gnutls_certificate_set_rawpk_key_mem(3) — Linux manual page



NAME         top

       gnutls_certificate_set_rawpk_key_mem - API function

SYNOPSIS         top

       #include <gnutls/gnutls.h>

       cred, const gnutls_datum_t * spki, const gnutls_datum_t * pkey,
       gnutls_x509_crt_fmt_t format, const char * pass, unsigned int
       key_usage, const char ** names, unsigned int names_length,
       unsigned int flags);

ARGUMENTS         top

       gnutls_certificate_credentials_t cred
                   is a gnutls_certificate_credentials_t type.

       const gnutls_datum_t * spki
                   contains a raw public key in
                   PKIX.SubjectPublicKeyInfo format.

       const gnutls_datum_t * pkey
                   contains a raw private key.

       gnutls_x509_crt_fmt_t format
                   encoding of the keys. DER or PEM.

       const char * pass
                   an optional password to unlock the private key pkey.

       unsigned int key_usage
                   An ORed sequence of GNUTLS_KEY_* flags.

       const char ** names
                   is an array of DNS names belonging to the public-key
                   (NULL if none).

       unsigned int names_length
                   holds the length of the names list.

       unsigned int flags
                   an ORed sequence of gnutls_pkcs_encrypt_flags_t.
                   These apply to the private key pkey.

DESCRIPTION         top

       This function sets a public/private keypair in the
       gnutls_certificate_credentials_t type to be used for
       authentication and/or encryption.  spki and  privkey should match
       otherwise set signatures cannot be validated. In case of no match
       this function returns GNUTLS_E_CERTIFICATE_KEY_MISMATCH. This
       function should be called once for the client because there is
       currently no mechanism to determine which raw public-key to
       select for the peer when there are multiple present. Multiple raw
       public keys for the server can be distinghuished by setting the
       names .

       Note here that  spki is a raw public-key as defined in RFC7250.
       It means that there is no surrounding certificate that holds the
       public key and that there is therefore no direct mechanism to
       prove the authenticity of this key. The keypair can be used
       during a TLS handshake but its authenticity should be established
       via a different mechanism (e.g. TOFU or known fingerprint).

       The supported formats are basic unencrypted key, PKCS8, PKCS12,
       and the openssl format and will be autodetected.

       If the raw public-key and the private key are given in PEM
       encoding then the strings that hold their values must be null

       Key usage (as defined by X.509 extension ( can be
       explicitly set because there is no certificate structure around
       the key to define this value. See for more info

       Note that, this function by default returns zero on success and a
       negative value on error. Since 3.5.6, when the flag
       GNUTLS_CERTIFICATE_API_V2 is set using
       gnutls_certificate_set_flags() it returns an index (greater or
       equal to zero). That index can be used in other functions to
       refer to the added key-pair.

RETURNS         top

       On success, GNUTLS_E_SUCCESS (0) is returned, in case the key
       pair does not match GNUTLS_E_CERTIFICATE_KEY_MISMATCH is
       returned, in other erroneous cases a different negative error
       code is returned.

SINCE         top


REPORTING BUGS         top

       Report bugs to <>.
       Home page:

COPYRIGHT         top

       Copyright © 2001- Free Software Foundation, Inc., and others.
       Copying and distribution of this file, with or without
       modification, are permitted in any medium without royalty
       provided the copyright notice and this notice are preserved.

SEE ALSO         top

       The full documentation for gnutls is maintained as a Texinfo
       manual.  If the /usr/share/doc/gnutls/ directory does not contain
       the HTML form visit 

COLOPHON         top

       This page is part of the GnuTLS (GnuTLS Transport Layer Security
       Library) project.  Information about the project can be found at
       ⟨⟩.  If you have a bug report for this
       manual page, send it to  This page was obtained
       from the tarball gnutls-3.8.0.tar.xz fetched from
       ⟨⟩ on 2023-06-23.  If you
       discover any rendering problems in this HTML version of the page,
       or you believe there is a better or more up-to-date source for
       the page, or you have corrections or improvements to the
       information in this COLOPHON (which is not part of the original
       manual page), send a mail to

gnutls                           g3n.u8t.l0s_certificate_set_rawpk_key_mem(3)