Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:27
EKR (ekr@rtfm.com)
17 Feb 1999 08:36:03 -0800
nisse@lysator.liu.se (Niels Möller) writes:
> I'm considering adding support for non-rsa based key exchange to
> Roxen's SSL implementation. But the SSL3 spec doesn't contain enough
> details or references on DH and DSA signatures and certificates. If
> anybody could answer the questions below, or point me to accurate
> references, I will be most grateful:
>
> 1. How are dsa signatures formatted, when used in the SSL protocol?
> One reference to rsaref I have read says that it uses a
> concatenation of r and s, each written as a 160 bit string. Is this
> the same format used with SSL?
It's the BER encoding of:
DSSSignature ::= SEQUENCE {
r INTEGER,
s INTEGER
}
> 2. What formats are popular for storing dsa keys, in this context? For
> RSA keys, I use pkcs#1 key formats (encapsulated using PEM-style
> ascii-armoring).
There's a lot of variety. Note that you do not need to agree with
everyone else in order to be compatible.
> 3. What are the formats and object identifiers relevant for
> dsa-certificates (i.e. certificates signed using dsa as well as
> certificates for dsa keys).
>
> 4. When using fixed diffie-hellman parameters, what formats for public
> and secret parameters are popular?
>
> 5. Formats and object identifiers for certification of diffie-hellman
> parameters?
See PKIX: RFC 2459
-Ekr
-- [Eric Rescorla ekr@rtfm.com]
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:27