HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. |  |
NAME |SYNOPSIS |ARGUMENTS |DESCRIPTION |RETURNS |SINCE |REPORTING BUGS |COPYRIGHT |SEE ALSO |COLOPHON | |
gnutls_privkey_generate2(3) gnutlsgnutls_privkey_generate2(3)gnutls_privkey_generate2 - API function
#include <gnutls/abstract.h>int gnutls_privkey_generate2(gnutls_privkey_tpkey,gnutls_pk_algorithm_talgo, unsigned intbits, unsigned intflags,const gnutls_keygen_data_st *data, unsigneddata_size);
gnutls_privkey_t pkey The private key gnutls_pk_algorithm_t algo is one of the algorithms ingnutls_pk_algorithm_t. unsigned int bits the size of the modulus unsigned int flags Must be zero or flags fromgnutls_privkey_flags_t. const gnutls_keygen_data_st * data Allow specifyinggnutls_keygen_data_sttypes such as the seed to be used. unsigned data_size The number ofdata available.
This function will generate a random private key. Note that this function must be called on an initialized private key. The flagGNUTLS_PRIVKEY_FLAG_PROVABLEinstructs the key generation process to use algorithms like Shawe-Taylor (from FIPS PUB186-4) which generate provable parameters out of a seed for RSA and DSA keys. On DSA keys the PQG parameters are generated using the seed, while on RSA the two primes. To specify an explicit seed (by default a random seed is used), use thedata with aGNUTLS_KEYGEN_SEEDtype. Note that when generating an elliptic curve key, the curve can be substituted in the place of the bits parameter using theGNUTLS_CURVE_TO_BITS()macro. To export the generated keys in memory or in files it is recommended to use the PKCS8form as it can handle all key types, and can store additional parameters such as the seed, in case of provable RSA or DSA keys. Generated keys can be exported in memory usinggnutls_privkey_export_x509(), and then withgnutls_x509_privkey_export2_pkcs8(). If key generation is part of your application, avoid setting the number of bits directly, and instead usegnutls_sec_param_to_pk_bits(). That way the generated keys will adapt to the security levels of the underlying GnuTLS library.
On success,GNUTLS_E_SUCCESS(0) is returned, otherwise a negative error value.
3.5.0
Report bugs to <bugs@gnutls.org>. Home page:https://www.gnutls.org
Copyright © 2001-2023 Free Software Foundation, Inc., and others. Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.
The full documentation forgnutlsis maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visithttps://www.gnutls.org/manual/
This page is part of theGnuTLS (GnuTLS Transport Layer Security Library) project. Information about the project can be found at ⟨http://www.gnutls.org/⟩. If you have a bug report for this manual page, send it to bugs@gnutls.org. This page was obtained from the tarball fetched from ⟨https://www.gnupg.org/ftp/gcrypt/gnutls/⟩ on 2025-08-11. If you discover any rendering problems in this HTML version of the page, or you believe there is a better or more up-to-date source for the page, or you have corrections or improvements to the information in this COLOPHON (which isnot part of the original manual page), send a mail to man-pages@man7.orggnutls 3.8.10gnutls_privkey_generate2(3)HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. | |