[gnutls-devel] GnuTLS | Importing ED25519 in pubkey (#613)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sun Nov 11 12:14:40 CET 2018

The documentation of gnutls_privkey_sign_hash() says: “Note that, not all algorithm support signing already hashed data. When signing with Ed25519, gnutls_privkey_sign_data() should be used.”, but this is not stated for gnutls_pubkey_verify_hash2() at https://www.gnutls.org/manual/html_node/Operations.html#Operations.

[RFC6376](https://tools.ietf.org/html/rfc6376#section-5.5) says “The Signer MUST compute the message hash as described in Section 3.7 and then sign it using the selected public-key algorithm.”

For me this means, that not the data, but the hash must signed, so gnutls_privkey_sign_hash() and gnutls_pubkey_verify_hash2() must be used.  They do work correctly, when RSA is used for signing/verifying the hash at this place.

gnutls_pubkey_verify_hash2() calls _gnutls_pk_is_not_prehashed() which fails for ed25519.

How shall the requirement to sign the hash from RFC6376 be implemented in GnuTLS for Ed25519, as presented in RFC8463?  In particular which function shall verify the signature of the signed hash?

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/613#note_116288836
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181111/8c55f7f7/attachment.html>

More information about the Gnutls-devel mailing list