Implement the GcrComparable interface. Use this macro like this: <informalexample><programlisting> G_DEFINE_TYPE_WITH_CODE (MyCertificate, my_certificate, G_TYPE_OBJECT, GCR_CERTIFICATE_MIXIN_IMPLEMENT_COMPARABLE (); G_IMPLEMENT_INTERFACE (GCR_TYPE_CERTIFICATE, my_certificate_iface_init); ); </programlisting></informalexample>

Checks the version of the Gcr library that is being compiled against. ``` #if !GCR_CHECK_VERSION (3, 0, 0) #warning Old Gcr version, disabling functionality #endif ```

the major version to check for the minor version to check for the micro version to check for

An interface that represents an X.509 certificate. Objects can implement this interface to make a certificate usable with the GCR library. Various methods are available to parse out relevant bits of the certificate. However no verification of the validity of a certificate is done here. Use your favorite crypto library to do this. You can use [class@SimpleCertificate] to simply load a certificate for which you already have the raw certificate data. The #GcrCertificate interface has several properties that must be implemented. You can use a mixin to implement these properties if desired. See the gcr_certificate_mixin_class_init() and gcr_certificate_mixin_get_property() functions. All certificates are comparable. If implementing a #GcrCertificate, you can use GCR_CERTIFICATE_MIXIN_IMPLEMENT_COMPARABLE() to implement the #GcrComparable interface.

Compare one certificate against another. If the certificates are equal then zero is returned. If one certificate is %NULL or not a certificate, then a non-zero value is returned. The return value is useful in a stable sort, but has no user logical meaning.

zero if the certificates match, non-zero otherwise.

the certificate to compare the certificate to compare against

Get the columns appropriate for a certificate

the columns

Initialize the certificate mixin for the class. This mixin implements the various required properties for the certificate. Call this function near the end of your derived class_init function. The derived class must implement the #GcrCertificate interface.

The GObjectClass for this class

Initialize a #GcrComparableIface to compare the current certificate. In general it's easier to use the GCR_CERTIFICATE_MIXIN_IMPLEMENT_COMPARABLE() macro instead of this function.

The interface

Implementation to get various required certificate properties. This should be called from your derived class get_property function, or used as a get_property virtual function. Example of use as called from derived class get_property function: <informalexample><programlisting> static void my_get_property (GObject *obj, guint prop_id, GValue *value, GParamSpec *pspec) { switch (prop_id) { ... default: gcr_certificate_mixin_get_property (obj, prop_id, value, pspec); break; } } </programlisting></informalexample> Example of use as get_property function: <informalexample><programlisting> static void my_class_init (MyClass *klass) { GObjectClass *gobject_class = G_OBJECT_CLASS (klass); gobject_class->get_property = gcr_certificate_mixin_get_property; ... } </programlisting></informalexample>

The object The property id The value to fill in. The param specification.

Gets the raw DER data for an X.509 certificate.

raw DER data of the X.509 certificate

a #GcrCertificate

a pointer to a location to store the size of the resulting DER data.

Get the basic constraints for the certificate if present. If %FALSE is returned then no basic constraints are present and the @is_ca and @path_len arguments are not changed.

whether basic constraints are present or not

the certificate

location to place a %TRUE if is an authority location to place the max path length

Gets the raw DER data for an X.509 certificate.

raw DER data of the X.509 certificate

a #GcrCertificate

a pointer to a location to store the size of the resulting DER data.

Get the expiry date of this certificate. The #GDate returned should be freed by the caller using g_date_free() when no longer required.

An allocated expiry date of this certificate.

a #GcrCertificate

Calculate the fingerprint for this certificate. The caller should free the returned data using g_free() when it is no longer required.

the raw binary fingerprint

a #GcrCertificate

the type of algorithm for the fingerprint. The length of the resulting fingerprint.

Calculate the fingerprint for this certificate, and return it as a hex string. The caller should free the returned data using g_free() when it is no longer required.

an allocated hex string which contains the fingerprint.

a #GcrCertificate

the type of algorithm for the fingerprint.

Get the icon for a certificate.

the icon for this certificate, which should be released with g_object_unref()

The certificate

Get the issued date of this certificate. The #GDate returned should be freed by the caller using g_date_free() when no longer required.

An allocated issued date of this certificate.

a #GcrCertificate

Get the common name of the issuer of this certificate. The string returned should be freed by the caller when no longer required.

The allocated issuer CN, or %NULL if no issuer CN present.

a #GcrCertificate

Get the full issuer DN of the certificate as a (mostly) readable string. The string returned should be freed by the caller when no longer required.

The allocated issuer DN of the certificate.

a #GcrCertificate

Get a name to represent the issuer of this certificate. This will try to lookup the common name, orianizational unit, organization in that order.

the allocated issuer name, or %NULL if no issuer name

a #GcrCertificate

Get a part of the DN of the issuer of this certificate. Examples of a @part might be the 'OU' (organizational unit) or the 'CN' (common name). Only the value of that part of the DN is returned. The string returned should be freed by the caller when no longer required.

the allocated part of the issuer DN, or %NULL if no such part is present

a #GcrCertificate

a DN type string or OID.

Get the raw DER data for the issuer DN of the certificate. The data should be freed by using g_free() when no longer required.

allocated memory containing the raw issuer

a #GcrCertificate

The length of the returned data.

Get the key size in bits of the public key represented by this certificate.

The key size of the certificate.

a #GcrCertificate

Calculate a GMarkup string for displaying this certificate.

the markup string

a certificate

Get the raw binary serial number of the certificate. The caller should free the returned data using g_free() when it is no longer required.

the raw binary serial number.

a #GcrCertificate

the length of the returned data.

Get the serial number of the certificate as a hex string. The caller should free the returned data using g_free() when it is no longer required.

an allocated string containing the serial number as hex.

a #GcrCertificate

Get the common name of the subject of this certificate. The string returned should be freed by the caller when no longer required.

The allocated subject CN, or %NULL if no subject CN present.

a #GcrCertificate

Get the full subject DN of the certificate as a (mostly) readable string. The string returned should be freed by the caller when no longer required.

The allocated subject DN of the certificate.

a #GcrCertificate

Get a name to represent the subject of this certificate. This will try to lookup the common name, orianizational unit, organization in that order.

the allocated subject name, or %NULL if no subject name

a #GcrCertificate

Get a part of the DN of the subject of this certificate. Examples of a @part might be the 'OU' (organizational unit) or the 'CN' (common name). Only the value of that part of the DN is returned. The string returned should be freed by the caller when no longer required.

the allocated part of the subject DN, or %NULL if no such part is present.

a #GcrCertificate

a DN type string or OID.

Get the raw DER data for the subject DN of the certificate. The data should be freed by using g_free() when no longer required.

allocated memory containing the raw subject

a #GcrCertificate

The length of the returned data.

Check if @issuer could be the issuer of this certificate. This is done by comparing the relevant subject and issuer fields. No signature check is done. Proper verification of certificates must be done via a crypto library.

whether @issuer could be the issuer of the certificate.

a #GcrCertificate

a possible issuer #GcrCertificate

Implementers of the #GcrCertificate mixin should call this function to notify when the certificate has changed to emit notifications on the various properties.

the #GcrCertificate

A readable description for this certificate The expiry date of the certificate An icon representing the certificate Common name part of the certificate issuer A readable label for this certificate. GLib markup to describe the certificate Common name part of the certificate subject

Represents a chain of certificates, normally used to validate the trust in a certificate. An X.509 certificate chain has one endpoint certificate (the one for which trust is being verified) and then in turn the certificate that issued each previous certificate in the chain. This functionality is for building of certificate chains not for validating them. Use your favorite crypto library to validate trust in a certificate chain once its built. The order of certificates in the chain should be first the endpoint certificates and then the signing certificates. Create a new certificate chain with [ctor@CertificateChain.new] and then add the certificates with [method@CertificateChain.add]. You can then use [method@CertificateChain.build] to build the remainder of the chain. This will lookup missing certificates in PKCS#11 modules and also check that each certificate in the chain is the signer of the previous one. If a trust anchor, pinned certificate, or self-signed certificate is found, then the chain is considered built. Any extra certificates are removed from the chain. Once the certificate chain has been built, you can access its status through [method@CertificateChain.get_status]. The status signifies whether the chain is anchored on a trust root, self-signed, incomplete etc. See [enum@CertificateChainStatus] for information on the various statuses. It's important to understand that the building of a certificate chain is merely the first step towards verifying trust in a certificate.

Create a new #GcrCertificateChain.

a newly allocated certificate chain

Add @certificate to the chain. The order of certificates in the chain are important. The first certificate should be the endpoint certificate, and then come the signers (certificate authorities) each in turn. If a root certificate authority is present, it should come last. Adding a certificate an already built chain (see gcr_certificate_chain_build()) resets the type of the certificate chain to %GCR_CERTIFICATE_CHAIN_UNKNOWN

the #GcrCertificateChain

a #GcrCertificate to add to the chain

Complete a certificate chain. Once a certificate chain has been built its status can be examined. This operation will lookup missing certificates in PKCS#11 modules and also that each certificate in the chain is the signer of the previous one. If a trust anchor, pinned certificate, or self-signed certificate is found, then the chain is considered built. Any extra certificates are removed from the chain. It's important to understand that building of a certificate chain does not constitute verifying that chain. This is merely the first step towards trust verification. The @purpose is a string like %GCR_PURPOSE_CLIENT_AUTH and is the purpose for which the certificate chain will be used. Trust anchors are looked up for this purpose. This argument is required. The @peer is usually the host name of the peer whith which this certificate chain is being used. It is used to look up pinned certificates that have been stored for this peer. If %NULL then no pinned certificates will be considered. If the %GCR_CERTIFICATE_CHAIN_NO_LOOKUPS flag is specified then no lookups for anchors or pinned certificates are done, and the resulting chain will be neither anchored or pinned. Additionally no missing certificate authorities are looked up in PKCS#11 This call will block, see gcr_certificate_chain_build_async() for the asynchronous version.

whether the operation completed successfully

the #GcrCertificateChain

the purpose the certificate chain will be used for the peer the certificate chain will be used with, or %NULL chain completion flags a #GCancellable or %NULL

Complete a certificate chain. Once a certificate chain has been built its status can be examined. This will lookup missing certificates in PKCS#11 modules and also that each certificate in the chain is the signer of the previous one. If a trust anchor, pinned certificate, or self-signed certificate is found, then the chain is considered built. Any extra certificates are removed from the chain. It's important to understand that building of a certificate chain does not constitute verifying that chain. This is merely the first step towards trust verification. The @purpose is a string like %GCR_PURPOSE_CLIENT_AUTH and is the purpose for which the certificate chain will be used. Trust anchors are looked up for this purpose. This argument is required. The @peer is usually the host name of the peer whith which this certificate chain is being used. It is used to look up pinned certificates that have been stored for this peer. If %NULL then no pinned certificates will be considered. If the %GCR_CERTIFICATE_CHAIN_NO_LOOKUPS flag is specified then no lookups for anchors or pinned certificates are done, and the resulting chain will be neither anchored or pinned. Additionally no missing certificate authorities are looked up in PKCS#11 When the operation is finished, @callback will be called. You can then call gcr_certificate_chain_build_finish() to get the result of the operation.

the #GcrCertificateChain

the purpose the certificate chain will be used for the peer the certificate chain will be used with, or %NULL chain completion flags a #GCancellable or %NULL this will be called when the operation completes. data to pass to the callback

Finishes an asynchronous operation started by gcr_certificate_chain_build_async().

whether the operation succeeded

the #GcrCertificateChain

the #GAsyncResult passed to the callback

If the certificate chain has been built and is of status %GCR_CERTIFICATE_CHAIN_ANCHORED, then this will return the anchor certificate that was found. This is not necessarily a root certificate authority. If an intermediate certificate authority in the chain was found to be anchored, then that certificate will be returned. If an anchor is returned it does not mean that the certificate chain has been verified, but merely that an anchor has been found.

the anchor certificate, or %NULL if not anchored.

the #GcrCertificateChain

Get a certificate in the chain. It is an error to call this function with an invalid index.

the certificate

the #GcrCertificateChain

index of the certificate to get

Get the endpoint certificate in the chain. This is always the first certificate in the chain. The endpoint certificate cannot be anchored.

the endpoint certificate, or %NULL if the chain is empty

the #GcrCertificateChain

Get the length of the certificate chain.

the length of the certificate chain

the #GcrCertificateChain

Get the status of a certificate chain. If the certificate chain has not been built, then the status will be %GCR_CERTIFICATE_CHAIN_UNKNOWN. A status of %GCR_CERTIFICATE_CHAIN_ANCHORED does not mean that the certificate chain has been verified, but merely that an anchor has been found.

the status of the certificate chain.

the #GcrCertificateChain

The length of the certificate chain. The certificate chain status. See #GcrCertificateChainStatus

The class for #GcrCertificateChain.

The parent class

Flags to be used with the gcr_certificate_chain_build() operation.

no flags If this flag is specified then no lookups for anchors or pinned certificates are done, and the resulting chain will be neither anchored or pinned. Additionally no missing certificate authorities are looked up in PKCS#11.

The status of a built certificate chain. Will be set to %GCR_CERTIFICATE_CHAIN_UNKNOWN for certificate chains that have not been built.

The certificate chain's status is unknown. When a chain is not yet built it has this status. If a chain is modified after being built, it has this status. A full chain could not be loaded. The chain does not end with a self-signed certificate, a trusted anchor, or a pinned certificate. The certificate chain contains a revoked or otherwise explicitly distrusted certificate. The entire chain should be distrusted. The chain ends with a self-signed certificate. No trust anchor was found. The chain represents a pinned certificate. A pinned certificate is an exception which trusts a given certificate explicitly for a purpose and communication with a certain peer. The chain ends with an anchored certificate. The anchored certificate is not necessarily self-signed.

The interface that implementors of #GcrCertificate must implement.

the parent interface type a method which returns the RAW der data of the certificate

raw DER data of the X.509 certificate

a #GcrCertificate a pointer to a location to store the size of the resulting DER data.

An object that allows creation of certificate requests. A certificate request is sent to a certificate authority to request an X.509 certificate. Use [func@CertificateRequest.prepare] to create a blank certificate request for a given private key. Set the common name on the certificate request with [method@CertificateRequest.set_cn], and then sign the request with [method@CertificateRequest.complete_async].

Check whether [class@CertificateRequest] is capable of creating a request for the given @private_key.

whether a request can be created

a private key cancellation object

Asynchronously check whether [class@CertificateRequest] is capable of creating a request for the given @private_key.

a private key cancellation object will be called when the operation completes data to be passed to callback

Get the result for asynchronously check whether [class@CertificateRequest] is capable of creating a request for the given @private_key.

whether a request can be created

asynchronous result

Create a new certificate request, in the given format for the private key.

a new #GcrCertificate request

the format for the certificate request the private key the the certificate is being requested for

Complete and sign a certificate request, so that it can be encoded and sent to a certificate authority. This call may block as it signs the request using the private key.

whether certificate request was successfully completed or not

a certificate request

a cancellation object

Asynchronously complete and sign a certificate request, so that it can be encoded and sent to a certificate authority. This call will return immediately and complete later.

a certificate request

a cancellation object called when the operation completes data to pass to the callback

Finish an asynchronous operation to complete and sign a certificate request.

whether certificate request was successfully completed or not

a certificate request

result of the asynchronous operation

Encode the certificate request. It must have been completed with [method@CertificateRequest.complete] or [method@CertificateRequest.complete_async]. If @textual is %FALSE, the output is a DER encoded certificate request. If @textual is %TRUE, the output is encoded as text. For PKCS#10 requests this is done using the OpenSSL style PEM encoding.

the encoded certificate request

a certificate request

whether to encode output as text location to place length of returned data

Get the format of this certificate request.

the format

the certificate request

Get the private key this certificate request is for.

the private key,

the certificate request

Set the common name encoded in the certificate request.

the certificate request

common name to set on the request

The format of the certificate request. The private key that this certificate request is for.

The format of a certificate request. Currently only PKCS#10 is supported.

certificate request is in PKCS#10 format

A #GcrCollection is used to group a set of objects. This is an abstract interface which can be used to determine which objects show up in a selector or other user interface element. Use [ctor@SimpleCollection.new] to create a concrete implementation of this interface which you can add objects to.

Check whether the collection contains an object or not.

whether the collection contains this object

the collection

object to check

Get the number of objects in this collection.

The number of objects.

The collection

Get a list of the objects in this collection.

a list of the objects in this collection, which should be freed with g_list_free()

The collection

Check whether the collection contains an object or not.

whether the collection contains this object

the collection

object to check

Emit the #GcrCollection::added signal for the given object. This function is used by implementors of this interface.

The collection

The object that was added

Emit the #GcrCollection::removed signal for the given object. This function is used by implementors of this interface.

The collection

The object that was removed

Get the number of objects in this collection.

The number of objects.

The collection

Get a list of the objects in this collection.

a list of the objects in this collection, which should be freed with g_list_free()

The collection

This signal is emitted when an object is added to the collection.

object that was added This signal is emitted when an object is removed from the collection.

object that was removed

The number of objects.

The collection

a list of the objects in this collection, which should be freed with g_list_free()

The collection

whether the collection contains this object

the collection object to check

An interface for comparing objects

Compare two blocks of memory. The return value can be used to sort the blocks of memory.

Zero if the blocks are identical, negative if first less than secend, possitive otherwise.

First block of memory Length of first block Second block of memory Length of second block

Compare whether two objects represent the same thing. The return value can also be used to sort the objects.

Zero if the two objects represent the same thing, non-zero if not.

The comparable object

Another comparable object

Compare whether two objects represent the same thing. The return value can also be used to sort the objects.

Zero if the two objects represent the same thing, non-zero if not.

The comparable object

Another comparable object

The interface to implement for [iface@Comparable]

type interface Compare whether tow objects represent the same thing.

Zero if the two objects represent the same thing, non-zero if not.

The comparable object Another comparable object

Values responding to error codes for parsing and serializing data.

Failed to parse or serialize the data The data was unrecognized or unsupported The operation was cancelled The data was encrypted or locked and could not be unlocked.

The various format identifiers.

Represents all the formats, when enabling or disabling Not a valid format DER encoded private key DER encoded RSA private key DER encoded DSA private key DER encoded EC private key DER encoded SubjectPublicKeyInfo DER encoded X.509 certificate DER encoded PKCS#7 container file which can contain certificates DER encoded PKCS#8 file which can contain a key Unencrypted DER encoded PKCS#8 file which can contain a key Encrypted DER encoded PKCS#8 file which can contain a key DER encoded PKCS#10 certificate request file DER encoded SPKAC as generated by HTML5 keygen element OpenSSL style SPKAC data DER encoded PKCS#12 file which can contain certificates and/or keys OpenSSH v1 or v2 public key OpenPGP key packet(s) OpenPGP public or private key armor encoded data An OpenSSL style PEM file with unspecified contents An OpenSSL style PEM file with a private RSA key An OpenSSL style PEM file with a private DSA key An OpenSSL style PEM file with an X.509 certificate An OpenSSL style PEM file containing PKCS#7 Unencrypted OpenSSL style PEM file containing PKCS#8 Encrypted OpenSSL style PEM file containing PKCS#8 An OpenSSL style PEM file containing PKCS#12 An OpenSSL style PEM file with a private key An OpenSSL style PEM file containing PKCS#10 An OpenSSL style PEM file with a private EC key An OpenSSL style PEM file containing a SubjectPublicKeyInfo

A collection which filters a [iface@Collection]. An implementation of [iface@Collection] which filters objects from another underlying collection. Use [ctor@FilterCollection.new_with_callback] to create a new filter collection. The callback will determine the criteria for whether an object shows through the filter or not.

Create a new #GcrFilterCollection. The callback should return %TRUE if an object should appear in the filtered collection. If a %NULL callback is set, then all underlynig objects will appear in the filtered collection.

a newly allocated filtered collection, which should be freed with g_object_unref()

the underlying collection function to call for each object data to pass to the callback called for user_data when it is no longer needed

Get the collection that is being filtered by this filter collection.

the underlying collection

a filter collection

Refilter all objects in the underlying collection. Call this function if the filter callback function changes its filtering criteria.

a filter collection

Set the callback used to filter the objects in the underlying collection. The callback should return %TRUE if an object should appear in the filtered collection. If a %NULL callback is set, then all underlynig objects will appear in the filtered collection. This will refilter the collection.

a filter collection

function to call for each object data to pass to the callback called for user_data when it is no longer needed

The class struct for [class@FilterCollection].

the parent class

A function which is called by [class@FilterCollection] in order to determine whether an object should show through the filter or not.

%TRUE if an object should be included in the filtered collection

object to filter user data passed to the callback

This is an interface implemented by a caller performing an import. It allows the importer to ask the caller for further information about the import. It must be implemented on a derived class of [class@Gio.TlsInteraction]

Supplement attributes before import. This means prompting the user for things like labels and the like. The needed attributes will have been passed to gcr_import_interaction_supplement_prep(). This method prompts the user and fills in the attributes. If the user or cancellable cancels the operation the error should be set with %G_IO_ERROR_CANCELLED.

%G_TLS_INTERACTION_HANDLED if successful or %G_TLS_INTERACTION_FAILED

the interaction

supplemented attributes optional cancellable object

Asynchronously supplement attributes before import. This means prompting the user for things like labels and the like. The needed attributes will have been passed to gcr_import_interaction_supplement_prep(). This method prompts the user and fills in the attributes.

the interaction

supplemented attributes optional cancellable object called when the operation completes data to be passed to the callback

Complete operation to asynchronously supplement attributes before import. If the user or cancellable cancels the operation the error should be set with %G_IO_ERROR_CANCELLED.

%G_TLS_INTERACTION_HANDLED if successful or %G_TLS_INTERACTION_FAILED

the interaction

the asynchronous result

Prepare for supplementing the given attributes before import. This means prompting the user for things like labels and the like. The attributes will contain attributes for values that the importer needs, either empty or prefilled with suggested values. This method does not prompt the user, but rather just prepares the interaction that these are the attributes that are needed.

the interaction

attributes to supplement

%G_TLS_INTERACTION_HANDLED if successful or %G_TLS_INTERACTION_FAILED

the interaction

supplemented attributes optional cancellable object

the interaction

supplemented attributes optional cancellable object called when the operation completes data to be passed to the callback

Complete operation to asynchronously supplement attributes before import. If the user or cancellable cancels the operation the error should be set with %G_IO_ERROR_CANCELLED.

%G_TLS_INTERACTION_HANDLED if successful or %G_TLS_INTERACTION_FAILED

the interaction

the asynchronous result

the interaction

attributes to supplement

Interface implemented by implementations of [iface@ImportInteraction].

parent interface method which prepares for supplementing the given attributes before import

the interaction attributes to supplement

method which synchronously supplements attributes before import

%G_TLS_INTERACTION_HANDLED if successful or %G_TLS_INTERACTION_FAILED

the interaction supplemented attributes optional cancellable object

method which asynchronously supplements attributes before import

the interaction supplemented attributes optional cancellable object called when the operation completes data to be passed to the callback

method which completes @supplement_async

%G_TLS_INTERACTION_HANDLED if successful or %G_TLS_INTERACTION_FAILED

the interaction the asynchronous result

An interface which allows importing of certificates and keys. Each importer is registered with a set of PKCS#11 attributes to match stuff that it can import. An importer gets passed a [class@Parser] and accesses the currently parsed item. To create a set of importers that can import the currently parsed item in a parser, use [func@Importer.create_for_parsed]. The list of importers returned has the parsed item queued for import. To queue additional items with a importer use [method@Importer.queue_for_parsed]. In addition you can try and queue an additional item with a set of importers using the [func@Importer.queue_and_filter_for_parsed]. To start the import, use [method@Importer.import] or its async variants.

Create a set of importers which can import this parsed item. The parsed item is represented by the state of the GcrParser at the time of calling this method.

a list of importers which can import the parsed item, which should be freed with g_object_unref(), or %NULL if no types of importers can be created

a parser with a parsed item to import

Queues an additional item to be imported in all compattible importers in the set. The parsed item is represented by the state of the #GcrParser at the time of calling this method. If the parsed item is incompatible with an importer, then that the item will not be queued on that importer.

a new set of importers that queued the item, which should be freed with gck_list_unref_free()

a set of importers a parsed item

Register an importer to handle parsed items that match the given attributes. If @attrs are a floating reference, then it is consumed.

the GType of the importer being registered the attributes that this importer is compatible with

Import the queued items in the importer. This function returns immediately and completes asynchronously.

the importer

a #GCancellable, or %NULL called when the operation completes data to be passed to the callback

Complete an asynchronous operation to import queued items.

whether the import succeeded or failed

the importer

an asynchronous result

optional implementation of [method@Importer.import]

Queues an additional item to be imported. The parsed item is represented by the state of the [class@Parser] at the time of calling this method. If the parsed item is incompatible with the importer, then this will fail and the item will not be queued.

whether the item was queued or not

an importer to add additional items to

a parsed item to import

Get the interaction used to prompt the user when needed by this importer.

the interaction or %NULL

the importer

Import the queued items in the importer. This call will block until the operation completes.

whether the items were imported successfully or not

the importer

a #GCancellable, or %NULL

Import the queued items in the importer. This function returns immediately and completes asynchronously.

the importer

a #GCancellable, or %NULL called when the operation completes data to be passed to the callback

Complete an asynchronous operation to import queued items.

whether the import succeeded or failed

the importer

an asynchronous result

whether the item was queued or not

an importer to add additional items to

a parsed item to import

Set the interaction used to prompt the user when needed by this importer.

the importer

the interaction used by the importer

The icon for the importer. The interaction for the importer. The label for the importer. The URI of the location imported to.

Interface implemented for a #GcrImporter.

parent interface implementation of gcr_importer_create_for_parsed(), required

implementation of gcr_importer_queue_for_parsed(), required

whether the item was queued or not

an importer to add additional items to a parsed item to import

optional implementation of [method@Importer.import]

implementation of [method@Importer.import_async], required

the importer a #GCancellable, or %NULL called when the operation completes data to be passed to the callback

implementation of [method@Importer.import_finish]

whether the import succeeded or failed

the importer an asynchronous result

The major version number of the Gcr library.

The micro version number of the Gcr library.

The minor version number of the Gcr library.

The purpose used to verify the client certificate in a TLS connection.

The purpose used to verify certificate used for the signature on signed code.

The purpose used to verify certificates that are used in email communication such as S/MIME.

The purpose used to verify the server certificate in a TLS connection. This is the most common purpose in use.

A parsed item parsed by a #GcrParser.

Get the attributes which make up the parsed item.

the attributes for the item; these are owned by the parsed item and should not be freed

a parsed item

Get the raw data block for the parsed item.

the raw data of the parsed item, or %NULL

a parsed item

Get the raw data block for the parsed item.

the raw data of the parsed item, or %NULL

a parsed item

location to store size of returned data

Get the descirption for a parsed item.

the description

a parsed item

Get the filename of the parsed item.

the filename of the parsed item, or %NULL

a parsed item

Get the format of the parsed item.

the data format of the item

a parsed item

Get the label for the parsed item.

the label for the item

a parsed item

Add a reference to a parsed item. An item may not be shared across threads until it has been referenced at least once.

the parsed item

a parsed item

Unreferences a parsed item which was referenced with gcr_parsed_ref()

a parsed item

A parser for parsing various types of files or data. A `GcrParser` can parse various certificate and key files such as OpenSSL PEM files, DER encoded certifictes, PKCS#8 keys and so on. Each various format is identified by a value in the [enum@DataFormat] enumeration. In order to parse data, a new parser is created with gcr_parser_new() and then the [signal@Parser::authenticate] and [signal@Parser::parsed] signals should be connected to. Data is then fed to the parser via [method@Parser.parse_data] or [method@Parser.parse_stream]. During the [signal@Parser::parsed] signal the attributes that make up the currently parsed item can be retrieved using the [method@Parser.get_parsed_attributes] function.

Create a new #GcrParser

a newly allocated #GcrParser

The default handler for the authenticate signal.

The default handler for the parsed signal.

Add a password to the set of passwords to try when parsing locked or encrypted items. This is usually called from the #GcrParser::authenticate signal.

The parser

a password to try

Disable parsing of the given format. Use %GCR_FORMAT_ALL to disable all the formats.

The parser

The format identifier

Enable parsing of the given format. Use %GCR_FORMAT_ALL to enable all the formats.

The parser

The format identifier

Check whether the given format is supported by the parser.

Whether the format is supported.

The parser

The format identifier

Get the filename of the parser item.

the filename set on the parser, or %NULL

a parser item

Get the currently parsed item

the currently parsed item

a parser

Get the attributes which make up the currently parsed item. This is generally only valid during the #GcrParser::parsed signal.

the attributes for the current item, which are owned by the parser and should not be freed

The parser

Get the raw data block that represents this parsed object. This is only valid during the #GcrParser::parsed signal.

the raw data block of the currently parsed item; the value is owned by the parser and should not be freed

a parser

a location to place the size of the block

Get the raw data block that represents this parsed object. This is only valid during the #GcrParser::parsed signal.

the raw data block of the currently parsed item

a parser

Get a description for the type of the currently parsed item. This is generally only valid during the #GcrParser::parsed signal.

the description for the current item; this is owned by the parser and should not be freed

The parser

Get the format of the raw data block that represents this parsed object. This corresponds with the data returned from gcr_parser_get_parsed_block(). This is only valid during the #GcrParser::parsed signal.

the data format of the currently parsed item

a parser

Get the label of the currently parsed item. This is generally only valid during the #GcrParser::parsed signal.

the label of the currently parsed item. The value is owned by the parser and should not be freed.

The parser

Parse the data. The #GcrParser::parsed and #GcrParser::authenticate signals may fire during the parsing.

Whether the data was parsed successfully or not.

The parser

the data to parse

Parse the data. The #GcrParser::parsed and #GcrParser::authenticate signals may fire during the parsing. A copy of the data will be made. Use gcr_parser_parse_bytes() to avoid this.

Whether the data was parsed successfully or not.

The parser

the data to parse The length of the data

Parse items from the data in a #GInputStream. This function may block while reading from the input stream. Use gcr_parser_parse_stream_async() for a non-blocking variant. The #GcrParser::parsed and #GcrParser::authenticate signals may fire during the parsing.

Whether the parsing completed successfully or not.

The parser

The input stream An optional cancellation object

Parse items from the data in a #GInputStream. This function completes asyncronously and doesn't block. The #GcrParser::parsed and #GcrParser::authenticate signals may fire during the parsing.

The parser

The input stream An optional cancellation object Called when the operation result is ready. Data to pass to callback

Complete an operation to parse a stream.

Whether the parsing completed successfully or not.

The parser

The operation result

Sets the filename of the parser item.

a parser item

a string of the filename of the parser item

Get the attributes that make up the currently parsed item. This is generally only valid during a #GcrParser::parsed signal. The description of the type of the currently parsed item. This is generally only valid during a #GcrParser::parsed signal. The label of the currently parsed item. This is generally only valid during a #GcrParser::parsed signal. This signal is emitted when an item needs to be unlocked or decrypted before it can be parsed. The @count argument specifies the number of times the signal has been emitted for a given item. This can be used to display a message saying the previous password was incorrect. Typically the gcr_parser_add_password() function is called in response to this signal. If %FALSE is returned, then the authentication was not handled. If no handlers return %TRUE then the item is not parsed and an error with the code %GCR_ERROR_CANCELLED will be raised.

Whether the authentication was handled.

the number of times this item has been authenticated This signal is emitted when an item is sucessfully parsed. To access the information about the item use the gcr_parser_get_parsed_label(), gcr_parser_get_parsed_attributes() and gcr_parser_get_parsed_description() functions.

The class for #GcrParser

The parent class The default handler for the authenticate signal.

The default handler for the parsed signal.

A certificate loaded from a PKCS#11 storage. It is also a valid [class@Gck.Object] and can be used as such. Use gcr_pkcs11_certificate_lookup_issuer() to lookup the issuer of a given certificate in the PKCS#11 store. Various common PKCS#11 certificate attributes are automatically loaded and are available via gcr_pkcs11_certificate_get_attributes().

Lookup a the issuer of a @certificate in the PKCS#11 storage. The lookup is done using the issuer DN of the certificate. No certificate chain verification is done. Use a crypto library to make trust decisions. This call may block, see gcr_pkcs11_certificate_lookup_issuer() for the non-blocking version. Will return %NULL if no issuer certificate is found. Use @error to determine if an error occurred.

a new #GcrPkcs11Certificate, or %NULL

a #GcrCertificate a #GCancellable

Lookup a the issuer of a @certificate in the PKCS#11 storage. The lookup is done using the issuer DN of the certificate. No certificate chain verification is done. Use a crypto library to make trust decisions. When the operation is finished, callback will be called. You can then call gcr_pkcs11_certificate_lookup_issuer_finish() to get the result of the operation.

a #GcrCertificate a #GCancellable a #GAsyncReadyCallback to call when the operation completes the data to pass to callback function

Finishes an asynchronous operation started by gcr_pkcs11_certificate_lookup_issuer_async(). Will return %NULL if no issuer certificate is found. Use @error to determine if an error occurred.

a new #GcrPkcs11Certificate, or %NULL

the #GAsyncResult passed to the callback

Access the automatically loaded attributes for this certificate.

the certificate attributes

A #GcrPkcs11Certificate

Automatically loaded attributes for this certificate.

A prompt displayed to the user. It is an interface with various implementations. Various properties are set on the prompt, and then the prompt is displayed the various prompt methods like [method@Prompt.password_run]. A `GcrPrompt` may be used to display multiple related prompts. Most implementions do not hide the window between display of multiple related prompts, and the #GcrPrompt must be closed or destroyed in order to make it go away. This allows the user to see that the prompts are related. Use `GcrPromptDialog` (part of gcr-ui) to create an in-process GTK+ dialog prompt. Use [class@SystemPrompt] to create a system prompt in a prompter process. The prompt implementation will always display the [property@Prompt:message] property, but may choose not to display the [property@Prompt:description] or [property@Prompt:title] properties.

close a prompt

Prompts for confirmation asking a cancel/continue style question. Set the various properties on the prompt before calling this method to represent the question correctly. This method will return immediately and complete asynchronously.

a prompt

optional cancellation object called when the operation completes data to pass to the callback

Complete an operation to prompt for confirmation. %GCR_PROMPT_REPLY_CONTINUE will be returned if the user confirms the prompt. The return value will also be %GCR_PROMPT_REPLY_CANCEL if the user cancels or if an error occurs. Check the @error argument to tell the difference.

the reply from the prompt

a prompt

asynchronous result passed to callback

Prompts for password. Set the various properties on the prompt before calling this method to explain which password should be entered. This method will return immediately and complete asynchronously.

a prompt

optional cancellation object called when the operation completes data to pass to the callback

Complete an operation to prompt for a password. A password will be returned if the user enters a password successfully. The returned password is valid until the next time a method is called to display another prompt. %NULL will be returned if the user cancels or if an error occurs. Check the @error argument to tell the difference.

the password owned by the prompt, or %NULL

a prompt

asynchronous result passed to callback

Closes the prompt so that in can no longer be used to prompt. The various prompt methods will return results as if the user dismissed the prompt. The prompt may also be closed by the implementor of the prompt object. This emits the [signal@Prompt::prompt-close] signal on the prompt object.

a prompt

Prompts for confirmation asking a cancel/continue style question. Set the various properties on the prompt before calling this function to represent the question correctly. This method will block until the a response is returned from the prompter. %GCR_PROMPT_REPLY_CONTINUE will be returned if the user confirms the prompt. The return value will also be %GCR_PROMPT_REPLY_CANCEL if the user cancels or if an error occurs. Check the @error argument to tell the difference.

the reply from the prompt

a prompt

optional cancellation object

a prompt

optional cancellation object called when the operation completes data to pass to the callback

the reply from the prompt

a prompt

asynchronous result passed to callback

Prompts for confirmation asking a cancel/continue style question. Set the various properties on the prompt before calling this function to represent the question correctly. This method will block until the a response is returned from the prompter and will run a main loop similar to a `gtk_dialog_run()`. The application will remain responsive but care must be taken to handle reentrancy issues. %GCR_PROMPT_REPLY_CONTINUE will be returned if the user confirms the prompt. The return value will also be %GCR_PROMPT_REPLY_CANCEL if the user cancels or if an error occurs. Check the @error argument to tell the difference.

the reply from the prompt

a prompt

optional cancellation object

Get the string handle of the caller's window. The caller window indicates to the prompt which window is prompting the user. The prompt may choose to ignore this information or use it in whatever way it sees fit.

a newly allocated string containing the string handle of the window.

the prompt

Get the label for the cancel button. This is the button that results in a %GCR_PROMPT_REPLY_CANCEL reply from the prompt.

a newly allocated string containing the label

the prompt

Get whether the additional choice was chosen or not. The additional choice would have been setup using gcr_prompt_set_choice_label().

whether chosen

the prompt

Get the label for the additional choice. This will be %NULL if no additional choice is being displayed.

a newly allocated string containing the additional choice or %NULL

the prompt

Get the label for the continue button. This is the button that results in a %GCR_PROMPT_REPLY_CONTINUE reply from the prompt.

a newly allocated string containing the label

the prompt

Get the detailed description of the prompt. A prompt implementation may choose not to display this detailed description. The prompt message should contain relevant information.

a newly allocated string containing the detailed description of the prompt

the prompt

Gets the prompt message for the user. A prompt implementation should always display this message.

a newly allocated string containing the detailed description of the prompt

the prompt

Get whether the prompt will prompt for a new password. This will cause the prompt implementation to ask the user to confirm the password and/or display other relevant user interface for creating a new password.

whether in new password mode or not

the prompt

Get indication of the password strength. Prompts will return a zero value if the password is empty, and a value greater than zero if the password has any characters. This is only valid after a successful prompt for a password.

zero if the password is empty, greater than zero if not

the prompt

Gets the title of the prompt. A prompt implementation may choose not to display the prompt title. The prompt message should contain relevant information.

a newly allocated string containing the prompt title.

the prompt

Get a prompt warning displayed on the prompt. This is a warning like "The password is incorrect." usually displayed to the user about a previous 'unsuccessful' prompt. If this string is %NULL then no warning is displayed.

a newly allocated string containing the prompt warning, or %NULL if no warning

the prompt

Prompts for password. Set the various properties on the prompt before calling this method to explain which password should be entered. This method will block until the a response is returned from the prompter. A password will be returned if the user enters a password successfully. The returned password is valid until the next time a method is called to display another prompt. %NULL will be returned if the user cancels or if an error occurs. Check the @error argument to tell the difference.

the password owned by the prompt, or %NULL

a prompt

optional cancellation object

Prompts for password. Set the various properties on the prompt before calling this method to explain which password should be entered. This method will return immediately and complete asynchronously.

a prompt

optional cancellation object called when the operation completes data to pass to the callback

the password owned by the prompt, or %NULL

a prompt

asynchronous result passed to callback

Prompts for password. Set the various properties on the prompt before calling this method to explain which password should be entered. This method will block until the a response is returned from the prompter and will run a main loop similar to a gtk_dialog_run(). The application will remain responsive but care must be taken to handle reentrancy issues. A password will be returned if the user enters a password successfully. The returned password is valid until the next time a method is called to display another prompt. %NULL will be returned if the user cancels or if an error occurs. Check the @error argument to tell the difference.

the password owned by the prompt, or %NULL

a prompt

optional cancellation object

Reset the contents and properties of the prompt.

the prompt

Set the string handle of the caller's window. The caller window indicates to the prompt which window is prompting the user. The prompt may choose to ignore this information or use it in whatever way it sees fit.

the prompt

the window id

Set the label for the continue button. This is the button that results in a %GCR_PROMPT_REPLY_CANCEL reply from the prompt.

the prompt

the label

Set whether the additional choice is chosen or not. The additional choice should be set up using gcr_prompt_set_choice_label().

the prompt

whether chosen

Set the label for the additional choice. If this is a non-%NULL value then an additional boolean choice will be displayed by the prompt allowing the user to select or deselect it. The initial value of the choice can be set with the gcr_prompt_set_choice_label() method. If this is %NULL, then no additional choice is being displayed.

the prompt

the additional choice or %NULL

Set the label for the continue button. This is the button that results in a %GCR_PROMPT_REPLY_CONTINUE reply from the prompt.

the prompt

the label

Set the detailed description of the prompt. A prompt implementation may choose not to display this detailed description. Use gcr_prompt_set_message() to set a general message containing relevant information.

the prompt

the detailed description

Sets the prompt message for the user. A prompt implementation should always display this message.

the prompt

the prompt message

Set whether the prompt will prompt for a new password. This will cause the prompt implementation to ask the user to confirm the password and/or display other relevant user interface for creating a new password.

the prompt

whether in new password mode or not

Sets the title of the prompt. A prompt implementation may choose not to display the prompt title. The prompt message should contain relevant information.

the prompt

the prompt title

Set a prompt warning displayed on the prompt. This is a warning like "The password is incorrect." usually displayed to the user about a previous 'unsuccessful' prompt. If this string is %NULL then no warning is displayed.

the prompt

the warning or %NULL

The string handle of the caller's window. The caller window indicates to the prompt which window is prompting the user. The prompt may choose to ignore this information or use it in whatever way it sees fit. In X11, this will be a stringified version of the XWindow handle; in Wayland this is the result of an export using the XDG foreign protocol. The label for the cancel button in the prompt. Whether the additional choice is chosen or not. The additional choice would have been setup using #GcrPrompt:choice-label. The label for the additional choice. If this is a non-%NULL value then an additional boolean choice will be displayed by the prompt allowing the user to select or deselect it. If %NULL, then no additional choice is displayed. The initial value of the choice can be set with #GcrPrompt:choice-chosen. The label for the continue button in the prompt. The detailed description of the prompt. A prompt implementation may choose not to display this detailed description. The prompt message should contain relevant information. The prompt message for the user. A prompt implementation should always display this message. Whether the prompt will prompt for a new password. This will cause the prompt implementation to ask the user to confirm the password and/or display other relevant user interface for creating a new password. Indication of the password strength. Prompts will return a zero value if the password is empty, and a value greater than zero if the password has any characters. This is only valid after a successful prompt for a password. The title of the prompt. A prompt implementation may choose not to display the prompt title. The #GcrPrompt:message should contain relevant information. A prompt warning displayed on the prompt, or %NULL for no warning. This is a warning like "The password is incorrect." usually displayed to the user about a previous 'unsuccessful' prompt. Action signal fired when the prompt is to be closed. After the default handler has run, the prompt is closed. The various prompting methods will return results as if the user dismissed the prompt. You can use the [method@Prompt.close] method to emit this signal.

The interface for implementing [iface@Prompt].

parent interface begin a password prompt

a prompt optional cancellation object called when the operation completes data to pass to the callback

complete a password prompt

the password owned by the prompt, or %NULL

a prompt asynchronous result passed to callback

begin a confirm prompt

a prompt optional cancellation object called when the operation completes data to pass to the callback

complete a confirm prompt

the reply from the prompt

a prompt asynchronous result passed to callback

close a prompt

Various replies returned by [method@Prompt.confirm] and friends.

the prompt was cancelled the user replied with 'ok'

The current secret exchange protocol. Key agreement is done using DH with the 1536 bit IKE parameter group. Keys are derived using SHA256 with HKDF. The transport encryption is done with 128 bit AES.

Allows exchange of secrets between two processes on the same system without exposing those secrets to things like loggers, non-pageable memory etc. This does not protect against active attacks like MITM attacks. Each side creates a secret exchange object, and one of the sides calls [method@SecretExchange.begin]. This creates a string, which should be passed to the other side. Each side passes the strings it receives into [method@SecretExchange.receive]. In order to send a reply (either with or without a secret) use [method@SecretExchange.send]. A side must have successfully called [method@SecretExchange.receive] before it can use [method@SecretExchange.send]. The secret exchange objects can be used for multiple iterations of the conversation, or for just one request/reply. The only limitation being that the initial request cannot contain a secret. Caveat: Information about the approximate length (rounded up to the nearest 16 bytes) may be leaked. If this is considered inacceptable, do not use [class@SecretExchange].

Create a new secret exchange object. Specify a protocol of %NULL to allow any protocol. This is especially relevant on the side of the exchange that does not call [method@SecretExchange.begin], that is the originator. Currently the only protocol supported is %GCR_SECRET_EXCHANGE_PROTOCOL_1.

A new #GcrSecretExchange object

the exchange protocol to use

Begin the secret exchange. The resulting string should be sent to the other side of the exchange. The other side should use [method@SecretExchange.receive] to process the string.

A newly allocated string to be sent to the other side of the secret exchange

a #GcrSecretExchange object

Will return %NULL if no protocol was specified, and either [method@SecretExchange.begin] or [method@SecretExchange.receive] have not been called successfully.

the protocol or %NULL

a #GcrSecretExchange object Get the secret exchange protocol.

Returns the last secret received. If no secret has yet been received this will return %NULL. The string is owned by the #GcrSecretExchange object and will be valid until the next time that gcr_secret_exchange_receive() is called on this object, or the object is destroyed. Depending on the secret passed into the other side of the secret exchange, the result may be a binary string. It does however have a null terminator, so if you're certain that it is does not contain arbitrary binary data, it can be used as a string.

the last secret received

a #GcrSecretExchange object

optionally, a location to store the length of returned secret

Receive a string from the other side of secret exchange. This string will have been created by [method@SecretExchange.begin] or [method@SecretExchange.send]. After this call completes successfully the value returned from gcr_secret_exchange_get_secret() will have changed.

whether the string was successfully parsed and received

a #GcrSecretExchange object

the string received

Send a reply to the other side of the secret exchange, optionally sending a secret. [method@SecretExchange.receive] must have been successfully called at least once on this object. In other words this object must have received data from the other side of the secret exchange, before we can send a secret.

a newly allocated string to be sent to the other side of the secret exchange

a #GcrSecretExchange object

optionally, a secret to send to the other side length of @secret, or -1 if null terminated

The protocol being used for the exchange. Will be %NULL if no protocol was specified when creating this object, and either [method@SecretExchange.begin] or [method@SecretExchange.receive] have not been called successfully.

An implementation of [iface@Certificate] which loads a certificate from DER data already located in memory. To create an object, use the [ctor@SimpleCertificate.new] or [ctor@SimpleCertificate.new_static] functions.

Create a new #GcrSimpleCertificate for the raw DER data. The @data memory is copied so you can dispose of it after this function returns.

a new #GcrSimpleCertificate

the raw DER certificate data The length of @data

Create a new #GcrSimpleCertificate for the raw DER data. The @data memory is not copied and must persist until the #GcrSimpleCertificate object is destroyed.

a new #GcrSimpleCertificate

The raw DER certificate data The length of @data

A simple implementation of [iface@Collection], which you can add and remove objects from. You can use [method@SimpleCollection.add] to add objects, and [method@SimpleCollection.remove] to remove them again.

Create a new #GcrSimpleCollection.

a newly allocated collection, which should be freed with g_object_unref()

Add an object to this collection

The collection

The object to add

Remove an object from the collection.

The collection

The object to remove from the collection

When used as the setup function while spawning an ssh command like ssh-add or ssh, this allows callbacks for passwords on the provided interaction.

Create a new GcrSshAskpass object which can be used to spawn an ssh command and prompt for any necessary passwords. Use the gcr_ssh_askpass_child_setup() function as a callback with g_spawn_sync(), g_spawn_async() or g_spawn_async_with_pipes().

A new #GcrSshAskpass object

the interaction to use for prompting paswords

Use this function as a callback setup function passed to g_spawn_sync(), g_spawn_async(), g_spawn_async_with_pipes().

a #GcrSshAskpass object

Get the interaction associated with this object.

the interaction

a #GcrSshAskpass object

The interaction used to prompt for passwords.

A [iface@Prompt] implementation which calls to the system prompter to display prompts in a system modal fashion. Since the system prompter usually only displays one prompt at a time, you may have to wait for the prompt to be displayed. Use [func@SystemPrompt.open] or a related function to open a prompt. Since this can take a long time, you should always check that the prompt is still needed after it is opened. A previous prompt may have already provided the information needed and you may no longer need to prompt. Use [method@SystemPrompt.close] to close the prompt when you're done with it.

Opens a system prompt with the default prompter. Most system prompters only allow showing one prompt at a time, and if another prompt is shown then this method will block for up to @timeout_seconds seconds. If @timeout_seconds is equal to -1, then this will block indefinitely until the prompt can be opened. If @timeout_seconds expires, then this function will fail with a %GCR_SYSTEM_PROMPT_IN_PROGRESS error.

the prompt, or %NULL if prompt could not be opened

the number of seconds to wait to access the prompt, or -1 optional cancellation object

Asynchronously open a system prompt with the default system prompter. Most system prompters only allow showing one prompt at a time, and if another prompt is shown then this method will block for up to @timeout_seconds seconds. If @timeout_seconds is equal to -1, then this will block indefinitely until the prompt can be opened. If @timeout_seconds expires, then this operation will fail with a %GCR_SYSTEM_PROMPT_IN_PROGRESS error.

the number of seconds to wait to access the prompt, or -1 optional cancellation object called when the operation completes data to pass the callback

Complete an operation to asynchronously open a system prompt.

the prompt, or %NULL if prompt could not be opened

the asynchronous result

Opens a system prompt. If prompter_name is %NULL, then the default system prompter is used. Most system prompters only allow showing one prompt at a time, and if another prompt is shown then this method will block for up to @timeout_seconds seconds. If @timeout_seconds is equal to -1, then this will block indefinitely until the prompt can be opened. If @timeout_seconds expires, then this function will fail with a %GCR_SYSTEM_PROMPT_IN_PROGRESS error.

the prompt, or %NULL if prompt could not be opened

the prompter dbus name the number of seconds to wait to access the prompt, or -1 optional cancellation object

Opens a system prompt asynchronously. If prompter_name is %NULL, then the default system prompter is used. Most system prompters only allow showing one prompt at a time, and if another prompt is shown then this method will block for up to @timeout_seconds seconds. If @timeout_seconds is equal to -1, then this will block indefinitely until the prompt can be opened. If @timeout_seconds expires, then this operation will fail with a %GCR_SYSTEM_PROMPT_IN_PROGRESS error.

the prompter D-Bus name the number of seconds to wait to access the prompt, or -1 optional cancellation object called when the operation completes data to pass the callback

Close this prompt. After calling this function, no further prompts will succeed on this object. The prompt object is not unreferenced by this function, and you must unreference it once done. This call may block, use the gcr_system_prompt_close_async() to perform this action indefinitely. Whether or not this function returns %TRUE, the system prompt object is still closed and may not be further used.

whether close was cleanly completed

the prompt

an optional cancellation object

Close this prompt asynchronously. After calling this function, no further methods may be called on this object. The prompt object is not unreferenced by this function, and you must unreference it once done. This call returns immediately and completes asynchronously.

the prompt

an optional cancellation object called when the operation completes data to pass to the callback

Complete operation to close this prompt. Whether or not this function returns %TRUE, the system prompt object is still closed and may not be further used.

whether close was cleanly completed

the prompt

asynchronous operation result

Get the current [class@SecretExchange] used to transfer secrets in this prompt.

the secret exchange

a prompter

The DBus bus name of the prompter to use for prompting, or %NULL for the default prompter. The #GcrSecretExchange to use when transferring passwords. A default secret exchange will be used if this is not set. The timeout in seconds to wait when opening the prompt.

No error returned by the #GcrSystemPrompt is suitable for display or to the user. If the system prompter can only show one prompt at a time, and there is already a prompt being displayed, and the timeout waiting to open the prompt expires, then %GCR_SYSTEM_PROMPT_IN_PROGRESS is returned.

another prompt is already in progress

A prompter used by implementations of system prompts. This is a D-Bus service which is rarely implemented. Use [class@SystemPrompt] to display system prompts. The system prompter service responds to D-Bus requests to create system prompts and creates #GcrPrompt type objects to display those prompts. Pass the GType of the implementation of [iface@Prompt] to [ctor@SystemPrompter.new].

Create a new system prompter service. This prompter won't do anything unless you connect to its signals and show appropriate prompts. If @prompt_type is zero, then the new-prompt signal must be handled and return a valid prompt object implementing the #GcrPrompt interface. If @prompt_type is non-zero then the #GType must implement the #GcrPrompt interface.

a new prompter service

the mode for the prompt the gobject type for prompts created by this prompter

default handler for the #GcrSystemPrompter::new-prompt signal

Get the mode for this prompter. Most system prompters only display one prompt at a time and therefore return %GCR_SYSTEM_PROMPTER_SINGLE.

the prompter mode

the prompter

Get the #GType for prompts created by this prompter. The returned #GType will be a #GcrPrompt implementation.

the prompt #GType

the prompter

Get whether prompting or not.

whether prompting or not

the prompter

Register this system prompter on the DBus @connection. This makes the prompter available for clients to call. The prompter will remain registered until gcr_system_prompter_unregister() is called, or the prompter is unreferenced.

the system prompter

a DBus connection

Unregister this system prompter on the DBus @connection. The prompter must have previously been registered with gcr_system_prompter_register(). If @wait is set then this function will wait until all prompts have been closed or cancelled. This is usually only used by tests.

the system prompter

whether to wait for closing prompts

The mode for this prompter. Most system prompters only display one prompt at a time and therefore return %GCR_SYSTEM_PROMPTER_SINGLE. The #GType for prompts created by this prompter. This must be a #GcrPrompt implementation. Whether the prompter is prompting or not. Signal emitted to create a new prompt when needed. The default implementation of this signal creates a prompt of the type gcr_system_prompter_get_prompt_type().

the new prompt

The class for #GcrSystemPrompter.

parent class default handler for the #GcrSystemPrompter::new-prompt signal

The mode for the system prompter. Most system prompters can only show one prompt at a time and would use the %GCR_SYSTEM_PROMPTER_SINGLE mode.

only one prompt shown at a time more than one prompt shown at a time

An implementation of #GcrCollection, which combines the objects in other [iface@Collection]s. Use [method@UnionCollection.add] to add and [method@UnionCollection.remove] to remove them.

Create a new #GcrUnionCollection.

a newly allocated collection, which should be freed with g_object_unref()

Add objects from this collection to the union

The union collection

The collection whose objects to add

Get the collections that have been added to this union.

collections added to the union

the union collection

Check whether the collection is present in the union.

whether present or not

the union collection

the collection to check

Remove an object from the collection.

The collection

The collection whose objects to remove

Return the number of collections in this union. This does not reflect the number of objects in the combined collection.

number of collections inlcuded

the union collection

Add objects from this collection to the union. Do not add an additional reference to the collection.

The union collection

The collection whose objects to add

zero if the certificates match, non-zero otherwise.

the certificate to compare the certificate to compare against

Get the columns appropriate for a certificate

the columns

The GObjectClass for this class

Initialize a #GcrComparableIface to compare the current certificate. In general it's easier to use the GCR_CERTIFICATE_MIXIN_IMPLEMENT_COMPARABLE() macro instead of this function.

The interface

The object The property id The value to fill in. The param specification.

Compare two blocks of memory. The return value can be used to sort the blocks of memory.

Zero if the blocks are identical, negative if first less than secend, possitive otherwise.

First block of memory Length of first block Second block of memory Length of second block

Create a key fingerprint for a certificate, public key or private key. Note that this is not a fingerprint of certificate data, which you would use gcr_certificate_get_fingerprint() for.

the fingerprint or %NULL if the input was invalid.

attributes for key or certificate the type of fingerprint to create the length of fingerprint returned

Create a key fingerprint for a DER encoded subjectPublicKeyInfo. The fingerprint is created so that it will be identical for a key and its corresponding certificate. Note that in the case of certificates this is not a fingerprint of the actual certificate data, but rather of the public key contained in a certificate.

the fingerprint or %NULL if the input was invalid.

DER encoded subjectPublicKeyInfo structure length of DER encoded structure the type of fingerprint to create the length of fingerprint returned

Get an appropriate icon for the token

the icon

the token info

Create a set of importers which can import this parsed item. The parsed item is represented by the state of the GcrParser at the time of calling this method.

a list of importers which can import the parsed item, which should be freed with g_object_unref(), or %NULL if no types of importers can be created

a parser with a parsed item to import

a new set of importers that queued the item, which should be freed with gck_list_unref_free()

a set of importers a parsed item

Register an importer to handle parsed items that match the given attributes. If @attrs are a floating reference, then it is consumed.

the GType of the importer being registered the attributes that this importer is compatible with

Disconnect the mock prompter

Queue an expected response on the mock prompter. Expects any prompt, and closes the prompt when it gets it.

Queue an expected response on the mock prompter. Expects a confirmation prompt, and then cancels that prompt.

Queue an expected response on the mock prompter. Expects a confirmation prompt, and then confirms that prompt by simulating a click on the ok button. Additional property pairs for the prompt can be added in the argument list, in the same way that you would with g_object_new(). If the "choice-chosen" property is specified then that value will be set on the prompt as if the user had changed the value. All other properties will be checked against the prompt, and an error will occur if they do not match the value set on the prompt.

the first property name in the argument list or %NULL properties to expect

Queue an expected response on the mock prompter. Expects a password prompt, and then cancels that prompt.

Queue an expected response on the mock prompter. Expects a password prompt, and returns @password as if the user had entered it and clicked the ok button. Additional property pairs for the prompt can be added in the argument list, in the same way that you would with g_object_new(). If the "choice-chosen" property is specified then that value will be set on the prompt as if the user had changed the value. All other properties will be checked against the prompt, and an error will occur if they do not match the value set on the prompt.

the password to return from the prompt the first property name in the argument list or %NULL properties to expect

Get the delay in milliseconds before the mock prompter completes an expected prompt.

the delay

Check if the mock prompter is expecting a response. This will be %TRUE when one of the <literal>gcr_mock_prompter_expect_xxx()</literal> functions have been used to queue an expected prompt, but that prompt response has not be 'used' yet.

whether expecting a prompt

Check if the mock prompter is showing any prompts.

whether prompting

Set the delay in milliseconds before the mock prompter completes an expected prompt.

prompt response delay in milliseconds

Start the mock prompter. This is often used from the <literal>setup()</literal> function of tests. Starts the mock prompter in an additional thread. Use the returned DBus bus name with gcr_system_prompt_open_for_prompter() to connect to this prompter.

the bus name that the mock prompter is listening on

Stop the mock prompter. This is often used from the <literal>teardown()</literal> function of tests.

Unreferences a parsed item which was referenced with gcr_parsed_ref()

a parsed item

Add a #GckModule to the list of PKCS#11 modules that are used by the GCR library. It is not normally necessary to call this function. The available PKCS#11 modules installed on the system are automatically loaded by the GCR library.

a #GckModule

Initialize a PKCS#11 module and add it to the modules that are used by the GCR library. Note that is an error to initialize the same PKCS#11 module twice. It is not normally necessary to call this function. The available PKCS#11 modules installed on the system are automatically loaded by the GCR library.

whether the module was sucessfully added.

the full file path of the PKCS#11 module unused

List all the PKCS#11 modules that are used by the GCR library. Each module is a [class@Gck.Module] object. An empty list of modules will be returned if [func@pkcs11_set_modules], or [func@pkcs11_initialize] has not yet run. When done with the list, free it with gck_list_unref_free().

a newly allocated list of #GckModule objects

List all the PKCS#11 slots that are used by the GCR library for lookup of trust assertions. Each slot is a [class@Gck.Slot] object. This will return an empty list if the [func@pkcs11_initialize] function has not yet been called.

a list of #GckSlot objects to use for lookup of trust, or the empty list if not initialized or no appropriate trust stores could be found.

Get the PKCS#11 URIs that are used to identify which slots to use for lookup trust assertions.

the uri which identifies trust storage slot

Selects an appropriate PKCS#11 slot to store trust assertions. The slot to use is normally configured automatically by the system. This will only return a valid result after the [func@pkcs11_initialize] method has been called. When done with the #GckSlot, use g_object_unref() to release it.

the #GckSlot to use for trust assertions, or null if not initialized or no appropriate trust store could be found.

Get the PKCS#11 URI that is used to identify which slot to use for storing trust storage.

the uri which identifies trust storage slot

Asynchronously initialize the registered PKCS#11 modules.

whether the operation was successful or not.

optional cancellable used to cancel the operation

Asynchronously initialize the registered PKCS#11 modules.

optional cancellable used to cancel the operation callback which will be called when the operation completes data passed to the callback

Complete the asynchronous operation to initialize the registered PKCS#11 modules.

whether the operation was successful or not.

the asynchronous result

Set the list of PKCS#11 modules that are used by the GCR library. Each module in the list is a [class@Gck.Module] object. It is not normally necessary to call this function. The available PKCS#11 modules installed on the system are automatically loaded by the GCR library.

a list of PKCS#11 modules

Set the PKCS#11 URIs that are used to identify which slots to use for lookup of trust assertions. It is not normally necessary to call this function. The relevant PKCS#11 slots are automatically configured by the GCR library.

the uris which identifies trust lookup slots

Set the PKCS#11 URI that is used to identify which slot to use for storing trust assertions. It is not normally necessary to call this function. The relevant PKCS#11 slot is automatically configured by the GCR library.

the uri which identifies trust storage slot

Allocate a block of non-pageable memory. If non-pageable memory cannot be allocated then normal memory will be returned.

new memory block which should be freed with gcr_secure_memory_free()

The new desired size of the memory block.

Free a block of non-pageable memory. Glib memory is also freed correctly when passed to this function. If called with a %NULL pointer then no action is taken.

pointer to the beginning of the block of memory to free

Check if a pointer is in non-pageable memory allocated by.

whether the memory is secure non-pageable memory allocated by the Gcr library or not

pointer to check

Allocate objects in non-pageable memory.

C type of the objects to allocate number of objects to allocate

Reallocate a block of non-pageable memory. Glib memory is also reallocated correctly. If called with a null pointer, then a new block of memory is allocated. If called with a zero size, then the block of memory is freed. If non-pageable memory cannot be allocated then normal memory will be returned.

new block, or %NULL if the block was freed; memory block should be freed with gcr_secure_memory_free()

pointer to reallocate or %NULL to allocate a new block new desired size of the memory block, or 0 to free the memory

Copy a string into non-pageable memory. If the input string is %NULL, then %NULL will be returned.

copied string, should be freed with gcr_secure_memory_free()

null terminated string to copy

Free a string, whether securely allocated using these functions or not. This will also clear out the contents of the string so they do not remain in memory.

null terminated string to fere

Allocate a block of non-pageable memory. If non-pageable memory cannot be allocated, then %NULL is returned.

new block, or %NULL if memory cannot be allocated; memory block should be freed with gcr_secure_memory_free()

new desired size of the memory block

Reallocate a block of non-pageable memory. Glib memory is also reallocated correctly when passed to this function. If called with a null pointer, then a new block of memory is allocated. If called with a zero size, then the block of memory is freed. If memory cannot be allocated, %NULL is returned and the original block of memory remains intact.

the new block, or %NULL if memory cannot be allocated; the memory block should be freed with gcr_secure_memory_free()

pointer to reallocate or %NULL to allocate a new block new desired size of the memory block

Add a pinned @certificate for connections to @peer for @purpose. A pinned certificate overrides all other certificate verification and should be used with care. If the same pinned certificate already exists, then this operation does not add another, and succeeds without error. This call may block, see gcr_trust_add_pinned_certificate_async() for the non-blocking version.

%TRUE if the pinned certificate is recorded successfully

a #GcrCertificate the purpose string the peer for this pinned certificate a #GCancellable

Add a pinned certificate for communication with @peer for @purpose. A pinned certificate overrides all other certificate verification and should be used with care. If the same pinned certificate already exists, then this operation does not add another, and succeeds without error. When the operation is finished, callback will be called. You can then call [func@Gcr.trust_add_pinned_certificate_finish] to get the result of the operation.

a #GcrCertificate the purpose string the peer for this pinned certificate a #GCancellable a #GAsyncReadyCallback to call when the operation completes the data to pass to callback function

Finishes an asynchronous operation started by gcr_trust_add_pinned_certificate_async().

%TRUE if the pinned certificate is recorded successfully

the #GAsyncResult passed to the callback

Check if the @certificate is a trust anchor for the given @purpose. A trust anchor is used to verify the signatures on other certificates when verifying a certificate chain. Also known as a trusted certificate authority. This call may block, see [func@Gcr.trust_is_certificate_anchored_async] for the non-blocking version. In the case of an error, %FALSE is also returned. Check @error to detect if an error occurred.

%TRUE if the certificate is a trust anchor

a #GcrCertificate to check the purpose string a #GCancellable

Check if the @certificate is a trust anchor for the given @purpose. A trust anchor is used to verify the signatures on other certificates when verifying a certificate chain. Also known as a trusted certificate authority. When the operation is finished, callback will be called. You can then call gcr_trust_is_certificate_anchored_finish() to get the result of the operation.

a #GcrCertificate to check the purpose string a #GCancellable a #GAsyncReadyCallback to call when the operation completes the data to pass to callback function

Finishes an asynchronous operation started by gcr_trust_is_certificate_anchored_async(). In the case of an error, %FALSE is also returned. Check @error to detect if an error occurred.

%TRUE if the certificate is a trust anchor

the #GAsyncResult passed to the callback

Check if @certificate is pinned for @purpose to communicate with @peer. A pinned certificate overrides all other certificate verification. This call may block, see gcr_trust_is_certificate_pinned_async() for the non-blocking version. In the case of an error, %FALSE is also returned. Check @error to detect if an error occurred.

%TRUE if the certificate is pinned for the host and purpose

a #GcrCertificate to check the purpose string the peer for this pinned a #GCancellable

Check if @certificate is pinned for @purpose to communicate with @peer. A pinned certificate overrides all other certificate verification. When the operation is finished, callback will be called. You can then call [func@Gcr.trust_is_certificate_pinned_finish] to get the result of the operation.

a #GcrCertificate to check the purpose string the peer for this pinned a #GCancellable a #GAsyncReadyCallback to call when the operation completes the data to pass to callback function

Finishes an asynchronous operation started by gcr_trust_is_certificate_pinned_async(). In the case of an error, %FALSE is also returned. Check @error to detect if an error occurred.

%TRUE if the certificate is pinned.

the #GAsyncResult passed to the callback

Remove a pinned certificate for communication with @peer for @purpose. If the same pinned certificate does not exist, or was already removed, then this operation succeeds without error. This call may block, see gcr_trust_remove_pinned_certificate_async() for the non-blocking version.

%TRUE if the pinned certificate no longer exists

a #GcrCertificate the purpose string the peer for this pinned certificate a #GCancellable

Remove a pinned certificate for communication with @peer for @purpose. If the same pinned certificate does not exist, or was already removed, then this operation succeeds without error. When the operation is finished, callback will be called. You can then call gcr_trust_remove_pinned_certificate_finish() to get the result of the operation.

a #GcrCertificate the purpose string the peer for this pinned certificate a #GCancellable a #GAsyncReadyCallback to call when the operation completes the data to pass to callback function

Finishes an asynchronous operation started by gcr_trust_remove_pinned_certificate_async().

%TRUE if the pinned certificate no longer exists

the #GAsyncResult passed to the callback