/**
* gnutls_privkey_set_flags:
* @key: A key of type #gnutls_privkey_t
* @flags: flags from the %gnutls_privkey_flags
*
* This function will set flags for the specified private key, after
* it is generated. Currently this is useful for the %GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT
* to allow exporting a "provable" private key in backwards compatible way.
*
* Since: 3.5.0
*
**/
void gnutls_privkey_set_flags(gnutls_privkey_t key,
unsigned int flags)
{
key->flags |= flags;
if (key->type == GNUTLS_PRIVKEY_X509)
gnutls_x509_privkey_set_flags(key->key.x509, flags);
}
void
print_private_key(FILE *outfile, common_info_st * cinfo, gnutls_x509_privkey_t key)
{
int ret;
size_t size;
if (!key)
return;
if (!cinfo->pkcs8) {
/* Only print private key parameters when an unencrypted
* format is used */
if (cinfo->outcert_format == GNUTLS_X509_FMT_PEM)
privkey_info_int(outfile, cinfo, key);
size = lbuffer_size;
ret = gnutls_x509_privkey_export(key, cinfo->outcert_format,
lbuffer, &size);
if (ret < 0) {
fprintf(stderr, "privkey_export: %s\n",
gnutls_strerror(ret));
exit(1);
}
if (cinfo->no_compat == 0 && gnutls_x509_privkey_get_seed(key, NULL, NULL, 0) != GNUTLS_E_INVALID_REQUEST) {
gnutls_x509_privkey_set_flags(key, GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT);
fwrite(lbuffer, 1, size, outfile);
size = lbuffer_size;
ret = gnutls_x509_privkey_export(key, cinfo->outcert_format,
lbuffer, &size);
if (ret < 0) {
fprintf(stderr, "privkey_export: %s\n",
gnutls_strerror(ret));
exit(1);
}
}
} else {
unsigned int flags = 0;
const char *pass;
pass = get_password(cinfo, &flags, 0);
flags |= cipher_to_flags(cinfo->pkcs_cipher);
size = lbuffer_size;
ret =
gnutls_x509_privkey_export_pkcs8(key, cinfo->outcert_format,
pass, flags, lbuffer,
&size);
if (ret < 0) {
fprintf(stderr, "privkey_export_pkcs8: %s\n",
gnutls_strerror(ret));
exit(1);
}
}
fwrite(lbuffer, 1, size, outfile);
}
