Ulrich Matejek wrote:
Hi everybody,
when experimenting with OpenSSL v0.9.9 (since that version allows
choosing the digest algorithm when creating a PKCS#7 structure) I
encountered an odd behaviour: no matter what argument was specified for
the "-md" parameter, the resulting PKCS#7 structure had the SHA-1 OID
set in all occurrences.
Is that problem related to the prerelease status of that version or was
it caused by an unclean installation on my machine?
if you are using ecc that's simply a limitation of the current
implementation. Perhaps I will commit a patch to enable at least
the ecdsa-with-sha{224|256|384|512} signature algorithms this
weekend (the other new signature schemes require a bit more work).
Secondly (and that's the reason why I checked this thing in the first
place): does anybody know whether there's a standardised way to set the
OIDs for digest/cipher algorithm fields when using signing algorithms
such as ECDSA-with-SHA224? My guess would be that the digest algorithm
OID is set to id-sha224 (2.16.840.1.101.3.4.2.4) and the cipher
algorithm OID to ecdsa-with-SHA224 (1.2.840.10045.4.3.1), but I'd like
to be sure :)
don't know if there a draft for the ecdsa signature schemes but
at least for ecdsa-with-sha1 we have [1] and I guess the other
algs are handled mutatis mutandis.
Cheers,
Nils
[1] http://www.ietf.org/rfc/rfc3278.txt
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
