[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: RSA sign/verify and hash generation functions
From: |
Murray S. Kucherawy |
Subject: |
RE: RSA sign/verify and hash generation functions |
Date: |
Sat, 15 Jan 2011 09:26:51 -0800 |
> -----Original Message-----
> From: Nikos Mavrogiannopoulos [mailto:address@hidden On Behalf Of Nikos
> Mavrogiannopoulos
> Sent: Saturday, January 15, 2011 5:13 AM
> To: Murray S. Kucherawy
> Cc: address@hidden
> Subject: Re: RSA sign/verify and hash generation functions
>
> btw. I'm planning into deprecating all the gnutls_x509_* functions to
> sign and verify data, and only leave the gnutls_privkey_ and
> gnutls_pubkey_ equivalent functions. That is to simplify internals
> and avoid having the same functions for each certificate type.
> Just in case this change affects you.
It does. Right now I'm using:
- gnutls_x509_privkey_init() to allocate an object
- gnutls_x509_privkey_import() to read in a PEM-encoded or DER-encoded RSA key
- gnutls_privkey_import_x509() to extract a generic private key from the above
- gnutls_privkey_get_pk_algorithm() just to get the key size of the above
- gnutls_x509_privkey_deinit() to deallocate
- gnutls_x509_privkey_sign_hash2() to sign
As I recall, what was missing from the basic privkey interface was the means to
get a PEM/DER-encoded RSA key; I had to go through the gnutls_x509_*()
functions to do that. What I need is a gnutls_privkey_import() that can do the
same, and a matching gnutls_privkey_sign_hash2(), and then I can get rid of the
gnutls_x509_*() calls altogether.
If you have a version available that has those API changes, I can give it a try
next week.
-MSK