[gnutls-dev] Re: gnutls_rsa_params_init hangs. Is regenerating rsa-params once a day to frequent?

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Dec 15 18:14:06 CET 2004


On Tuesday 14 December 2004 16:09, Simon Josefsson wrote:

> > Is exim faulty for running gnutls_rsa_params_generate2 while handling
> > an incoming connection? (Not faulty as in in "not optimal" but as in
> > "the stupiest idea I've ever heard of, everybody using gnutls seriously
> > knows that you put running gnutls_rsa_params_generate2 in a separate
> > little thread/program")
> I wouldn't say faulty, but as you suggest, it may be sub-optimal.  You
> could have a stand-alone program that generate dh/rsa parameters, save
> the data to a file and ask the main process to re-load its data.  Or
> use a separate thread.

In addition certtool can generate parameters by using:
1. for DH: ./certtool --generate-dh-params --bits 1024 --outfile dhfile
2. for RSA 512: ./certtool --generate-privkey --bits 512 --outfile rsafile

You can easily import the output of certtool to any program by using
the gnutls_dh_params_import_pkcs3() and gnutls_rsa_params_import_pkcs1()
functions.


-- 
Nikos Mavrogiannopoulos




More information about the Gnutls-devel mailing list