/**
* gnutls_privkey_generate:
- * @pkey: The private key
+ * @pkey: An initialized private key
* @algo: is one of the algorithms in #gnutls_pk_algorithm_t.
- * @bits: the size of the modulus
+ * @bits: the size of the parameters to generate
* @flags: Must be zero or flags from #gnutls_privkey_flags_t.
*
* This function will generate a random private key. Note that this
*
* Note that when generating an elliptic curve key, the curve
* can be substituted in the place of the bits parameter using the
- * GNUTLS_CURVE_TO_BITS() macro.
+ * GNUTLS_CURVE_TO_BITS() macro. The input to the macro is any curve from
+ * %gnutls_ecc_curve_t.
*
- * Do not set the number of bits directly, use gnutls_sec_param_to_pk_bits().
+ * For DSA keys, if the subgroup size needs to be specified check
+ * the GNUTLS_SUBGROUP_TO_BITS() macro.
+ *
+ * It is recommended to do not set the number of @bits directly, use gnutls_sec_param_to_pk_bits() instead .
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* This function will generate a random private key. Note that this
* function must be called on an empty private key. The flag %GNUTLS_PRIVKEY_FLAG_PROVABLE
- * instructs the key generation process to use algorithms which generate
- * provable parameters out of a seed.
+ * instructs the key generation process to use algorithms like Shawe-Taylor
+ * which generate provable parameters out of a seed.
*
* Note that when generating an elliptic curve key, the curve
* can be substituted in the place of the bits parameter using the
/**
* gnutls_x509_privkey_generate:
- * @key: a key
+ * @key: an initialized key
* @algo: is one of the algorithms in #gnutls_pk_algorithm_t.
- * @bits: the size of the modulus
+ * @bits: the size of the parameters to generate
* @flags: Must be zero or flags from #gnutls_privkey_flags_t.
*
* This function will generate a random private key. Note that this
* function must be called on an empty private key. The flag %GNUTLS_PRIVKEY_FLAG_PROVABLE
- * instructs the key generation process to use algorithms which generate
- * provable parameters out of a seed.
+ * instructs the key generation process to use algorithms like Shawe-Taylor
+ * which generate provable parameters out of a seed.
*
* Note that when generating an elliptic curve key, the curve
* can be substituted in the place of the bits parameter using the
- * GNUTLS_CURVE_TO_BITS() macro.
+ * GNUTLS_CURVE_TO_BITS() macro. The input to the macro is any curve from
+ * %gnutls_ecc_curve_t.
*
* For DSA keys, if the subgroup size needs to be specified check
* the GNUTLS_SUBGROUP_TO_BITS() macro.
*
- * Do not set the number of bits directly, use gnutls_sec_param_to_pk_bits().
+ * It is recommended to do not set the number of @bits directly, use gnutls_sec_param_to_pk_bits() instead .
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
flag = {
name = provable;
descrip = "Generate a private key or parameters from a seed using a provable method";
- doc = "This will use the FIPS-186-4 algorithms for provable key generation. You may specify --seed or allow GnuTLS to generate one (recommended). This option can be combined with --generate-privkey or --generate-dh-params.";
+ doc = "This will use the FIPS-186-4 algorithms (i.e., Shawe-Taylor) for provable key generation. When specified the private keys or parameters will be generated from a seed, and can be proven to be correctly generated from the seed. You may specify --seed or allow GnuTLS to generate one (recommended). This option can be combined with --generate-privkey or --generate-dh-params.";
};
flag = {
projects / thirdparty / gnutls.git / commitdiff
