From 7b4377a12f774975aa9b5091417cbcd65dc33db7 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Thu, 30 Apr 2020 07:05:19 +0200 Subject: doc: expand GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE description on RSA-PSS [ci skip] For RSA-PSS, this flag alone doens't fully enable reproducible signatures and the user needs to indicate the fact that a zero-length salt is used through SPKI upon verification. Signed-off-by: Daiki Ueno --- lib/includes/gnutls/abstract.h | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h index d8805681a9..386ae3e49f 100644 --- a/lib/includes/gnutls/abstract.h +++ b/lib/includes/gnutls/abstract.h @@ -372,9 +372,12 @@ int gnutls_privkey_status(gnutls_privkey_t key); * @GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA: Make an RSA signature on the hashed data as in the TLS protocol. * @GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS: Make an RSA signature on the hashed data with the PSS padding. * @GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE: Make a signature on the hashed data with reproducible parameters. - * For RSA-PSS, that means to use empty salt instead of random value. For ECDSA/DSA, it uses the deterministic - * construction of random parameter according to RFC 6979. Note that - * this only supports the NIST curves and DSA subgroup bits up to 512. + * For RSA-PSS, that means to use empty salt instead of random value. To + * verify a signature created using this flag, the corresponding SPKI needs + * to be set on the public key. Use gnutls_pubkey_set_spki() for that. + * For ECDSA/DSA, it uses the deterministic construction of random parameter + * according to RFC 6979. Note that this only supports the NIST curves and DSA + * subgroup bits up to 512. * @GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE: When importing a private key, automatically * release it when the structure it was imported is released. * @GNUTLS_PRIVKEY_IMPORT_COPY: Copy required values during import. -- cgit v1.2.1