how to use gnutls_privkey_import_ext

Carolin Latze latze at
Sat Jun 9 12:36:09 CEST 2012

Hi all

I tried to port some of my really old code to a new version of GnuTLS. I 
used a signing callback in order to let the TPM sign data. However since 
gnutls_sign_callback_set is deprecated now I tried to move to 
gnutls_privkey_import_ext. Here is what I did:

I defined an empty privkey structure (since the privkey is stored within 
the TPM):
const gnutls_datum_t key = { NULL, 0 };

I took my old sign callback and assigned it to that structure:
gnutls_certificate_set_x509_key_mem(xcred, &ccert, &key, 

But now when I try to run the handshake, I get:
GnuTLS error: Insufficient credentials for that request.
Segmentation fault (core dumped)

Since I have debug messages in my sign function I know that it does 
never execute that function

Are there any examples on how to use privkey_import_ext? I did not find 
any so far :-/

PKCS#11 is not really an option since that comes with some limitations 
on the TPM...


More information about the Gnutls-help mailing list