Hi everyone, well, after I solved the problem at [1], I got to real problems problems:
I want gnutls to negotiate encrypted connection using DSA keys. I realized that I will have to use DHE_DSS algorithm, but I have no idea how to generate a certificate for one. Googling failed, and documentation says only that "DHE_DSS uses DSA keys in certificates." In OpenSSL world (from where I'm migrating) it was easy, one just appended "-dsa" to key generating parameters, and it was done. Nevertheless; with gnutls and --dsa option; I'm getting error -89 (Public key signature verification has failed.). RSA alternative (--rsa with the same commands) works ok. So, is there any tutorial or howto on generating suitable DSA keys for use with encryption? Ideally with a complete certtool script for generating one selfsigned CA keypair and other that-ca-signed keypair. If I'm totally wrong and using DSA for encryption is lame, and therefore it doesn't and won't ever work, please tell me ;) Thanks in advance Mirek Kratochvil ----- [1] is gnutls-devel thread, can be seen at gmane: http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488 _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
