yaron gudes wrote:
>
> Hi,
> Does anyone know if Netscape support import of PKCS#12 DSA Certificates
> ? I am trying to do but it fails and I want to know if this is a problem
> with my code.
>
I just tried my PKCS#12 code with Netscape 6.0 PSM 1.4 and it imported a
DSA private key and certificate just fine.
With DSA private keys you have to use the correct PKCS#8 format, this
information is buried in a dark corner of the PKCS#11 specification
behind a notice saying "beware of the leopard".
We have:
PrivateKeyInfo ::= SEQUENCE {
version Version,
privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
privateKey PrivateKey,
attributes [0] IMPLICIT Attributes OPTIONAL }
Version ::= INTEGER
PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
PrivateKey ::= OCTET STRING
Attributes ::= SET OF Attribute
The DSA parameters are placed in the parameters field of the
privateKeyAlgorithm and the private key is placed in the PrivateKey
field encoded as an ASN1 INTEGER.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
