[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] Encryption using DSA keys

From: Miroslav Kratochvil
Subject: [Help-gnutls] Encryption using DSA keys
Date: Mon, 20 Apr 2009 15:56:47 +0200

Hi everyone,

well, after I solved the problem at [1], I got to real problems problems:

I want gnutls to negotiate encrypted connection using DSA keys. I
realized that I will have to use DHE_DSS algorithm, but I have no idea
how to generate a certificate for one. Googling failed, and
documentation says only that "DHE_DSS uses DSA keys in certificates."

In OpenSSL world (from where I'm migrating) it was easy, one just
appended "-dsa" to key generating parameters, and it was done.
Nevertheless; with gnutls and --dsa option; I'm getting error -89
(Public key signature verification has failed.). RSA alternative
(--rsa with the same commands) works ok.

So, is there any tutorial or howto on generating suitable DSA keys for
use with encryption? Ideally with a complete certtool script for
generating one selfsigned CA keypair and other that-ca-signed keypair.

If I'm totally wrong and using DSA for encryption is lame, and
therefore it doesn't and won't ever work, please tell me ;)

Thanks in advance

Mirek Kratochvil

[1] is gnutls-devel thread, can be seen at gmane:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]