Find the answer to your Linux question:
Results 1 to 2 of 2
Hi folks! I've become more or less obsessed with security and cryptography recently, and I know that there are many of you who are much more experienced with these things ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578

    GnuPG, openssl and mozilla


    Hi folks! I've become more or less obsessed with security and cryptography recently, and I know that there are many of you who are much more experienced with these things than I am. Therefore, I have some questions for which I have been unable to find any answers, and I hope that at least someone will look at them and be able to answer:

    1: Is it possible to export your GnuPG secret key to a format usable by openssl?
    2: What are certificates good for, really? Why don't the CAs just sign your pubkey?
    3: If I manage to create a openssl key similar to my GnuPG one, make a CSR (certificate request) from it and get it signed, how can I use it in mozilla? I noticed that mozilla doesn't use the same certificate file format as openssl does, and I'm guessing that openssl's certificate format is standardized. So as a follow-up questions, what is the certificate format that mozilla uses, and why don't they use the same format? MSIE uses the CRT files generated by openssl, right?
    4: What's the main difference between RSA and DSA? Does one have advantages over the other, or are they just two different, but otherwise equally secure, algorithms?
    5: If my key would get compromised, how would I do to actually distribute the CRL? I mean, do I have to send it to everyone using my public key?
    6: Considering how secure digital signatures are, shouldn't we all get wireless RSA chips inserted into our thumbs or something? =)

    I'd be grateful for any answers.

  2. #2
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    I noticed, as for question 3, that the alternative certificate format that mozilla uses only seems to apply to my own certificates. It seems to be a format called PKCS12, and can apparently also be generated by openssl. Is that because they have to include the secret key, or is there even more to it?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •