Re: RSA sign/verify and hash generation functions

[Nikos Mavrogiannopoulos]

On 12/17/2010 12:17 AM, Murray S. Kucherawy wrote:
>> -----Original Message-----
>> From: Nikos Mavrogiannopoulos [mailto:address@hidden On Behalf Of Nikos 
>> Mavrogiannopoulos
>> Sent: Thursday, December 16, 2010 1:23 PM
>> To: Murray S. Kucherawy
>> Cc: address@hidden
>> Subject: Re: RSA sign/verify and hash generation functions
>>
>>> bits = 0;
>>> gnutls_pubkey_init(&X)
>>> gnutls_pubkey_import(X, &keydata, GNUTLS_X509_FMT_DER);
>>> gnutls_pubkey_verify_hash(X, 0, &digest, &signature);  <== works; returns 1
>>> gnutls_pubkey_get_pk_algorithm(X, &bits);
>>> assert(bits > 0);  <== FAILS
>>>
>>> It looks like key->bits is never set to anything by
>>> gnutls_pubkey_import().
>> It was not set when importing from a raw format. Should work now.
> No improvement.  The diff I see in your repository updated 
> gnutls_pubkey_import_rsa_raw(), but not gnutls_pubkey_import(), and the 
> latter doesn't appear to call the former.

I missed that one, should be ok now.

>>>> gnutls_x509_privkey_init(A)
>>>> gnutls_x509_privkey_import(A)
>>>> gnutls_privkey_init(P)
>>>> gnutls_privkey_import_x509(P,A)
>>>> gnutls_pubkey_init(B)
>>>> gnutls_pubkey_import_privkey(B,P)
>>> Works for me.  Let me know when you'd like me to grab a snapshot and
>>> try it.
>> Should work by now.
> Trying to make sense of the "usage" parameter for that last function call.  I 
> imagine for this application (RSA verifying), I need to set it to 
> GNUTLS_KEY_DIGITAL_SIGNATURE?

It's only useful if you export the public key to a certificate or
certificate request. The digital signature is usage is ok.

regards,
Nikos