Niels Möller (nisse@lysator.liu.se)
27 Feb 1999 05:55:21 +0100
EKR <ekr@rtfm.com> writes:
> nisse@lysator.liu.se (Niels Möller) writes:
>
> > 1. How are dsa signatures formatted, when used in the SSL protocol?
> > One reference to rsaref I have read says that it uses a
> > concatenation of r and s, each written as a 160 bit string. Is this
> > the same format used with SSL?
> It's the BER encoding of:
>
> DSSSignature ::= SEQUENCE {
> r INTEGER,
> s INTEGER
> }
Thanks.
> > 2. What formats are popular for storing dsa keys, in this context? For
> > RSA keys, I use pkcs#1 key formats (encapsulated using PEM-style
> > ascii-armoring).
> There's a lot of variety. Note that you do not need to agree with
> everyone else in order to be compatible.
I understand that private key format are not crucial for
compatibility. But it would still be nice to be able to use keys
created by SSLeay/OpenSSL, and vice versa.
> > 5. Formats and object identifiers for certification of diffie-hellman
> > parameters?
> See PKIX: RFC 2459
One more question... The dsa signature process: If this is in any way
similar to the PKCS#1 rsa signature process, it would go like this:
1. Hash the message to be signed (with SHA1 or some other
cryptographic hash function).
2. Create a DigestInfo structure, and DER-encode it.
3. Sign the result using DSA (where the first step is hashing with
SHA1).
Is this correct? Or is the process simpler: feeding the message
directly to the DSA algorithm (i.e. first SHA1, then some bignum
calculations), without any DigestInfo stuff?
In the latter case, the object identifier id-dsa-with-sha1 seems
completely redundant; the sha1 part is implied by "dsa", and there's
no place in the signature process for another hash function. The
id-dsa identifier (with omitted parameters) would do just as well for
identifying the complete signature process.
/Niels
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:28