[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [kmip] DSA parameter generation
P |
Big Integer |
Yes |
Q |
Big Integer |
Yes |
G |
Big Integer |
Yes |
Dear Judy, Tony & others,We're working on a general-purpose HSM, and this issue was raised in the FIPS validation process.
But it makes sense for some applications to avoid the expensive parameter generation process, and use a single set of parameters for all key pairs.From what I understand, the current usage is:* CreateKeyPair
 Â* Input: QLength
 Â* Generate a set of parameters, generate e key pair
 Â* Output: key pair, each key including the DSA parameters (P, Q, G)While what we thought about would be:* CreateKeyPair: Â* Input: P, Q, G (DSA parameters) Â* Generate a key pair for these parameters Â* Output: key pairThis would also require another operation to generate the DSA parameters, or to simply create a dummy key pair passing just QLength, which would trigger the old behaviour (generate both parameters and key pair), then discard the key pair; kind of cumbersome, though.Thank you,Em qui, 25 de out de 2018 Ãs 12:56, Furlong, Judith <Judith.Furlong@dell.com> escreveu:Â
Our apologies for are very slow response to your email.
Â
To better answer your question could you please provide us with a bit more context of the use case where you are using the DSA keys and which KMIP Operations you want to use?
Â
Thanks
Â
Judy Furlong & Tony Cox
OASIS KMIP TC Co-Chairs
Â
From: kmip@lists.oasis-open.org [mailto:kmip@lists.oasis-open.org] On Behalf Of Conrado GouvÃa
Sent: Thursday, September 6, 2018 12:47 PM
To: kmip@lists.oasis-open.org
Subject: [kmip] DSA parameter generationÂ
Hi everyone,
Â
The usual way to work with DSA is that you generate a set of parameters of a given size, and then generate a key pair for the given parameters.
Â
However, it seems that this is not possible through KMIP - there is only the Qlength parameter for the key generation, which seems to imply that in key generation a set of parameters is generated, and then a key pair is generated for these parameters, i.e. there is no way to generate a key pair for a set of given parameters.
Â
Is this interpretation correct? If it is, shouldn't there be a way to do that with KMIP?
Â
Thank you,
Â
Conrado GouvÃa
Software DeveloperÂ
+55 (19) 3112-5000Â
conradoplg@kryptus.com
www.kryptus.comÂ
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]