RE: RSA sign/verify and hash generation functions

[Murray S. Kucherawy]

> -----Original Message-----
> From: Nikos Mavrogiannopoulos [mailto:address@hidden On Behalf Of Nikos 
> Mavrogiannopoulos
> Sent: Saturday, January 15, 2011 5:13 AM
> To: Murray S. Kucherawy
> Cc: address@hidden
> Subject: Re: RSA sign/verify and hash generation functions
> 
> btw. I'm planning into deprecating all the gnutls_x509_* functions to
> sign and verify data, and only leave the gnutls_privkey_ and
> gnutls_pubkey_ equivalent functions. That is to simplify internals
> and avoid having the same functions for each certificate type.
> Just in case this change affects you.

It does.  Right now I'm using:

- gnutls_x509_privkey_init() to allocate an object
- gnutls_x509_privkey_import() to read in a PEM-encoded or DER-encoded RSA key
- gnutls_privkey_import_x509() to extract a generic private key from the above
- gnutls_privkey_get_pk_algorithm() just to get the key size of the above
- gnutls_x509_privkey_deinit() to deallocate
- gnutls_x509_privkey_sign_hash2() to sign

As I recall, what was missing from the basic privkey interface was the means to 
get a PEM/DER-encoded RSA key; I had to go through the gnutls_x509_*() 
functions to do that.  What I need is a gnutls_privkey_import() that can do the 
same, and a matching gnutls_privkey_sign_hash2(), and then I can get rid of the 
gnutls_x509_*() calls altogether.

If you have a version available that has those API changes, I can give it a try 
next week.

-MSK