|
From: | Carolin Latze |
Subject: | Re: how to use gnutls_privkey_import_ext |
Date: | Sun, 10 Jun 2012 21:15:35 +0200 |
User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.16) Gecko/20120506 Icedove/3.0.11 |
On 06/10/2012 08:45 PM, Nikos Mavrogiannopoulos wrote:
Hm. I cannot send more than 20 bytes to the TPM sign function, so I would need to encrypt. As far as I remember the TLS 1.2 RFC, the goal was to have 20 bytes and be able to use standard signature functions instead of encryption as it was in TLS <1.2. So maybe other cryptographic modules are able to handle the complete PKCS#1 structure, but unfortunately, the TPM is not.On 06/10/2012 07:36 PM, Carolin Latze wrote:I am sorry, but this still causes me some troubles. As far as I understand it, the hash in PKCS#1 is: bytes 00 - 14: algorithm identifier + some more bytes bytes 15 - 20: the hash So I thought it might be sufficient do define a new gnutls_datum_t vdata with vdata.data =&raw_data->data[15] vdata.size = raw_data->size-15Why do you do that? You're not supposed to interpret that data, just sign it using raw RSA. You should treat it the same way you treated the MD5+SHA1 combo in TLS 1.0.
[Prev in Thread] | Current Thread | [Next in Thread] |