Hi, I will try to answer your question from the second email.
Whenever DSA method is used for authentication, it works the pretty much same way it works during the RSA authentication. However, DSA can not be used for key establishment. Unlike in RSA method, RSA is commonly used for dual purpose: 1. authentication 2. key establishment Therefore, whenever you sue DSA, you have to use a separate mechanism for key establishment. For instance, Diffie-Hellman . Hope this helps. On Tue, Jul 24, 2012 at 9:25 PM, Nou Dadoun <ndad...@teradici.com> wrote: > I'm going to back up and ask an even more basic question which appears to > be surprisingly elusive - how is a DSA key/certificate used in establishing > an ssl connection? > > I understand how an RSA key/cert ssl handshake proceeds but if the DSA key > is used only for signatures, how is a secure ssl tunnel established? i.e. > how do you securely agree on a symmetric key for further secure > communications? (Which is how I assume things proceed.) > > Any pointers? > > N. > > --- > Nou Dadoun > ndad...@teradici.com > 604-628-1215 > > > -----Original Message----- > From: owner-openssl-us...@openssl.org [mailto: > owner-openssl-us...@openssl.org] On Behalf Of Nou Dadoun > Sent: July 24, 2012 10:31 AM > To: openssl-users@openssl.org > Subject: DSA certificates from windows certificate store into openssl > > Hey folks, > I recently added a facility to our code base to retrieve a certificate and > private key from a windows certificate store (using the windows crypto api) > and converted it to a form usable by openssl. The certificate part was > easy, the key a little trickier, involving the creation of a new rsa key > pair in openssl and then modifying the parameters to match those derived > from the privatekeyblob pulled from the windows cert data structure. > > This was all done for RSA keys and although I had a number of false > starts, it wasn't too painful (once I'd arranged for exportable keys and > got out of windows api land as quickly as possible). > > We've just had a customer request to support the use of DSA certificates > which I know little about (so far), can the same general process be used to > extract/convert DSA keys (I'm assuming that the certificate encoding is > essentially the same). > > Does anyone have experience with this? Any pointers or links to > documentation for how this might be done? > > Thanks in advance .... N > > > --- > Nou Dadoun > ndad...@teradici.com > 604-628-1215 > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- Regards, *Sukalp Bhople.*
