Brad Buckingham wrote:
> I am using the certutil from the NSS-3.9 package
> to create a certificate. I would like to use
> a DSA key with a length greater than or equal to 768;
> however, the key generated always seems to be
> 512 in length.
>
> Is this a known problem?
> Is there something that I am doing incorrectly?
Yes, you need to do something differently. I will explain more below.
> certutil -S -n dsa_768_cert -x -k dsa -g 768 -t "u,u,u" -s "CN=My
> Common Name, OU=DSA 768" -d `pwd` -f passfile
>
> The certificate generated looks like the following:
>
> Note: The "PublicValue" below is only 512 in length.
While preparing the explanation below, I found bugs in both certutil
and makepqg that must be fixed before you can do what you want.
I have filed bugs on NSS about these issues, and created patches for
them. See these bugs:
http://bugzilla.mozilla.org/show_bug.cgi?id=247737
http://bugzilla.mozilla.org/show_bug.cgi?id=247738
http://bugzilla.mozilla.org/show_bug.cgi?id=247739
Explanation:
A DSA key is generated from a set of 3 values, known as P, Q, ang g,
or Prime, SubPrime, and Generator (or "base"). Collectively these
are known as the "PQG Params". A DSA public key consists of these
Params and a "public value". The public value cannot be larger than
the Prime P in the params.
Typically, a certificate authority generates a set of PQG params that
are shared by all the certs that are issued by that CA. Each cert has
the same PQG Params, but different public values.
So, unlike generating an RSA cert request, which involves finding two
large prime numbers (which can take a long time), generating a DSA
cert request only involves choosing a random private value, and then
computing the public value from it using the Params. The Prime in the
Params is an input to the DSA cert request process, not an output from it.
Certutil does not generate PQGParams. When you use certutil -S to
generate a cert request (and a cert), you must give it the PQGParams to
use via the -q option, or it will use a built-in default set, and that
default set has a 512-bit Prime P in it. That is why you got a cert
with a 512-bit public value. You may get PQGParams from anywhere you
like, or you can even generate them with antoher of NSS's test programs.
NSS has another program, named makepqg, that generates a new Prime,
SubPrime, and Base, and outputs it into a file of PQGParams.
The following sequence of commands *SHOULD* create a new 768-bit set
of PQGparams, and then should use it to make a new cert.
makepqg -a -l 768 -o mypqgparams768.b64 -g 160
certutil -S -n dsa_768_cert -x -k dsa -q mypqgparams768.b64 -g 768 \
-t u,u,u -s "CN=My Common Name, OU=DSA 768" -d . -f passfile
But they don't do that with NSS 3.9. I have coded fixes for all 3 bugs
above, and once they're in NSS, then the commands above will work as
expected.
--
Nelson B
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
