[gnutls-dev] External signing API

Alon Bar-Lev alon.barlev at gmail.com
Mon Aug 13 22:01:30 CEST 2007


On 8/12/07, Simon Josefsson <simon at josefsson.org> wrote:
> > 3. What do you expect the cert_type to be used? Can't it queried out the cert?
>
> No, the cert may be a PGP key, and this needs to be indicated somehow.
> I haven't tested that PGP signing works through this interface yet, but
> I think it makes sense to have cert_type there in case we support
> external signing for PGP keys in the future.

Wow... I was so confused!
Providing certificate as blob will force the routine to parse it...
This takes a lot of resources... If you wish to pass the certificate,
it should be already parsed.
But anyway... Why do you need the public part for signature anyway?
I guess the private key will be more useful...

But correct me if I am wrong here... Having the session handle allows
you to pull these two anyway, right?

Best Regards,
Alon Bar-Lev.



More information about the Gnutls-dev mailing list