> -----Original Message----- > From: Nikos Mavrogiannopoulos [mailto:[email protected]] On > Behalf Of Nikos Mavrogiannopoulos > Sent: Thursday, December 09, 2010 12:23 AM > To: Murray S. Kucherawy > Cc: [email protected] > Subject: Re: RSA sign/verify and hash generation functions > > > I did. By the looks of things, the *_sign_hash() functions look like > > they sign a hash that's already been computed, which is the case for > > me, so that's what I used. > > The current sign_hash function is not what you want. They are tricky to > use to generate correct signatures (for DSA they work ok, but for RSA > require one more step to generate a PKCS #1 compliant signature - i.e. > BER encode the hash as DigestInfo). I'll add a safer to use API for > 2.12.x and deprecate those functions.
OK. If you would like me to try those out once they're available, just point me at the tarball.
_______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
