[gnutls-help] Generating DH key pair with given parameters

Brendan Shanks bshanks at codeweavers.com
Fri Nov 22 02:36:03 CET 2019


Hi everyone,

The Wine project currently uses GnuTLS to implement the Windows bcrypt/CNG library. I’ve been looking at adding DH support but have had trouble finding the right APIs to use in GnuTLS.

Does GnuTLS have a public API for generating a public/private key pair given a set of DH parameters (prime/generator)? Something equivalent to OpenSSL's DH_generate_key()?
It seems like _gnutls_pk_generate_keys() is what I want to use, but I don’t see any public API that will call that with provided DH parameters. For example I can’t see any way to provide a gnutls_dh_params_t to gnutls_x509_privkey_generate2(), it always calls _gnutls_pk_generate_params() to generate new parameters.

The kind of bcrypt API usage I’m looking to support is similar to this Windows sample code: <https://github.com/microsoft/Windows-classic-samples/blob/master/Samples/Security/DhOakleyGroup1/cpp/DhOakleyGroup1.cpp#L192 <https://github.com/microsoft/Windows-classic-samples/blob/master/Samples/Security/DhOakleyGroup1/cpp/DhOakleyGroup1.cpp#L192>>. Generate a public/private key pair with provided DH parameters, then export the key, import a different key, etc.


Thanks for any advice,

Brendan Shanks
CodeWeavers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20191121/01f600b7/attachment.html>


More information about the Gnutls-help mailing list