Next: , Previous: , Up: Smart cards and HSMs   [Contents][Index]


5.3.5 Writing objects

With GnuTLS you can copy existing private keys and certificates to a token. Note that when copying private keys it is recommended to mark them as sensitive using the GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE to prevent its extraction. An object can be marked as private using the flag GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE, to require PIN to be entered before accessing the object (for operations or otherwise).

Function: int gnutls_pkcs11_copy_x509_privkey2 (const char * token_url, gnutls_x509_privkey_t key, const char * label, const gnutls_datum_t * cid, unsigned int key_usage, unsigned int flags)

token_url: A PKCS 11 URL specifying a token

key: A private key

label: A name to be used for the stored data

cid: The CKA_ID to set for the object -if NULL, the ID will be derived from the public key

key_usage: One of GNUTLS_KEY_*

flags: One of GNUTLS_PKCS11_OBJ_* flags

This function will copy a private key into a PKCS 11 token specified by a URL. It is highly recommended flags to contain GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE unless there is a strong reason not to.

Returns: On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.

Since: 3.4.0

Function: int gnutls_pkcs11_copy_x509_crt2 (const char * token_url, gnutls_x509_crt_t crt, const char * label, const gnutls_datum_t * cid, unsigned int flags)

token_url: A PKCS 11 URL specifying a token

crt: The certificate to copy

label: The name to be used for the stored data

cid: The CKA_ID to set for the object -if NULL, the ID will be derived from the public key

flags: One of GNUTLS_PKCS11_OBJ_FLAG_*

This function will copy a certificate into a PKCS 11 token specified by a URL. Valid flags to mark the certificate: GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED , GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE , GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE , GNUTLS_PKCS11_OBJ_FLAG_MARK_CA , GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH .

Returns: On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.

Since: 3.4.0

Function: int gnutls_pkcs11_delete_url (const char * object_url, unsigned int flags)

object_url: The URL of the object to delete.

flags: One of GNUTLS_PKCS11_OBJ_* flags

This function will delete objects matching the given URL. Note that not all tokens support the delete operation.

Returns: On success, the number of objects deleted is returned, otherwise a negative error value.

Since: 2.12.0


Next: , Previous: , Up: Smart cards and HSMs   [Contents][Index]