how to use gnutls_privkey_import_ext
latze at angry-red-pla.net
Sun Jun 10 19:36:58 CEST 2012
I am sorry, but this still causes me some troubles.
As far as I understand it, the hash in PKCS#1 is:
bytes 00 - 14: algorithm identifier + some more bytes
bytes 15 - 20: the hash
So I thought it might be sufficient do define a new gnutls_datum_t vdata
vdata.data = &raw_data->data
vdata.size = raw_data->size-15
Did not work :) The TPM was happy, but the TLS handshake ended with
"Public key signature verification has failed."
if (r!=ASN1_SUCCESS) printf("ERROR: asn1_der_decoding: %s\n",asn2err(r));
if (r!=ASN1_SUCCESS) printf("ERROR: asn1_read_value: %s\n",asn2err(r));
However, this (=both functions) ends with
GNUTLS_E_ASN1_ELEMENT_NOT_FOUND. When I check decode_ber_digest_info in
the GnuTLS code I see that you initialize it first, probably with the
GnuTLS ASN.1 type. So this is probably the reason for this error,
however I see no easy way to initialize it in my code. Is there any
function that does that already?
On 06/10/2012 05:25 PM, Nikos Mavrogiannopoulos wrote:
> On 06/10/2012 05:08 PM, Carolin Latze wrote:
>> shy question: what type of hashes will be delivered with RSA-SHA1? I get
>> a hash of 35 bytes length, which is a bit too long for a standard SHA1.
>> And it is too short for the old SHA1+MD5 hash that used to used in TLS.
> It should be the PKCS #1 encoding applied after hashing. It includes an
> algorithm identifier.
More information about the Gnutls-help