Hi Doug.
On 10.3, I tried running certtool without the 'a' option.
It seems to work fine now.
But when I browse the login.keychain store with Keychain Access.
there is only the DSA private key and its certificate
stored in it.
I verified the cert public key algorithm was DSA as well.
So, only an identity is created for DSA keys;
there is no key pair.
Regards.
Bertrand.
-----Message d'origine-----
De : Doug Mitchell [mailto:email@hidden]
Envoyé : jeudi 19 janvier 2006 00:13
À : bertrand PERRET
Cc : Doug Mitchell; email@hidden
Objet : Re: Can't generate DSA key pair on 10.3
I believe this was a bug in Panther (and previous) which only popped
up for DSA keys and only when you specify the 'a' argument (generate
default ACL). If, using certtool, you don't specify the a argument, I
believe this will work.
Programmatically -when you're using SecKeyCreatePair() - I don't
think there's a workaround.
--dpm
On Jan 16, 2006, at 11:03 PM, bertrand PERRET wrote:
> Hi.
>
>
>
> I'm experiencing some problem with
>
> the certtool utility in the 10.3 platform.
>
>
>
> The main goal of my message is that I have to develop a portable
> (10.3/10.4) application that
>
> generates RSA but also DSA key pairs
>
>
>
> So I try to create a DSA key pair with certtool and insert it in my
> user keychain (ie login.keychain)
>
>
>
> Here is what I obtain:
>
>
>
> $ certtool c a k=/Users/services/Library/Keychains/login.keychain
>
>
>
> Enter key and certificate label : testDSA
>
>
>
> Please specify parameters for the key pair you will generate.
>
>
>
> r RSA
>
> d DSA
>
> f FEE
>
>
>
> Select key algorithm by letter : d
>
>
>
> Valid key sizes for DSA are 512..2048; default is 512
>
> Enter key size in bits or CR for default : <CR>
>
>
>
> You have selected algorithm DSA, key size 512 bits.
>
> OK (y/anything) ? y
>
>
>
> Enter cert/key usage (s=signing, b=signing AND encrypting): s
>
> ...Generating key pair...
>
>
>
> ***Error creating key pair
>
> : CSP_INVALID_KEY
>
> Error generating keys, aborting
>
> $
>
>
>
> Has somebody already met this problem ?
>
>
>
> When I specify RSA as the algorithm, certtool runs completely and
>
> creates the key pair and certificate.
>
>
>
> Moreover, when I programmatically compute a DSA key pair generation
>
> with the SecKeyCreatePair() call, it results in the same error.
>
>
>
> Please, don't tell me to run the command on Tiger: I know it works !
>
>
>
> Instead, the question is:
>
> is DSA key pair generation supported on 10.3 ?
>
> If so, which tool should I use?
>
>
>
> Is there some reusable code in Darwinsource for programmatically
> meet my needs?
>
>
>
> Thanks for answers.
>
>
>
> Bertrand.
>
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Apple-cdsa mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
> http://lists.apple.com/mailman/options/apple-cdsa/email@hidden
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden
This email sent to email@hidden
