Implemented encode/decode support for ssh public key files

1 files changed, 340 insertions, 76 deletions

diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
index 6c482f9c30..b11e4d092a 100644
--- a/lib/public_key/test/public_key_SUITE.erl
+++ b/lib/public_key/test/public_key_SUITE.erl
@@ -102,11 +102,23 @@ end_per_testcase(_TestCase, Config) ->
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
-    [app, pk_decode_encode, encrypt_decrypt, sign_verify,
+    [app,
+     {group, pem_decode_encode},
+     {group, ssh_public_key_decode_encode},
+     encrypt_decrypt,
+     {group, sign_verify},
      pkix, pkix_path_validation, deprecated].
 
 groups() -> 
-    [].
+    [{pem_decode_encode, [], [dsa_pem, rsa_pem, encrypted_pem,
+			      dh_pem, cert_pem]},
+     {ssh_public_key_decode_encode, [],
+      [ssh_rsa_public_key, ssh_dsa_public_key, ssh_rfc4716_rsa_comment,
+       ssh_rfc4716_dsa_comment, ssh_rfc4716_rsa_subject, ssh_known_hosts,
+       ssh_auth_keys, ssh1_known_hosts, ssh1_auth_keys, ssh_openssh_public_key_with_comment,
+       ssh_openssh_public_key_long_header]},
+     {sign_verify, [], [rsa_sign_verify, dsa_sign_verify]}
+    ].
 
 init_per_group(_GroupName, Config) ->
     Config.
@@ -125,22 +137,20 @@ app(suite) ->
 app(Config) when is_list(Config) ->
     ok = test_server:app_test(public_key).
 
-pk_decode_encode(doc) -> 
-    ["Tests pem_decode/1, pem_encode/1, "
-     "der_decode/2, der_encode/2, "
-     "pem_entry_decode/1, pem_entry_decode/2,"
-     "pem_entry_encode/2, pem_entry_encode/3."];
+%%--------------------------------------------------------------------
 
-pk_decode_encode(suite) -> 
+dsa_pem(doc) ->
+    [""];
+dsa_pem(suite) ->
     [];
-pk_decode_encode(Config) when is_list(Config) -> 
+dsa_pem(Config) when is_list(Config) ->
     Datadir = ?config(data_dir, Config),
 
-    [{'DSAPrivateKey', DerDSAKey, not_encrypted} = Entry0 ] = 
-	erl_make_certs:pem_to_der(filename:join(Datadir, "dsa.pem")), 
-    
+     [{'DSAPrivateKey', DerDSAKey, not_encrypted} = Entry0 ] =
+	erl_make_certs:pem_to_der(filename:join(Datadir, "dsa.pem")),
+
     DSAKey = public_key:der_decode('DSAPrivateKey', DerDSAKey),
-    
+
     DSAKey = public_key:pem_entry_decode(Entry0),
 
     {ok, DSAPubPem} = file:read_file(filename:join(Datadir, "dsa_pub.pem")),
@@ -150,74 +160,107 @@ pk_decode_encode(Config) when is_list(Config) ->
     true = check_entry_type(DSAPubKey, 'DSAPublicKey'),
     PubEntry0 = public_key:pem_entry_encode('SubjectPublicKeyInfo', DSAPubKey),
     DSAPubPemNoEndNewLines = strip_ending_newlines(DSAPubPem),
-    DSAPubPemEndNoNewLines = strip_ending_newlines(public_key:pem_encode([PubEntry0])),
-    
-    [{'RSAPrivateKey', DerRSAKey, not_encrypted} =  Entry1 ] = 
+    DSAPubPemNoEndNewLines = strip_ending_newlines(public_key:pem_encode([PubEntry0])).
+
+%%--------------------------------------------------------------------
+
+rsa_pem(doc) ->
+    [""];
+rsa_pem(suite) ->
+    [];
+rsa_pem(Config) when is_list(Config) ->
+    Datadir = ?config(data_dir, Config),
+    [{'RSAPrivateKey', DerRSAKey, not_encrypted} =  Entry0 ] =
 	erl_make_certs:pem_to_der(filename:join(Datadir, "client_key.pem")),
-    
+
     RSAKey0 = public_key:der_decode('RSAPrivateKey', DerRSAKey),
+
+    RSAKey0 = public_key:pem_entry_decode(Entry0),
     
-    RSAKey0 = public_key:pem_entry_decode(Entry1),
-        
-    [{'RSAPrivateKey', _, {_,_}} = Entry2] = 
+    [{'RSAPrivateKey', _, {_,_}} = Entry1] =
 	erl_make_certs:pem_to_der(filename:join(Datadir, "rsa.pem")),
-    
-    true = check_entry_type(public_key:pem_entry_decode(Entry2, "abcd1234"), 
+
+    true = check_entry_type(public_key:pem_entry_decode(Entry1, "abcd1234"),
 			    'RSAPrivateKey'),
 
     {ok, RSAPubPem} = file:read_file(filename:join(Datadir, "rsa_pub.pem")),
-    [{'SubjectPublicKeyInfo', _, _} = PubEntry1] =
+    [{'SubjectPublicKeyInfo', _, _} = PubEntry0] =
         public_key:pem_decode(RSAPubPem),
-    RSAPubKey = public_key:pem_entry_decode(PubEntry1),
+    RSAPubKey = public_key:pem_entry_decode(PubEntry0),
     true = check_entry_type(RSAPubKey, 'RSAPublicKey'),
-    PubEntry1 = public_key:pem_entry_encode('SubjectPublicKeyInfo', RSAPubKey),
+    PubEntry0 = public_key:pem_entry_encode('SubjectPublicKeyInfo', RSAPubKey),
     RSAPubPemNoEndNewLines = strip_ending_newlines(RSAPubPem),
-    RSAPubPemNoEndNewLines = strip_ending_newlines(public_key:pem_encode([PubEntry1])),
+    RSAPubPemNoEndNewLines = strip_ending_newlines(public_key:pem_encode([PubEntry0])),
 
     {ok, RSARawPem} = file:read_file(filename:join(Datadir, "rsa_pub_key.pem")),
-    [{'RSAPublicKey', _, _} = PubEntry2] =
+    [{'RSAPublicKey', _, _} = PubEntry1] =
         public_key:pem_decode(RSARawPem),
-    RSAPubKey = public_key:pem_entry_decode(PubEntry2),
+    RSAPubKey = public_key:pem_entry_decode(PubEntry1),
     RSARawPemNoEndNewLines = strip_ending_newlines(RSARawPem),
-    RSARawPemNoEndNewLines = strip_ending_newlines(public_key:pem_encode([PubEntry2])),
+    RSARawPemNoEndNewLines = strip_ending_newlines(public_key:pem_encode([PubEntry1])).
+
+%%--------------------------------------------------------------------
+
+encrypted_pem(doc) ->
+    [""];
+encrypted_pem(suite) ->
+    [];
+encrypted_pem(Config) when is_list(Config) ->
+    Datadir = ?config(data_dir, Config),
+
+    [{'RSAPrivateKey', DerRSAKey, not_encrypted}] =
+	erl_make_certs:pem_to_der(filename:join(Datadir, "client_key.pem")),
+
+    RSAKey = public_key:der_decode('RSAPrivateKey', DerRSAKey),
 
     Salt0 = crypto:rand_bytes(8),
-    Entry3 = public_key:pem_entry_encode('RSAPrivateKey', RSAKey0, 
+    Entry0 = public_key:pem_entry_encode('RSAPrivateKey', RSAKey,
 					 {{"DES-EDE3-CBC", Salt0}, "1234abcd"}),
-    
-    RSAKey0 = public_key:pem_entry_decode(Entry3,"1234abcd"),
-    
+    RSAKey = public_key:pem_entry_decode(Entry0,"1234abcd"),
     Des3KeyFile = filename:join(Datadir, "des3_client_key.pem"),
+    erl_make_certs:der_to_pem(Des3KeyFile, [Entry0]),
+    [{'RSAPrivateKey', _, {"DES-EDE3-CBC", Salt0}}] =
+	erl_make_certs:pem_to_der(Des3KeyFile),
 
-    erl_make_certs:der_to_pem(Des3KeyFile, [Entry3]),
-
-    [{'RSAPrivateKey', _, {"DES-EDE3-CBC", Salt0}}] = erl_make_certs:pem_to_der(Des3KeyFile),
-    
     Salt1 = crypto:rand_bytes(8),
-    Entry4 = public_key:pem_entry_encode('RSAPrivateKey', RSAKey0, 
+    Entry1 = public_key:pem_entry_encode('RSAPrivateKey', RSAKey,
 					   {{"DES-CBC", Salt1}, "4567efgh"}),
-
-
     DesKeyFile = filename:join(Datadir, "des_client_key.pem"),
+    erl_make_certs:der_to_pem(DesKeyFile, [Entry1]),
+    [{'RSAPrivateKey', _, {"DES-CBC", Salt1}} =Entry2] =
+	erl_make_certs:pem_to_der(DesKeyFile),
+    true = check_entry_type(public_key:pem_entry_decode(Entry2, "4567efgh"),
+			     'RSAPrivateKey').
     
-    erl_make_certs:der_to_pem(DesKeyFile, [Entry4]),
-
-    [{'RSAPrivateKey', _, {"DES-CBC", Salt1}} =Entry5] = erl_make_certs:pem_to_der(DesKeyFile),
-
-    
-     true = check_entry_type(public_key:pem_entry_decode(Entry5, "4567efgh"),
-			     'RSAPrivateKey'),
+%%--------------------------------------------------------------------
 
-    [{'DHParameter', DerDH, not_encrypted} = Entry6] =  
+dh_pem(doc) ->
+    [""];
+dh_pem(suite) ->
+    [];
+dh_pem(Config) when is_list(Config) ->
+    Datadir = ?config(data_dir, Config),
+    [{'DHParameter', DerDH, not_encrypted} = Entry] =
 	erl_make_certs:pem_to_der(filename:join(Datadir, "dh.pem")),
-    
-    erl_make_certs:der_to_pem(filename:join(Datadir, "new_dh.pem"), [Entry6]),
+
+    erl_make_certs:der_to_pem(filename:join(Datadir, "new_dh.pem"), [Entry]),
 
     DHParameter = public_key:der_decode('DHParameter', DerDH),
-    DHParameter = public_key:pem_entry_decode(Entry6),
+    DHParameter = public_key:pem_entry_decode(Entry),
 
-    Entry6 = public_key:pem_entry_encode('DHParameter', DHParameter),
+    Entry = public_key:pem_entry_encode('DHParameter', DHParameter).
    
+%%--------------------------------------------------------------------
+cert_pem(doc) ->
+    [""];
+cert_pem(suite) ->
+    [];
+cert_pem(Config) when is_list(Config) ->
+    Datadir = ?config(data_dir, Config),
+
+    [Entry0] =
+	erl_make_certs:pem_to_der(filename:join(Datadir, "dsa.pem")),
+
     [{'Certificate', DerCert, not_encrypted} = Entry7] =  
 	erl_make_certs:pem_to_der(filename:join(Datadir, "client_cert.pem")),
     
@@ -227,15 +270,232 @@ pk_decode_encode(Config) when is_list(Config) ->
     CertEntries = [{'Certificate', _, not_encrypted} = CertEntry0, 
 		   {'Certificate', _, not_encrypted} = CertEntry1] = 
         erl_make_certs:pem_to_der(filename:join(Datadir, "cacerts.pem")),
-    
+
     ok = erl_make_certs:der_to_pem(filename:join(Datadir, "wcacerts.pem"), CertEntries), 
     ok = erl_make_certs:der_to_pem(filename:join(Datadir, "wdsa.pem"), [Entry0]), 
     
      NewCertEntries = erl_make_certs:pem_to_der(filename:join(Datadir, "wcacerts.pem")),
      true = lists:member(CertEntry0, NewCertEntries),
      true = lists:member(CertEntry1, NewCertEntries),
-    [Entry0] = erl_make_certs:pem_to_der(filename:join(Datadir, "wdsa.pem")),
-    ok.
+    [Entry0] = erl_make_certs:pem_to_der(filename:join(Datadir, "wdsa.pem")).
+
+%%--------------------------------------------------------------------
+ssh_rsa_public_key(doc) ->
+    "";
+ssh_rsa_public_key(suite) ->
+    [];
+ssh_rsa_public_key(Config) when is_list(Config) ->
+    Datadir = ?config(data_dir, Config),
+
+    {ok, RSARawSsh2} = file:read_file(filename:join(Datadir, "ssh2_rsa_pub")),
+    [{PubKey, Attributes1}] = public_key:ssh_decode(RSARawSsh2, public_key),
+    [{PubKey, Attributes1}] = public_key:ssh_decode(RSARawSsh2, rfc4716_public_key),
+
+    {ok, RSARawOpenSsh} = file:read_file(filename:join(Datadir, "openssh_rsa_pub")),
+    [{PubKey, Attributes2}] = public_key:ssh_decode(RSARawOpenSsh, public_key),
+    [{PubKey, Attributes2}] = public_key:ssh_decode(RSARawOpenSsh, openssh_public_key),
+
+    %% Can not check EncodedSSh == RSARawSsh2 and EncodedOpenSsh
+    %% = RSARawOpenSsh as line breakpoints may differ
+
+    EncodedSSh = public_key:ssh_encode([{PubKey, Attributes1}], rfc4716_public_key),
+    EncodedOpenSsh = public_key:ssh_encode([{PubKey, Attributes2}], openssh_public_key),
+
+    [{PubKey, Attributes1}] =
+	public_key:ssh_decode(EncodedSSh, public_key),
+    [{PubKey, Attributes2}] =
+	public_key:ssh_decode(EncodedOpenSsh, public_key).
+
+%%--------------------------------------------------------------------
+
+ssh_dsa_public_key(doc) ->
+    "";
+ssh_dsa_public_key(suite) ->
+    [];
+ssh_dsa_public_key(Config) when is_list(Config) ->
+    Datadir = ?config(data_dir, Config),
+
+    {ok, DSARawSsh2} = file:read_file(filename:join(Datadir, "ssh2_dsa_pub")),
+    [{PubKey, Attributes1}] = public_key:ssh_decode(DSARawSsh2, public_key),
+    [{PubKey, Attributes1}] = public_key:ssh_decode(DSARawSsh2, rfc4716_public_key),
+
+    {ok, DSARawOpenSsh} = file:read_file(filename:join(Datadir, "openssh_dsa_pub")),
+    [{PubKey, Attributes2}] = public_key:ssh_decode(DSARawOpenSsh, public_key),
+    [{PubKey, Attributes2}] = public_key:ssh_decode(DSARawOpenSsh, openssh_public_key),
+
+    %% Can not check EncodedSSh == DSARawSsh2 and EncodedOpenSsh
+    %% = DSARawOpenSsh as line breakpoints may differ
+
+    EncodedSSh = public_key:ssh_encode([{PubKey, Attributes1}], rfc4716_public_key),
+    EncodedOpenSsh = public_key:ssh_encode([{PubKey, Attributes2}], openssh_public_key),
+
+    [{PubKey, Attributes1}] =
+	public_key:ssh_decode(EncodedSSh, public_key),
+    [{PubKey, Attributes2}] =
+	public_key:ssh_decode(EncodedOpenSsh, public_key).
+
+%%--------------------------------------------------------------------
+ssh_rfc4716_rsa_comment(doc) ->
+       "Test comment header and rsa key";
+ssh_rfc4716_rsa_comment(suite) ->
+    [];
+ssh_rfc4716_rsa_comment(Config) when is_list(Config) ->
+    Datadir = ?config(data_dir, Config),
+
+    {ok, RSARawSsh2} = file:read_file(filename:join(Datadir, "ssh2_rsa_comment_pub")),
+    [{#'RSAPublicKey'{} = PubKey, Attributes}] =
+        public_key:ssh_decode(RSARawSsh2, public_key),
+
+    Headers = proplists:get_value(headers, Attributes),
+
+    Value = proplists:get_value("Comment", Headers, undefined),
+    true = Value =/= undefined,
+    RSARawSsh2 = public_key:ssh_encode([{PubKey, Attributes}], rfc4716_public_key).
+
+%%--------------------------------------------------------------------
+ssh_rfc4716_dsa_comment(doc) ->
+       "Test comment header and dsa key";
+ssh_rfc4716_dsa_comment(suite) ->
+    [];
+ssh_rfc4716_dsa_comment(Config) when is_list(Config) ->
+    Datadir = ?config(data_dir, Config),
+
+    {ok, DSARawSsh2} = file:read_file(filename:join(Datadir, "ssh2_dsa_comment_pub")),
+    [{{_, #'Dss-Parms'{}} = PubKey, Attributes}] =
+        public_key:ssh_decode(DSARawSsh2, public_key),
+
+    Headers = proplists:get_value(headers, Attributes),
+
+    Value = proplists:get_value("Comment", Headers, undefined),
+    true = Value =/= undefined,
+
+    %% Can not check Encoded == DSARawSsh2 as line continuation breakpoints may differ
+    Encoded  = public_key:ssh_encode([{PubKey, Attributes}], rfc4716_public_key),
+    [{PubKey, Attributes}] =
+        public_key:ssh_decode(Encoded, public_key).
+
+%%--------------------------------------------------------------------
+ssh_rfc4716_rsa_subject(doc) ->
+       "Test another header value than comment";
+ssh_rfc4716_rsa_subject(suite) ->
+    [];
+ssh_rfc4716_rsa_subject(Config) when is_list(Config) ->
+    Datadir = ?config(data_dir, Config),
+
+    {ok, RSARawSsh2} = file:read_file(filename:join(Datadir, "ssh2_subject_pub")),
+    [{#'RSAPublicKey'{} = PubKey, Attributes}] =
+        public_key:ssh_decode(RSARawSsh2, public_key),
+
+    Headers = proplists:get_value(headers, Attributes),
+
+    Value = proplists:get_value("Subject", Headers, undefined),
+    true = Value =/= undefined,
+
+    %% Can not check Encoded == RSARawSsh2 as line continuation breakpoints may differ
+    Encoded  = public_key:ssh_encode([{PubKey, Attributes}], rfc4716_public_key),
+    [{PubKey, Attributes}] =
+        public_key:ssh_decode(Encoded, public_key).
+
+%%--------------------------------------------------------------------
+ssh_known_hosts(doc) ->
+    "";
+ssh_known_hosts(suite) ->
+    [];
+ssh_known_hosts(Config) when is_list(Config) ->
+    Datadir = ?config(data_dir, Config),
+
+    {ok, SshKnownHosts} = file:read_file(filename:join(Datadir, "known_hosts")),
+    [{#'RSAPublicKey'{}, Attributes1}, {#'RSAPublicKey'{}, Attributes2}] = Decoded =
+        public_key:ssh_decode(SshKnownHosts, known_hosts),
+
+    Value1 = proplists:get_value(hostnames, Attributes1, undefined),
+    Value2 = proplists:get_value(hostnames, Attributes2, undefined),
+    true = (Value1 =/= undefined) and (Value2 =/= undefined),
+
+    Encoded = public_key:ssh_encode(Decoded, known_hosts),
+    Decoded = public_key:ssh_decode(Encoded, known_hosts).
+
+%%--------------------------------------------------------------------
+
+ssh1_known_hosts(doc) ->
+    "";
+ssh1_known_hosts(suite) ->
+    [];
+ssh1_known_hosts(Config) when is_list(Config) ->
+    Datadir = ?config(data_dir, Config),
+
+    {ok, SshKnownHosts} = file:read_file(filename:join(Datadir, "ssh1_known_hosts")),
+    [{#'RSAPublicKey'{}, Attributes1}, {#'RSAPublicKey'{}, Attributes2}] = Decoded =
+        public_key:ssh_decode(SshKnownHosts, known_hosts),
+
+    Value1 = proplists:get_value(hostnames, Attributes1, undefined),
+    Value2 = proplists:get_value(hostnames, Attributes2, undefined),
+    true = (Value1 =/= undefined) and (Value2 =/= undefined),
+
+    Encoded = public_key:ssh_encode(Decoded, known_hosts),
+    Decoded = public_key:ssh_decode(Encoded, known_hosts).
+
+%%--------------------------------------------------------------------
+ssh_auth_keys(doc) ->
+    "";
+ssh_auth_keys(suite) ->
+    [];
+ssh_auth_keys(Config) when is_list(Config) ->
+    Datadir = ?config(data_dir, Config),
+
+    {ok, SshAuthKeys} = file:read_file(filename:join(Datadir, "auth_keys")),
+    [{#'RSAPublicKey'{}, Attributes1}, {{_, #'Dss-Parms'{}}, _Attributes2}] = Decoded =
+        public_key:ssh_decode(SshAuthKeys, auth_keys),
+
+    Value1 = proplists:get_value(options, Attributes1, undefined),
+    true = Value1 =/= undefined,
+
+    Encoded = public_key:ssh_encode(Decoded, auth_keys),
+    Decoded = public_key:ssh_decode(Encoded, auth_keys).
+
+%%--------------------------------------------------------------------
+ssh1_auth_keys(doc) ->
+    "";
+ssh1_auth_keys(suite) ->
+    [];
+ssh1_auth_keys(Config) when is_list(Config) ->
+    Datadir = ?config(data_dir, Config),
+
+    {ok, SshAuthKeys} = file:read_file(filename:join(Datadir, "ssh1_auth_keys")),
+    [{#'RSAPublicKey'{}, Attributes1}, {#'RSAPublicKey'{}, Attributes2}] = Decoded =
+        public_key:ssh_decode(SshAuthKeys, auth_keys),
+
+    Value1 = proplists:get_value(bits, Attributes1, undefined),
+    Value2 = proplists:get_value(bits, Attributes2, undefined),
+    true = (Value1 =/= undefined) and (Value2 =/= undefined),
+
+    Encoded = public_key:ssh_encode(Decoded, auth_keys),
+    Decoded = public_key:ssh_decode(Encoded, auth_keys).
+
+%%--------------------------------------------------------------------
+ssh_openssh_public_key_with_comment(doc) ->
+    "Test that emty lines and lines starting with # are ignored";
+ssh_openssh_public_key_with_comment(suite) ->
+    [];
+ssh_openssh_public_key_with_comment(Config) when is_list(Config) ->
+    Datadir = ?config(data_dir, Config),
+
+    {ok, DSARawOpenSsh} = file:read_file(filename:join(Datadir, "openssh_dsa_with_comment_pub")),
+    [{{_, #'Dss-Parms'{}}, _}] = public_key:ssh_decode(DSARawOpenSsh, openssh_public_key).
+
+%%--------------------------------------------------------------------
+ssh_openssh_public_key_long_header(doc) ->
+    "Test that long headers are handled";
+ssh_openssh_public_key_long_header(suite) ->
+    [];
+ssh_openssh_public_key_long_header(Config) when is_list(Config) ->
+    Datadir = ?config(data_dir, Config),
+
+    {ok,RSARawOpenSsh} = file:read_file(filename:join(Datadir, "ssh_rsa_long_header_pub")),
+    [{#'RSAPublicKey'{}, _}] = Decoded = public_key:ssh_decode(RSARawOpenSsh, public_key),
+
+    Encoded = public_key:ssh_encode(Decoded, rfc4716_public_key),
+    Decoded = public_key:ssh_decode(Encoded, rfc4716_public_key).
 
 %%--------------------------------------------------------------------
 encrypt_decrypt(doc) -> 
@@ -258,44 +518,49 @@ encrypt_decrypt(Config) when is_list(Config) ->
     ok.
        
 %%--------------------------------------------------------------------
-sign_verify(doc) -> 
-    ["Checks that we can sign and verify signatures."];
-sign_verify(suite) -> 
+rsa_sign_verify(doc) ->
+    ["Checks that we can sign and verify rsa signatures."];
+rsa_sign_verify(suite) ->
     [];
-sign_verify(Config) when is_list(Config) -> 
-    %% Make cert signs and validates the signature using RSA and DSA
+rsa_sign_verify(Config) when is_list(Config) ->
     Ca = {_, CaKey} = erl_make_certs:make_cert([]),
+    {Cert1, _} = erl_make_certs:make_cert([{key, dsa}, {issuer, Ca}]),
     PrivateRSA = #'RSAPrivateKey'{modulus=Mod, publicExponent=Exp} = 
 	public_key:pem_entry_decode(CaKey),
-
-    CertInfo = {Cert1,CertKey1} = erl_make_certs:make_cert([{key, dsa}, {issuer, Ca}]),
-
     PublicRSA = #'RSAPublicKey'{modulus=Mod, publicExponent=Exp},
     true = public_key:pkix_verify(Cert1, PublicRSA),
 
-    {Cert2,_CertKey} = erl_make_certs:make_cert([{issuer, CertInfo}]),
-
-    #'DSAPrivateKey'{p=P, q=Q, g=G, y=Y, x=_X} = 
-	public_key:pem_entry_decode(CertKey1),
-    true = public_key:pkix_verify(Cert2, {Y, #'Dss-Parms'{p=P, q=Q, g=G}}),
-    
-    %% RSA sign
     Msg = list_to_binary(lists:duplicate(5, "Foo bar 100")),
-
     RSASign = public_key:sign(Msg, sha, PrivateRSA),
     true = public_key:verify(Msg, sha, RSASign, PublicRSA), 
     false = public_key:verify(<<1:8, Msg/binary>>, sha, RSASign, PublicRSA), 
     false = public_key:verify(Msg, sha, <<1:8, RSASign/binary>>, PublicRSA), 
 
     RSASign1 = public_key:sign(Msg, md5, PrivateRSA),
-    true = public_key:verify(Msg, md5, RSASign1, PublicRSA), 
+    true = public_key:verify(Msg, md5, RSASign1, PublicRSA).
     
-    %% DSA sign
+%%--------------------------------------------------------------------
+
+dsa_sign_verify(doc) ->
+    ["Checks that we can sign and verify dsa signatures."];
+dsa_sign_verify(suite) ->
+    [];
+dsa_sign_verify(Config) when is_list(Config) ->
+    Ca = erl_make_certs:make_cert([]),
+    CertInfo = {_,CertKey1} = erl_make_certs:make_cert([{key, dsa}, {issuer, Ca}]),
+    {Cert2,_CertKey} = erl_make_certs:make_cert([{issuer, CertInfo}]),
+
+    #'DSAPrivateKey'{p=P, q=Q, g=G, y=Y, x=_X} =
+	public_key:pem_entry_decode(CertKey1),
+    true = public_key:pkix_verify(Cert2, {Y, #'Dss-Parms'{p=P, q=Q, g=G}}),
+
     Datadir = ?config(data_dir, Config),
     [DsaKey = {'DSAPrivateKey', _, _}] = 
 	erl_make_certs:pem_to_der(filename:join(Datadir, "dsa.pem")), 
     DSAPrivateKey = public_key:pem_entry_decode(DsaKey),
     #'DSAPrivateKey'{p=P1, q=Q1, g=G1, y=Y1, x=_X1} = DSAPrivateKey,
+
+    Msg = list_to_binary(lists:duplicate(5, "Foo bar 100")),
     DSASign = public_key:sign(Msg, sha, DSAPrivateKey),
     DSAPublicKey = Y1,
     DSAParams = #'Dss-Parms'{p=P1, q=Q1, g=G1},
@@ -312,9 +577,8 @@ sign_verify(Config) when is_list(Config) ->
     false = public_key:verify(<<1:8, RestDigest/binary>>, none, DigestSign, 
 			      {DSAPublicKey, DSAParams}), 
     false = public_key:verify(Digest, none, <<1:8, DigestSign/binary>>, 
-			      {DSAPublicKey, DSAParams}), 
-    
-    ok.
+			      {DSAPublicKey, DSAParams}).
+
 %%--------------------------------------------------------------------
 pkix(doc) ->
     "Misc pkix tests not covered elsewhere";