Next: Application-specific keys, Up: Hardware security modules and abstract key types [Contents][Index]
Since there are many forms of a public or private keys supported by GnuTLS such as
X.509, PKCS #11 or TPM it is desirable to allow common operations
on them. For these reasons the abstract gnutls_privkey_t and gnutls_pubkey_t were
introduced in gnutls/abstract.h header. Those types are initialized using a specific type of
key and then can be used to perform operations in an abstract way. For example in order
to sign an X.509 certificate with a key that resides in a token the following steps can be
used.
#include <gnutls/abstract.h>
void sign_cert( gnutls_x509_crt_t to_be_signed)
{
gnutls_x509_crt_t ca_cert;
gnutls_privkey_t abs_key;
/* initialize the abstract key */
gnutls_privkey_init(&abs_key);
/* keys stored in tokens are identified by URLs */
gnutls_privkey_import_url(abs_key, key_url);
gnutls_x509_crt_init(&ca_cert);
gnutls_x509_crt_import_url(&ca_cert, cert_url);
/* sign the certificate to be signed */
gnutls_x509_crt_privkey_sign(to_be_signed, ca_cert, abs_key,
GNUTLS_DIG_SHA256, 0);
}
| • Abstract public keys | ||
| • Abstract private keys | ||
| • Operations |