Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can't generate DSA key pair on 10.3

Yes, that's right, without the 'a' option the public key is discarded. What do you need the public key for (aside from the copy of it that's in the certificate)?

--dpm

On Jan 18, 2006, at 10:26 PM, bertrand PERRET wrote:

Hi Doug.

On 10.3, I tried running certtool without the 'a' option.
It seems to work fine now.
But when I browse the login.keychain store with Keychain Access.
there is only the DSA private key and its certificate
stored in it.
I verified the cert public key algorithm was DSA as well.
So, only an identity is created for DSA keys;
there is no key pair.

Regards.

Bertrand.

-----Message d'origine-----
De : Doug Mitchell [mailto:email@hidden]
Envoyé : jeudi 19 janvier 2006 00:13
À : bertrand PERRET
Cc : Doug Mitchell; email@hidden
Objet : Re: Can't generate DSA key pair on 10.3

I believe this was a bug in Panther (and previous) which only popped
up for DSA keys and only when you specify the 'a' argument (generate
default ACL). If, using certtool, you don't specify the a argument, I
believe this will work.

Programmatically -when you're using SecKeyCreatePair() - I don't
think there's a workaround.

--dpm

On Jan 16, 2006, at 11:03 PM, bertrand PERRET wrote:

Hi.



I'm experiencing some problem with

the certtool utility in the 10.3 platform.



The main goal of my message is that I have to develop a portable
(10.3/10.4) application that

generates RSA but also DSA key pairs



So I try to create a DSA key pair with certtool and insert it in my
user keychain (ie login.keychain)



Here is what I obtain:



$ certtool c a k=/Users/services/Library/Keychains/login.keychain



Enter key and certificate label : testDSA



Please specify parameters for the key pair you will generate.



   r  RSA

   d  DSA

   f  FEE



Select key algorithm by letter : d



Valid key sizes for DSA are 512..2048; default is 512

Enter key size in bits or CR for default : <CR>



You have selected algorithm DSA, key size 512 bits.

OK (y/anything) ? y



Enter cert/key usage (s=signing, b=signing AND encrypting): s

...Generating key pair...



***Error creating key pair

: CSP_INVALID_KEY

Error generating keys, aborting

$



Has somebody already met this problem ?



When I specify RSA as the algorithm, certtool runs completely and

creates the key pair and certificate.



Moreover, when I programmatically compute a DSA key pair generation

with the SecKeyCreatePair() call, it results in the same error.



Please, don't tell me to run the command on Tiger: I know it works !



Instead, the question is:

is DSA key pair generation supported on 10.3 ?

If so, which tool should I use?



Is there some reusable code in Darwinsource for programmatically
meet my needs?



Thanks for answers.



Bertrand.



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden

This email sent to email@hidden 

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden

This email sent to email@hidden
References: 
 >RE: Can't generate DSA key pair on 10.3 (From: bertrand PERRET <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.