help-gnutls
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RSA sign/verify and hash generation functions

From: Nikos Mavrogiannopoulos
Subject: Re: RSA sign/verify and hash generation functions
Date: Thu, 09 Dec 2010 09:22:33 +0100
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.15) Gecko/20101027 Thunderbird/3.0.10 
On 12/08/2010 11:40 PM, Murray S. Kucherawy wrote:
>> -----Original Message----- From: Nikos Mavrogiannopoulos
>> [mailto:address@hidden On Behalf Of Nikos
>> Mavrogiannopoulos Sent: Wednesday, December 08, 2010 2:28 PM To:
>> Murray S. Kucherawy Cc: address@hidden Subject: Re: RSA
>> sign/verify and hash generation functions
>> 
>> On 12/08/2010 12:30 AM, Murray S. Kucherawy wrote:
>> 
>>> assert(gnutls_privkey_sign_hash(rsa_key, &dd, &rsa_out ==
>> GNUTLS_E_SUCCESS);
>> 
>> Also check the documentation of the functions you are using :)
> 
> I did.  By the looks of things, the *_sign_hash() functions look like
> they sign a hash that's already been computed, which is the case for
> me, so that's what I used.

The current sign_hash function is not what you want. They are tricky to
use to generate correct signatures (for DSA they work ok, but for RSA
require one more step to generate a PKCS #1 compliant signature - i.e.
BER encode the hash as DigestInfo). I'll add a safer to use API for
2.12.x and deprecate those functions.

The _sign_data() functions work as expected.

regards,
Nikos
reply via email to
[Prev in Thread] Current Thread [Next in Thread]