[gnutls-dev] Lack of documented standard for exporting DSA priv_keys in PKCS8 format??

David Marín Carreño davefx at gmail.com
Mon Nov 19 15:10:59 CET 2007

El lun, 19-11-2007 a las 15:43 +0200, Nikos Mavrogiannopoulos escribió:

> Are you sure the referenced document defines such thing? It has only 3
> sections  and 26 pages.
> I remember I also had problems finding this document when I was
> developing it. If you can find
> references to it I could implement and document it.

Sorry, I put the wrong link. It should be:

I see that OpenSSL follows a previous version of this document. From
OpenSSL's pkcs8 man page:
"The format of PKCS#8 DSA (and other) private keys is not well
documented: it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's
default DSA PKCS#8 private key format complies with this standard."

Section 11.9 of version 2.01 corresponds to section 12.6 of version

Other references in the web also point to this document. From
http://www.drh-consultancy.demon.co.uk/pkcs12faq.html :

        Can PKCS#12 be used for non RSA private keys, for example DSA
        and DH keys?
        Yes it can. PKCS#12 uses PKCS#8 for storing private keys but
        PKCS#8 itself only gives information about RSA. PKCS#11 however
        extends PKCS#8 and provides a standard for storing DSA and DH
        private keys using PKCS#8. Netscape follows the PKCS#11
        extension to PKCS#8 for DSA private keys. For more information
        see the PKCS#11 specification.
Thank you for your support

Best regards,
David Marín Carreño <davefx at gmail.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3204 bytes
Desc: not available
URL: </pipermail/attachments/20071119/936139f0/attachment.bin>

More information about the Gnutls-devel mailing list