-unsigned char *
-silc_pkcs_private_key_encode(SilcPrivateKey private_key, SilcUInt32 *len);
-unsigned char *
-silc_pkcs_private_key_data_encode(unsigned char *prv, SilcUInt32 prv_len,
- char *pkcs, SilcUInt32 *len);
-int silc_pkcs_private_key_decode(unsigned char *data, SilcUInt32 data_len,
- SilcPrivateKey *private_key);
-int silc_pkcs_save_public_key(char *filename, SilcPublicKey public_key,
- SilcUInt32 encoding);
-int silc_pkcs_save_public_key_data(char *filename, unsigned char *data,
- SilcUInt32 data_len,
- SilcUInt32 encoding);
-int silc_pkcs_save_private_key(char *filename, SilcPrivateKey private_key,
- unsigned char *passphrase,
- SilcUInt32 encoding);
-int silc_pkcs_save_private_key_data(char *filename, unsigned char *data,
+
+/****f* silccrypt/SilcPKCSAPI/silc_pkcs_private_key_alloc
+ *
+ * SYNOPSIS
+ *
+ * SilcBool silc_pkcs_private_key_alloc(SilcPKCSType type,
+ * unsigned char *key,
+ * SilcUInt32 key_len,
+ * SilcPrivateKey *ret_private_key);
+ *
+ * DESCRIPTION
+ *
+ * Allocates SilcPrivateKey of the type of `type' from the key data
+ * `key' of length of `key_len' bytes. Returns FALSE if the `key'
+ * is malformed or unsupported private key type.
+ *
+ ***/
+SilcBool silc_pkcs_private_key_alloc(SilcPKCSType type,
+ unsigned char *key,
+ SilcUInt32 key_len,
+ SilcPrivateKey *ret_private_key);
+
+/****f* silccrypt/SilcPKCSAPI/silc_pkcs_private_key_get_len
+ *
+ * SYNOPSIS
+ *
+ * SilcUInt32 silc_pkcs_private_key_get_len(SilcPrivateKey private_key);
+ *
+ * DESCRIPTION
+ *
+ * Returns the key length in bits from the private key.
+ *
+ ***/
+SilcUInt32 silc_pkcs_private_key_get_len(SilcPrivateKey private_key);
+
+/****f* silccrypt/SilcPKCSAPI/silc_pkcs_private_key_free
+ *
+ * SYNOPSIS
+ *
+ * void silc_pkcs_private_key_free(SilcPrivateKey private_key;
+ *
+ * DESCRIPTION
+ *
+ * Frees the public key. This will also automatically free the underlaying
+ * PKCS specific private key. All private keys allocated through the
+ * PKCS API must be freed by calling this function.
+ *
+ ***/
+void silc_pkcs_private_key_free(SilcPrivateKey private_key);
+
+/****f* silccrypt/SilcPKCSAPI/silc_pkcs_encrypt
+ *
+ * SYNOPSIS
+ *
+ * SilcAsyncOperation silc_pkcs_encrypt(SilcPublicKey public_key,
+ * unsigned char *src,
+ * SilcUInt32 src_len, SilcRng rng,
+ * SilcPKCSEncryptCb encrypt_cb,
+ * void *context);
+ *
+ * DESCRIPTION
+ *
+ * Encrypts with the public key. The `encrypt_cb' will be called to
+ * deliver the encrypted data. The encryption operation may be asynchronous
+ * if the `public_key' is accelerated public key. If this returns NULL
+ * the asynchronous operation cannot be controlled.
+ *
+ ***/
+SilcAsyncOperation silc_pkcs_encrypt(SilcPublicKey public_key,
+ unsigned char *src,
+ SilcUInt32 src_len, SilcRng rng,
+ SilcPKCSEncryptCb encrypt_cb,
+ void *context);
+
+/****f* silccrypt/SilcPKCSAPI/silc_pkcs_decrypt
+ *
+ * SYNOPSIS
+ *
+ * SilcAsyncOperation silc_pkcs_decrypt(SilcPrivateKey private_key,
+ * unsigned char *src,
+ * SilcUInt32 src_len,
+ * SilcPKCSDecryptCb decrypt_cb,
+ * void *context);
+ *
+ * DESCRIPTION
+ *
+ * Decrypts with the private key. The `decrypt_cb' will be called to
+ * deliver the decrypted data. The decryption operation may be asynchronous
+ * if the `private_key' is accelerated private key. If this returns NULL
+ * the asynchronous operation cannot be controlled.
+ *
+ ***/
+SilcAsyncOperation silc_pkcs_decrypt(SilcPrivateKey private_key,
+ unsigned char *src, SilcUInt32 src_len,
+ SilcPKCSDecryptCb decrypt_cb,
+ void *context);
+
+/****f* silccrypt/SilcPKCSAPI/silc_pkcs_sign
+ *
+ * SYNOPSIS
+ *
+ * SilcAsyncOperation silc_pkcs_sign(SilcPrivateKey private_key,
+ * unsigned char *src,
+ * SilcUInt32 src_len,
+ * SilcBool compute_hash,
+ * SilcHash hash,
+ * SilcRng rng,
+ * SilcPKCSSignCb sign_cb,
+ * void *context);
+ *
+ * DESCRIPTION
+ *
+ * Computes signature with the private key. The `sign_cb' will be called
+ * to deliver the signature data. If `compute_hash' is TRUE the `hash'
+ * will be used to compute a message digest over the `src'. The `hash'
+ * must always be valid. The `rng' should always be provided. The
+ * signature operation may be asynchronous if the `private_key' is
+ * accelerated private key. If this returns NULL the asynchronous
+ * operation cannot be controlled.
+ *
+ ***/
+SilcAsyncOperation silc_pkcs_sign(SilcPrivateKey private_key,
+ unsigned char *src,
+ SilcUInt32 src_len,
+ SilcBool compute_hash,
+ SilcHash hash,
+ SilcRng rng,
+ SilcPKCSSignCb sign_cb,
+ void *context);
+
+/****f* silccrypt/SilcPKCSAPI/silc_pkcs_verify
+ *
+ * SYNOPSIS
+ *
+ * SilcAsyncOperation silc_pkcs_verify(SilcPublicKey public_key,
+ * unsigned char *signature,
+ * SilcUInt32 signature_len,
+ * unsigned char *data,
+ * SilcUInt32 data_len,
+ * SilcHash hash,
+ * SilcPKCSVerifyCb verify_cb,
+ * void *context);
+ *
+ * DESCRIPTION
+ *
+ * Verifies signature. The `verify_cb' will be called to deliver the
+ * result of the verification process. The 'signature' is verified against
+ * the 'data'. If the `hash' is non-NULL then the `data' will hashed
+ * before verification. If the `hash' is NULL, then the hash algorithm
+ * to be used is retrieved from the signature. If it isn't present in the
+ * signature the verification is done as is without hashing. The `rng'
+ * is usually not needed and may be NULL. If this returns NULL the
+ * asynchronous operation cannot be controlled.
+ *
+ ***/
+SilcAsyncOperation silc_pkcs_verify(SilcPublicKey public_key,
+ unsigned char *signature,
+ SilcUInt32 signature_len,
+ unsigned char *data,