"Dr. Stephen Henson" <[EMAIL PROTECTED]> writes: > On Thu, Mar 13, 2003, Henrik Grindal Bakken wrote: > >> Firstly, I want to make a signature on a file using a DSA key-pair. >> I can do this for an RSA pair with 'openssl rsautl', but is there >> something similar for DSA, or do I have to write it myself? > > rsautl takes 'raw' signatures rather than signing digests. > > The dgst utility digests data and has options to sign the > digest. You can signing using DSA with the -dss1 digest > (SHA1+DSA). Check out the manual pages for more info.
Ah, thanks. I looked at it, and tried, but couldn't verify the signature. I discovered later that -binary might have been a good idea... Is there much difference between using smime with detached signature and -outform pem and using dgst? >> Second question: I want to issue a version 3 X.509 certificate from >> my own (testing purposes only) CA, with a custom extension. The >> extension value should be a string (although that is not >> important). Do I have to write my own code here, or can the >> current application do this? > > There are some string extension already available such as netscape > comment whic may suit. I noticed that, and I could use it for testing purposes, but for a more final version, it doesn't really suffice. > If you really want a custom extension. You can do this with 0.9.7 > but you have to work out the encoding yourself and place the hex > form in the DER option. Hmm. A bit awkward. I did find the doc/openssl.txt (or whatever the name was) file, and I read it a little, but figured I didn't have time to do this properly at the moment. > With 0.9.8-dev you can use a human readable syntax such as: > > myextension = ASN1:UTF8:My Extension string Looks better, less messy. Is there any estimate of when 0.9.8 will be ready? Is it safe to use for a not-very-critical project now? > You can actually use the asn1parse utility in 0.9.8 to dump out the > DER version which you could then place in a 0.9.7 config file. Hmm. That sounds like an idea. Thanks for the suggestions. -- Henrik Grindal Bakken <[EMAIL PROTECTED]> PGP ID: 8D436E52 Fingerprint: 131D 9590 F0CF 47EF 7963 02AF 9236 D25A 8D43 6E52 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
