On Mon, Jul 12, 1999 at 12:00:00AM +0000, Dr Stephen Henson wrote:
> Bodo Moeller wrote:
>> Is there a canonical way to extend the ASN.1 that we have for DH to
>> allow including optional subprimes?
> Well I don't know about "canonical". Several of the ASN1 structures used
> (e.g. DSA private keys) are AFAIK made up and not from any particular
> standard.
>
> There isn't any reason why the ASN1 structure used for DH parameters
> couldn't be changed to support X9.42 DomainParameters:
>
> DomainParameters ::= SEQUENCE {
> p INTEGER, -- odd prime, p=jq +1
> g INTEGER, -- generator, g
> q INTEGER, -- factor of p-1
> j INTEGER OPTIONAL, -- subgroup factor
> validationParms ValidationParms OPTIONAL }
>
> ValidationParms ::= SEQUENCE {
> seed BIT STRING,
> pgenCounter INTEGER }
I just noticed that the SSLeay/OpenSSL format does (optionally)
include the _length_ of q (well, more exactly the length to be used
for private parameters), which is enough for many purposes. The
format used is the PKCS #3 format:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
DHParameter ::= SEQUENCE {
prime INTEGER, -- p
base INTEGER, -- g
privateValueLength INTEGER OPTIONAL }
The fields of type DHParameter have the following meanings:
o prime is the prime p.
o base is the base g.
o privateValueLength is the optional private-value
length l.
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
