The data to store the parsed key
const gnutls_datum_t * data
The DER or PEM encoded key.
One of DER or PEM
const char * password
the password to decrypt the key (if it is encrypted).
unsigned int flags
0 if encrypted or GNUTLS_PKCS_PLAIN if not encrypted.
This function will convert the given DER or PEM encoded PKCS8 2.0
encrypted key to the native gnutls_x509_privkey_t format. The
output will be stored in key . Both RSA and DSA keys can be
imported, and flags can only be used to indicate an unencrypted
The password can be either ASCII or UTF-8 in the default PBES2
encryption schemas, or ASCII for the PKCS12 schemas.
If the Certificate is PEM encoded it should have a header of
"ENCRYPTED PRIVATE KEY", or "PRIVATE KEY". You only need to
specify the flags if the key is DER encoded, since in that case
the encryption status cannot be auto-detected.
If the GNUTLS_PKCS_PLAIN flag is specified and the supplied data
are encrypted then GNUTLS_E_DECRYPTION_FAILED is returned.
This page is part of the GnuTLS (GnuTLS Transport Layer Security
Library) project. Information about the project can be found at
⟨http://www.gnutls.org/⟩. If you have a bug report for this
manual page, send it to email@example.com. This page was obtained
from the tarball gnutls-3.7.1.tar.xz fetched from
⟨http://www.gnutls.org/download.html⟩ on 2021-04-01. If you
discover any rendering problems in this HTML version of the page,
or you believe there is a better or more up-to-date source for
the page, or you have corrections or improvements to the
information in this COLOPHON (which is not part of the original
manual page), send a mail to firstname.lastname@example.org