[Help-gnutls] Encryption using DSA keys
Miroslav Kratochvil
exa.exa at gmail.com
Mon Apr 20 15:56:47 CEST 2009
Hi everyone,
well, after I solved the problem at [1], I got to real problems problems:
I want gnutls to negotiate encrypted connection using DSA keys. I
realized that I will have to use DHE_DSS algorithm, but I have no idea
how to generate a certificate for one. Googling failed, and
documentation says only that "DHE_DSS uses DSA keys in certificates."
In OpenSSL world (from where I'm migrating) it was easy, one just
appended "-dsa" to key generating parameters, and it was done.
Nevertheless; with gnutls and --dsa option; I'm getting error -89
(Public key signature verification has failed.). RSA alternative
(--rsa with the same commands) works ok.
So, is there any tutorial or howto on generating suitable DSA keys for
use with encryption? Ideally with a complete certtool script for
generating one selfsigned CA keypair and other that-ca-signed keypair.
If I'm totally wrong and using DSA for encryption is lame, and
therefore it doesn't and won't ever work, please tell me ;)
Thanks in advance
Mirek Kratochvil
-----
[1] is gnutls-devel thread, can be seen at gmane:
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488
More information about the Gnutls-help
mailing list