1 2 3 4 5@deftypefun {int} {gnutls_certificate_set_rawpk_key_file} (gnutls_certificate_credentials_t @var{cred}, const char* @var{rawpkfile}, const char* @var{privkeyfile}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{pass}, unsigned int @var{key_usage}, const char ** @var{names}, unsigned int @var{names_length}, unsigned int @var{privkey_flags}, unsigned int @var{pkcs11_flags}) 6@var{cred}: is a @code{gnutls_certificate_credentials_t} type. 7 8@var{rawpkfile}: contains a raw public key in 9PKIX.SubjectPublicKeyInfo format. 10 11@var{privkeyfile}: contains a file path to a private key. 12 13@var{format}: encoding of the keys. DER or PEM. 14 15@var{pass}: an optional password to unlock the private key privkeyfile. 16 17@var{key_usage}: an ORed sequence of @code{GNUTLS_KEY_} * flags. 18 19@var{names}: is an array of DNS names belonging to the public-key (NULL if none). 20 21@var{names_length}: holds the length of the names list. 22 23@var{privkey_flags}: an ORed sequence of @code{gnutls_pkcs_encrypt_flags_t} . 24These apply to the private key pkey. 25 26@var{pkcs11_flags}: one of gnutls_pkcs11_obj_flags. These apply to URLs. 27 28This function sets a public/private keypair read from file in the 29@code{gnutls_certificate_credentials_t} type to be used for authentication 30and/or encryption. @code{spki} and @code{privkey} should match otherwise set 31signatures cannot be validated. In case of no match this function 32returns @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} . This function should 33be called once for the client because there is currently no mechanism 34to determine which raw public-key to select for the peer when there 35are multiple present. Multiple raw public keys for the server can be 36distinghuished by setting the @code{names} . 37 38Note here that @code{spki} is a raw public-key as defined 39in RFC7250. It means that there is no surrounding certificate that 40holds the public key and that there is therefore no direct mechanism 41to prove the authenticity of this key. The keypair can be used during 42a TLS handshake but its authenticity should be established via a 43different mechanism (e.g. TOFU or known fingerprint). 44 45The supported formats are basic unencrypted key, PKCS8, PKCS12, 46and the openssl format and will be autodetected. 47 48If the raw public-key and the private key are given in PEM encoding 49then the strings that hold their values must be null terminated. 50 51Key usage (as defined by X.509 extension (2.5.29.15)) can be explicitly 52set because there is no certificate structure around the key to define 53this value. See for more info @code{gnutls_x509_crt_get_key_usage()} . 54 55Note that, this function by default returns zero on success and a 56negative value on error. Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} 57is set using @code{gnutls_certificate_set_flags()} it returns an index 58(greater or equal to zero). That index can be used in other functions 59to refer to the added key-pair. 60 61@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, in case the 62key pair does not match @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} is returned, 63in other erroneous cases a different negative error code is returned. 64 65@strong{Since:} 3.6.6 66@end deftypefun 67