[Help-gnutls] X.509 certificates around JUST A PUBLIC key... can it be done?

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Aug 2 10:37:57 CEST 2008

Zach C. wrote:

> I'm fully aware that I can currently generate the Root and Host certificates
> without a problem in GnuTLS. The problem I'm having, though, is that I
> *need* to be able to generate a certificate around the public key sent by
> the iPhone and then sign that certificate with the root private key. I'm
> wondering if that's possible in GnuTLS... I was considering doing a
> gnutls_x509_privkey_import_rsa_raw and *only* setting the modulus and public
> exponent (however I would get them), but I'm not sure if that would work or
> if GnuTLS would throw an error out about it. And if it did it properly,
> whether setting the new "private key" struct on a new certificate would do
> what I'm describing here.

It could work but I'm not sure since it was never designed to be like
this. The best way would be to try it and see if it works. As I see it
the best way for this to work would be to have a
gnutls_crq_import_key_raw() that would create a certificate request with
these parameters and then you could create a certificate using this
request. It is already in my todo list.


More information about the Gnutls-help mailing list