certutil: unable to create a DSA certificate w/key length other than 512

Brad Buckingham Fri, 18 Jun 2004 13:48:18 -0700

Hi,

I am using the certutil from the NSS-3.9 package
to create a certificate.  I would like to use
a DSA key with a length greater than or equal to 768;
however, the key generated always seems to be
512 in length.

Is this a known problem?
Is there something that I am doing incorrectly?

The following is the command-line executed:

   Note: I am requesting a key length of 768

certutil -S -n dsa_768_cert -x -k dsa -g 768 -t "u,u,u" -s "CN=My Common Name, OU=DSA 768" -d `pwd` -f passfile

The certificate generated looks like the following:

    Note: The "PublicValue" below is only 512 in length.

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2074395015 (0x7ba4c187)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA1 Digest
        Issuer:
            "CN=My Common Name,OU=DSA 768"
        Validity:
            Not Before: Fri Jun 18 17:40:20 2004
            Not After : Sat Sep 18 17:40:20 2004
        Subject:
            "CN=My Common Name,OU=DSA 768"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:81:9c:02:41:00:8d:f2:a4:94:49:22:76:aa:3d:25:
                    75:9b:b0:68:69:cb:ea:c0:d8:3a:fb:8d:0c:f7:cb:b8:
                    32:4f:0d:78:82:e5:d0:76:2f:c5:b7:21:0e:af:c2:e9:
                    ad:ac:32:ab:7a:ac:49:69:3d:fb:f8:37:24:c2:ec:07:
                    36:ee:31:c8:02:91:02:15:00:c7:73:21:8c:73:7e:c8:
                    ee:99:3b:4f:2d:ed:30:f4:8e:da:ce:91:5f:02:40:62:
                    6d:02:78:39:ea:0a:13:41:31:63:a5:5b:4c:b5:00:29:
                    9d:55:22:95:6c:ef:cb:3b:ff:10:f3:99:ce:2c:2e:71:
                    cb:9d:e5:fa:24:ba:bf:58:e5:b7:95:21:92:5c:9c:c4:
                    2e:9f:6f:46:4b:08:8c:c5:72:af:53:e6:d7:88:02
            DSA Public Key:
                Prime:
                    8d:f2:a4:94:49:22:76:aa:3d:25:75:9b:b0:68:69:cb:
                    ea:c0:d8:3a:fb:8d:0c:f7:cb:b8:32:4f:0d:78:82:e5:
                    d0:76:2f:c5:b7:21:0e:af:c2:e9:ad:ac:32:ab:7a:ac:
                    49:69:3d:fb:f8:37:24:c2:ec:07:36:ee:31:c8:02:91
                Subprime:
                    c7:73:21:8c:73:7e:c8:ee:99:3b:4f:2d:ed:30:f4:8e:
                    da:ce:91:5f
                Base:
                    62:6d:02:78:39:ea:0a:13:41:31:63:a5:5b:4c:b5:00:
                    29:9d:55:22:95:6c:ef:cb:3b:ff:10:f3:99:ce:2c:2e:
                    71:cb:9d:e5:fa:24:ba:bf:58:e5:b7:95:21:92:5c:9c:
                    c4:2e:9f:6f:46:4b:08:8c:c5:72:af:53:e6:d7:88:02
                PublicValue:
                    43:06:cb:a2:99:54:4a:0f:91:55:dc:e9:79:ee:ab:0f:
                    11:c8:4b:41:0b:7e:68:7e:c9:72:37:2f:6e:ea:4a:d2:
                    6d:0e:7e:de:ce:5d:da:47:2a:54:0f:88:1e:33:9d:76:
                    eb:e7:4e:6a:60:38:e9:d6:15:14:5f:b5:14:03:6b:3e
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA1 Digest
    Signature:
        30:2d:02:15:00:b9:8b:2b:3c:f9:99:24:11:7d:fc:0a:
        48:7b:64:e0:e4:4b:7b:be:d3:02:14:11:93:ff:de:57:
        f1:c5:eb:fb:ca:a3:5d:72:4d:a9:a0:b9:95:bb:3d
    Fingerprint (MD5):
        CE:1A:8C:F1:81:CD:1F:D2:57:4D:2D:B2:94:7E:E6:21
    Fingerprint (SHA1):
        20:EA:07:F3:05:CF:5F:B0:65:23:F5:93:8C:A8:51:4C:AF:5C:F2:4C

    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User

Thanks in advance,
Brad

_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto

certutil: unable to create a DSA certificate w/key length other than 512

Reply via email to