Using libgcrypt on large files

Ralf H gcrypt at
Wed Feb 23 22:41:20 CET 2005


I am thinking about using libgcrypt to sign files, which I will deploy
during an update phase to customers. With the signature I want to check
the integrity (of course :)).
Even though I would not use quite large files at the beginning, I am not
sure if this will always be true.

Right now I use the following code to get the signature:

   rc = gcry_sexp_build (&sign_parms, &errof,
                         "(data (flags) (value \"%s\"))\n", data);

   rc = gcry_pk_sign (&sig, sign_parms, skey);

(Found that code on the net).

I am not sure about 2 things here.

1) I want to sign binary data, to use the code above, I would have to
escape/remove nulls, otherwise gcry_sexp_build will fail. Is there any
other function I could use instead? Performance wise this looks a little
bit suspicous to me.

2) What can I do if the file is really large and will not fit into
memory? My approach will obviously fail, as I need everything in
'data' :(. Is there a way to hash a file in little portions, so I can
read in buffers and update my signatures in a loop?

Thanks for you help

More information about the Gcrypt-devel mailing list