[gnutls-devel] GnuTLS | Draft: Single shot signing (!2066)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Sat Feb 14 02:57:23 CET 2026
Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2066#note_3083717011
I'm a bit busy this month, so deferring this to the next month. Here are some notes (for myself) to continue working on this:
- The signing logic has actually 3 backends: X.509 (i.e., Nettle or the new pkcs11-provider), external callbacks, and the legacy PKCS#11 private key support. Currently all of them do "raw" signing with a given public key algorithm. To support single-shot signing, the latter two still need pre-hashing for backward compatibility
- The low level signing functions (e.g., _gnutls_pk_sign) should take a signing algorithm instead of a public key algorithm to support single-shot operation naturally. Then we can remove `*_dig` fields in `gnutls_x509_spki_st`
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2066#note_3083717011
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20260214/d32a64e1/attachment.html>
More information about the Gnutls-devel
mailing list