Nelson,
Thanks for investigating my question and providing the detailed response. I will pick up the new tools when they are available.
Outstanding work!
Cheers, Brad
Nelson B wrote:
Brad Buckingham wrote:
> I am using the certutil from the NSS-3.9 package > to create a certificate. I would like to use > a DSA key with a length greater than or equal to 768; > however, the key generated always seems to be > 512 in length. > > Is this a known problem? > Is there something that I am doing incorrectly?
Yes, you need to do something differently. I will explain more below.
> certutil -S -n dsa_768_cert -x -k dsa -g 768 -t "u,u,u" -s "CN=My > Common Name, OU=DSA 768" -d `pwd` -f passfile > > The certificate generated looks like the following: > > Note: The "PublicValue" below is only 512 in length.
While preparing the explanation below, I found bugs in both certutil and makepqg that must be fixed before you can do what you want. I have filed bugs on NSS about these issues, and created patches for them. See these bugs: http://bugzilla.mozilla.org/show_bug.cgi?id=247737 http://bugzilla.mozilla.org/show_bug.cgi?id=247738 http://bugzilla.mozilla.org/show_bug.cgi?id=247739
Explanation:
A DSA key is generated from a set of 3 values, known as P, Q, ang g, or Prime, SubPrime, and Generator (or "base"). Collectively these are known as the "PQG Params". A DSA public key consists of these Params and a "public value". The public value cannot be larger than the Prime P in the params.
Typically, a certificate authority generates a set of PQG params that are shared by all the certs that are issued by that CA. Each cert has the same PQG Params, but different public values.
So, unlike generating an RSA cert request, which involves finding two large prime numbers (which can take a long time), generating a DSA cert request only involves choosing a random private value, and then computing the public value from it using the Params. The Prime in the Params is an input to the DSA cert request process, not an output from it.
Certutil does not generate PQGParams. When you use certutil -S to generate a cert request (and a cert), you must give it the PQGParams to use via the -q option, or it will use a built-in default set, and that default set has a 512-bit Prime P in it. That is why you got a cert with a 512-bit public value. You may get PQGParams from anywhere you like, or you can even generate them with antoher of NSS's test programs.
NSS has another program, named makepqg, that generates a new Prime, SubPrime, and Base, and outputs it into a file of PQGParams.
The following sequence of commands *SHOULD* create a new 768-bit set of PQGparams, and then should use it to make a new cert.
makepqg -a -l 768 -o mypqgparams768.b64 -g 160
certutil -S -n dsa_768_cert -x -k dsa -q mypqgparams768.b64 -g 768 \ -t u,u,u -s "CN=My Common Name, OU=DSA 768" -d . -f passfile
But they don't do that with NSS 3.9. I have coded fixes for all 3 bugs above, and once they're in NSS, then the commands above will work as expected.
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
