RSA sign/verify and hash generation functions

Murray S. Kucherawy msk at
Wed Dec 8 23:50:27 CET 2010

> -----Original Message-----
> From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at] On Behalf Of Nikos Mavrogiannopoulos
> Sent: Wednesday, December 08, 2010 2:28 PM
> To: Murray S. Kucherawy
> Cc: help-gnutls at
> Subject: Re: RSA sign/verify and hash generation functions
> Also check the documentation of the functions you are using :)
> The sign_hash is low-level and isn't intended to be used like that.
> Use gnutls_x509_privkey_sign_data() and
> gnutls_x509_privkey_verify_data().

This produces yet another different signature.  I imagine I'm now hashing the hash and encrypting that.

I can't conveniently switch to giving gnutls_x509_privkey_sign_data() the entire original data blob to be signed as at this point in the code I no longer have it, but I do have the output of the hash of it.

More information about the Gnutls-help mailing list