gnutls_pkcs12_simple_parse(3) — Linux manual page


gnutls_pkcs12_simple_parse(3)    gnutls    gnutls_pkcs12_simple_parse(3)

NAME         top

       gnutls_pkcs12_simple_parse - API function

SYNOPSIS         top

       #include <gnutls/pkcs12.h>

       int gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, const char *
       password, gnutls_x509_privkey_t * key, gnutls_x509_crt_t **
       chain, unsigned int * chain_len, gnutls_x509_crt_t **
       extra_certs, unsigned int * extra_certs_len, gnutls_x509_crl_t *
       crl, unsigned int flags);

ARGUMENTS         top

       gnutls_pkcs12_t p12
                   A pkcs12 type

       const char * password
                   optional password used to decrypt the structure, bags
                   and keys.

       gnutls_x509_privkey_t * key
                   a structure to store the parsed private key.

       gnutls_x509_crt_t ** chain
                   the corresponding to key certificate chain (may be

       unsigned int * chain_len
                   will be updated with the number of additional (may be

       gnutls_x509_crt_t ** extra_certs
                   optional pointer to receive an array of additional
                   certificates found in the PKCS12 structure (may be

       unsigned int * extra_certs_len
                   will be updated with the number of additional certs
                   (may be NULL).

       gnutls_x509_crl_t * crl
                   an optional structure to store the parsed CRL (may be

       unsigned int flags
                   should be zero or one of GNUTLS_PKCS12_SP_*

DESCRIPTION         top

       This function parses a PKCS12 structure in  pkcs12 and extracts
       the private key, the corresponding certificate chain, any
       additional certificates and a CRL. The structures in  key ,
       chain  crl , and  extra_certs must not be initialized.

       The  extra_certs and  extra_certs_len parameters are optional and
       both may be set to NULL. If either is non-NULL, then both must be
       set. The value for  extra_certs is allocated using

       Encrypted PKCS12 bags and PKCS8 private keys are supported, but
       only with password based security and the same password for all

       Note that a PKCS12 structure may contain many keys and/or
       certificates, and there is no way to identify which
       key/certificate pair you want.  For this reason this function is
       useful for PKCS12 files that contain only one key/certificate
       pair and/or one CRL.

       If the provided structure has encrypted fields but no password is
       provided then this function returns GNUTLS_E_DECRYPTION_FAILED.

       Note that normally the chain constructed does not include self
       signed certificates, to comply with TLS' requirements. If,
       however, the flag GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED is
       specified then self signed certificates will be included in the

       Prior to using this function the PKCS 12 structure integrity must
       be verified using gnutls_pkcs12_verify_mac().

RETURNS         top

       On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a
       negative error value.

SINCE         top


REPORTING BUGS         top

       Report bugs to <>.
       Home page:

COPYRIGHT         top

       Copyright © 2001-2023 Free Software Foundation, Inc., and others.
       Copying and distribution of this file, with or without
       modification, are permitted in any medium without royalty
       provided the copyright notice and this notice are preserved.

SEE ALSO         top

       The full documentation for gnutls is maintained as a Texinfo
       manual.  If the /usr/share/doc/gnutls/ directory does not contain
       the HTML form visit

COLOPHON         top

       This page is part of the GnuTLS (GnuTLS Transport Layer Security
       Library) project.  Information about the project can be found at
       ⟨⟩.  If you have a bug report for this
       manual page, send it to  This page was obtained
       from the tarball gnutls-3.8.5.tar.xz fetched from
       ⟨⟩ on 2024-06-14.  If you
       discover any rendering problems in this HTML version of the page,
       or you believe there is a better or more up-to-date source for
       the page, or you have corrections or improvements to the
       information in this COLOPHON (which is not part of the original
       manual page), send a mail to

gnutls                            3.8.5    gnutls_pkcs12_simple_parse(3)