Cory Winter wrote:
>
> Hi,
>
> I'm trying to get interoperability between OpenSSL and IAIK using PKCS8
> encoded DSA certs and keys created with the Java toolkit.
>
> I understand that the OID used for OpenSSL DSA signed certificates is
> different then that used for Java IAIK certificates. This is the source
> of my problem when it comes to decrypting PKCS8 encoded DSA certificates
> and keys with one implementation while the certificates and keys were
> created with the other.
>
> However I had a minor breaktrough when I discovered that you could
> tell the IAIK toolkit to expect a different OID for DSA. For example:
>
> new AlgorithmID("1.2.840.10040.4.1", "DSA", "DSA");
>
> This enabled interop with OpenSSL and IAIK when the certs where created
> using the OpenSSL toolkit. However, I still cannot get interop when I
> create the certs with IAIK.
>
> What I'm wondering is, is it possible to do the same sort of thing in
> OpenSSL? Can I tell the toolkit to expect another OID for DSA certs?
> Namely the OID that is used by IAIK?
>
Can you post an example of the kind of key it produces and that OpenSSL
wont handle? OpenSSL handles two different OIDs for PKCS#8 DSA and lots
of very broken encodings, if there's a new one then I'll look into it.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
