I'm going to back up and ask an even more basic question which appears to be surprisingly elusive - how is a DSA key/certificate used in establishing an ssl connection?
I understand how an RSA key/cert ssl handshake proceeds but if the DSA key is used only for signatures, how is a secure ssl tunnel established? i.e. how do you securely agree on a symmetric key for further secure communications? (Which is how I assume things proceed.) Any pointers? N. --- Nou Dadoun ndad...@teradici.com 604-628-1215 -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Nou Dadoun Sent: July 24, 2012 10:31 AM To: openssl-users@openssl.org Subject: DSA certificates from windows certificate store into openssl Hey folks, I recently added a facility to our code base to retrieve a certificate and private key from a windows certificate store (using the windows crypto api) and converted it to a form usable by openssl. The certificate part was easy, the key a little trickier, involving the creation of a new rsa key pair in openssl and then modifying the parameters to match those derived from the privatekeyblob pulled from the windows cert data structure. This was all done for RSA keys and although I had a number of false starts, it wasn't too painful (once I'd arranged for exportable keys and got out of windows api land as quickly as possible). We've just had a customer request to support the use of DSA certificates which I know little about (so far), can the same general process be used to extract/convert DSA keys (I'm assuming that the certificate encoding is essentially the same). Does anyone have experience with this? Any pointers or links to documentation for how this might be done? Thanks in advance .... N --- Nou Dadoun ndad...@teradici.com 604-628-1215 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org