Bodo Moeller wrote:
>
> On Sun, Jul 11, 1999 at 12:45:16PM +0100, Dr Stephen Henson wrote:
> > Bodo Moeller wrote:
>
> >> And the ASN.1 structure for DH parameters does not allow storing the
> >> order of the generator (that is, the sub-prime; or at least it's
> >> likely to be prime in those cases where one would like to store it).
> >> In fact even the DH data structure does not have a component for it.
>
> > Yes thats true for the PKCS#3 DH support in OpenSSL. X9.42 DH does have
> > support for including these additional parameters though.
>
> Is there a canonical way to extend the ASN.1 that we have for DH to
> allow including optional subprimes?
Well I don't know about "canonical". Several of the ASN1 structures used
(e.g. DSA private keys) are AFAIK made up and not from any particular
standard.
There isn't any reason why the ASN1 structure used for DH parameters
couldn't be changed to support X9.42 DomainParameters:
DomainParameters ::= SEQUENCE {
p INTEGER, -- odd prime, p=jq +1
g INTEGER, -- generator, g
q INTEGER, -- factor of p-1
j INTEGER OPTIONAL, -- subgroup factor
validationParms ValidationParms OPTIONAL }
ValidationParms ::= SEQUENCE {
seed BIT STRING,
pgenCounter INTEGER }
validationParams could be left out if we don't want to follow the X9.42
parameter generation at present.
One tiny change (making q OPTIONAL) will allow both cases to be handled
since if q, j and validationParams are omitted this is then equivalent
to a PKCS#3 DHParameter structure.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
