On 12/09/2010 07:13 PM, Murray S. Kucherawy wrote: >> -----Original Message----- >> From: Nikos Mavrogiannopoulos [mailto:[email protected]] On >> Behalf Of Nikos Mavrogiannopoulos >> Sent: Thursday, December 09, 2010 12:23 AM >> To: Murray S. Kucherawy >> Cc: [email protected] >> Subject: Re: RSA sign/verify and hash generation functions >> >>> I did. By the looks of things, the *_sign_hash() functions look like >>> they sign a hash that's already been computed, which is the case for >>> me, so that's what I used. >> >> The current sign_hash function is not what you want. They are tricky to >> use to generate correct signatures (for DSA they work ok, but for RSA >> require one more step to generate a PKCS #1 compliant signature - i.e. >> BER encode the hash as DigestInfo). I'll add a safer to use API for >> 2.12.x and deprecate those functions. > > OK. If you would like me to try those out once they're available, just point > me at the tarball.
Could you check: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=tree;h=refs/heads/master;hb=master You can get a tarball by clicking on snapshot. I've added sign_hash2() family of functions that should work as expected. For usage you can also check the test program x509sign-verify.c. regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
