PKI Token
From OpenCA Labs WiKi
[edit]
The PKI_TOKEN
The library introduces the concept of PKI_TOKEN, an "object" that provides several functions to operate with crypto data structures. The PKI_TOKEN interface provides functionality to:
- Manage Keypair
- Generating new X.509 requests
- Generating Self Signed certificates
- Issuing new certificates
- Validating ceritificates
[edit]
Generating a new PKI_TOKEN
To generate a new PKI_TOKEN use the function PKI_TOKEN_new() as in the following example:
#include <libpki/pki.h>
int main () {
PKI_TOKEN *tk = NULL;
tk = PKI_TOKEN_new();
if( tk == NULL ) {
printf("ERROR, can not generate a new PKI_TOKEN!\n");
return(1);
}
}
[edit]
Generating a KEYPAIR within a PKI_TOKEN
In order to generate a new KEYPAIR to be used by the PKI_TOKEN set the scheme to be used by the token by using PKI_TOKEN_set_scheme() and then use PKI_TOKEN_new_keypair() to generate the new key:
#include <libpki/pki.h>
int main () {
PKI_TOKEN *tk = NULL;
tk = PKI_TOKEN_new();
if( tk == NULL ) {
printf("ERROR, can not generate a new PKI_TOKEN!\n");
return(1);
}
/* Set the scheme to be used, supported are PKI_SCHEME_RSA, PKI_SCHEME_DSA and
* PKI_SCHEME_ECDSA (if the cryptographic provider supports those schemes) */
if((PKI_TOKEN_set_scheme ( tk, PKI_SCHEME_ECDSA )) == PKI_ERR ) {
printf("ERROR, can not set the crypto scheme!\n");
return (1);
}
/* Now let's generate the new Key Pair */
if((PKI_TOKEN_new_keypair ( tk, bits )) == PKI_ERR) {
printf("ERROR, can not generate new keypair!\n");
return (1);
}
/* Everything is ok here */
return(0);
}
