As we develope support for PEM, we are also considering support for DSS
as an alternate for RSA signatures. Has anyone considered werhe the p,
q, and g values go? Ie. are they a part of the key in the signature
the way the RSA "e" is a part of the key, or do they get added to the
signature on the message?
Tom-
Interesting technical detail. I am also experimenting with adding
DSA (and SHA) to the TIS/PEM system. I am planning to carry the p, q,
and g values as a SEQUENCE of three INTEGERS, respectively, within the
PARAMETERS component of the AlgorithmIdentifier.
While DSS allows for "global" values, I am expecting that in a broad
community, such as that addressed by PEM, different users will want to
use different values, and hence, they should be carried along with the
public key. I think that the PARAMETERS in the AlgorithmIdentifier is
the natural place for them. Furthermore, this is consistent with PKCS
#3's definition of an AlgorithmIdentifier for the Diffie-Hellman Key
Agreement algorithm (which is an ancestor of DSA).
On the other hand, if one does wants to use global values, then another
AlgorithmIdentifier can be defined with NULL PARAMETERS. In fact, the
NIST OIW December 1992 Stable Working Agreements, Part 12, Security,
Section 7, Security Algorithms, does this for Diffie-Hellman Key
Agreement algorithm.
-DB