/** * gnutls_certificate_get_x509_key: * @res: is a #gnutls_certificate_credentials_t type. * @index: The index of the key to obtain. * @key: Location to store the key. * * Obtains a X.509 private key that has been stored in @res with one of * gnutls_certificate_set_x509_key(), gnutls_certificate_set_key(), * gnutls_certificate_set_x509_key_file(), * gnutls_certificate_set_x509_key_file2(), * gnutls_certificate_set_x509_key_mem(), or * gnutls_certificate_set_x509_key_mem2(). The returned key must be deallocated * with gnutls_x509_privkey_deinit() when no longer needed. * * The @index matches the return value of gnutls_certificate_set_x509_key() and friends * functions, when the %GNUTLS_CERTIFICATE_API_V2 flag is set. * * If there is no key with the given index, * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. If the key with the * given index is not a X.509 key, %GNUTLS_E_INVALID_REQUEST is returned. * * Returns: %GNUTLS_E_SUCCESS (0) on success, or a negative error code. * * Since: 3.4.0 */ int gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res, unsigned index, gnutls_x509_privkey_t *key) { if (index >= res->ncerts) { gnutls_assert(); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } return gnutls_privkey_export_x509(res->certs[index].pkey, key); }
static int dcrypt_gnutls_store_private_key(struct dcrypt_private_key *key, const char *cipher, buffer_t *destination, dcrypt_password_cb *cb, void *ctx, const char **error_r) { gnutls_privkey_t priv = (gnutls_privkey_t)key; gnutls_x509_privkey_t xkey; gnutls_privkey_export_x509(priv, &xkey); /* then export PEM */ size_t outl = 0; gnutls_x509_privkey_export_pkcs8(xkey, GNUTLS_X509_FMT_PEM, NULL, 0, NULL, &outl); char buffer[outl]; gnutls_x509_privkey_export_pkcs8(xkey, GNUTLS_X509_FMT_PEM, NULL, 0, buffer, &outl); buffer_append(destination, buffer, outl); memset(buffer, 0, sizeof(buffer)); return 0; }
static int _gnutls_privkey_export2_pkcs8(gnutls_privkey_t key, gnutls_x509_crt_fmt_t f, const char *password, unsigned flags, gnutls_datum_t *out) { gnutls_x509_privkey_t xkey; int ret; ret = gnutls_privkey_export_x509(key, &xkey); if (ret < 0) fail("error in gnutls_privkey_export_x509\n"); assert(gnutls_x509_privkey_fix(xkey)>=0); ret = gnutls_x509_privkey_export2_pkcs8(xkey, f, password, 0, out); gnutls_x509_privkey_deinit(xkey); return ret; }