Namespace
Gcr – 3
GObject and GUI library for high level crypto handling
Dependencies
GObject—2.0 | The base type system library |
Browse documentation | |
Gio—2.0 | GObject interfaces and objects |
Browse documentation | |
Gck—1 | GObject bindings for PKCS#11 |
Browse documentation |
Classes
CertificateChain | Represents a chain of certificates, normally used to validate the trust in a certificate. An X.509 certificate chain has one endpoint certificate (the one for which trust is being verified) and then in turn the certificate that issued each previous certificate in the chain. |
CertificateRequest | An object that allows creation of certificate requests. A certificate request is sent to a certificate authority to request an X.509 certificate. |
FilterCollection | A collection which filters a |
Parser | A parser for parsing various types of files or data. |
Pkcs11Certificate | A certificate loaded from a PKCS#11 storage.
It is also a valid |
SecretExchange | Allows exchange of secrets between two processes on the same system without exposing those secrets to things like loggers, non-pageable memory etc. |
SimpleCertificate | An implementation of |
SimpleCollection | A simple implementation of |
SshAskpass | When used as the setup function while spawning an ssh command like ssh-add or ssh, this allows callbacks for passwords on the provided interaction. |
SystemPrompt | A |
SystemPrompter | A prompter used by implementations of system prompts. |
UnionCollection | An implementation of |
Interfaces
Certificate | An interface that represents an X.509 certificate. |
Collection | A |
Comparable | An interface for comparing objects. |
Importer | An interface which allows importing of certificates and keys. Each importer is registered with a set of PKCS#11 attributes to match stuff that it can import. |
ImportInteraction | This is an interface implemented by a caller performing an import. It allows the importer to ask the caller for further information about the import. |
Prompt | A prompt displayed to the user. It is an interface with various implementations. |
Enumerations
CertificateChainStatus | The status of a built certificate chain. Will be set to
|
CertificateRequestFormat | The format of a certificate request. Currently only PKCS#10 is supported. |
DataError | Values responding to error codes for parsing and serializing data. |
DataFormat | The various format identifiers. |
PromptReply | Various replies returned by |
SystemPrompterMode | The mode for the system prompter. Most system prompters can only show
one prompt at a time and would use the |
SystemPromptError | No error returned by the |
Bitfields
CertificateChainFlags | Flags to be used with the |
ColumnFlags |
Callbacks
FilterCollectionFunc | A function which is called by |
Functions
data_error_get_domain | |
fingerprint_from_attributes | Create a key fingerprint for a certificate, public key or private key.
Note that this is not a fingerprint of certificate data, which you would
use |
fingerprint_from_subject_public_key_info | Create a key fingerprint for a DER encoded subjectPublicKeyInfo. The fingerprint is created so that it will be identical for a key and its corresponding certificate. |
icon_for_token | Get an appropriate icon for the token. |
mock_prompter_disconnect | Disconnect the mock prompter. |
mock_prompter_expect_close | Queue an expected response on the mock prompter. |
mock_prompter_expect_confirm_cancel | Queue an expected response on the mock prompter. |
mock_prompter_expect_confirm_ok | Queue an expected response on the mock prompter. |
mock_prompter_expect_password_cancel | Queue an expected response on the mock prompter. |
mock_prompter_expect_password_ok | Queue an expected response on the mock prompter. |
mock_prompter_get_delay_msec | Get the delay in milliseconds before the mock prompter completes an expected prompt. |
mock_prompter_is_expecting | Check if the mock prompter is expecting a response. This will be |
mock_prompter_is_prompting | Check if the mock prompter is showing any prompts. |
mock_prompter_set_delay_msec | Set the delay in milliseconds before the mock prompter completes an expected prompt. |
mock_prompter_start | Start the mock prompter. This is often used from the
|
mock_prompter_stop | Stop the mock prompter. This is often used from the
|
pkcs11_add_module | Add a |
pkcs11_add_module_from_file | Initialize a PKCS#11 module and add it to the modules that are used by the GCR library. Note that is an error to initialize the same PKCS#11 module twice. |
pkcs11_get_modules | List all the PKCS#11 modules that are used by the GCR library.
Each module is a |
pkcs11_get_trust_lookup_slots | List all the PKCS#11 slots that are used by the GCR library for lookup
of trust assertions. Each slot is a |
pkcs11_get_trust_lookup_uris | Get the PKCS#11 URIs that are used to identify which slots to use for lookup trust assertions. |
pkcs11_get_trust_store_slot | Selects an appropriate PKCS#11 slot to store trust assertions. The slot to use is normally configured automatically by the system. |
pkcs11_get_trust_store_uri | Get the PKCS#11 URI that is used to identify which slot to use for storing trust storage. |
pkcs11_initialize | Asynchronously initialize the registered PKCS#11 modules. |
pkcs11_initialize_async | Asynchronously initialize the registered PKCS#11 modules. |
pkcs11_initialize_finish | Complete the asynchronous operation to initialize the registered PKCS#11 modules. |
pkcs11_set_modules | Set the list of PKCS#11 modules that are used by the GCR library.
Each module in the list is a |
pkcs11_set_trust_lookup_uris | Set the PKCS#11 URIs that are used to identify which slots to use for lookup of trust assertions. |
pkcs11_set_trust_store_uri | Set the PKCS#11 URI that is used to identify which slot to use for storing trust assertions. |
secure_memory_alloc | Allocate a block of non-pageable memory. |
secure_memory_free | Free a block of non-pageable memory. |
secure_memory_is_secure | Check if a pointer is in non-pageable memory allocated by. |
secure_memory_realloc | Reallocate a block of non-pageable memory. |
secure_memory_strdup | Copy a string into non-pageable memory. If the input string is |
secure_memory_strfree | Free a string, whether securely allocated using these functions or not. This will also clear out the contents of the string so they do not remain in memory. |
secure_memory_try_alloc | Allocate a block of non-pageable memory. |
secure_memory_try_realloc | Reallocate a block of non-pageable memory. |
trust_add_pinned_certificate | Add a pinned |
trust_add_pinned_certificate_async | Add a pinned certificate for communication with |
trust_add_pinned_certificate_finish | Finishes an asynchronous operation started by gcr_trust_add_pinned_certificate_async(). |
trust_is_certificate_anchored | Check if the |
trust_is_certificate_anchored_async | Check if the |
trust_is_certificate_anchored_finish | Finishes an asynchronous operation started by gcr_trust_is_certificate_anchored_async(). |
trust_is_certificate_pinned | Check if |
trust_is_certificate_pinned_async | Check if |
trust_is_certificate_pinned_finish | Finishes an asynchronous operation started by gcr_trust_is_certificate_pinned_async(). |
trust_remove_pinned_certificate | Remove a pinned certificate for communication with |
trust_remove_pinned_certificate_async | Remove a pinned certificate for communication with |
trust_remove_pinned_certificate_finish | Finishes an asynchronous operation started by gcr_trust_remove_pinned_certificate_async(). |
Function Macros
CHECK_VERSION | Checks the version of the Gcr library that is being compiled against. |
secure_memory_new | Allocate objects in non-pageable memory. |
Constants
ICON_CERTIFICATE | |
ICON_GNUPG | |
ICON_HOME_DIRECTORY | |
ICON_KEY | |
ICON_KEY_PAIR | |
ICON_PASSWORD | |
ICON_SMART_CARD | |
MAJOR_VERSION | The major version number of the Gcr library. |
MICRO_VERSION | The micro version number of the Gcr library. |
MINOR_VERSION | The minor version number of the Gcr library. |
PURPOSE_CLIENT_AUTH | The purpose used to verify the client certificate in a TLS connection. |
PURPOSE_CODE_SIGNING | The purpose used to verify certificate used for the signature on signed code. |
PURPOSE_EMAIL | The purpose used to verify certificates that are used in email communication such as S/MIME. |
PURPOSE_SERVER_AUTH | The purpose used to verify the server certificate in a TLS connection. This is the most common purpose in use. |
SECRET_EXCHANGE_PROTOCOL_1 | The current secret exchange protocol. Key agreement is done using DH with the 1536 bit IKE parameter group. Keys are derived using SHA256 with HKDF. The transport encryption is done with 128 bit AES. |
UNLOCK_OPTION_ALWAYS | |
UNLOCK_OPTION_IDLE | |
UNLOCK_OPTION_SESSION | |
UNLOCK_OPTION_TIMEOUT |