Bodo Moeller wrote:
>
> > 'gendh' and 'dh' should be combined and called 'dhparam' this would be
> > more consistent with the dsaparam behaviour.
>
> >> - There's no way to generate a DH private key or public key, or to
> >> combine them into a shared secret. (The API function names for this,
> >> DH_generate_key, and DH_compute_key, are also confusing.)
>
> > Thats because DH private keys are only parly supported: for example
> > there isn't any ASN1 structure for holding a DH private key at present
> > nor can DH public keys be used in certificates.
>
> And the ASN.1 structure for DH parameters does not allow storing the
> order of the generator (that is, the sub-prime; or at least it's
> likely to be prime in those cases where one would like to store it).
> In fact even the DH data structure does not have a component for it.
Yes thats true for the PKCS#3 DH support in OpenSSL. X9.42 DH does have
support for including these additional parameters though.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
