[gnutls-help] Generating DH key pair with given parameters
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sat Nov 23 07:08:57 CET 2019
Hi,
That's not an API exported operation. Diffie-Hellman is handled
internally. The reason was that there was not much need for exporting
as a supported API. What we have is APIs for testing this operation;
which are:
_gnutls_dh_compute_key;
_gnutls_dh_generate_key;
_gnutls_ecdh_generate_key;
_gnutls_ecdh_compute_key;
(and defined in lib/nettle/pk.c)
If that's sufficient for your use-cases would you like to propose them
(preferrably with an MR, or alternatively with opening an issue) to be
exported in the normal APIs? You could use them even today, but unless
we promote them to supported API they may break.
regards,
Nikos
On Fri, Nov 22, 2019 at 2:37 AM Brendan Shanks <bshanks at codeweavers.com> wrote:
>
> Hi everyone,
>
> The Wine project currently uses GnuTLS to implement the Windows bcrypt/CNG library. I’ve been looking at adding DH support but have had trouble finding the right APIs to use in GnuTLS.
>
> Does GnuTLS have a public API for generating a public/private key pair given a set of DH parameters (prime/generator)? Something equivalent to OpenSSL's DH_generate_key()?
> It seems like _gnutls_pk_generate_keys() is what I want to use, but I don’t see any public API that will call that with provided DH parameters. For example I can’t see any way to provide a gnutls_dh_params_t to gnutls_x509_privkey_generate2(), it always calls _gnutls_pk_generate_params() to generate new parameters.
>
> The kind of bcrypt API usage I’m looking to support is similar to this Windows sample code: <https://github.com/microsoft/Windows-classic-samples/blob/master/Samples/Security/DhOakleyGroup1/cpp/DhOakleyGroup1.cpp#L192>. Generate a public/private key pair with provided DH parameters, then export the key, import a different key, etc.
>
>
> Thanks for any advice,
>
> Brendan Shanks
> CodeWeavers
> _______________________________________________
> Gnutls-help mailing list
> Gnutls-help at lists.gnutls.org
> http://lists.gnupg.org/mailman/listinfo/gnutls-help
More information about the Gnutls-help
mailing list