Dr S N Henson wrote:
> > Wouldn't you rather have the ASN.1 profile?
>
> I'd rather have both. If past experience is anything to go by the ASN.1
> profile will show what the certificates should be like and the examples
> will show what they really are like :-)
Yes, and I've already promised you this, but have been buried in work (I
suppose it beats the alternatives: not having work, or being buried in
rubble). I'll try to get this to you soon.
There are considerable advantages in doing away with the subgroup
nonsense if you're not doing DSS -- it can strengthen the key agreement
against several forms of attack.
For the hand-waving approach, the only difference in syntax is
in subjectPublicKeyInfo --
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING }
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL }
with the subjectPublicKey defined as the DER-encoding of the DH Public Key
encoded as an INTEGER
DHPublicKey ::= INTEGER
and with
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
SEQUENCE {
prime INTEGER, -- p
base INTEGER, -- g
privateValueLength INTEGER OPTIONAL } }
with the OBJECT IDENTIFIER value being dhKeyAgreement (1.2.840.113549.1.3.1)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]