how to use gnutls_privkey_import_ext

Nikos Mavrogiannopoulos nmav at
Sun Jun 10 11:55:29 CEST 2012

On 06/10/2012 11:37 AM, Carolin Latze wrote:

>> Hello,
>>   Did you check the error code from this function? It should have failed
>> because it requires a sign function and a decryption function. You also
>> do not set the public key algorithm to be used and put a NULL there.
> I also tried with GNUTLS_PK_RSA, but that did not help. And yeah I also
> switched on logging with a level of 15, but did not really see what the
> problem could. Well I thought it would be the pk algorithm, but as I
> said, that did not solve the problem.

Note that I didn't refer to logging but to checking the error code
returned by the function. If such a function fails the results are
inpredictable (like the crash you see). If possible send me an output of
valgrind with the crash to see whether an error code can be returned
instead of crash.

>> I see that trousers comes with a PKCS #11 module (or they claim to).
>> I've never tried it, but doesn't it work?
> It does. But the TPM has never been designed to meet the PKCS#11 spec,
> so it requires for instance to set some keys to NULL. I could do that
> but I need to clear and reset my TPM to do that and I was hoping that I
> could prevent that. Maybe that is the next thing I try if I don't manage
> to get the other function to work.

This function works (I know it is used in windows which usually has no
pkcs #11), so if you have more issues let me know. Just make sure you
provide functions of the correct type (note that the parameters in
gnutls_privkey_sign_func are different than the old gnutls_sign_func).

btw. If you manage to use the TPM with this, would be nice if you point
me to your code (if it is lgpl). Would be nice to have some code to use TPM.


More information about the Gnutls-help mailing list