[gnutls-devel] [PATCH] add pubkey export from private key in pkcs11 subsystem

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Aug 6 15:59:18 CEST 2014

>>>> gnutls_pkcs11_privkey_get_pubkey (const char* url, gnutls_pk_algorithm_t pk,
>>>>                                  gnutls_x509_crt_fmt_t fmt,
>>>>                                  gnutls_datum_t * pubkey,
>>>>                                  unsigned int flags)
>>> The pk parameter looks a bit awkward. Wouldn't it be straightforward
>>> to omit it, and use gnutls_pkcs11_privkey_get_pk_algorithm() to obtain
>>> it on demand?
>> I changed it accordingly. Furthermore, I added the functionality to
>> p11tool. See the attached patches.

After some consideration I modified the prototype to accept a
gnutls_pkcs11_privkey_t instead of directly the URL. That would ease
usage when a private key is already imported, at a small inconvenience
otherwise. The new prototype being (renamed to export for

gnutls_pkcs11_privkey_export_pubkey (gnutls_pkcs11_privkey_t pkey,
                              gnutls_x509_crt_fmt_t fmt,
                              gnutls_datum_t * pubkey,
                              unsigned int flags);


More information about the Gnutls-devel mailing list