000019469 - How to specify which DSA public key OID to use in a certificate in RSA BSAFE Cert-J

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019469
Applies ToRSA BSAFE Cert-J 2.0
IssueHow to specify which DSA public key OID to use in a certificate in RSA BSAFE Cert-J
When creating a certificate with a DSA public key the OID always seems to be 1.3.14.3.2.12
In RSA BSAFE Crypto-J, is it possible to choose either an OID of 1.2.840.10040.4.1 or an OID of 1.3.14.3.2.12 ?
There are two standards for DSA; the x9.30 standard specifies an OID of 1.3.14.3.2.12 whereas the X9.57 standard specifies an OID of 1.2.840.10040.4.1
RSA BSAFE Cert-J uses as a default the X9.30 OID
ResolutionIn order to specify that you would like to use the X9.57 format you need to call:

    certificate.setSignatureStandard(Certificate.DSA_WITH_SHA1_X957);

RSA BSAFE Cert-J will then check the signature standard before creating the BER encoded key data.  If this standard specifies X9.57 then Cert-J will create the BER encoded X9.57 DSA public key data. Otherwise (for DSA keys) it will create the BER encoded X9.30 DSA public key data.
Legacy Article IDa9462

Attachments

    Outcomes