RSA sign/verify and hash generation functions
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon Jan 17 21:32:12 CET 2011
On 01/16/2011 11:19 PM, Murray S. Kucherawy wrote:
>> -----Original Message----- From: Nikos Mavrogiannopoulos
>> [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos
>> Mavrogiannopoulos Sent: Saturday, January 15, 2011 10:46 AM To:
>> Murray S. Kucherawy Cc: help-gnutls at gnu.org Subject: Re: RSA
>> sign/verify and hash generation functions
>>
>> You can use gnutls_privkey_sign_hash2() instead of
>> gnutls_x509_privkey_sign_hash2(). There shouldn't be any
>> side-effects.
>
> OK, I'll try that next week.
>
>> For verification you could use gnutls_pubkey_verify_data/hash.
>
> Already doing that.
>
>> You can use the gnutls_x509_ interface to import/export from a
>> file/buffer and then use the gnutls_privkey_ interface to import
>> from that and access operations. In a language like C++ it would be
>> easier to express that a gnutls_x509_privkey_t is also a
>> gnutls_privkey_t, but in C it causes that inconvenience.
>
> Yep, that's what I'm doing now. The gnutls_x509_*() calls are only
> to import a private key in PEM/DER format, and to get the key size
> out, and to sign a hash (though I'll try the non-x509 interface next
> week). Everything else is gnutls_privkey_*() or gnutls_pubkey_*()
> already. Does that sound right?
Yes. Aboutthe non gnutls_x509_* interface I have not fixed my mind
yet since it appears to have side-effects. The current calls you
describe is what will work anyway.
regards,
Nikos
More information about the Gnutls-help
mailing list