Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Sep 3 06:42:24 PDT 2015
Georgi Guninski <guninski at guninski.com> writes:
>Well openessl appears to support dhparam:
>https://www.openssl.org/docs/manmaster/apps/dhparam.html
That just indicates support for PKCS #3 DH parameters, not anything else. In
any case the page also says:
OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42 DH.
so that explicitly precludes using it in certs, even if code elsewhere would
support such usage.
I've gone through my (sizeable) cert collection and found a single example of
X9.42 certs, created by a USG contracting company paid to develop the code for
this and dating from 1996. The certs are signed with a test DSA key, and
contain a number of errors (zero-length fields, the DH key is marked as a CA
signing key, etc).
Peter.
More information about the cypherpunks
mailing list