/** * gnutls_x509_privkey_export: * @key: Holds the key * @format: the format of output params. One of PEM or DER. * @output_data: will contain a private key PEM or DER encoded * @output_data_size: holds the size of output_data (and will be * replaced by the actual size of parameters) * * This function will export the private key to a PKCS1 structure for * RSA keys, or an integer sequence for DSA keys. The DSA keys are in * the same format with the parameters used by openssl. * * If the buffer provided is not long enough to hold the output, then * *@output_data_size is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER * will be returned. * * If the structure is PEM encoded, it will have a header * of "BEGIN RSA PRIVATE KEY". * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ int gnutls_x509_privkey_export (gnutls_x509_privkey_t key, gnutls_x509_crt_fmt_t format, void *output_data, size_t * output_data_size) { const char *msg; if (key == NULL) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } if (key->pk_algorithm == GNUTLS_PK_RSA) msg = PEM_KEY_RSA; else if (key->pk_algorithm == GNUTLS_PK_DSA) msg = PEM_KEY_DSA; else if (key->pk_algorithm == GNUTLS_PK_EC) msg = PEM_KEY_ECC; else msg = "UNKNOWN"; return _gnutls_x509_export_int (key->key, format, msg, output_data, output_data_size); }
/** * gnutls_pkcs7_export: * @pkcs7: Holds the pkcs7 structure * @format: the format of output params. One of PEM or DER. * @output_data: will contain a structure PEM or DER encoded * @output_data_size: holds the size of output_data (and will be * replaced by the actual size of parameters) * * This function will export the pkcs7 structure to DER or PEM format. * * If the buffer provided is not long enough to hold the output, then * *@output_data_size is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER * will be returned. * * If the structure is PEM encoded, it will have a header * of "BEGIN PKCS7". * * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ int gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_fmt_t format, void *output_data, size_t * output_data_size) { if (pkcs7 == NULL) return GNUTLS_E_INVALID_REQUEST; return _gnutls_x509_export_int (pkcs7->pkcs7, format, PEM_PKCS7, output_data, output_data_size); }
/** * gnutls_x509_privkey_export - This function will export the private key * @key: Holds the key * @format: the format of output params. One of PEM or DER. * @output_data: will contain a private key PEM or DER encoded * @output_data_size: holds the size of output_data (and will be * replaced by the actual size of parameters) * * This function will export the private key to a PKCS1 structure for * RSA keys, or an integer sequence for DSA keys. The DSA keys are in * the same format with the parameters used by openssl. * * If the buffer provided is not long enough to hold the output, then * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will * be returned. * * If the structure is PEM encoded, it will have a header * of "BEGIN RSA PRIVATE KEY". * * Return value: In case of failure a negative value will be * returned, and 0 on success. * **/ int gnutls_x509_privkey_export (gnutls_x509_privkey_t key, gnutls_x509_crt_fmt_t format, void *output_data, size_t * output_data_size) { char *msg; int ret; if (key == NULL) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } if (key->pk_algorithm == GNUTLS_PK_RSA) msg = PEM_KEY_RSA; else if (key->pk_algorithm == GNUTLS_PK_DSA) msg = PEM_KEY_DSA; else msg = NULL; if (key->crippled) { /* encode the parameters on the fly. */ switch (key->pk_algorithm) { case GNUTLS_PK_DSA: ret = _encode_dsa (&key->key, key->params); if (ret < 0) { gnutls_assert (); return ret; } break; case GNUTLS_PK_RSA: ret = _encode_rsa (&key->key, key->params); if (ret < 0) { gnutls_assert (); return ret; } break; default: gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } } return _gnutls_x509_export_int (key->key, format, msg, *output_data_size, output_data, output_data_size); }
/** * gnutls_pkcs12_export: * @pkcs12: A pkcs12 type * @format: the format of output params. One of PEM or DER. * @output_data: will contain a structure PEM or DER encoded * @output_data_size: holds the size of output_data (and will be * replaced by the actual size of parameters) * * This function will export the pkcs12 structure to DER or PEM format. * * If the buffer provided is not long enough to hold the output, then * *output_data_size will be updated and GNUTLS_E_SHORT_MEMORY_BUFFER * will be returned. * * If the structure is PEM encoded, it will have a header * of "BEGIN PKCS12". * * Returns: In case of failure a negative error code will be * returned, and 0 on success. **/ int gnutls_pkcs12_export(gnutls_pkcs12_t pkcs12, gnutls_x509_crt_fmt_t format, void *output_data, size_t * output_data_size) { if (pkcs12 == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } return _gnutls_x509_export_int(pkcs12->pkcs12, format, PEM_PKCS12, output_data, output_data_size); }
/** * gnutls_x509_crl_export: * @crl: Holds the revocation list * @format: the format of output params. One of PEM or DER. * @output_data: will contain a private key PEM or DER encoded * @output_data_size: holds the size of output_data (and will * be replaced by the actual size of parameters) * * This function will export the revocation list to DER or PEM format. * * If the buffer provided is not long enough to hold the output, then * %GNUTLS_E_SHORT_MEMORY_BUFFER will be returned. * * If the structure is PEM encoded, it will have a header * of "BEGIN X509 CRL". * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. and a negative error code on failure. **/ int gnutls_x509_crl_export(gnutls_x509_crl_t crl, gnutls_x509_crt_fmt_t format, void *output_data, size_t * output_data_size) { if (crl == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } return _gnutls_x509_export_int(crl->crl, format, PEM_CRL, output_data, output_data_size); }
/** * gnutls_x509_privkey_export: * @key: Holds the key * @format: the format of output params. One of PEM or DER. * @output_data: will contain a private key PEM or DER encoded * @output_data_size: holds the size of output_data (and will be * replaced by the actual size of parameters) * * This function will export the private key to a PKCS1 structure for * RSA keys, or an integer sequence for DSA keys. The DSA keys are in * the same format with the parameters used by openssl. * * If the buffer provided is not long enough to hold the output, then * *@output_data_size is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER * will be returned. * * If the structure is PEM encoded, it will have a header * of "BEGIN RSA PRIVATE KEY". * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ int gnutls_x509_privkey_export(gnutls_x509_privkey_t key, gnutls_x509_crt_fmt_t format, void *output_data, size_t * output_data_size) { const char *msg; if (key == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } msg = set_msg(key); return _gnutls_x509_export_int(key->key, format, msg, output_data, output_data_size); }
/** * gnutls_x509_privkey_export_pkcs8: * @key: Holds the key * @format: the format of output params. One of PEM or DER. * @password: the password that will be used to encrypt the key. * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t * @output_data: will contain a private key PEM or DER encoded * @output_data_size: holds the size of output_data (and will be * replaced by the actual size of parameters) * * This function will export the private key to a PKCS8 structure. * Both RSA and DSA keys can be exported. For DSA keys we use * PKCS #11 definitions. If the flags do not specify the encryption * cipher, then the default 3DES (PBES2) will be used. * * The @password can be either ASCII or UTF-8 in the default PBES2 * encryption schemas, or ASCII for the PKCS12 schemas. * * If the buffer provided is not long enough to hold the output, then * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will * be returned. * * If the structure is PEM encoded, it will have a header * of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if * encryption is not used. * * Returns: In case of failure a negative error code will be * returned, and 0 on success. **/ int gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key, gnutls_x509_crt_fmt_t format, const char *password, unsigned int flags, void *output_data, size_t * output_data_size) { ASN1_TYPE pkcs8_asn = NULL, pkey_info; int ret; gnutls_datum_t tmp = {NULL, 0}; schema_id schema; if (key == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } /* Get the private key info * tmp holds the DER encoding. */ ret = encode_to_private_key_info(key, &tmp, &pkey_info); if (ret < 0) { gnutls_assert(); return ret; } schema = _gnutls_pkcs_flags_to_schema(flags); if (((flags & GNUTLS_PKCS_PLAIN) || password == NULL) && !(flags & GNUTLS_PKCS_NULL_PASSWORD)) { _gnutls_free_datum(&tmp); ret = _gnutls_x509_export_int(pkey_info, format, PEM_UNENCRYPTED_PKCS8, output_data, output_data_size); asn1_delete_structure2(&pkey_info, ASN1_DELETE_FLAG_ZEROIZE); } else { asn1_delete_structure2(&pkey_info, ASN1_DELETE_FLAG_ZEROIZE); /* we don't need it */ ret = encode_to_pkcs8_key(schema, &tmp, password, &pkcs8_asn); _gnutls_free_key_datum(&tmp); if (ret < 0) { gnutls_assert(); return ret; } ret = _gnutls_x509_export_int(pkcs8_asn, format, PEM_PKCS8, output_data, output_data_size); asn1_delete_structure2(&pkcs8_asn, ASN1_DELETE_FLAG_ZEROIZE); } return ret; }