Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method

[pgut001@cs.auckland.ac.nz (Peter Gutmann)]

Georgi Guninski <guninski@guninski.com> writes:

>Well openessl appears to support dhparam:
>https://www.openssl.org/docs/manmaster/apps/dhparam.html

That just indicates support for PKCS #3 DH parameters, not anything else.  In
any case the page also says:

  OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42 DH.

so that explicitly precludes using it in certs, even if code elsewhere would
support such usage.

I've gone through my (sizeable) cert collection and found a single example of
X9.42 certs, created by a USG contracting company paid to develop the code for
this and dating from 1996.  The certs are signed with a test DSA key, and
contain a number of errors (zero-length fields, the DH key is marked as a CA
signing key, etc).

Peter.