Gcr – 4

Describes a location for fetching extra information from the Certificate Authority.

unstable since: 4.3.91

Represents a chain of certificates, normally used to validate the trust in a certificate. An X.509 certificate chain has one endpoint certificate (the one for which trust is being verified) and then in turn the certificate that issued each previous certificate in the chain.

An object that describes a certificate extension.

unstable since: 4.3.90

A certificate extension describing the Authority Information Access (AIA).

unstable since: 4.3.91

A certificate extension that contains the authority key identifier (SKI).

unstable since: 4.3.91

A certificate extension that can be used to identify the type of the certificate subject (whether it is a certificate authority or not).

unstable since: 4.3.90

A certificate extension that lists certificate policies.

unstable since: 4.3.91

A certificate extension that lists CRL distribution points.

unstable since: 4.3.91

A certificate extension that can be used to restrict an extended set of usages of a given certificate.

unstable since: 4.3.90

A certificate extension that can be used to restrict the usages of a given certificate.

unstable since: 4.3.90

A wrapper type for a list of GcrCertificateExtensions.

unstable since: 4.3.90

A certificate extension describing the Subject Alternative Name (SAN).

unstable since: 4.3.90

A certificate extension that contains the subject key identifier (SKI).

unstable since: 4.3.90

An object describing a certificate policy.

unstable since: 4.3.91

An object describing a certificate policy qualifier.

unstable since: 4.3.91

An object that allows creation of certificate requests. A certificate request is sent to a certificate authority to request an X.509 certificate.

An object describing a CRL distribution point.

unstable since: 4.3.91

An object describing a name as part of the Subject Alternative Name (SAN) extension.

unstable since: 4.3.90

A list of GcrGeneralNames.

unstable since: 4.3.91

A parser for parsing various types of files or data.

A certificate loaded from a PKCS#11 storage. It is also a valid GckObject and can be used as such.

Allows exchange of secrets between two processes on the same system without exposing those secrets to things like loggers, non-pageable memory etc.

An implementation of GcrCertificate which loads a certificate from DER data already located in memory.

When used as the setup function while spawning an ssh command like ssh-add or ssh, this allows callbacks for passwords on the provided interaction.

A GcrPrompt implementation which calls to the system prompter to display prompts in a system modal fashion.

A prompter used by implementations of system prompts.

An interface that represents an X.509 certificate.

An interface which allows importing of certificates and keys. Each importer is registered with a set of PKCS#11 attributes to match stuff that it can import.

This is an interface implemented by a caller performing an import. It allows the importer to ask the caller for further information about the import.

A prompt displayed to the user. It is an interface with various implementations.

A parsed item parsed by a GcrParser.

The status of a built certificate chain. Will be set to GCR_CERTIFICATE_CHAIN_UNKNOWN for certificate chains that have not been built.

The format of a certificate request. Currently only PKCS#10 is supported.

Values responding to error codes for parsing and serializing data.

The various format identifiers.

Various replies returned by gcr_prompt_confirm() and friends.

The mode for the system prompter. Most system prompters can only show one prompt at a time and would use the GCR_SYSTEM_PROMPTER_SINGLE mode.

No error returned by the GcrSystemPrompt is suitable for display or to the user.

Flags to be used with the gcr_certificate_chain_build() operation.

Create a key fingerprint for a certificate, public key or private key. Note that this is not a fingerprint of certificate data, which you would use gcr_certificate_get_fingerprint() for.

Create a key fingerprint for a DER encoded subjectPublicKeyInfo. The fingerprint is created so that it will be identical for a key and its corresponding certificate.

Disconnect the mock prompter.

Queue an expected response on the mock prompter.

Queue an expected response on the mock prompter.

Queue an expected response on the mock prompter.

Queue an expected response on the mock prompter.

Queue an expected response on the mock prompter.

Get the delay in milliseconds before the mock prompter completes an expected prompt.

Check if the mock prompter is expecting a response. This will be TRUE when one of the gcr_mock_prompter_expect_xxx() functions have been used to queue an expected prompt, but that prompt response has not be ‘used’ yet.

Check if the mock prompter is showing any prompts.

Set the delay in milliseconds before the mock prompter completes an expected prompt.

Start the mock prompter. This is often used from the setup() function of tests.

Stop the mock prompter. This is often used from the teardown() function of tests.

Add a GckModule to the list of PKCS#11 modules that are used by the GCR library.

Initialize a PKCS#11 module and add it to the modules that are used by the GCR library. Note that is an error to initialize the same PKCS#11 module twice.

List all the PKCS#11 modules that are used by the GCR library. Each module is a GckModule object.

List all the PKCS#11 slots that are used by the GCR library for lookup of trust assertions. Each slot is a GckSlot object.

Get the PKCS#11 URIs that are used to identify which slots to use for lookup trust assertions.

Selects an appropriate PKCS#11 slot to store trust assertions. The slot to use is normally configured automatically by the system.

Get the PKCS#11 URI that is used to identify which slot to use for storing trust storage.

Asynchronously initialize the registered PKCS#11 modules.

Asynchronously initialize the registered PKCS#11 modules.

Complete the asynchronous operation to initialize the registered PKCS#11 modules.

Set the list of PKCS#11 modules that are used by the GCR library. Each module in the list is a GckModule object.

Set the PKCS#11 URIs that are used to identify which slots to use for lookup of trust assertions.

Set the PKCS#11 URI that is used to identify which slot to use for storing trust assertions.

Allocate a block of non-pageable memory.

Free a block of non-pageable memory.

Check if a pointer is in non-pageable memory allocated by.

Reallocate a block of non-pageable memory.

Copy a string into non-pageable memory. If the input string is NULL, then NULL will be returned.

Free a string, whether securely allocated using these functions or not. This will also clear out the contents of the string so they do not remain in memory.

Allocate a block of non-pageable memory.

Reallocate a block of non-pageable memory.

Add a pinned certificate for connections to peer for purpose. A pinned certificate overrides all other certificate verification and should be used with care.

Add a pinned certificate for communication with peer for purpose. A pinned certificate overrides all other certificate verification and should be used with care.

Finishes an asynchronous operation started by gcr_trust_add_pinned_certificate_async().

Check if the certificate is a trust anchor for the given purpose. A trust anchor is used to verify the signatures on other certificates when verifying a certificate chain. Also known as a trusted certificate authority.

Check if the certificate is a trust anchor for the given purpose. A trust anchor is used to verify the signatures on other certificates when verifying a certificate chain. Also known as a trusted certificate authority.

Finishes an asynchronous operation started by gcr_trust_is_certificate_anchored_async().

Checks whether the certificate that can be uniquely identified with the given serial_nr and issuer is marked as distrusted (for example by the user, or because it’s part of a CRL).

Asynchronously checks whether the certificate that can be uniquely identified with the given serial_nr and issuer is marked as distrusted (for example by the user, or because it’s part of a CRL).

Finishes an asynchronous operation started by gcr_trust_is_certificate_distrusted_async().

Check if certificate is pinned for purpose to communicate with peer. A pinned certificate overrides all other certificate verification.

Check if certificate is pinned for purpose to communicate with peer. A pinned certificate overrides all other certificate verification.

Finishes an asynchronous operation started by gcr_trust_is_certificate_pinned_async().

Remove a pinned certificate for communication with peer for purpose.

Remove a pinned certificate for communication with peer for purpose.

Finishes an asynchronous operation started by gcr_trust_remove_pinned_certificate_async().

Checks the version of the Gcr library that is being compiled against.

Allocate objects in non-pageable memory.

The major version number of the Gcr library.

The micro version number of the Gcr library.

The minor version number of the Gcr library.

The purpose used to verify the client certificate in a TLS connection.

The purpose used to verify certificate used for the signature on signed code.

The purpose used to verify certificates that are used in email communication such as S/MIME.

The purpose used to verify the server certificate in a TLS connection. This is the most common purpose in use.

The current secret exchange protocol. Key agreement is done using DH with the 1536 bit IKE parameter group. Keys are derived using SHA256 with HKDF. The transport encryption is done with 128 bit AES.