<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi everyone,<br class=""><br class="">The Wine project currently uses GnuTLS to implement the Windows bcrypt/CNG library. I’ve been looking at adding DH support but have had trouble finding the right APIs to use in GnuTLS.<br class=""><br class="">Does GnuTLS have a public API for generating a public/private key pair given a set of DH parameters (prime/generator)? Something equivalent to OpenSSL's DH_generate_key()?<br class="">It seems like _gnutls_pk_generate_keys() is what I want to use, but I don’t see any public API that will call that with provided DH parameters. For example I can’t see any way to provide a gnutls_dh_params_t to gnutls_x509_privkey_generate2(), it always calls _gnutls_pk_generate_params() to generate new parameters.<br class=""><br class="">The kind of bcrypt API usage I’m looking to support is similar to this Windows sample code: <<a href="https://github.com/microsoft/Windows-classic-samples/blob/master/Samples/Security/DhOakleyGroup1/cpp/DhOakleyGroup1.cpp#L192" class="">https://github.com/microsoft/Windows-classic-samples/blob/master/Samples/Security/DhOakleyGroup1/cpp/DhOakleyGroup1.cpp#L192</a>>. Generate a public/private key pair with provided DH parameters, then export the key, import a different key, etc.<br class=""><br class=""><br class="">Thanks for any advice,<br class=""><br class="">Brendan Shanks<br class="">CodeWeavers</body></html>