[gnutls-devel] system-keys API

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Fri Nov 28 16:07:17 CET 2014

On Fri, Nov 28, 2014 at 3:50 PM, Martin Paljak <martin at martinpaljak.net> wrote:
> OSX Keychain ?

Do you know if that can be used by a C library?

> Does this retrieve the actual plaintext DER? What if smart cards are
> behind the system API?

The iterator function
gnutls_system_key_iter_get_info(gnutls_system_key_iter_t *iter,
                   char **cert_url,
                   char **key_url,
                   char **label,
                   gnutls_datum_t *der,
                   unsigned int flags);

returns URLs of the certificate and the key, something like:
"system:win:xxxxxxxxxx;type=cert" and "system:win:xxxxxxxxxx;type=privkey"

The @der parameter is to get the certificate. The API assumes that private keys
are not available. Reportedly, using this API openconnect-gui [0]
works with smart
cards on windows.


[0]. https://github.com/openconnect/openconnect-gui/wiki

More information about the Gnutls-devel mailing list