[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gnutls-dev] Lack of documented standard for exporting DSA priv_keys
From: |
David Marín Carreño |
Subject: |
Re: [gnutls-dev] Lack of documented standard for exporting DSA priv_keys in PKCS8 format?? |
Date: |
Mon, 19 Nov 2007 15:10:59 +0100 |
El lun, 19-11-2007 a las 15:43 +0200, Nikos Mavrogiannopoulos escribió:
> Are you sure the referenced document defines such thing? It has only 3
> sections and 26 pages.
> I remember I also had problems finding this document when I was
> developing it. If you can find
> references to it I could implement and document it.
>
Sorry, I put the wrong link. It should be:
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
I see that OpenSSL follows a previous version of this document. From
OpenSSL's pkcs8 man page:
"The format of PKCS#8 DSA (and other) private keys is not well
documented: it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's
default DSA PKCS#8 private key format complies with this standard."
Section 11.9 of version 2.01 corresponds to section 12.6 of version
2.20.
Other references in the web also point to this document. From
http://www.drh-consultancy.demon.co.uk/pkcs12faq.html :
Can PKCS#12 be used for non RSA private keys, for example DSA
and DH keys?
Yes it can. PKCS#12 uses PKCS#8 for storing private keys but
PKCS#8 itself only gives information about RSA. PKCS#11 however
extends PKCS#8 and provides a standard for storing DSA and DH
private keys using PKCS#8. Netscape follows the PKCS#11
extension to PKCS#8 for DSA private keys. For more information
see the PKCS#11 specification.
Thank you for your support
Best regards,
--
David Marín Carreño <address@hidden>
smime.p7s
Description: S/MIME cryptographic signature