@deftypefun {int} {gnutls_privkey_sign_hash2} (gnutls_privkey_t @var{signer}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash_data}, gnutls_datum_t * @var{signature})
@var{signer}: Holds the signer's key

@var{algo}: The signature algorithm used

@var{flags}: Zero or one of @code{gnutls_privkey_flags_t} 

@var{hash_data}: holds the data to be signed

@var{signature}: will contain newly allocated signature

This function will sign the given hashed data using the specified signature
algorithm. This function is an enhancement of @code{gnutls_privkey_sign_hash()} ,
as it allows utilizing a alternative signature algorithm where possible
(e.g, use an RSA key with RSA-PSS).

The flags may be @code{GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA} .
In that case this function will ignore  @code{hash_algo} and perform a raw PKCS1 signature.
Note that this flag is supported since 3.6.9.

Note also that, not all algorithm support signing already hashed data. When
signing with Ed25519, @code{gnutls_privkey_sign_data2()}  should be used instead.

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
negative error value.

@strong{Since:} 3.6.0
@end deftypefun