Ulrich Matejek wrote:
Hi everybody, when experimenting with OpenSSL v0.9.9 (since that version allows choosing the digest algorithm when creating a PKCS#7 structure) I encountered an odd behaviour: no matter what argument was specified for the "-md" parameter, the resulting PKCS#7 structure had the SHA-1 OID set in all occurrences. Is that problem related to the prerelease status of that version or was it caused by an unclean installation on my machine?
if you are using ecc that's simply a limitation of the current implementation. Perhaps I will commit a patch to enable at least the ecdsa-with-sha{224|256|384|512} signature algorithms this weekend (the other new signature schemes require a bit more work).
Secondly (and that's the reason why I checked this thing in the first place): does anybody know whether there's a standardised way to set the OIDs for digest/cipher algorithm fields when using signing algorithms such as ECDSA-with-SHA224? My guess would be that the digest algorithm OID is set to id-sha224 (2.16.840.1.101.3.4.2.4) and the cipher algorithm OID to ecdsa-with-SHA224 (1.2.840.10045.4.3.1), but I'd like to be sure :)
don't know if there a draft for the ecdsa signature schemes but at least for ecdsa-with-sha1 we have [1] and I guess the other algs are handled mutatis mutandis. Cheers, Nils [1] http://www.ietf.org/rfc/rfc3278.txt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]