[gnutls-dev] Lack of documented standard for exporting DSA priv_keys in PKCS8 format??

David Marín Carreño davefx at gmail.com
Mon Nov 19 15:10:59 CET 2007


El lun, 19-11-2007 a las 15:43 +0200, Nikos Mavrogiannopoulos escribió:

> Are you sure the referenced document defines such thing? It has only 3
> sections  and 26 pages.
> I remember I also had problems finding this document when I was
> developing it. If you can find
> references to it I could implement and document it.
> 

Sorry, I put the wrong link. It should be:
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf

I see that OpenSSL follows a previous version of this document. From
OpenSSL's pkcs8 man page:
"The format of PKCS#8 DSA (and other) private keys is not well
documented: it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's
default DSA PKCS#8 private key format complies with this standard."

Section 11.9 of version 2.01 corresponds to section 12.6 of version
2.20.

Other references in the web also point to this document. From
http://www.drh-consultancy.demon.co.uk/pkcs12faq.html :

        Can PKCS#12 be used for non RSA private keys, for example DSA
        and DH keys?
        Yes it can. PKCS#12 uses PKCS#8 for storing private keys but
        PKCS#8 itself only gives information about RSA. PKCS#11 however
        extends PKCS#8 and provides a standard for storing DSA and DH
        private keys using PKCS#8. Netscape follows the PKCS#11
        extension to PKCS#8 for DSA private keys. For more information
        see the PKCS#11 specification.
        
Thank you for your support

Best regards,
-- 
David Marín Carreño <davefx at gmail.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3204 bytes
Desc: not available
Url : /pipermail/attachments/20071119/936139f0/attachment.bin 


More information about the Gnutls-dev mailing list