[gnutls-devel] provable primes in private keys

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Sep 13 14:11:51 CEST 2015

For gnutls 3.5.0 (current master branch) I wanted to expose the API to
generate and verify private keys consisting of provable primes as in
FIPS 186-4. That API was internally available and enabled by default
when gnutls was switch to FIPS-140 mode [0].

While the requirements of FIPS have been controversial, this particular
property of generated parameters, seems quite useful for certain
scenarios. That's the reason I decided to expose it in non-FIPS
compliant systems.

It allows to generate RSA or DSA private keys using primes which can be
proven to be prime if given the seed used for their generation. That
currently be done with the following commands:
$ certtool --generate-privkey --provable --outfile key.pem
$ certtool --verify-provable-privkey --load-privkey key.pem
optionally the seed can be given using --seed and it must comply to
FIPS 186-4 requirements (i.e., 2048 and 3072 bit keys and 24 or 32
bytes for RSA seeds).

Unfortunately, to store the generated seed and allow future validation
I had to extend to private key format for both RSA and DSA keys, in a
way that is not compatible with older versions.  For that I introduced
a new pem header (FIPS186-4 RSA PRIVATE KEY).

The API additions can be summarized to these 3 functions:
gnutls_x509_privkey_generate2(gnutls_x509_privkey_t key,
  gnutls_pk_algorithm_t algo, unsigned int bits,
  unsigned int flags, const gnutls_keygen_data_st *data,
  unsigned data_size);

int gnutls_x509_privkey_verify_seed(gnutls_x509_privkey_t key, 
  gnutls_digest_algorithm_t, const void *seed, size_t seed_size);
int gnutls_x509_privkey_get_seed(gnutls_x509_privkey_t key, 
  gnutls_digest_algorithm_t*, void *seed, size_t *seed_size);

Any comments or suggestions for improvement?


[0]. https://gitlab.com/gnutls/gnutls/issues/34

More information about the Gnutls-devel mailing list