RSA sign/verify and hash generation functions

Murray S. Kucherawy msk at cloudmark.com
Wed Dec 8 23:40:04 CET 2010


> -----Original Message-----
> From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos
> Sent: Wednesday, December 08, 2010 2:28 PM
> To: Murray S. Kucherawy
> Cc: help-gnutls at gnu.org
> Subject: Re: RSA sign/verify and hash generation functions
> 
> On 12/08/2010 12:30 AM, Murray S. Kucherawy wrote:
> 
> > assert(gnutls_privkey_sign_hash(rsa_key, &dd, &rsa_out ==
> GNUTLS_E_SUCCESS);
> 
> Also check the documentation of the functions you are using :)

I did.  By the looks of things, the *_sign_hash() functions look like they sign a hash that's already been computed, which is the case for me, so that's what I used.

> The sign_hash is low-level and isn't intended to be used like that.
> Use gnutls_x509_privkey_sign_data() and
> gnutls_x509_privkey_verify_data().

OK, I'll give those a try.


More information about the Gnutls-help mailing list