Problem with DSA key signed CSRs
Timo Gerke
tgerke at web.de
Tue Jun 29 11:06:40 CEST 2010
Nikos Mavrogiannopoulos wrote:
> Timo Gerke wrote:
>
>> Dear List,
>>
>> I think I've discoverd an other bug.
>> Then I generate a CSR signed with an DSA key an verify the request
>> with openssl the verification fails.
>> I did:
>>
>> a.1) certtool -p --dsa --disable-quick-random --outfile dsakey.pem
>> a.2) certtool --to-p8 --pkcs-cipher aes-256 --load-privkey dsakey.pem --outfile dsakey.p8
>> b) certtool -8q --load-privkey --load-privkey dsakey.pem --outfile newreq.pem
>> c) openssl req -verify -noout -in newreq.csr
>>
>>
[...]
>
> Hello,
> It seems openssl doesn't support DSA keys of size more than 1024 bits.
> Use --bits 1024 on your first command and it will work.
>
>
>> BTW the format autodectetion of certtool seems not to work properly.
>>
>
> Does it have autodetection? :)
>
>
Hello,
I think it has.
If I run this command:
certtool -q --load-privkey dsakey.p8 --outfile newreq.csr
I get this error:
certtool: import error: could not find a valid PEM header; check
if your
key is PKCS #8 or PKCS #12 encoded
regards,
Timo
> regardsm
> Nikos
>
P.S. This message is resent, previously I only sent it to Nikos.
More information about the Gnutls-help
mailing list