On Fri, Jan 14, 2005, Victor B. Wagner wrote:
> On 2005.01.14 at 17:02:51 +0300, Vsevolod Stakhov wrote:
> > |>For MSIE you can use Xenroll for that.
> > | BTW, it is not clear for me how to create DSA certificates from xenroll.
> > | (really I oo need GOST94 certificates, not DSA)
> >
> > You can use such kind of script for IE:
>
> I see that this script does only half of the work - it does send
> request, but doesn't get signed certificate and install it into
> appropriate store.
>
> > MsgBox("Creating PKCS #10 " & strDN)
> > strReq = Enroll.createPKCS10( strDN, "1.3.6.1.4.1.311.2.1.21")
>
> What this OID means. It seems that it is not OID of algorithm, but
> rather OID of CSP or something aloke
>
Its just an OID that gets put in an extended key usage extension request IIRC.
Unless you are copying extensions from the request it will be ignored by
OpenSSL.
> >
> > AFAIK for GOST certificates you should use OID 1.2.643.2.2.4 for algorithm.
>
> Things are a bit more complicated than this. I definitely know that I
> need other oid for algorithm. There is more than one implementations of
> GOST, which are not compatible and so has distinct OIDS.
>
Does a GOST CSP exist?
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
