* format. Additionally it is possible to import public RSA key from
* X509 certificate.
*
+ * If the key is encrypted the algorithm will be autodetected and password
+ * used. If it's not known if the key is encrypted one should pass NULL as
+ * password and check for the YACA_ERROR_PASSWORD_INVALID return code.
+ *
* @param[out] key Returned key (must be freed with yaca_key_free()).
* @param[in] key_type Type of the key.
+ * @param[in] password null terminated password for the key (can be NULL).
* @param[in] data Blob containing the key.
* @param[in] data_len Size of the blob.
*
- * @return 0 on success, negative on error.
+ * @return 0 on success, YACA_ERROR_PASSWORD_INVALID if wrong password given,
+ * negative on error.
* @see #yaca_key_type_e, yaca_key_export(), yaca_key_free()
*/
int yaca_key_import(yaca_key_h *key,
yaca_key_type_e key_type,
+ const char *password,
const char *data,
size_t data_len);
* - #YACA_KEY_FILE_FORMAT_PEM: used only for asymmetric, PEM file format
* - #YACA_KEY_FILE_FORMAT_DER: used only for asymmetric, DER file format
*
+ * If no password is provided the exported key will be unencrypted. Only private
+ * RSA/DSA exported as PEM can be encrypted.
+ *
+ * TODO: document the default encryption algorithm (AES256 for FORMAT_DEFAULT,
+ * unknown yet for the FORMAT_PKCS8)
+ *
* @param[in] key Key to be exported.
* @param[in] key_fmt Format of the key.
* @param[in] key_file_fmt Format of the key file.
+ * @param[in] password Password used for the encryption (can be NULL).
* @param[out] data Data, allocated by the library, containing exported key
* (must be freed with yaca_free()).
* @param[out] data_len Size of the output data.
int yaca_key_export(const yaca_key_h key,
yaca_key_fmt_e key_fmt,
yaca_key_file_fmt_e key_file_fmt,
+ const char *password,
char **data,
size_t *data_len);
/* BASE64 */
- ret = yaca_key_export(sym, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_BASE64, &b64, &b64_len);
+ ret = yaca_key_export(sym, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_BASE64, NULL, &b64, &b64_len);
if (ret != 0)
return ret;
- ret = yaca_key_import(&b64_imported, YACA_KEY_TYPE_SYMMETRIC, b64, b64_len);
+ ret = yaca_key_import(&b64_imported, YACA_KEY_TYPE_SYMMETRIC, NULL, b64, b64_len);
if (ret != 0)
goto free;
yaca_free(b64);
b64 = NULL;
- ret = yaca_key_export(b64_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_BASE64, &b64, &b64_len);
+ ret = yaca_key_export(b64_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_BASE64, NULL, &b64, &b64_len);
if (ret != 0)
goto free;
/* RAW */
- ret = yaca_key_export(sym, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_RAW, &raw, &raw_len);
+ ret = yaca_key_export(sym, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_RAW, NULL, &raw, &raw_len);
if (ret != 0)
goto free;
- ret = yaca_key_import(&raw_imported, YACA_KEY_TYPE_SYMMETRIC, raw, raw_len);
+ ret = yaca_key_import(&raw_imported, YACA_KEY_TYPE_SYMMETRIC, NULL, raw, raw_len);
if (ret != 0)
goto free;
yaca_free(raw);
raw = NULL;
- ret = yaca_key_export(raw_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_RAW, &raw, &raw_len);
+ ret = yaca_key_export(raw_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_RAW, NULL, &raw, &raw_len);
if (ret != 0)
goto free;
/* PEM private */
- ret = yaca_key_export(priv, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM, &pem_prv, &pem_prv_len);
+ ret = yaca_key_export(priv, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM, NULL, &pem_prv, &pem_prv_len);
if (ret != 0)
return ret;
- ret = yaca_key_import(&pem_prv_imported, priv_type, pem_prv, pem_prv_len);
+ ret = yaca_key_import(&pem_prv_imported, priv_type, NULL, pem_prv, pem_prv_len);
if (ret != 0)
goto free;
yaca_free(pem_prv);
pem_prv = NULL;
- ret = yaca_key_export(pem_prv_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM, &pem_prv, &pem_prv_len);
+ ret = yaca_key_export(pem_prv_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM, NULL, &pem_prv, &pem_prv_len);
if (ret != 0)
goto free;
/* DER private */
- ret = yaca_key_export(priv, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_DER, &der_prv, &der_prv_len);
+ ret = yaca_key_export(priv, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_DER, NULL, &der_prv, &der_prv_len);
if (ret != 0)
goto free;
- ret = yaca_key_import(&der_prv_imported, priv_type, der_prv, der_prv_len);
+ ret = yaca_key_import(&der_prv_imported, priv_type, NULL, der_prv, der_prv_len);
if (ret != 0)
goto free;
yaca_free(der_prv);
der_prv = NULL;
- ret = yaca_key_export(der_prv_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_DER, &der_prv, &der_prv_len);
+ ret = yaca_key_export(der_prv_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_DER, NULL, &der_prv, &der_prv_len);
if (ret != 0)
goto free;
/* PEM public */
- ret = yaca_key_export(pub, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM, &pem_pub, &pem_pub_len);
+ ret = yaca_key_export(pub, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM, NULL, &pem_pub, &pem_pub_len);
if (ret != 0)
goto free;
- ret = yaca_key_import(&pem_pub_imported, pub_type, pem_pub, pem_pub_len);
+ ret = yaca_key_import(&pem_pub_imported, pub_type, NULL, pem_pub, pem_pub_len);
if (ret != 0)
goto free;
yaca_free(pem_pub);
pem_pub = NULL;
- ret = yaca_key_export(pem_pub_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM, &pem_pub, &pem_pub_len);
+ ret = yaca_key_export(pem_pub_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM, NULL, &pem_pub, &pem_pub_len);
if (ret != 0)
goto free;
/* DER public */
- ret = yaca_key_export(pub, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_DER, &der_pub, &der_pub_len);
+ ret = yaca_key_export(pub, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_DER, NULL, &der_pub, &der_pub_len);
if (ret != 0)
goto free;
- ret = yaca_key_import(&der_pub_imported, pub_type, der_pub, der_pub_len);
+ ret = yaca_key_import(&der_pub_imported, pub_type, NULL, der_pub, der_pub_len);
if (ret != 0)
goto free;
yaca_free(der_pub);
der_pub = NULL;
- ret = yaca_key_export(der_pub_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_DER, &der_pub, &der_pub_len);
+ ret = yaca_key_export(der_pub_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_DER, NULL, &der_pub, &der_pub_len);
if (ret != 0)
goto free;
return ret;
}
- ret = yaca_key_import(&rsa_pub_from_cert, YACA_KEY_TYPE_RSA_PUB, pub, pub_len);
+ ret = yaca_key_import(&rsa_pub_from_cert, YACA_KEY_TYPE_RSA_PUB, NULL, pub, pub_len);
if (ret != 0)
goto free;
yaca_free(pub);
pub = NULL;
- ret = yaca_key_export(rsa_pub_from_cert, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM, &pub, &pub_len);
+ ret = yaca_key_export(rsa_pub_from_cert, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM, NULL, &pub, &pub_len);
if (ret != 0)
goto free;
projects / platform / core / security / yaca.git / commitdiff