[gnutls-dev] Lack of documented standard for exporting DSA priv_keys in PKCS8 format??
David Marín Carreño
davefx at gmail.com
Mon Nov 19 15:10:59 CET 2007
El lun, 19-11-2007 a las 15:43 +0200, Nikos Mavrogiannopoulos escribió:
> Are you sure the referenced document defines such thing? It has only 3
> sections and 26 pages.
> I remember I also had problems finding this document when I was
> developing it. If you can find
> references to it I could implement and document it.
>
Sorry, I put the wrong link. It should be:
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
I see that OpenSSL follows a previous version of this document. From
OpenSSL's pkcs8 man page:
"The format of PKCS#8 DSA (and other) private keys is not well
documented: it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's
default DSA PKCS#8 private key format complies with this standard."
Section 11.9 of version 2.01 corresponds to section 12.6 of version
2.20.
Other references in the web also point to this document. From
http://www.drh-consultancy.demon.co.uk/pkcs12faq.html :
Can PKCS#12 be used for non RSA private keys, for example DSA
and DH keys?
Yes it can. PKCS#12 uses PKCS#8 for storing private keys but
PKCS#8 itself only gives information about RSA. PKCS#11 however
extends PKCS#8 and provides a standard for storing DSA and DH
private keys using PKCS#8. Netscape follows the PKCS#11
extension to PKCS#8 for DSA private keys. For more information
see the PKCS#11 specification.
Thank you for your support
Best regards,
--
David Marín Carreño <davefx at gmail.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3204 bytes
Desc: not available
URL: </pipermail/attachments/20071119/936139f0/attachment.bin>
More information about the Gnutls-devel
mailing list