man7.org > Linux > man-pages

Linux/UNIX system programming training

gnutls_certificate_set_rawpk_key_mem(3) — Linux manual page

NAME | SYNOPSIS | ARGUMENTS | DESCRIPTION | RETURNS | SINCE | REPORTING BUGS | COPYRIGHT | SEE ALSO | COLOPHON 

gnutls_certif...rawpk_key_mem(3)  gnutls gnutls_certif...rawpk_key_mem(3)

NAME         top

       gnutls_certificate_set_rawpk_key_mem - API function

SYNOPSIS         top

       #include <gnutls/gnutls.h>

       int
       gnutls_certificate_set_rawpk_key_mem(gnutls_certificate_credentials_t
       cred, const gnutls_datum_t * spki, const gnutls_datum_t * pkey,
       gnutls_x509_crt_fmt_t format, const char * pass, unsigned int
       key_usage, const char ** names, unsigned int names_length,
       unsigned int flags);

ARGUMENTS         top

       gnutls_certificate_credentials_t cred
                   is a gnutls_certificate_credentials_t type.

       const gnutls_datum_t * spki
                   contains a raw public key in PKIX.SubjectPublicKeyInfo
                   format.

       const gnutls_datum_t * pkey
                   contains a raw private key.

       gnutls_x509_crt_fmt_t format
                   encoding of the keys. DER or PEM.

       const char * pass
                   an optional password to unlock the private key pkey.

       unsigned int key_usage
                   An ORed sequence of GNUTLS_KEY_* flags.

       const char ** names
                   is an array of DNS names belonging to the public-key
                   (NULL if none).

       unsigned int names_length
                   holds the length of the names list.

       unsigned int flags
                   an ORed sequence of gnutls_pkcs_encrypt_flags_t.
                   These apply to the private key pkey.

DESCRIPTION         top

       This function sets a public/private keypair in the
       gnutls_certificate_credentials_t type to be used for
       authentication and/or encryption.  spki and  privkey should match
       otherwise set signatures cannot be validated. In case of no match
       this function returns GNUTLS_E_CERTIFICATE_KEY_MISMATCH. This
       function should be called once for the client because there is
       currently no mechanism to determine which raw public-key to select
       for the peer when there are multiple present. Multiple raw public
       keys for the server can be distinghuished by setting the  names .

       Note here that  spki is a raw public-key as defined in RFC7250. It
       means that there is no surrounding certificate that holds the
       public key and that there is therefore no direct mechanism to
       prove the authenticity of this key. The keypair can be used during
       a TLS handshake but its authenticity should be established via a
       different mechanism (e.g. TOFU or known fingerprint).

       The supported formats are basic unencrypted key, PKCS8, PKCS12,
       and the openssl format and will be autodetected.

       If the raw public-key and the private key are given in PEM
       encoding then the strings that hold their values must be null
       terminated.

       Key usage (as defined by X.509 extension (2.5.29.15)) can be
       explicitly set because there is no certificate structure around
       the key to define this value. See for more info
       gnutls_x509_crt_get_key_usage().

       Note that, this function by default returns zero on success and a
       negative value on error. Since 3.5.6, when the flag
       GNUTLS_CERTIFICATE_API_V2 is set using
       gnutls_certificate_set_flags() it returns an index (greater or
       equal to zero). That index can be used in other functions to refer
       to the added key-pair.

RETURNS         top

       On success, GNUTLS_E_SUCCESS (0) is returned, in case the key pair
       does not match GNUTLS_E_CERTIFICATE_KEY_MISMATCH is returned, in
       other erroneous cases a different negative error code is returned.

SINCE         top

       3.6.6

REPORTING BUGS         top

       Report bugs to <bugs@gnutls.org>.
       Home page: https://www.gnutls.org

COPYRIGHT         top

       Copyright © 2001-2023 Free Software Foundation, Inc., and others.
       Copying and distribution of this file, with or without
       modification, are permitted in any medium without royalty provided
       the copyright notice and this notice are preserved.

SEE ALSO         top

       The full documentation for gnutls is maintained as a Texinfo
       manual.  If the /usr/share/doc/gnutls/ directory does not contain
       the HTML form visit

       https://www.gnutls.org/manual/

COLOPHON         top

       This page is part of the GnuTLS (GnuTLS Transport Layer Security
       Library) project.  Information about the project can be found at
       ⟨http://www.gnutls.org/⟩.  If you have a bug report for this
       manual page, send it to bugs@gnutls.org.  This page was obtained
       from the tarball fetched from
       ⟨https://www.gnupg.org/ftp/gcrypt/gnutls/⟩ on 2025-08-11.  If you
       discover any rendering problems in this HTML version of the page,
       or you believe there is a better or more up-to-date source for the
       page, or you have corrections or improvements to the information
       in this COLOPHON (which is not part of the original manual page),
       send a mail to man-pages@man7.org

gnutls                            3.8.10 gnutls_certif...rawpk_key_mem(3)

HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface.

For details of in-depth Linux/UNIX system programming training courses that I teach, look here.

Hosting by jambit GmbH.

Cover of TLPI