how to use gnutls_privkey_import_ext
Carolin Latze
latze at angry-red-pla.net
Sun Jun 10 21:15:35 CEST 2012
On 06/10/2012 08:45 PM, Nikos Mavrogiannopoulos wrote:
> On 06/10/2012 07:36 PM, Carolin Latze wrote:
>
>
>> I am sorry, but this still causes me some troubles.
>>
>> As far as I understand it, the hash in PKCS#1 is:
>>
>> bytes 00 - 14: algorithm identifier + some more bytes
>> bytes 15 - 20: the hash
>> So I thought it might be sufficient do define a new gnutls_datum_t vdata
>> with
>> vdata.data =&raw_data->data[15]
>> vdata.size = raw_data->size-15
>>
>
> Why do you do that? You're not supposed to interpret that data, just
> sign it using raw RSA. You should treat it the same way you treated the
> MD5+SHA1 combo in TLS 1.0.
>
>
Hm. I cannot send more than 20 bytes to the TPM sign function, so I
would need to encrypt. As far as I remember the TLS 1.2 RFC, the goal
was to have 20 bytes and be able to use standard signature functions
instead of encryption as it was in TLS <1.2. So maybe other
cryptographic modules are able to handle the complete PKCS#1 structure,
but unfortunately, the TPM is not.
More information about the Gnutls-help
mailing list