[gnutls-help] Alternative Private keys?

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Oct 22 13:06:45 CEST 2015


On Thu, Oct 22, 2015 at 12:15 PM, Bjørn H. Christensen <BHC at insight.dk> wrote:
> Hello,
> I am looking at alternative ways to provide private keys  for  GnuTLS.
> gnutls_privkey_import_ext2 and gnutls_privkey_import_ext3
> Both function have a sign_func and decrypt_func defined as follows:
> typedef int (*gnutls_privkey_sign_func) (gnutls_privkey_t key,
> void *userdata,
> const gnutls_datum_t *
> raw_data,
> gnutls_datum_t * signature);
> typedef int (*gnutls_privkey_decrypt_func) (gnutls_privkey_t key,
> void *userdata,
> const gnutls_datum_t *
> ciphertext,
> gnutls_datum_t * plaintext);

> I would assume (but are not sure) that GnuTLS need to Sign a hash and verify
> a hash  signature combination.

If I understand correctly the question is when gnutls does it need the
sign or decrypt function? If yes, then the answer is it depends. For
some ciphersuites (RSA, PSK-RSA) decryption is required, while for the
DHE and ECDHE ciphersuites only signing is required.

regards,
Nikos



More information about the Gnutls-help mailing list