gnutls_privkey_sign_hash2 — API function


#include <gnutls/abstract.h>

int gnutls_privkey_sign_hash2(gnutls_privkey_t signer, gnutls_sign_algorithm_t algo, unsigned int flags, const gnutls_datum_t * hash_data, gnutls_datum_t * signature);


gnutls_privkey_t signer

Holds the signer's key

gnutls_sign_algorithm_t algo

The signature algorithm used

unsigned int flags

Zero or one of gnutls_privkey_flags_t

const gnutls_datum_t * hash_data

holds the data to be signed

gnutls_datum_t * signature

will contain newly allocated signature


This function will sign the given hashed data using a signature algorithm supported by the private key. Signature algorithms are always used together with a hash functions.  Different hash functions may be used for the RSA algorithm, but only SHA-XXX for the DSA keys.

You may use gnutls_pubkey_get_preferred_hash_algorithm() to determine the hash algorithm.

The flags may be GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA or GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS. In the former case this function will ignore  hash_algo and perform a raw PKCS1 signature, and in the latter an RSA-PSS signature will be generated. Note that the flag GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA is supported since 3.6.9.

Note that, not all algorithm support signing already hashed data. When signing with Ed25519, gnutls_privkey_sign_data() should be used.


On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.



Reporting Bugs

Report bugs to <>.
Home page:

See Also

The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit


3.6.9 gnutls