Cryptography Reference
In-Depth Information
04 81 ce
206 byte octet
string
30 81 cb 80 14 2d …
30 0d
13 byte sequence
Signature Algorithm
06 09 2a 86 48 86 f7 0d
01 01 05
9 byte OID
RSA with SHA-1
05 00
0 byte fi ller
03 41 00 1b 63 7b …
65 byte string
signatureValue
Note that the interpretation of the second column is automatic and requires
no context. However, the interpretation of the third column — the actual certifi -
cate contents — requires that you keep close track of the sequences, sets, and so
on and match them against the defi nition. One frustrating thing about ASN.1
DER-encoded strings is that they don't carry any identifying information with
them. You can often recognize a DER-encoded fi le by the 30 byte that (usually)
starts it, but if you don't have some external information indicating what type
of fi le it is, you'll never be able to fi gure out what sort of fi le you're looking at.
Using OpenSSL to Generate a DSA KeyPair and Certifi cate
The example certifi cate in the previous section included an RSA public key.
Although this is by far the most common certifi cate form, OpenSSL allows you
to generate certifi cates that include DSA keys as well. (It does not, at the time of
this writing, allow the creation of a certifi cate with Diffi e-Hellman parameters
as discussed earlier). The process is slightly more involved, though. First, you
must create a set of DSA parameters ( p , q , and g ):
[jdavies@localhost ssl]$ openssl dsaparam 512
-out dsaparam.cer
Generating DSA parameters, 512 bit long prime
This could take some time
..+................+.....+++++++++++++++++++++++++++++++++++++++++++++++++++*
.......+..+...........+........................................+.....+..+......
...
........+..+.....+......................+............+....+.+....+.............
...
.+.+........+.........................................+....+..+.+.....+..+..+..
...
.+...........+...+..........+.........................+.............+..........
...
+.......+...+............+....+....++++++++++++++++++++++++++++++++++++++++++++
+++
++++*
Search WWH ::




Custom Search