table of contents
- bookworm 3.7.9-2+deb12u3
- testing 3.8.6-2
- unstable 3.8.6-2
- experimental 3.8.8-1
gnutls_x509_privkey_generate2(3) | gnutls | gnutls_x509_privkey_generate2(3) |
NAME¶
gnutls_x509_privkey_generate2 - API function
SYNOPSIS¶
#include <gnutls/x509.h>
int gnutls_x509_privkey_generate2(gnutls_x509_privkey_t key, gnutls_pk_algorithm_t algo, unsigned int bits, unsigned int flags, const gnutls_keygen_data_st * data, unsigned data_size);
ARGUMENTS¶
- gnutls_x509_privkey_t key
- a key
- gnutls_pk_algorithm_t algo
- is one of the algorithms in gnutls_pk_algorithm_t.
- unsigned int bits
- the size of the modulus
- unsigned int flags
- Must be zero or flags from gnutls_privkey_flags_t.
- const gnutls_keygen_data_st * data
- Allow specifying gnutls_keygen_data_st types such as the seed to be used.
- unsigned data_size
- The number of data available.
DESCRIPTION¶
This function will generate a random private key. Note that this function must be called on an initialized private key.
The flag GNUTLS_PRIVKEY_FLAG_PROVABLE instructs the key generation process to use algorithms like Shawe-Taylor (from FIPS PUB186-4) which generate provable parameters out of a seed for RSA and DSA keys. On DSA keys the PQG parameters are generated using the seed, while on RSA the two primes. To specify an explicit seed (by default a random seed is used), use the data with a GNUTLS_KEYGEN_SEED type.
Note that when generating an elliptic curve key, the curve can be substituted in the place of the bits parameter using the GNUTLS_CURVE_TO_BITS() macro.
To export the generated keys in memory or in files it is recommended to use the PKCS8 form as it can handle all key types, and can store additional parameters such as the seed, in case of provable RSA or DSA keys. Generated keys can be exported in memory using gnutls_privkey_export_x509(), and then with gnutls_x509_privkey_export2_pkcs8().
If key generation is part of your application, avoid setting the number of bits directly, and instead use gnutls_sec_param_to_pk_bits(). That way the generated keys will adapt to the security levels of the underlying GnuTLS library.
See also gnutls_privkey_generate2().
RETURNS¶
On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.
REPORTING BUGS¶
Report bugs to <bugs@gnutls.org>.
Home page: https://www.gnutls.org
COPYRIGHT¶
Copyright © 2001-2023 Free Software Foundation, Inc., and
others.
Copying and distribution of this file, with or without modification, are
permitted in any medium without royalty provided the copyright notice and
this notice are preserved.
SEE ALSO¶
The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit
3.8.8 | gnutls |