Raw RSA encryption

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Jul 24 11:05:53 CEST 2010

On 07/24/2010 03:07 AM, Mads Kiilerich wrote:
>  Hi
> The new gnutls/crypto.h exposes fine functionality for using
> stream/block ciphers and hash algorithms directly.
> But I also need raw RSA encryption and can't figure out how to do it -
> or if it is possible. I just need the basic modulo-exponentiation, for
> example with values from gnutls_x509_crt_get_pk_rsa_raw.

I question might be, why you want to do that? GnuTLS tries to hide that
by providing high level functions to manage certificates and keys.

> It seems like it is possible to register such a function with
> gnutls_crypto_pk_register2, but there is no way to retrieve the internal
> implementation? Or is it OK to use _gnutls_pk_ops.encrypt?

There is no exported API for that. It is probably possible to do it, but
it is not trivial, and would require a big deal of new API functions and
datatypes to maintain.

> Or should I access gcrypt directly, possibly by duplicating the content
> of _wrap_gcry_pk_encrypt?
> (In either case it seems like I need to figure out how the simple
> bigendian format of gnutls_datum_t from gnutls_x509_crt_get_pk_rsa_raw
> relates to bigint_t?)

The gnutls_datum_t contains the big integer in an unsigned format that
is importable by almost all crypto libraries (and thus libgcrypt). The
bigint_t is the gnutls crypto library's internal representation of that.


More information about the Gnutls-help mailing list