RSA sign/verify and hash generation functions

Murray S. Kucherawy msk at
Sun Jan 16 23:19:04 CET 2011

> -----Original Message-----
> From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at] On Behalf Of Nikos Mavrogiannopoulos
> Sent: Saturday, January 15, 2011 10:46 AM
> To: Murray S. Kucherawy
> Cc: help-gnutls at
> Subject: Re: RSA sign/verify and hash generation functions
> You can use gnutls_privkey_sign_hash2() instead of
> gnutls_x509_privkey_sign_hash2(). There shouldn't be any side-effects.

OK, I'll try that next week.

> For verification you could use gnutls_pubkey_verify_data/hash.

Already doing that.

> You can use the gnutls_x509_ interface to import/export from a
> file/buffer and then use the gnutls_privkey_ interface to import
> from that and access operations. In a language like C++ it would
> be easier to express that a gnutls_x509_privkey_t is also a
> gnutls_privkey_t, but in C it causes that inconvenience.

Yep, that's what I'm doing now.  The gnutls_x509_*() calls are only to import a private key in PEM/DER format, and to get the key size out, and to sign a hash (though I'll try the non-x509 interface next week).  Everything else is gnutls_privkey_*() or gnutls_pubkey_*() already.  Does that sound right? 

More information about the Gnutls-help mailing list