used securely. 
Use @code{gnutls_pubkey_verify_hash2()}  instead.

@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED}  
is returned, and zero or positive code on success.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_pubkey_verify_hash2
@anchor{gnutls_pubkey_verify_hash2}
@deftypefun {int} {gnutls_pubkey_verify_hash2} (gnutls_pubkey_t @var{key}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash}, const gnutls_datum_t * @var{signature})
@var{key}: Holds the public key

@var{algo}: The signature algorithm used

@var{flags}: should be 0 for now

@var{hash}: holds the hash digest to be verified

@var{signature}: contains the signature

This function will verify the given signed digest, using the
parameters from the public key.

@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED}  
is returned, and zero or positive code on success.

@strong{Since:} 3.0
@end deftypefun

@subheading gnutls_x509_crl_privkey_sign
@anchor{gnutls_x509_crl_privkey_sign}
@deftypefun {int} {gnutls_x509_crl_privkey_sign} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags})
@var{crl}: should contain a gnutls_x509_crl_t structure

@var{issuer}: is the certificate of the certificate issuer

@var{issuer_key}: holds the issuer's private key

@var{dig}: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing.

@var{flags}: must be 0

This function will sign the CRL with the issuer's private key, and
will copy the issuer's information into the CRL.

This must be the last step in a certificate CRL since all
the previously set parameters are now signed.

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

Since 2.12.0
@end deftypefun

@subheading gnutls_x509_crq_privkey_sign
@anchor{gnutls_x509_crq_privkey_sign}
@deftypefun {int} {gnutls_x509_crq_privkey_sign} (gnutls_x509_crq_t @var{crq}, gnutls_privkey_t @var{key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags})
@var{crq}: should contain a @code{gnutls_x509_crq_t}  structure

@var{key}: holds a private key

@var{dig}: The message digest to use, i.e., @code{GNUTLS_DIG_SHA1} 

@var{flags}: must be 0

This function will sign the certificate request with a private key.
This must be the same key as the one used in
@code{gnutls_x509_crt_set_key()}  since a certificate request is self
signed.

This must be the last step in a certificate request generation
since all the previously set parameters are now signed.

@strong{Returns:} @code{GNUTLS_E_SUCCESS}  on success, otherwise a negative error code.
@code{GNUTLS_E_ASN1_VALUE_NOT_FOUND}  is returned if you didn't set all
information in the certificate request (e.g., the version using
@code{gnutls_x509_crq_set_version()} ).

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_x509_crq_set_pubkey
@anchor{gnutls_x509_crq_set_pubkey}
@deftypefun {int} {gnutls_x509_crq_set_pubkey} (gnutls_x509_crq_t @var{crq}, gnutls_pubkey_t @var{key})
@var{crq}: should contain a @code{gnutls_x509_crq_t}  structure

@var{key}: holds a public key

This function will set the public parameters from the given public
key to the request.

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 2.12.0
@end deftypefun

@subheading gnutls_x509_crt_privkey_sign
@anchor{gnutls_x509_crt_privkey_sign}
@deftypefun {int} {gnutls_x509_crt_privkey_sign} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags})
@var{crt}: a certificate of type @code{gnutls_x509_crt_t} 

@var{issuer}: is the certificate of the certificate issuer

@var{issuer_key}: holds the issuer's private key

@var{dig}: The message digest to use, @code{GNUTLS_DIG_SHA1}  is a safe choice

@var{flags}: must be 0

This function will sign the certificate with the issuer's private key, and
will copy the issuer's information into the certificate.

This must be the last step in a certificate generation since all
the previously set parameters are now signed.

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.
@end deftypefun

@subheading gnutls_x509_crt_set_pubkey
@anchor{gnutls_x509_crt_set_pubkey}
@deftypefun {int} {gnutls_x509_crt_set_pubkey} (gnutls_x509_crt_t @var{crt}, gnutls_pubkey_t @var{key})
@var{crt}: should contain a @code{gnutls_x509_crt_t}  structure

@var{key}: holds a public key

This function will set the public parameters from the given public
key to the request.

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 2.12.0
@end deftypefun