RSA sign/verify and hash generation functions

Murray S. Kucherawy msk at cloudmark.com
Thu Dec 9 19:13:47 CET 2010


> -----Original Message-----
> From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos
> Sent: Thursday, December 09, 2010 12:23 AM
> To: Murray S. Kucherawy
> Cc: help-gnutls at gnu.org
> Subject: Re: RSA sign/verify and hash generation functions
> 
> > I did.  By the looks of things, the *_sign_hash() functions look like
> > they sign a hash that's already been computed, which is the case for
> > me, so that's what I used.
> 
> The current sign_hash function is not what you want. They are tricky to
> use to generate correct signatures (for DSA they work ok, but for RSA
> require one more step to generate a PKCS #1 compliant signature - i.e.
> BER encode the hash as DigestInfo). I'll add a safer to use API for
> 2.12.x and deprecate those functions.

OK.  If you would like me to try those out once they're available, just point me at the tarball.


More information about the Gnutls-help mailing list