gnutls_privkey_generate2(3)          gnutls          gnutls_privkey_generate2(3)

       gnutls_privkey_generate2 - API function

       #include <gnutls/abstract.h>

       int gnutls_privkey_generate2(gnutls_privkey_t pkey, gnutls_pk_algorithm_t
       algo, unsigned int bits, unsigned int flags, const gnutls_keygen_data_st
       * data, unsigned data_size);

       gnutls_privkey_t pkey
                   The private key

       gnutls_pk_algorithm_t algo
                   is one of the algorithms in gnutls_pk_algorithm_t.

       unsigned int bits
                   the size of the modulus

       unsigned int flags
                   Must be zero or flags from gnutls_privkey_flags_t.

       const gnutls_keygen_data_st * data
                   Allow specifying gnutls_keygen_data_st types such as the seed
                   to be used.

       unsigned data_size
                   The number of  data available.

       This function will generate a random private key. Note that this function
       must be called on an initialized private key.

       The flag GNUTLS_PRIVKEY_FLAG_PROVABLE instructs the key generation
       process to use algorithms like Shawe-Taylor (from FIPS PUB186-4) which
       generate provable parameters out of a seed for RSA and DSA keys. On DSA
       keys the PQG parameters are generated using the seed, while on RSA the
       two primes. To specify an explicit seed (by default a random seed is
       used), use the  data with a GNUTLS_KEYGEN_SEED type.

       Note that when generating an elliptic curve key, the curve can be
       substituted in the place of the bits parameter using the
       GNUTLS_CURVE_TO_BITS() macro.

       To export the generated keys in memory or in files it is recommended to
       use the PKCS8 form as it can handle all key types, and can store
       additional parameters such as the seed, in case of provable RSA or DSA
       keys.  Generated keys can be exported in memory using
       gnutls_privkey_export_x509(), and then with

       If key generation is part of your application, avoid setting the number
       of bits directly, and instead use gnutls_sec_param_to_pk_bits().  That
       way the generated keys will adapt to the security levels of the
       underlying GnuTLS library.

       On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error


       Report bugs to <>.
       Home page:

       Copyright © 2001-2020 Free Software Foundation, Inc., and others.
       Copying and distribution of this file, with or without modification, are
       permitted in any medium without royalty provided the copyright notice and
       this notice are preserved.

       The full documentation for gnutls is maintained as a Texinfo manual.  If
       the /usr/share/doc/gnutls/ directory does not contain the HTML form visit

gnutls                               3.6.13          gnutls_privkey_generate2(3)