Blake (and friends),
Here is another comment to the "20 Nov 97 S/MIME Version 3 Message
Specification".
1) Sec H: "Need OIDs for DH" PKIX X.509 Certificate and CRL Profile, sec
7.3.2 defines the use of the dhpublicnumber OID for DH keys in X.509 Certs
as follows:
"7.3.2 Diffie-Hellman Key Exchange Key
This diffie-hellman object identifier supported by this standard is
defined by ANSI X9.42.
dhpublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) ansi-x942(10046) number-type(2) 1 }
The dhpublicnumber object identifier is intended to be used in the
algorithm field of a value of type AlgorithmIdentifier. The
parameters field of that type, which has the algorithm-specific
syntax ANY DEFINED BY algorithm, would have ASN.1 type DHParameter
for this algorithm.
DHParameter ::= SEQUENCE {
prime INTEGER, -- p
base INTEGER, -- g }
The fields of type DHParameter have the following meanings:
prime is the prime p.
base is the base g.
The Diffie-Hellman public key (an INTEGER) is mapped to a
subjectPublicKey (a BIT STRING) as follows: the most significant bit
(MSB) of the INTEGER becomes the MSB of the BIT STRING; the least
significant bit (LSB) of the INTEGER becomes the LSB of the BIT
STRING.
If the keyUsage extension is present in a certificate which conveys a
DH public key, the following values may be present:
keyAgreement;
encipherOnly; and
decipherOnly.
At most one of encipherOnly and decipherOnly shall be asserted in
keyUsage extension."
================================
John Pawling
jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
================================