Dr S N Henson wrote:

> > Wouldn't you rather have the ASN.1 profile?
> 
> I'd rather have both. If past experience is anything to go by the ASN.1
> profile will show what the certificates should be like and the examples
> will show what they really are like :-)

Yes, and I've already promised you this, but have been buried in work (I
suppose it beats the alternatives:  not having work, or being buried in
rubble).  I'll try to get this to you soon.

There are considerable advantages in doing away with the subgroup
nonsense if you're not doing DSS -- it can strengthen the key agreement
against several forms of attack.

For the hand-waving approach,  the only difference in syntax is 
in subjectPublicKeyInfo --

        SubjectPublicKeyInfo  ::=  SEQUENCE  {
                algorithm               AlgorithmIdentifier,
                subjectPublicKey        BIT STRING  }


        AlgorithmIdentifier  ::=  SEQUENCE  {
                algorithm               OBJECT IDENTIFIER,
                parameters              ANY DEFINED BY algorithm OPTIONAL  }


with the subjectPublicKey defined as the DER-encoding of the DH Public Key   
encoded as an INTEGER

        DHPublicKey ::= INTEGER

and with 

        AlgorithmIdentifier ::= SEQUENCE { 
                algorithm               OBJECT IDENTIFIER,
                SEQUENCE { 
                        prime                   INTEGER, -- p 
                        base                    INTEGER, -- g 
                        privateValueLength      INTEGER OPTIONAL } } 

with the OBJECT IDENTIFIER value being dhKeyAgreement (1.2.840.113549.1.3.1)
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to