Re: Problem with DSA key signed CSRs

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem with DSA key signed CSRs

From:	Timo Gerke
Subject:	Re: Problem with DSA key signed CSRs
Date:	Tue, 29 Jun 2010 11:06:40 +0200
User-agent:	Thunderbird 2.0.0.23 (Windows/20090812)

Nikos Mavrogiannopoulos wrote:

Timo Gerke wrote:

Dear List,

I think I've discoverd an other bug.
Then I generate a CSR signed with an DSA key an verify the request
with openssl the verification fails.
I did:

a.1) certtool -p --dsa --disable-quick-random --outfile dsakey.pem
a.2) certtool --to-p8  --pkcs-cipher aes-256 --load-privkey dsakey.pem 
--outfile dsakey.p8

b) certtool -8q --load-privkey --load-privkey dsakey.pem --outfile newreq.pemc) openssl req -verify -noout -in newreq.csr

[...]


Hello,
 It seems openssl doesn't support DSA keys of size more than 1024 bits.
Use --bits 1024 on your first command and it will work.

BTW the format autodectetion of certtool seems not to work properly.


Does it have autodetection? :)

Hello,

I think  it has.
If I run this  command:
certtool -q --load-privkey dsakey.p8 --outfile newreq.csr

I get this error:

certtool: import error: could not find a valid PEM header; checkif your

key is PKCS #8 or PKCS #12 encoded

regards,
Timo

regardsm
Nikos


P.S. This message is resent, previously I only sent it to Nikos.

[Prev in Thread]

Current Thread

[Next in Thread]

Problem with DSA key signed CSRs, Timo Gerke, 2010/06/28
- Re: Problem with DSA key signed CSRs, Nikos Mavrogiannopoulos, 2010/06/28
  - Re: Problem with DSA key signed CSRs, Timo Gerke <=
    - Re: Problem with DSA key signed CSRs, Nikos Mavrogiannopoulos, 2010/06/30

Prev by Date: Two gnutls-cli feature requests
Next by Date: deallocation in gnutls_*_deinit?
Previous by thread: Re: Problem with DSA key signed CSRs
Next by thread: Re: Problem with DSA key signed CSRs
Index(es):
- Date
- Thread