summaryrefslogtreecommitdiffstats
path: root/doc/functions/gnutls_privkey_generate2
diff options
context:
space:
mode:
Diffstat (limited to 'doc/functions/gnutls_privkey_generate2')
-rw-r--r--doc/functions/gnutls_privkey_generate248
1 files changed, 48 insertions, 0 deletions
diff --git a/doc/functions/gnutls_privkey_generate2 b/doc/functions/gnutls_privkey_generate2
new file mode 100644
index 0000000..93c1ee9
--- /dev/null
+++ b/doc/functions/gnutls_privkey_generate2
@@ -0,0 +1,48 @@
+
+
+
+
+@deftypefun {int} {gnutls_privkey_generate2} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}, const gnutls_keygen_data_st * @var{data}, unsigned @var{data_size})
+@var{pkey}: The private key
+
+@var{algo}: is one of the algorithms in @code{gnutls_pk_algorithm_t} .
+
+@var{bits}: the size of the modulus
+
+@var{flags}: Must be zero or flags from @code{gnutls_privkey_flags_t} .
+
+@var{data}: Allow specifying @code{gnutls_keygen_data_st} types such as the seed to be used.
+
+@var{data_size}: The number of @code{data} available.
+
+This function will generate a random private key. Note that this
+function must be called on an initialized private key.
+
+The flag @code{GNUTLS_PRIVKEY_FLAG_PROVABLE}
+instructs the key generation process to use algorithms like Shawe-Taylor
+(from FIPS PUB186-4) which generate provable parameters out of a seed
+for RSA and DSA keys. On DSA keys the PQG parameters are generated using the
+seed, while on RSA the two primes. To specify an explicit seed
+(by default a random seed is used), use the @code{data} with a @code{GNUTLS_KEYGEN_SEED}
+type.
+
+Note that when generating an elliptic curve key, the curve
+can be substituted in the place of the bits parameter using the
+@code{GNUTLS_CURVE_TO_BITS()} macro.
+
+To export the generated keys in memory or in files it is recommended to use the
+PKCS@code{8} form as it can handle all key types, and can store additional parameters
+such as the seed, in case of provable RSA or DSA keys.
+Generated keys can be exported in memory using @code{gnutls_privkey_export_x509()} ,
+and then with @code{gnutls_x509_privkey_export2_pkcs8()} .
+
+If key generation is part of your application, avoid setting the number
+of bits directly, and instead use @code{gnutls_sec_param_to_pk_bits()} .
+That way the generated keys will adapt to the security levels
+of the underlying GnuTLS library.
+
+@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
+negative error value.
+
+@strong{Since:} 3.5.0
+@end deftypefun