[gnutls-help] Alternative Private keys?

Bjørn H. Christensen BHC at insight.dk
Thu Oct 22 12:15:19 CEST 2015


I am looking at alternative ways to provide private keys  for  GnuTLS.

gnutls_privkey_import_ext2 and gnutls_privkey_import_ext3

Both function have a sign_func and decrypt_func defined as follows:

typedef int (*gnutls_privkey_sign_func) (gnutls_privkey_t key,
                                                                                       void *userdata,
                                                                                       const gnutls_datum_t *
                                                                                       gnutls_datum_t * signature);

typedef int (*gnutls_privkey_decrypt_func) (gnutls_privkey_t key,
                                                                                           void *userdata,
                                                                                           const gnutls_datum_t *
                                                                                           gnutls_datum_t * plaintext);

I would assume (but are not sure) that GnuTLS need to Sign a hash and verify a hash  signature combination.

Are my assumptions wrong? Do GnuTLS actually need to decrypt ciphertext to plaintext, in other cases than verifying a hash signature combination?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20151022/3c4b32a2/attachment.html>

More information about the Gnutls-help mailing list