Previous: Abstract private keys, Up: Abstract key types [Contents][Index]

The abstract key types can be used to access signing and signature verification operations with the underlying keys.

- Function:
*int***gnutls_pubkey_verify_data2***(gnutls_pubkey_t*`pubkey`, gnutls_sign_algorithm_t`algo`, unsigned int`flags`, const gnutls_datum_t *`data`, const gnutls_datum_t *`signature`) `pubkey`: Holds the public key`algo`: The signature algorithm used`flags`: Zero or an OR list of`gnutls_certificate_verify_flags`

`data`: holds the signed data`signature`: contains the signatureThis function will verify the given signed data, using the parameters from the certificate.

**Returns:**In case of a verification failure`GNUTLS_E_PK_SIG_VERIFY_FAILED`

is returned, and zero or positive code on success. For known to be insecure signatures this function will return`GNUTLS_E_INSUFFICIENT_SECURITY`

unless the flag`GNUTLS_VERIFY_ALLOW_BROKEN`

is specified.**Since:**3.0

- Function:
*int***gnutls_pubkey_verify_hash2***(gnutls_pubkey_t*`key`, gnutls_sign_algorithm_t`algo`, unsigned int`flags`, const gnutls_datum_t *`hash`, const gnutls_datum_t *`signature`) `key`: Holds the public key`algo`: The signature algorithm used`flags`: Zero or an OR list of`gnutls_certificate_verify_flags`

`hash`: holds the hash digest to be verified`signature`: contains the signatureThis function will verify the given signed digest, using the parameters from the public key. Note that unlike

`gnutls_privkey_sign_hash()`

, this function accepts a signature algorithm instead of a digest algorithm. You can use`gnutls_pk_to_sign()`

to get the appropriate value.**Returns:**In case of a verification failure`GNUTLS_E_PK_SIG_VERIFY_FAILED`

is returned, and zero or positive code on success. For known to be insecure signatures this function will return`GNUTLS_E_INSUFFICIENT_SECURITY`

unless the flag`GNUTLS_VERIFY_ALLOW_BROKEN`

is specified.**Since:**3.0

- Function:
*int***gnutls_pubkey_encrypt_data***(gnutls_pubkey_t*`key`, unsigned int`flags`, const gnutls_datum_t *`plaintext`, gnutls_datum_t *`ciphertext`) `key`: Holds the public key`flags`: should be 0 for now`plaintext`: The data to be encrypted`ciphertext`: contains the encrypted dataThis function will encrypt the given data, using the public key. On success the

`ciphertext`

will be allocated using`gnutls_malloc()`

.**Returns:**On success,`GNUTLS_E_SUCCESS`

(0) is returned, otherwise a negative error value.**Since:**3.0

- Function:
*int***gnutls_privkey_sign_data***(gnutls_privkey_t*`signer`, gnutls_digest_algorithm_t`hash`, unsigned int`flags`, const gnutls_datum_t *`data`, gnutls_datum_t *`signature`) `signer`: Holds the key`hash`: should be a digest algorithm`flags`: Zero or one of`gnutls_privkey_flags_t`

`data`: holds the data to be signed`signature`: will contain the signature allocated with`gnutls_malloc()`

This function will sign the given data using a signature algorithm supported by the private key. Signature algorithms are always used together with a hash functions. Different hash functions may be used for the RSA algorithm, but only the SHA family for the DSA keys.

You may use

`gnutls_pubkey_get_preferred_hash_algorithm()`

to determine the hash algorithm.**Returns:**On success,`GNUTLS_E_SUCCESS`

(0) is returned, otherwise a negative error value.**Since:**2.12.0

- Function:
*int***gnutls_privkey_sign_hash***(gnutls_privkey_t*`signer`, gnutls_digest_algorithm_t`hash_algo`, unsigned int`flags`, const gnutls_datum_t *`hash_data`, gnutls_datum_t *`signature`) `signer`: Holds the signer’s key`hash_algo`: The hash algorithm used`flags`: Zero or one of`gnutls_privkey_flags_t`

`hash_data`: holds the data to be signed`signature`: will contain newly allocated signatureThis function will sign the given hashed data using a signature algorithm supported by the private key. Signature algorithms are always used together with a hash functions. Different hash functions may be used for the RSA algorithm, but only SHA-XXX for the DSA keys.

You may use

`gnutls_pubkey_get_preferred_hash_algorithm()`

to determine the hash algorithm.The flags may be

`GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA`

or`GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS`

. In the former case this function will ignore`hash_algo`

and perform a raw PKCS1 signature, and in the latter an RSA-PSS signature will be generated.Note that, not all algorithm support signing already hashed data. When signing with Ed25519,

`gnutls_privkey_sign_data()`

should be used.**Returns:**On success,`GNUTLS_E_SUCCESS`

(0) is returned, otherwise a negative error value.**Since:**2.12.0

- Function:
*int***gnutls_privkey_decrypt_data***(gnutls_privkey_t*`key`, unsigned int`flags`, const gnutls_datum_t *`ciphertext`, gnutls_datum_t *`plaintext`) `key`: Holds the key`flags`: zero for now`ciphertext`: holds the data to be decrypted`plaintext`: will contain the decrypted data, allocated with`gnutls_malloc()`

This function will decrypt the given data using the algorithm supported by the private key.

**Returns:**On success,`GNUTLS_E_SUCCESS`

(0) is returned, otherwise a negative error value.**Since:**2.12.0

Signing existing structures, such as certificates, CRLs, or certificate requests, as well as associating public keys with structures is also possible using the key abstractions.

- Function:
*int***gnutls_x509_crq_set_pubkey***(gnutls_x509_crq_t*`crq`, gnutls_pubkey_t`key`) `crq`: should contain a`gnutls_x509_crq_t`

type`key`: holds a public keyThis function will set the public parameters from the given public key to the request. The

`key`

can be deallocated after that.**Returns:**On success,`GNUTLS_E_SUCCESS`

(0) is returned, otherwise a negative error value.**Since:**2.12.0

- Function:
*int***gnutls_x509_crt_set_pubkey***(gnutls_x509_crt_t*`crt`, gnutls_pubkey_t`key`) `crt`: should contain a`gnutls_x509_crt_t`

type`key`: holds a public keyThis function will set the public parameters from the given public key to the certificate. The

`key`

can be deallocated after that.**Returns:**On success,`GNUTLS_E_SUCCESS`

(0) is returned, otherwise a negative error value.**Since:**2.12.0

`int`gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t`crt`, gnutls_x509_crt_t`issuer`, gnutls_privkey_t`issuer_key`, gnutls_digest_algorithm_t`dig`, unsigned int`flags`)`int`gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t`crl`, gnutls_x509_crt_t`issuer`, gnutls_privkey_t`issuer_key`, gnutls_digest_algorithm_t`dig`, unsigned int`flags`)`int`gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t`crq`, gnutls_privkey_t`key`, gnutls_digest_algorithm_t`dig`, unsigned int`flags`)

Previous: Abstract private keys, Up: Abstract key types [Contents][Index]