| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
6.6 Abstract key types
Since there are many forms of a public or private keys supported by GnuTLS such as
X.509, OpenPGP, or PKCS #11 it is desirable to allow common operations
on them. For these reasons the abstract gnutls_privkey_t and gnutls_pubkey_t were
introduced in gnutls/abstract.h header. Those types are initialized using a specific type of
key and then can be used to perform operations in an abstract way. For example in order
to sign an X.509 certificate with a key that resides in a token the following steps must be
used.
#inlude <gnutls/abstract.h>
#inlude <gnutls/pkcs11.h>
void sign_cert( gnutls_x509_crt_t to_be_signed)
{
gnutls_pkcs11_privkey_t ca_key;
gnutls_x509_crt_t ca_cert;
gnutls_privkey_t abs_key;
/* load the PKCS #11 key and certificates */
gnutls_pkcs11_privkey_init(&ca_key);
gnutls_pkcs11_privkey_import_url(ca_key, key_url);
gnutls_x509_crt_init(&ca_cert);
gnutls_x509_crt_import_pkcs11_url(&ca_cert, cert_url);
/* initialize the abstract key */
gnutls_privkey_init(&abs_key);
gnutls_privkey_import_pkcs11(abs_key, ca_key);
/* sign the certificate to be signed */
gnutls_x509_crt_privkey_sign(to_be_signed, ca_cert, ca_key,
GNUTLS_DIG_SHA256, 0);
}
| 6.6.1 Public keys | ||
| 6.6.2 Private keys | ||
| 6.6.3 Operations |
This document was generated on January 4, 2012 using texi2html 5.0.