5.4.2 Key generation

All keys used by the TPM must be generated by the TPM. This can be done using gnutls_tpm_privkey_generate.

Function: int gnutls_tpm_privkey_generate (gnutls_pk_algorithm_t pk, unsigned int bits, const char * srk_password, const char * key_password, gnutls_tpmkey_fmt_t format, gnutls_x509_crt_fmt_t pub_format, gnutls_datum_t * privkey, gnutls_datum_t * pubkey, unsigned int flags)

pk: the public key algorithm

bits: the security bits

srk_password: a password to protect the exported key (optional)

key_password: the password for the TPM (optional)

format: the format of the private key

pub_format: the format of the public key

privkey: the generated key

pubkey: the corresponding public key (may be null)

flags: should be a list of GNUTLS_TPM_* flags

This function will generate a private key in the TPM chip. The private key will be generated within the chip and will be exported in a wrapped with TPM’s master key form. Furthermore the wrapped key can be protected with the provided password .

Note that bits in TPM is quantized value. If the input value is not one of the allowed values, then it will be quantized to one of 512, 1024, 2048, 4096, 8192 and 16384.

Allowed flags are:

Returns: On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.

Since: 3.1.0

int gnutls_tpm_get_registered (gnutls_tpm_key_list_t * list)

void gnutls_tpm_key_list_deinit (gnutls_tpm_key_list_t list)

int gnutls_tpm_key_list_get_url (gnutls_tpm_key_list_t list, unsigned int idx, char ** url, unsigned int flags)

Function: int gnutls_tpm_privkey_delete (const char * url, const char * srk_password)

url: the URL describing the key

srk_password: a password for the SRK key

This function will unregister the private key from the TPM chip.

Returns: On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.

Since: 3.1.0