On Friday 19 September 2003 21:17, Frank wrote: > Nils Larsch wrote: > > On Friday 19 September 2003 15:28, Frank wrote: > > > What I've seen so far with openssl is that there seems to be 10,000 > > > ways to do the same thing so I want to make sure I understand how to do > > > a DSA signature. My questions are as follows: > > > > > > 1. Do you need a separte cert for signing RSA DSA? I created certs with > > > the following shell (create parms and ca cert in different steps): > > > > > > #! /bin/sh > > > openssl req -newkey dsa:dsa_param.pem -nodes -keyout $1_priv.pem -out > > > $1_req.pem > > > openssl ca -in $1_req.pem -out $1_cert.pem -policy policy_anything > > > -infiles < ca_in > > > > > > Now will a cert created this way be suitable for signing data with DSA > > > w/SHA1 hash? > > > > You don't need a cert to sign something only the private key matters. > > Yes true, sorry I was not more specific, sign and check signature (thought > that would have been understood but I guess not). So really any > public/prvate key pair will do then right? is there a better way to > generate a public private key pair in openssl then with creating > certificates?
That depends on what you want to do. If you want to associate some entity with a public key use certificates otherwise you could simply use the rsa public key structure. Nils ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
