* @hash_data: holds the data to be signed
* @signature: will contain newly allocated signature
*
- * This function will sign the given hashed data using a signature algorithm
- * supported by the private key. Signature algorithms are always used
- * together with a hash functions. Different hash functions may be
- * used for the RSA algorithm, but only SHA-XXX for the DSA keys.
- *
- * You may use gnutls_pubkey_get_preferred_hash_algorithm() to determine
- * the hash algorithm.
+ * This function will sign the given hashed data using the specified signature
+ * algorithm. This function is an enhancement of gnutls_privkey_sign_hash(),
+ * as it allows utilizing a alternative signature algorithm where possible
+ * (e.g, use an RSA key with RSA-PSS).
*
- * The flags may be %GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA or %GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS.
- * In the former case this function will ignore @hash_algo and perform a raw PKCS1 signature,
- * and in the latter an RSA-PSS signature will be generated. Note that the flag
- * %GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA is supported since 3.6.9.
+ * The flags may be %GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA.
+ * In that case this function will ignore @hash_algo and perform a raw PKCS1 signature.
+ * Note that this flag is supported since 3.6.9.
*
- * Note that, not all algorithm support signing already hashed data. When
- * signing with Ed25519, gnutls_privkey_sign_data() should be used.
+ * Note also that, not all algorithm support signing already hashed data. When
+ * signing with Ed25519, gnutls_privkey_sign_data2() should be used instead.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
projects / thirdparty / gnutls.git / commitdiff
