Question about PKCS#8 format with DSA parameters

Fri, 30 Mar 2001 10:35:08 -0800 


I'm trying to use a certificate generated by a Java app (using a certain
Java Crypto library).  It knows how to generate PKCS#8 format with DSA
parameters and identifies the algorithm as OID=1.3.14.3.2.12.  This is
equivalent to "dsaEncryption-old" in crypto/objects/objects.h.
This Java library *does not* know how to use the OID=1.2.840.10040.4.1 which
is equivalent to "dsaEncryption".

But in the evelope parsing code, crypto/evp/evp_pkey.c, only the
"rsaEncryption" and "dsaEncryption" algorithms are supported.  I tried
adding the case statement to that file, and it worked:

        crypto/evp/evp_pkey.c, line 115
        #ifndef NO_DSA
                case NID_dsa:
                case NID_dsa_2: /* added this line */

Now, openssl parses the PKCS#8 encrypted private key that contains my DSA
parameters tagged with the DSA-old OID.  Buy why is there a distinction?
What is the difference between these algorithms?
If there is no difference, then why are there two tags?  I also noticed a
similar OID -- "DSA-SHA1-old".

If there are versions of the DSA standard, the Java library does not explain
which version it uses (not much of a suprise, eh?).  And I haven't had time
to search through the openssl source code to figure it out.

Is there a web reference for "the evolution of DSA"?  I'll keep looking
through the source code for answers...

- Eric B







======================= Confidentiality Statement ======================= 
The information contained in this message and any attachments is 
intended only for the use of the individual or entity to which it is 
addressed, and may contain information that is PRIVILEGED, CONFIDENTIAL 
and exempt from disclosure under applicable law.  If you have received 
this message in error, you are prohibited from copying, distributing, or 
using the information.  Please contact the sender immediately by return 
e-mail and delete the original message from your system. 
===================== End Confidentiality Statement =====================  


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to