RSA sign/verify and hash generation functions

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Jan 17 21:32:12 CET 2011


On 01/16/2011 11:19 PM, Murray S. Kucherawy wrote:
>> -----Original Message----- From: Nikos Mavrogiannopoulos
>> [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos
>> Mavrogiannopoulos Sent: Saturday, January 15, 2011 10:46 AM To:
>> Murray S. Kucherawy Cc: help-gnutls at gnu.org Subject: Re: RSA
>> sign/verify and hash generation functions
>> 
>> You can use gnutls_privkey_sign_hash2() instead of 
>> gnutls_x509_privkey_sign_hash2(). There shouldn't be any
>> side-effects.
> 
> OK, I'll try that next week.
> 
>> For verification you could use gnutls_pubkey_verify_data/hash.
> 
> Already doing that.
> 
>> You can use the gnutls_x509_ interface to import/export from a 
>> file/buffer and then use the gnutls_privkey_ interface to import 
>> from that and access operations. In a language like C++ it would be
>> easier to express that a gnutls_x509_privkey_t is also a 
>> gnutls_privkey_t, but in C it causes that inconvenience.
> 
> Yep, that's what I'm doing now.  The gnutls_x509_*() calls are only
> to import a private key in PEM/DER format, and to get the key size
> out, and to sign a hash (though I'll try the non-x509 interface next
> week).  Everything else is gnutls_privkey_*() or gnutls_pubkey_*()
> already.  Does that sound right?

Yes. Aboutthe non gnutls_x509_* interface I have not fixed my mind
yet since it appears to have side-effects. The current calls you
describe is what will work anyway.

regards,
Nikos





More information about the Gnutls-help mailing list