[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: RSA sign/verify and hash generation functions
From: |
Murray S. Kucherawy |
Subject: |
RE: RSA sign/verify and hash generation functions |
Date: |
Mon, 6 Dec 2010 14:00:53 -0800 |
> -----Original Message-----
> From: address@hidden
> [mailto:address@hidden On Behalf Of Nikos
> Mavrogiannopoulos
> Sent: Wednesday, December 01, 2010 2:20 AM
> To: Murray S. Kucherawy
> Cc: address@hidden
> Subject: Re: RSA sign/verify and hash generation functions
>
> If you remove the BEGIN and END tags then it is not PEM format any
> more. It is just a base64 of the DER data. With gnutls you can decode
> PEM or DER encoded keys, check the manual for more information. To
> handle your case you will have to base64 decode the key(gnutls has
> some helper functions for that) and then parse it as a DER key.
I'm working my way through the conversion. The hash stuff appears pretty
straightforward, but I'm missing how to import an simple RSA key in either PEM
or DER format. Since I already have a DER key decoded, let's focus on that.
The functions I see in the info pages for 2.11.4 include:
* gnutls_privkey_import_openpgp: Core functions. (line 3897)
* gnutls_privkey_import_pkcs11: Core functions. (line 3914)
* gnutls_privkey_import_x509: Core functions. (line 3931)
I don't see the way to get a DER key imported just from that. The X509
function takes a parameter that can be DER, so maybe that's the one I'm looking
for. Is that correct?
For public keys it appears to be more comprehensive interface so far:
* gnutls_pubkey_import: Core functions. (line 4583)
* gnutls_pubkey_import_dsa_raw: Core functions. (line 4474)
* gnutls_pubkey_import_openpgp: Core functions. (line 4497)
* gnutls_pubkey_import_pkcs11: Core functions. (line 4531)
* gnutls_pubkey_import_pkcs11_url: Core functions. (line 4514)
* gnutls_pubkey_import_rsa_raw: Core functions. (line 4548)
* gnutls_pubkey_import_x509: Core functions. (line 4566)
* gnutls_pubkey_init: Core functions. (line 4601)
I think I want the first one for what I'm doing, namely using DER-formatted RSA
keys to verify signatures.
With private keys, I need to do two things: encrypt some data, and extract a
matching public key in DER format. I think the encryption piece is done with
gnutls_pkcs11_privkey_sign_data(), but I don't see how to do the latter thing
so far. Which function is used to do that?
Also, can gnutls_hash_deinit() take a NULL second pointer if all I want to do
is deallocate the hash object, as I've previously gotten the result out from
gnutls_hash_output()?
Thanks,
-MSK
- Re: RSA sign/verify and hash generation functions, Nikos Mavrogiannopoulos, 2010/12/01
- RE: RSA sign/verify and hash generation functions,
Murray S. Kucherawy <=
- RE: RSA sign/verify and hash generation functions, Murray S. Kucherawy, 2010/12/07
- RE: RSA sign/verify and hash generation functions, Murray S. Kucherawy, 2010/12/08
- Re: RSA sign/verify and hash generation functions, Nikos Mavrogiannopoulos, 2010/12/08
- RE: RSA sign/verify and hash generation functions, Murray S. Kucherawy, 2010/12/08
- Re: RSA sign/verify and hash generation functions, Alessandro Vesely, 2010/12/09
- Re: RSA sign/verify and hash generation functions, Nikos Mavrogiannopoulos, 2010/12/09
- Re: RSA sign/verify and hash generation functions, Alessandro Vesely, 2010/12/11
- Re: RSA sign/verify and hash generation functions, Nikos Mavrogiannopoulos, 2010/12/08