vincenthz
commented
11 years ago Thanks, it was suppose to be in the same order as openssl indeed. Not sure what happened. One thing is q and g were still mixed up after your patch, which i've fixed.
Closed Philonous closed 11 years ago
vincenthz
commented
11 years ago Thanks, it was suppose to be in the same order as openssl indeed. Not sure what happened. One thing is q and g were still mixed up after your patch, which i've fixed.
Philonous
commented
11 years ago I'm sorry, I re-checked to documentation and consulted the relevant openssl source ( http://cvs.openssl.org/fileview?f=openssl/crypto/dsa/dsa_asn1.c&v=1.15 ) and it looks to me as though the correct order really is p, q, g. Am I missing something?
vincenthz
commented
11 years ago I checked against the output of openssl dsa (command line) with a key generated by openssl directly. seems they match now.
Philonous
commented
11 years ago I've written a small test program and compared the output to openssl --text, and unfortunately it doesn't match. Please note that the the order of the parameters in crypto-pubkey-types is documented as (p,g,q), not (p,q,g) and that's also how it is used in cryptocipher's DSA module ( both https://github.com/vincenthz/hs-cryptocipher/blob/master/Crypto/Cipher/DSA.hs#L46 and line 57)
Here's the program and the output. https://gist.github.com/4118915 ;q and g appear swapped.
vincenthz
commented
11 years ago certificate.hs had swapped p,q,g, hence why i was seeing swapped values. now fixed i believe.
The order of key components / parameters of the ASN1 encoding of DSA public/private key pair does not match the one openssl generates.
According to http://www.openssl.org/docs/apps/dsa.html openssl encodes it as
Constant 0, p, q, g, public key, private key
Please disregard this pull request if it's not applicable (e.q. you are following a different, incompatible standard)