gnutls_pkcs7_sign(3) API function


#include <gnutls/pkcs7.h>

int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t signer, gnutls_privkey_t signer_key, const gnutls_datum_t * data, gnutls_pkcs7_attrs_t signed_attrs, gnutls_pkcs7_attrs_t unsigned_attrs, gnutls_digest_algorithm_t dig, unsigned flags);


gnutls_pkcs7_t pkcs7
should contain a gnutls_pkcs7_t type
gnutls_x509_crt_t signer
the certificate to sign the structure
gnutls_privkey_t signer_key
the key to sign the structure
const gnutls_datum_t * data
The data to be signed or NULL if the data are already embedded
gnutls_pkcs7_attrs_t signed_attrs
Any additional attributes to be included in the signed ones (or NULL)
gnutls_pkcs7_attrs_t unsigned_attrs
Any additional attributes to be included in the unsigned ones (or NULL)
gnutls_digest_algorithm_t dig
The digest algorithm to use for signing
unsigned flags
Should be zero or one of GNUTLS_PKCS7 flags


This function will add a signature in the provided PKCS 7 structure for the provided data. Multiple signatures can be made with different signers.

The available flags are: GNUTLS_PKCS7_EMBED_DATA, GNUTLS_PKCS7_INCLUDE_TIME, GNUTLS_PKCS7_INCLUDE_CERT, and GNUTLS_PKCS7_WRITE_SPKI. They are explained in the gnutls_pkcs7_sign_flags definition.


On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.




Report bugs to <[email protected]>.
Home page:


Copyright © 2001-2016 Free Software Foundation, Inc., and others.
Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.