[gnutls-help] GnuTLS 3.6.0 released

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Sep 15 15:33:49 CEST 2017

On Thu, Sep 14, 2017 at 11:14 AM, Jeremy Harris <jgh at wizmail.org> wrote:
> Hi,
> https://gnutls.org/reference/gnutls-abstract.html
> says, for gnutls_privkey_sign_hash() :-
> "Note that, not all algorithm support signing already hashed data. When
>  signing with Ed25519, gnutls_privkey_sign_data() should be used."
> Meantime there's a draft[1] for extending DKIM to use Ed25519 signatures
> which wants to use signing of an already-computed hash, as opposed
> to a hash-plus-signing operation.
> [ Subissue: sha256 hash, specifically.  The GnuTLS docs do not seem
> to say _what_ hashes are acceptable for what signing algorithms; only
> that there's a way to request a hash that is "preferred", and that
> for some signings that hash might be mandatory].
> The draft refers to RFC 8032, which defines both "Pure" and "Hash"
> variants of signing  (section 4).
> Is there intent to support the Pure variant of Ed25519 signing in
> future?

It's quite unfortunate that dkim decided to use the pre-hashed variant
because the curdle working group, which defined the PKIX additions for
ed25519, decided to drop it. As such, you can only sign using the
"pure" variant for certificates, as well as the PKCS#7/CMS structures.
That is this the reason only this variant was introduced in gnutls.


More information about the Gnutls-help mailing list