void
print_private_key(FILE *outfile, common_info_st * cinfo, gnutls_x509_privkey_t key)
{
int ret;
size_t size;
if (!key)
return;
if (!cinfo->pkcs8) {
/* Only print private key parameters when an unencrypted
* format is used */
if (cinfo->outcert_format == GNUTLS_X509_FMT_PEM)
privkey_info_int(outfile, cinfo, key);
size = lbuffer_size;
ret = gnutls_x509_privkey_export(key, cinfo->outcert_format,
lbuffer, &size);
if (ret < 0) {
fprintf(stderr, "privkey_export: %s\n",
gnutls_strerror(ret));
exit(1);
}
if (cinfo->no_compat == 0 && gnutls_x509_privkey_get_seed(key, NULL, NULL, 0) != GNUTLS_E_INVALID_REQUEST) {
gnutls_x509_privkey_set_flags(key, GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT);
fwrite(lbuffer, 1, size, outfile);
size = lbuffer_size;
ret = gnutls_x509_privkey_export(key, cinfo->outcert_format,
lbuffer, &size);
if (ret < 0) {
fprintf(stderr, "privkey_export: %s\n",
gnutls_strerror(ret));
exit(1);
}
}
} else {
unsigned int flags = 0;
const char *pass;
pass = get_password(cinfo, &flags, 0);
flags |= cipher_to_flags(cinfo->pkcs_cipher);
size = lbuffer_size;
ret =
gnutls_x509_privkey_export_pkcs8(key, cinfo->outcert_format,
pass, flags, lbuffer,
&size);
if (ret < 0) {
fprintf(stderr, "privkey_export_pkcs8: %s\n",
gnutls_strerror(ret));
exit(1);
}
}
fwrite(lbuffer, 1, size, outfile);
}
/**
* gnutls_privkey_get_seed:
* @key: should contain a #gnutls_privkey_t type
* @digest: if non-NULL it will contain the digest algorithm used for key generation (if applicable)
* @seed: where seed will be copied to
* @seed_size: originally holds the size of @seed, will be updated with actual size
*
* This function will return the seed that was used to generate the
* given private key. That function will succeed only if the key was generated
* as a provable key.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* Since: 3.5.0
**/
int gnutls_privkey_get_seed(gnutls_privkey_t key, gnutls_digest_algorithm_t *digest, void *seed, size_t *seed_size)
{
if (key->type != GNUTLS_PRIVKEY_X509)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
return gnutls_x509_privkey_get_seed(key->key.x509, digest, seed, seed_size);
}
static void privkey_info_int(FILE *outfile, common_info_st * cinfo,
gnutls_x509_privkey_t key)
{
int ret, key_type;
unsigned int bits = 0;
size_t size;
const char *cprint;
/* Public key algorithm
*/
fprintf(outfile, "Public Key Info:\n");
ret = gnutls_x509_privkey_get_pk_algorithm2(key, &bits);
fprintf(outfile, "\tPublic Key Algorithm: ");
key_type = ret;
cprint = gnutls_pk_algorithm_get_name(key_type);
fprintf(outfile, "%s\n", cprint ? cprint : "Unknown");
fprintf(outfile, "\tKey Security Level: %s (%u bits)\n\n",
gnutls_sec_param_get_name(gnutls_x509_privkey_sec_param
(key)), bits);
/* Print the raw public and private keys
*/
if (key_type == GNUTLS_PK_RSA) {
gnutls_datum_t m, e, d, p, q, u, exp1, exp2;
ret =
gnutls_x509_privkey_export_rsa_raw2(key, &m, &e, &d,
&p, &q, &u, &exp1,
&exp2);
if (ret < 0)
fprintf(stderr,
"Error in key RSA data export: %s\n",
gnutls_strerror(ret));
else {
print_rsa_pkey(outfile, &m, &e, &d, &p, &q, &u,
&exp1, &exp2, cinfo->cprint);
gnutls_free(m.data);
gnutls_free(e.data);
gnutls_free(d.data);
gnutls_free(p.data);
gnutls_free(q.data);
gnutls_free(u.data);
gnutls_free(exp1.data);
gnutls_free(exp2.data);
}
} else if (key_type == GNUTLS_PK_DSA) {
gnutls_datum_t p, q, g, y, x;
ret =
gnutls_x509_privkey_export_dsa_raw(key, &p, &q, &g, &y,
&x);
if (ret < 0)
fprintf(stderr,
"Error in key DSA data export: %s\n",
gnutls_strerror(ret));
else {
print_dsa_pkey(outfile, &x, &y, &p, &q, &g,
cinfo->cprint);
gnutls_free(x.data);
gnutls_free(y.data);
gnutls_free(p.data);
gnutls_free(q.data);
gnutls_free(g.data);
}
} else if (key_type == GNUTLS_PK_EC) {
gnutls_datum_t y, x, k;
gnutls_ecc_curve_t curve;
ret =
gnutls_x509_privkey_export_ecc_raw(key, &curve, &x, &y,
&k);
if (ret < 0)
fprintf(stderr,
"Error in key ECC data export: %s\n",
gnutls_strerror(ret));
else {
cprint = gnutls_ecc_curve_get_name(curve);
bits = 0;
print_ecc_pkey(outfile, curve, &k, &x, &y,
cinfo->cprint);
gnutls_free(x.data);
gnutls_free(y.data);
gnutls_free(k.data);
}
}
fprintf(outfile, "\n");
size = lbuffer_size;
ret = gnutls_x509_privkey_get_seed(key, NULL, lbuffer, &size);
if (ret >= 0) {
fprintf(outfile, "Seed: %s\n",
raw_to_string(lbuffer, size));
}
size = lbuffer_size;
ret =
gnutls_x509_privkey_get_key_id(key, GNUTLS_KEYID_USE_SHA256, lbuffer, &size);
if (ret < 0) {
fprintf(stderr, "Error in key id calculation: %s\n",
gnutls_strerror(ret));
} else {
gnutls_datum_t art;
fprintf(outfile, "Public Key ID:\n\tsha256:%s\n",
raw_to_string(lbuffer, size));
size = lbuffer_size;
ret =
gnutls_x509_privkey_get_key_id(key, GNUTLS_KEYID_USE_SHA1, lbuffer, &size);
if (ret >= 0) {
fprintf(outfile, "\tsha1:%s\n",
raw_to_string(lbuffer, size));
}
ret =
gnutls_random_art(GNUTLS_RANDOM_ART_OPENSSH, cprint,
bits, lbuffer, size, &art);
if (ret >= 0) {
fprintf(outfile, "Public key's random art:\n%s\n",
art.data);
gnutls_free(art.data);
}
}
fprintf(outfile, "\n");
}
