Re: OpenSSL can't emit non-SHA1 certs for DSA?



Tom St Denis <tom@xxxxxxx> writes:

On Aug 20, 1:51 pm, Bruce Stephens <bruce+use...@xxxxxxxxxxxxxxxxxxxx>
wrote:

[...]

I'd guess just that nobody's been sufficiently motivated to change it,
yet.  Generating ECC certs from the command-line is fairly recent,
IIRC.

Perhaps, just seems like a few things I'd probably do a bit
differently if I were at the helm [yeah I suppose we can all say that]

I'm sure there's also some element of "well, I wouldn't start from
here".

I seem to remember some of the openssl developers comment that some bits
of the API require more duct tape to use than they'd like. One
reasonably natural way to produce/verify DSA+SHA1 signatures requires
that you specify a magic "hash" EVP_dss1 rather than EVP_sha1 (because
EVP_sha1 is really RSA+SHA1)---i.e., digest and asymmetric algorithms
aren't suitably orthogonal. But once you've got users, getting from
where you are to somewhere that's sane is harder than you'd like
(presuming you start from the wrong place, of course, and I'm guessing
OpenSSL started very much focussed on RSA, with DSA (and much later
ECDSA) imperfectly inserted).

[...]

.