RSA sign/verify and hash generation functions

Murray S. Kucherawy msk at
Sat Jan 15 18:26:51 CET 2011

> -----Original Message-----
> From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at] On Behalf Of Nikos Mavrogiannopoulos
> Sent: Saturday, January 15, 2011 5:13 AM
> To: Murray S. Kucherawy
> Cc: help-gnutls at
> Subject: Re: RSA sign/verify and hash generation functions
> btw. I'm planning into deprecating all the gnutls_x509_* functions to
> sign and verify data, and only leave the gnutls_privkey_ and
> gnutls_pubkey_ equivalent functions. That is to simplify internals
> and avoid having the same functions for each certificate type.
> Just in case this change affects you.

It does.  Right now I'm using:

- gnutls_x509_privkey_init() to allocate an object
- gnutls_x509_privkey_import() to read in a PEM-encoded or DER-encoded RSA key
- gnutls_privkey_import_x509() to extract a generic private key from the above
- gnutls_privkey_get_pk_algorithm() just to get the key size of the above
- gnutls_x509_privkey_deinit() to deallocate
- gnutls_x509_privkey_sign_hash2() to sign

As I recall, what was missing from the basic privkey interface was the means to get a PEM/DER-encoded RSA key; I had to go through the gnutls_x509_*() functions to do that.  What I need is a gnutls_privkey_import() that can do the same, and a matching gnutls_privkey_sign_hash2(), and then I can get rid of the gnutls_x509_*() calls altogether.

If you have a version available that has those API changes, I can give it a try next week.


More information about the Gnutls-help mailing list