[gnutls-devel] RSA-PSK for GnuTLS

Frank Morgner morgner at informatik.hu-berlin.de
Fri Jul 5 11:46:36 CEST 2013

I ported a patch for RSA-PSK from Bundesdruckerei GmbH to the most
recent version of GnuTLS. The patch revives some deletions from a8504e2
You may want to pull the commit from here:

The original patch can be found here:

Among other implementation, RSA-PSK can be tested with OpenSSL:

# generate keys
openssl genrsa -aes256 -out privkey.pem.org 2048
# remove passprase
openssl rsa -in privkey.pem.org -out privkey.pem
# create self signed server certificate
openssl req -new -key privkey.pem -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey privkey.pem -out server.crt

# download openssl 1.0.0k and patch for RSA-PSK. See
# http://blog.cj2s.de/archives/21-TLS-RSA-PSK-Cipher-Suites-for-OpenSSL.html

# start server
apps/openssl s_server -psk c033f52671c61c8128f7f8a40be88038bcf2b07a6eb3095c36e3759f0cf40837 -key privkey.pem -cipher RSA-PSK-AES256-CBC-SHA -debug -state -cert server.crt -WWW

# run gnutls client
src/gnutls-cli --pskusername Client_identity --pskkey c033f52671c61c8128f7f8a40be88038bcf2b07a6eb3095c36e3759f0cf40837 localhost -p 4433  --priority "+RSA-PSK:+AES-256-CBC:+SHA1" --insecure

Frank Morgner

Virtual Smart Card Architecture http://vsmartcard.sourceforge.net
OpenPACE                        http://openpace.sourceforge.net
IFD Handler for libnfc Devices  http://sourceforge.net/projects/ifdnfc

More information about the Gnutls-devel mailing list