-This is ksba.info, produced by makeinfo version 5.2 from ksba.texi.
+This is ksba.info, produced by makeinfo version 6.8 from ksba.texi.
INFO-DIR-SECTION GNU libraries
START-INFO-DIR-ENTRY
This file documents the KSBA library to access X.509 and CMS data
structures.
- This is edition 1.3.5, last updated 15 March 2013, of 'The KSBA
-Reference Manual', for Version 1.3.5.
+ This is edition 1.6.5, last updated 14 November 2023, of 'The KSBA
+Reference Manual', for Version 1.6.5.
Copyright (C) 2002, 2003, 2004 g10 Code GmbH
Main Menu
*********
-This is edition 1.3.5, last updated 15 March 2013, of 'The KSBA
-Reference Manual', for Version 1.3.5 of the KSBA library.
+This is edition 1.6.5, last updated 14 November 2023, of 'The KSBA
+Reference Manual', for Version 1.6.5 of the KSBA library.
Copyright (C) 2002, 2003, 2004 g10 Code GmbH
path (via the '-I' option).
However, the path to the include file is determined at the time the
-source is configured. To solve this problem, 'KSBA' ships with a small
-helper program 'ksba-config' that knows about the path to the include
-file and other configuration options. The options that need to be added
-to the compiler invocation at compile time are output by the '--cflags'
-option of 'ksba-config'. The following example shows how it can be used
-at the command line:
+source is configured. To solve this problem, 'KSBA' ships with
+'ksba.pc' file, that knows about the path to the include file and other
+configuration options. The options that need to be added to the
+compiler invocation at compile time are output by the '--cflags' option
+of 'pkg-config ksba'. The following example shows how it can be used at
+the command line:
- gcc -c foo.c `ksba-config --cflags`
+ gcc -c foo.c `pkg-config --cflags ksba`
- Adding the output of 'ksba-config --cflags' to the compiler's command
-line will ensure that the compiler can find the 'ksba.h' header file.
+ Adding the output of 'pkg-config --cflags ksba' to the compiler's
+command line will ensure that the compiler can find the 'ksba.h' header
+file.
A similar problem occurs when linking the program with the library.
Again, the compiler has to find the library files. For this to work,
the path to the library files has to be added to the library search path
-(via the '-L' option). For this, the option '--libs' of 'ksba-config'
-can be used. For convenience, this option also outputs all other
+(via the '-L' option). For this, the option '--libs' of 'pkg-config
+ksba' can be used. For convenience, this option also outputs all other
options that are required to link the program with the 'KSBA' libraries
(in particular, the '-lksba' option). The example shows how to link
'foo.o' with the 'KSBA' libraries to a program 'foo'.
- gcc -o foo foo.o `ksba-config --libs`
+ gcc -o foo foo.o `pkg-config --libs ksba`
Of course you can also combine both examples to a single command by
-specifying both options to 'ksba-config':
+specifying both options to 'pkg-config ksba':
- gcc -o foo foo.c `ksba-config --cflags --libs`
+ gcc -o foo foo.c `pkg-config --cflags --libs ksba`
\1f
File: ksba.info, Node: Certificate Handling, Next: CMS, Prev: Preparation, Up: Top
Read the next certificate from the READER object and store it in
the certificate object CERT for future access. The certificate is
parsed and rejected if it has any syntactical or semantical error
- (i.e. does not match the ASN.1 description).
+ (i.e., does not match the ASN.1 description).
The function returns '0' if the operation was successfully
performed. An error code is returned on failure.
Figure out the the digest algorithm used for the signature and
return its OID in dotted decimal format. This function is most
likely used to setup the hash context before calling
- 'ksba_cert_hash'.
+ 'ksba_cert_hash'. For some certificate types the returned OID has
+ a special meaning:
+
+ '1.2.840.113549.1.1.10'
+ This indicates the RSASSA-PSS algorithm. The digest algorithm
+ needs to be extracted from the S-expression returned by
+ 'ksba_cert_get_sig_val'.
+
+ '1.3.101.112'
+ This is the Ed25519 algorithm which does not use a separate
+ digest algorithm. See RFC-8410.
+
+ '1.3.101.113'
+ This is the Ed448 algorithm which does not use a separate
+ digest algorithm. See RFC-8410.
The function returns 'NULL' for an error; on success a constant
string with the OID is returned. This string is valid as long the
represent any time since the year 0.
It is implemented as a buffer of 16 bytes and may be handled like a
- standard string. It should be initialized to zero (i.e. the first
+ standard string. It should be initialized to zero (i.e., the first
byte needs to be 0x00) if it does not hold a valid date. Date
values themselves are stored in ISO format and assumed to be
referenced from UTC. The string with the date value is always
(ksba_cert_t CERT, int WHAT, ksba_isotime_t TIMEBUF)
Return the validity dates from the certificate. If no value is
- available an empty date object (i.e. a 'strlen' will be stored at
+ available an empty date object (i.e., a 'strlen' will be stored at
TIMEBUF, otherwise it will receive the date. On failure an error
code is returned.
will be replaced by the new data. Using 'NULL' for DATA will
effectively delete the data.
- On error (i.e. out of memory) an already existing data object
+ On error (i.e., out of memory) an already existing data object
stored under KEY may get deleted.
*Caution:* This function is definitely not thread safe because we
don't employ any locking mechanisms.
- -- Function: gpg_error_t ksba_cert_get_user_data (ksba_cert_t CERT, const char *KEY,
- void *BUFFER, size_t BUFFERLEN, size_t *DATALEN)
+ -- Function: gpg_error_t ksba_cert_get_user_data (ksba_cert_t CERT,
+ const char *KEY, void *BUFFER, size_t BUFFERLEN,
+ size_t *DATALEN)
Return user data for certificate CERT stored under the string KEY.
The caller needs to provide a suitable large BUFFER and the usable
digital signing. The parser is capable of handling arbitrary amounts of
data without requiring much memory. Well, certain objects are build in
memory because it can be assumed that those objects are limited in size;
-e.g. it does not make sense to use a video clip as the DN despite the
+e.g., it does not make sense to use a video clip as the DN despite the
fact that the standard does not forbid it.
-- Function: gpg_error_t ksba_cms_parse
if (gpg_err_code (err) == GPG_ERR_EOF)
okay = 1;
- The only exception is that success (i.e. no error) is defined to be
+ The only exception is that success (i.e., no error) is defined to be
'0'; thus you may directly test for success like:
if (!ksba_foo ())
representation; components not listed in this table will be represented
by their OID.
- For the other direction, i.e. creating a DN from the string
+ For the other direction, i.e., creating a DN from the string
representation, KSBA recognizes the following extra labels:
Label Component OID
* Menu:
* ksba_cert_get_authority_info_access: Retrieving attributes.
- (line 263)
+ (line 277)
* ksba_cert_get_auth_key_id: Retrieving attributes.
- (line 254)
+ (line 268)
* ksba_cert_get_cert_policies: Retrieving attributes.
- (line 216)
+ (line 230)
* ksba_cert_get_crl_dist_point: Retrieving attributes.
- (line 226)
+ (line 240)
* ksba_cert_get_digest_algo: Retrieving attributes.
(line 39)
* ksba_cert_get_extension: Retrieving attributes.
- (line 164)
+ (line 178)
* ksba_cert_get_ext_key_usages: Retrieving attributes.
- (line 210)
+ (line 224)
* ksba_cert_get_image: Retrieving attributes.
(line 11)
* ksba_cert_get_issuer: Retrieving attributes.
- (line 57)
+ (line 71)
* ksba_cert_get_key_usage: Retrieving attributes.
- (line 177)
+ (line 191)
* ksba_cert_get_public_key: Retrieving attributes.
- (line 156)
+ (line 170)
* ksba_cert_get_serial: Retrieving attributes.
- (line 50)
+ (line 64)
* ksba_cert_get_sig_val: Retrieving attributes.
- (line 160)
+ (line 174)
* ksba_cert_get_subject: Retrieving attributes.
- (line 84)
+ (line 98)
* ksba_cert_get_subject_info_access: Retrieving attributes.
- (line 277)
+ (line 291)
* ksba_cert_get_subj_key_id: Retrieving attributes.
- (line 245)
+ (line 259)
* ksba_cert_get_user_data: User data. (line 26)
* ksba_cert_get_validity: Retrieving attributes.
- (line 145)
+ (line 159)
* ksba_cert_hash: Retrieving attributes.
(line 24)
* ksba_cert_init_from_mem: Creating certificates.
(line 41)
* ksba_cert_is_ca: Retrieving attributes.
- (line 169)
+ (line 183)
* ksba_cert_new: Creating certificates.
(line 9)
* ksba_cert_read_der: Creating certificates.
* ksba_content_t: CMS Parser. (line 61)
* ksba_dn_teststr: DNs. (line 9)
* ksba_isotime_t: Retrieving attributes.
- (line 109)
+ (line 123)
* ksba_name_enum: Names. (line 17)
* ksba_name_get_uri: Names. (line 36)
* ksba_name_release: Names. (line 13)
\1f
Tag Table:
-Node: Top\7f740
-Node: Introduction\7f2772
-Node: Getting Started\7f3050
-Node: Features\7f3916
-Node: Overview\7f5007
-Node: Preparation\7f5256
-Node: Header\7f5739
-Node: Version Check\7f6335
-Node: Building the source\7f7427
-Node: Certificate Handling\7f9271
-Node: Creating certificates\7f10252
-Node: Retrieving attributes\7f12713
-Node: Setting attributes\7f26390
-Node: User data\7f26655
-Node: CMS\7f28565
-Node: CMS Basics\7f29024
-Node: CMS Parser\7f31087
-Node: CRLs\7f35065
-Node: PKCS10\7f35348
-Node: Utilities\7f35609
-Node: Names\7f36013
-Node: OIDs\7f38325
-Node: DNs\7f38529
-Node: Error Handling\7f39660
-Node: Component Labels\7f41015
-Node: Copying\7f42578
-Node: Concept Index\7f80105
-Node: Function and Data Index\7f80233
+Node: Top\7f743
+Node: Introduction\7f2778
+Node: Getting Started\7f3056
+Node: Features\7f3922
+Node: Overview\7f5013
+Node: Preparation\7f5262
+Node: Header\7f5745
+Node: Version Check\7f6341
+Node: Building the source\7f7433
+Node: Certificate Handling\7f9284
+Node: Creating certificates\7f10265
+Node: Retrieving attributes\7f12726
+Node: Setting attributes\7f26944
+Node: User data\7f27209
+Node: CMS\7f29129
+Node: CMS Basics\7f29588
+Node: CMS Parser\7f31651
+Node: CRLs\7f35629
+Node: PKCS10\7f35912
+Node: Utilities\7f36173
+Node: Names\7f36577
+Node: OIDs\7f38889
+Node: DNs\7f39093
+Node: Error Handling\7f40224
+Node: Component Labels\7f41579
+Node: Copying\7f43142
+Node: Concept Index\7f80669
+Node: Function and Data Index\7f80797
\1f
End Tag Table
+
+\1f
+Local Variables:
+coding: utf-8
+End: