On Thu, Oct 22, 2015 at 12:15 PM, Bjørn H. Christensen <[email protected]> wrote: > Hello, > I am looking at alternative ways to provide private keys for GnuTLS. > gnutls_privkey_import_ext2 and gnutls_privkey_import_ext3 > Both function have a sign_func and decrypt_func defined as follows: > typedef int (*gnutls_privkey_sign_func) (gnutls_privkey_t key, > void *userdata, > const gnutls_datum_t * > raw_data, > gnutls_datum_t * signature); > typedef int (*gnutls_privkey_decrypt_func) (gnutls_privkey_t key, > void *userdata, > const gnutls_datum_t * > ciphertext, > gnutls_datum_t * plaintext);
> I would assume (but are not sure) that GnuTLS need to Sign a hash and verify > a hash signature combination. If I understand correctly the question is when gnutls does it need the sign or decrypt function? If yes, then the answer is it depends. For some ciphersuites (RSA, PSK-RSA) decryption is required, while for the DHE and ECDHE ciphersuites only signing is required. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
