Nils Larsch wrote:
> On Friday 19 September 2003 15:28, Frank wrote: > > What I've seen so far with openssl is that there seems to be 10,000 ways > > to do the same thing so I want to make sure I understand how to do a DSA > > signature. My questions are as follows: > > > > 1. Do you need a separte cert for signing RSA DSA? I created certs with > > the following shell (create parms and ca cert in different steps): > > > > #! /bin/sh > > openssl req -newkey dsa:dsa_param.pem -nodes -keyout $1_priv.pem -out > > $1_req.pem > > openssl ca -in $1_req.pem -out $1_cert.pem -policy policy_anything > > -infiles < ca_in > > > > Now will a cert created this way be suitable for signing data with DSA > > w/SHA1 hash? > > You don't need a cert to sign something only the private key matters. Yes true, sorry I was not more specific, sign and check signature (thought that would have been understood but I guess not). So really any public/prvate key pair will do then right? is there a better way to generate a public private key pair in openssl then with creating certificates? > > > > > > 2. If it will, then how do I sogn the data using the dsa(3) functions > > or will the EVP funtions I used for signing RSA work too (i.e see > > nothign that was RSA specific). i.e. > > EVP_SignInit(); > > EVP_SignUpdate(); > > EVP_SignFinal(); > > You can do it with both methods but using the EVP_Sign* API is > recommened (and simpler). > > Nils > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
