how to use gnutls_privkey_import_ext
Carolin Latze
latze at angry-red-pla.net
Sat Jun 9 12:36:09 CEST 2012
Hi all
I tried to port some of my really old code to a new version of GnuTLS. I
used a signing callback in order to let the TPM sign data. However since
gnutls_sign_callback_set is deprecated now I tried to move to
gnutls_privkey_import_ext. Here is what I did:
I defined an empty privkey structure (since the privkey is stored within
the TPM):
const gnutls_datum_t key = { NULL, 0 };
I took my old sign callback and assigned it to that structure:
gnutls_privkey_import_ext(&key,NULL,NULL,gnutls_tpm_sign,NULL,0);
gnutls_certificate_set_x509_key_mem(xcred, &ccert, &key,
GNUTLS_X509_FMT_PEM);
But now when I try to run the handshake, I get:
GnuTLS error: Insufficient credentials for that request.
Segmentation fault (core dumped)
Since I have debug messages in my sign function I know that it does
never execute that function
Are there any examples on how to use privkey_import_ext? I did not find
any so far :-/
PKCS#11 is not really an option since that comes with some limitations
on the TPM...
Regards
Carolin
More information about the Gnutls-help
mailing list