Nelson B wrote:
Thanks. I tested it again.
NSS rejected the DSA public key in the cert because the length of its
prime P is outside the range defined for DSA in FIPS 186-2. AFAIK, the
DSA is defined in FIPS 186-2, which states that the prime P must have
length L (bits) where 512 <= L <= 1024 and L is a multiple of 64.
The value of P in the cert is 2048 bits. Since that is not one of the
values for which the DSA is defined, NSS rejects the key.
(comments from the peanut gallery...)
Hmm... seems reasonable. There's only limited value
in fiddling with DSA's paramaters, as it moves into
"out of balance" territory and diminishing returns
pretty quickly. At least, that's the answer I've always
gotten when asking the question.
Unless there's some shared viewpoint out there on
what DSA extended sig variations are acceptable,
I'd stick to the spec. It will be updated by NIST in
due course; in the meantime if you want a stronger
cert, use RSA.
The wrong error code is being given, and NSS should be changed to
give the right error code, which should be SEC_ERROR_BAD_KEY, -8178,
"Peer's public key is invalid.".
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
