On Mon, Nov 06, 2006, Clem Taylor wrote: > >It might be the 2048 bit DSA cert it doesn't like. Try with a 1024 bit DSA > >key > >or a 2048 bit RSA key. > > Yup, that seems to be the problem, it didn't like 2048 bit DSA keys. > It is happy with 1024 bit DSA keys and 2048 bit RSA keys. >
Some standard revisions require the key size for DSA to be between 512 and 1024 bits in one case and only 1024 bits in another. > I'm creating the certs for an embedded security device that could > easily have a >15 year life and typically won't have an internet > connection, so I want to make sure that I'm using enough bits to cover > the life of the device. I guess I'll go with 2048 bit RSA keys. > That would arguably put the use of SHA-1 into question too. Though if you use SHA-2 not all software will support it. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
