I'm a little confused by the gendh, dh, gendsa, dsaparam, and dsa
commands.
"gendh" creates a set of dh parameters (p,g) and writes it out
"dh" reads the dh parameters and prints them
"dsaparam" creates or reads a set of dsa paremters (p,q,g) and writes it out.
It optionally (using a flag which is in the code, but not in the
usage message) generates a private key, and writes that out (to the
same file, which seems sort of silly).
"gendsa" reads the parameters, generates a dsa private key (which includes
the parameters and associated public key: (p,q,g,x,y)), and writes
it out.
"dsa" reads a private key (as above), and writes it out.
I have a few problems.
- In general, some of the code writes to the file specifed as the
output file with -out, and some of the code (at least the bits which
output C code) use printf. It's possible to write multiple kinds of
output to an output file (like ASN.1 data and text), which ends up
being nonsensical.
- The commands are wildly inconsistent. gendh and gendsa do
completely different things. I don't know if backward compatibility
is really important, but if it isn't, I'd rename gendh to dhparam, and
dh to gendh.
- There's no way to generate a DH private key or public key, or to
combine them into a shared secret. (The API function names for this,
DH_generate_key, and DH_compute_key, are also confusing.)
- There's no way to generate or verify a DSA signature.
- There's no way to generate a DSA public key only (p,q,g,y) for
publication.
On a different topic, I need to use El Gamal, so I'm going to
implement it. I'm a US citizen, so I can't contribute the code to
openssl (*maybe* the signature code, but I'd want a legal opinion
first), but if there's some other useful distribution point, please
let me know. I'm not interested in dealing with giving it to
individuals, because of the work involved.
Marc
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
