/** * gnutls_privkey_set_flags: * @key: A key of type #gnutls_privkey_t * @flags: flags from the %gnutls_privkey_flags * * This function will set flags for the specified private key, after * it is generated. Currently this is useful for the %GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT * to allow exporting a "provable" private key in backwards compatible way. * * Since: 3.5.0 * **/ void gnutls_privkey_set_flags(gnutls_privkey_t key, unsigned int flags) { key->flags |= flags; if (key->type == GNUTLS_PRIVKEY_X509) gnutls_x509_privkey_set_flags(key->key.x509, flags); }
void print_private_key(FILE *outfile, common_info_st * cinfo, gnutls_x509_privkey_t key) { int ret; size_t size; if (!key) return; if (!cinfo->pkcs8) { /* Only print private key parameters when an unencrypted * format is used */ if (cinfo->outcert_format == GNUTLS_X509_FMT_PEM) privkey_info_int(outfile, cinfo, key); size = lbuffer_size; ret = gnutls_x509_privkey_export(key, cinfo->outcert_format, lbuffer, &size); if (ret < 0) { fprintf(stderr, "privkey_export: %s\n", gnutls_strerror(ret)); exit(1); } if (cinfo->no_compat == 0 && gnutls_x509_privkey_get_seed(key, NULL, NULL, 0) != GNUTLS_E_INVALID_REQUEST) { gnutls_x509_privkey_set_flags(key, GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT); fwrite(lbuffer, 1, size, outfile); size = lbuffer_size; ret = gnutls_x509_privkey_export(key, cinfo->outcert_format, lbuffer, &size); if (ret < 0) { fprintf(stderr, "privkey_export: %s\n", gnutls_strerror(ret)); exit(1); } } } else { unsigned int flags = 0; const char *pass; pass = get_password(cinfo, &flags, 0); flags |= cipher_to_flags(cinfo->pkcs_cipher); size = lbuffer_size; ret = gnutls_x509_privkey_export_pkcs8(key, cinfo->outcert_format, pass, flags, lbuffer, &size); if (ret < 0) { fprintf(stderr, "privkey_export_pkcs8: %s\n", gnutls_strerror(ret)); exit(1); } } fwrite(lbuffer, 1, size, outfile); }