[gnutls-help] GnuTLS cryptographic API questions

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Mar 30 11:52:44 CEST 2017


On Wed, Mar 29, 2017 at 7:26 PM, Ted Zlatanov <tzz at lifelogs.com> wrote:
> Hello! I am evaluating the integration of the GnuTLS cryptographic
> functions into Emacs. My alternative is to use Nettle directly but I'd
> rather use the GnuTLS API.
> There are a few issues.
>
> I found myself unable to list the ciphers, MACs, and digests supported.
> Nettle exposes those lists but GnuTLS doesn't seem to. The problem with
> an explicit list is that I end up with [1] which will be either too
> limited (to support all platforms) or too aggressive. I don't think I
> could maintain that list long-term, since it could change with every
> GnuTLS release. How would you suggest I approach this for now?
> Individual ifdefs?

Hi,
 I am not sure how do you intend to use such lists, run-time or
compile-time, however would enumeration through the API be sufficient?
If yes, you may want to check the algorithm enumeration functions such
as
gnutls_mac_list(), gnutls_cipher_list() etc.

> Also I had to manually map the MACs to the digests, there's no way to
> tell which MACs don't have associated digests.

There are separate gnutls_mac_list() and gnutls_digest_list() which
can be used to obtain the different sets.

> Similarly there's no way
> to tell which ciphers can be used for AEAD, but at least there's no

The gnutls_cipher_get_tag_size could be used to determine the AEAD
status (only AEAD ciphers have a tag).

regards,
Nikos



More information about the Gnutls-help mailing list