[xmlsec] fix DSA-SHA256 signatures + test cases (bug #745493)



commit 78f720bead2c8e58c4ac40646f1343475ac52449
Author: Aleksey Sanin <aleksey aleksey com>
Date:   Thu Mar 5 15:54:26 2015 -0800

    fix DSA-SHA256 signatures + test cases (bug #745493)

 docs/xmlsec-man.html                               |  292 +-------------------
 man/xmlsec1-config.1                               |    4 +-
 man/xmlsec1.1                                      |    6 +-
 src/openssl/signatures.c                           |   70 ++++-
 .../enveloping-sha256-dsa2048-sha256.tmpl          |   17 ++
 .../enveloping-sha256-dsa2048-sha256.xml           |   97 +++++++
 .../enveloping-sha256-dsa3072-sha256.tmpl          |   17 ++
 .../enveloping-sha256-dsa3072-sha256.xml           |  105 +++++++
 tests/keys/README                                  |   30 ++-
 tests/keys/demoCA/index.txt                        |    2 +
 tests/keys/demoCA/index.txt.old                    |    2 +
 tests/keys/demoCA/newcerts/AFA28BB933ADDAB2.pem    |  128 +++++++++
 tests/keys/demoCA/newcerts/AFA28BB933ADDAB3.pem    |  160 +++++++++++
 tests/keys/demoCA/serial                           |    2 +-
 tests/keys/demoCA/serial.old                       |    2 +-
 tests/keys/dsa2048cert.der                         |  Bin 0 -> 1693 bytes
 tests/keys/dsa2048cert.pem                         |  128 +++++++++
 tests/keys/dsa2048key.der                          |  Bin 0 -> 858 bytes
 tests/keys/dsa2048key.p12                          |  Bin 0 -> 4874 bytes
 tests/keys/dsa2048key.p8-der                       |  Bin 0 -> 661 bytes
 tests/keys/dsa2048key.p8-pem                       |   16 +
 tests/keys/dsa2048key.pem                          |   34 +++
 tests/keys/dsa3072cert.der                         |  Bin 0 -> 2078 bytes
 tests/keys/dsa3072cert.pem                         |  160 +++++++++++
 tests/keys/dsa3072key.der                          |  Bin 0 -> 1243 bytes
 tests/keys/dsa3072key.p12                          |  Bin 0 -> 5514 bytes
 tests/keys/dsa3072key.p8-der                       |  Bin 0 -> 917 bytes
 tests/keys/dsa3072key.p8-pem                       |   22 ++
 tests/keys/dsa3072key.pem                          |   48 ++++
 tests/testDSig.sh                                  |   18 ++
 30 files changed, 1045 insertions(+), 315 deletions(-)
---
diff --git a/docs/xmlsec-man.html b/docs/xmlsec-man.html
index 31bb12e..e76b4f0 100644
--- a/docs/xmlsec-man.html
+++ b/docs/xmlsec-man.html
@@ -1,291 +1 @@
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>Manpage of XMLSEC1</title>
-</head>
-<body><table witdh="100%" valign="top"><tr valign="top">
-<td valign="top" align="left" width="210">
-<img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
-<ul>
-<li><a href="index.html">Home</a></li>
-<li><a href="download.html">Download</a></li>
-<li><a href="news.html">News</a></li>
-<li><a href="documentation.html">Documentation</a></li>
-<ul>
-<li><a href="faq.html">FAQ</a></li>
-<li><a href="api/xmlsec-notes.html">Tutorial</a></li>
-<li><a href="api/xmlsec-reference.html">API reference</a></li>
-<li><a href="api/xmlsec-examples.html">Examples</a></li>
-</ul>
-<li><a href="xmldsig.html">XML Digital Signature</a></li>
-<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html";>Online Verifier</a></li></ul>
-<li><a href="xmlenc.html">XML Encryption</a></li>
-<li><a href="c14n.html">XML Canonicalization</a></li>
-<li><a href="bugs.html">Reporting Bugs</a></li>
-<li><a href="http://www.aleksey.com/pipermail/xmlsec";>Mailing list</a></li>
-<li><a href="related.html">Related</a></li>
-<li><a href="authors.html">Authors</a></li>
-</ul>
-<table width="100%">
-<tr>
-<td width="15"></td>
-<td><a href="http://xmlsoft.org/";><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
-</tr>
-<tr>
-<td width="15"></td>
-<td><a href="http://xmlsoft.org/XSLT";><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
-</tr>
-<tr>
-<td width="15"></td>
-<td><a href="http://www.openssl.org/";><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
-</tr>
-<!--Links - start--><!--Links - end-->
-</table>
-</td>
-<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
-<h1>XMLSEC1</h1>
-<br><br><a href="#index">Index</a><a href="http://localhost/cgi-bin/man/man2html";>Return to Main 
Contents</a><hr>
-<a name="lbAB"> </a><h2>NAME</h2>
-<a name="lbAC"> </a><h2>SYNOPSIS</h2>
-<b>xmlsec</b><i>&lt;command&gt; </i><i>&lt;options&gt;</i><i>&lt;files&gt;</i><a name="lbAD"> 
</a><h2>DESCRIPTION</h2>
-<dl compact>
-<dt><b>--help</b></dt>
-<dd> display this help information and exit </dd>
-<dt><b>--help-all</b></dt>
-<dd> display help information for all commands/options and exit </dd>
-<dt>
-<b>--help-</b>&lt;cmd&gt;</dt>
-<dd> display help information for command &lt;cmd&gt; and exit </dd>
-<dt><b>--version</b></dt>
-<dd> print version information and exit </dd>
-<dt><b>--keys</b></dt>
-<dd> keys XML file manipulation </dd>
-<dt><b>--sign</b></dt>
-<dd> sign data and output XML document </dd>
-<dt><b>--verify</b></dt>
-<dd> verify signed document </dd>
-<dt><b>--sign-tmpl</b></dt>
-<dd> create and sign dynamicaly generated signature template </dd>
-<dt><b>--encrypt</b></dt>
-<dd> encrypt data and output XML document </dd>
-<dt><b>--decrypt</b></dt>
-<dd> decrypt data from XML document </dd>
-</dl>
-<a name="lbAE"> </a><h2>OPTIONS</h2>
-<dl compact>
-<dt> <b>--ignore-manifests</b> <dt></dt>
-</dt>
-<dd> <dd>do not process &lt;dsig:Manifest&gt; elements </dd>
-</dd>
-<dt> <b>--store-references</b> <dt></dt>
-</dt>
-<dd> <dd>store and print the result of &lt;dsig:Reference/&gt; element processing just before calculating 
digest </dd>
-</dd>
-<dt> <b>--store-signatures</b> <dt></dt>
-</dt>
-<dd> <dd>store and print the result of &lt;dsig:Signature&gt; processing just before calculating signature 
</dd>
-</dd>
-<dt> <b>--enabled-reference-uris</b> &lt;list&gt; <dt></dt>
-</dt>
-<dd> <dd>comma separated list of of the following values: "empty", "same-doc", "local","remote" to restrict 
possible URI attribute values for the &lt;dsig:Reference&gt; element </dd>
-</dd>
-<dt> <b>--enable-visa3d-hack</b> <dt></dt>
-</dt>
-<dd> <dd>enables Visa3D protocol specific hack for URI attributes processing when we are trying not to use 
XPath/XPointer engine; this is a hack and I don't know what else might be broken in your application when you 
use it (also check "--id-attr" option because you might need it) </dd>
-</dd>
-<dt> <b>--binary-data</b> &lt;file&gt; <dt></dt>
-</dt>
-<dd> <dd>binary &lt;file&gt; to encrypt </dd>
-</dd>
-<dt> <b>--xml-data</b> &lt;file&gt; <dt></dt>
-</dt>
-<dd> <dd>XML &lt;file&gt; to encrypt </dd>
-</dd>
-<dt> <b>--enabled-cipher-reference-uris</b> &lt;list&gt; <dt></dt>
-</dt>
-<dd> <dd>comma separated list of of the following values: "empty", "same-doc", "local","remote" to restrict 
possible URI attribute values for the &lt;enc:CipherReference&gt; element </dd>
-</dd>
-<dt> <b>--session-key</b> &lt;keyKlass&gt;-&lt;keySize&gt; <dt></dt>
-</dt>
-<dd> <dd>generate new session &lt;keyKlass&gt; key of &lt;keySize&gt; bits size (for example, "--session 
des-192" generates a new 192 bits DES key for DES3 encryption) </dd>
-</dd>
-<dt> <b>--output</b> &lt;filename&gt; <dt></dt>
-</dt>
-<dd> <dd>write result document to file &lt;filename&gt; </dd>
-</dd>
-<dt> <b>--print-debug</b> <dt></dt>
-</dt>
-<dd> <dd>print debug information to stdout </dd>
-</dd>
-<dt> <b>--print-xml-debug</b> <dt></dt>
-</dt>
-<dd> <dd>print debug information to stdout in xml format </dd>
-</dd>
-<dt> <b>--dtd-file</b> &lt;file&gt; <dt></dt>
-</dt>
-<dd> <dd>load the specified file as the DTD </dd>
-</dd>
-<dt> <b>--node-id</b> &lt;id&gt; <dt></dt>
-</dt>
-<dd> <dd>set the operation start point to the node with given &lt;id&gt; </dd>
-</dd>
-<dt> <b>--node-name</b> [&lt;namespace-uri&gt;:]&lt;name&gt; <dt></dt>
-</dt>
-<dd> <dd>set the operation start point to the first node with given &lt;name&gt; and &lt;namespace&gt; URI 
</dd>
-</dd>
-<dt> <b>--node-xpath</b> &lt;expr&gt; <dt></dt>
-</dt>
-<dd> <dd>set the operation start point to the first node selected by the specified XPath expression </dd>
-</dd>
-<dt> <b>--id-attr[</b>:&lt;attr-name&gt;] [&lt;node-namespace-uri&gt;:]&lt;node-name&gt; <dt></dt>
-</dt>
-<dd> <dd>adds attributes &lt;attr-name&gt; (default value "id") from all nodes with&lt;node-name&gt; and 
namespace &lt;node-namespace-uri&gt; to the list of known ID attributes; this is a hack and if you can use 
DTD or schema to declare ID attributes instead (see "--dtd-file" option), I don't know what else might be 
broken in your application when you use this hack </dd>
-</dd>
-<dt> <b>--enabled-key-data</b> &lt;list&gt; <dt></dt>
-</dt>
-<dd> <dd>comma separated list of enabled key data (list of registered key data klasses is available with 
"--list-key-data" command); by default, all registered key data are enabled </dd>
-</dd>
-<dt> <b>--enabled-retrieval-uris</b> &lt;list&gt; <dt></dt>
-</dt>
-<dd> <dd>comma separated list of of the following values: "empty", "same-doc", "local","remote" to restrict 
possible URI attribute values for the &lt;dsig:RetrievalMethod&gt; element. </dd>
-</dd>
-<dt> <b>--gen-key[</b>:&lt;name&gt;] &lt;keyKlass&gt;-&lt;keySize&gt; <dt></dt>
-</dt>
-<dd> <dd>generate new &lt;keyKlass&gt; key of &lt;keySize&gt; bits size, set the key name to &lt;name&gt; 
and add the result to keys manager (for example, "--gen:mykey rsa-1024" generates a new 1024 bits RSA key and 
sets it's name to "mykey") </dd>
-</dd>
-<dt> <b>--keys-file</b> &lt;file&gt; <dt></dt>
-</dt>
-<dd> <dd>load keys from XML file </dd>
-</dd>
-<dt> <b>--privkey-pem[</b>:&lt;name&gt;] &lt;file&gt;[,&lt;cafile&gt;[,&lt;cafile&gt;[...]]] <dt></dt>
-</dt>
-<dd> <dd>load private key from PEM file and certificates that verify this key </dd>
-</dd>
-<dt> <b>--privkey-der[</b>:&lt;name&gt;] &lt;file&gt;[,&lt;cafile&gt;[,&lt;cafile&gt;[...]]] <dt></dt>
-</dt>
-<dd> <dd>load private key from DER file and certificates that verify this key </dd>
-</dd>
-<dt> <b>--pkcs8-pem[</b>:&lt;name&gt;] &lt;file&gt;[,&lt;cafile&gt;[,&lt;cafile&gt;[...]]] <dt></dt>
-</dt>
-<dd> <dd>load private key from PKCS8 PEM file and PEM certificates that verify this key </dd>
-</dd>
-<dt> <b>--pkcs8-der[</b>:&lt;name&gt;] &lt;file&gt;[,&lt;cafile&gt;[,&lt;cafile&gt;[...]]] <dt></dt>
-</dt>
-<dd> <dd>load private key from PKCS8 DER file and DER certificates that verify this key </dd>
-</dd>
-<dt> <b>--pubkey-pem[</b>:&lt;name&gt;] &lt;file&gt; <dt></dt>
-</dt>
-<dd> <dd>load public key from PEM file </dd>
-</dd>
-<dt> <b>--pubkey-der[</b>:&lt;name&gt;] &lt;file&gt; <dt></dt>
-</dt>
-<dd> <dd>load public key from DER file </dd>
-</dd>
-<dt> <b>--aeskey[</b>:&lt;name&gt;] &lt;file&gt; <dt></dt>
-</dt>
-<dd> <dd>load AES key from binary file &lt;file&gt; </dd>
-</dd>
-<dt> <b>--deskey[</b>:&lt;name&gt;] &lt;file&gt; <dt></dt>
-</dt>
-<dd> <dd>load DES key from binary file &lt;file&gt; </dd>
-</dd>
-<dt> <b>--hmackey[</b>:&lt;name&gt;] &lt;file&gt; <dt></dt>
-</dt>
-<dd> <dd>load HMAC key from binary file &lt;file&gt; </dd>
-</dd>
-<dt> <b>--pwd</b> &lt;password&gt; <dt></dt>
-</dt>
-<dd> <dd>the password to use for reading keys and certs </dd>
-</dd>
-<dt> <b>--pkcs12[</b>:&lt;name&gt;] &lt;file&gt; <dt></dt>
-</dt>
-<dd> <dd>load load private key from pkcs12 file &lt;file&gt; </dd>
-</dd>
-<dt> <b>--pubkey-cert-pem[</b>:&lt;name&gt;] &lt;file&gt; <dt></dt>
-</dt>
-<dd> <dd>load public key from PEM cert file </dd>
-</dd>
-<dt> <b>--pubkey-cert-der[</b>:&lt;name&gt;] &lt;file&gt; <dt></dt>
-</dt>
-<dd> <dd>load public key from DER cert file </dd>
-</dd>
-<dt> <b>--trusted-pem</b> &lt;file&gt; <dt></dt>
-</dt>
-<dd> <dd>load trusted (root) certificate from PEM file &lt;file&gt; </dd>
-</dd>
-<dt> <b>--untrusted-pem</b> &lt;file&gt; <dt></dt>
-</dt>
-<dd> <dd>load untrusted certificate from PEM file &lt;file&gt; </dd>
-</dd>
-<dt> <b>--trusted-der</b> &lt;file&gt; <dt></dt>
-</dt>
-<dd> <dd>load trusted (root) certificate from DER file &lt;file&gt; </dd>
-</dd>
-<dt> <b>--untrusted-der</b> &lt;file&gt; <dt></dt>
-</dt>
-<dd> <dd>load untrusted certificate from DER file &lt;file&gt; </dd>
-</dd>
-<dt> <b>--verification-time</b> &lt;time&gt; <dt></dt>
-</dt>
-<dd> <dd>the local time in "YYYY-MM-DD HH:MM:SS" format used certificates verification </dd>
-</dd>
-<dt> <b>--depth</b> &lt;number&gt; <dt></dt>
-</dt>
-<dd> <dd>maximum certificates chain depth </dd>
-</dd>
-<dt> <b>--X509-skip-strict-checks</b> <dt></dt>
-</dt>
-<dd> <dd>skip strict checking of X509 data </dd>
-</dd>
-<dt> <b>--crypto</b> &lt;name&gt; <dt></dt>
-</dt>
-<dd> <dd>the name of the crypto engine to use from the following list: openssl, mscrypto, nss, gnutls, 
gcrypt (if no crypto engine is specified then the default one is used) </dd>
-</dd>
-<dt> <b>--crypto-config</b> &lt;path&gt; <dt></dt>
-</dt>
-<dd> <dd>path to crypto engine configuration </dd>
-</dd>
-<dt> <b>--repeat</b> &lt;number&gt; <dt></dt>
-</dt>
-<dd> <dd>repeat the operation &lt;number&gt; times </dd>
-</dd>
-<dt> <b>--disable-error-msgs</b> <dt></dt>
-</dt>
-<dd> <dd>do not print xmlsec error messages </dd>
-</dd>
-<dt> <b>--print-crypto-error-msgs</b> <dt></dt>
-</dt>
-<dd> <dd>print errors stack at the end </dd>
-</dd>
-<dt> <b>--help</b> <dt></dt>
-</dt>
-<dd> <dd>print help information about the command </dd>
-</dd>
-</dl>
-<a name="lbAF"> </a><h2>AUTHOR</h2>
-<a href="mailto:aleksey aleksey com">aleksey aleksey com</a><a name="lbAG"> </a><h2>REPORTING BUGS</h2>
-<a href="http://www.aleksey.com/xmlsec/bugs.html";>http://www.aleksey.com/xmlsec/bugs.html</a><a name="lbAH"> 
</a><h2>COPYRIGHT</h2>
-<br><p>  </p>
-<hr>
-<a name="index"> </a><h2>Index</h2>
-<dl>
-<dt><a href="#lbAB">NAME</a></dt>
-<dd> </dd>
-<dt><a href="#lbAC">SYNOPSIS</a></dt>
-<dd> </dd>
-<dt><a href="#lbAD">DESCRIPTION</a></dt>
-<dd> </dd>
-<dt><a href="#lbAE">OPTIONS</a></dt>
-<dd> </dd>
-<dt><a href="#lbAF">AUTHOR</a></dt>
-<dd> </dd>
-<dt><a href="#lbAG">REPORTING BUGS</a></dt>
-<dd> </dd>
-<dt><a href="#lbAH">COPYRIGHT</a></dt>
-<dd> </dd>
-</dl>
-<hr>
-<a href="http://localhost/cgi-bin/man/man2html";>man2html</a><br>
-</td></tr></table></td>
-</tr></table></body>
-</html>
+ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><HEAD><TITLE>Man page of 
XMLSEC1</TITLE> </HEAD><BODY> <H1>XMLSEC1</H1> Section: User Commands (1)<BR>Updated: March 2015<BR><A 
HREF="#index">Index</A> <A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>  <A 
NAME="lbAB">&nbsp;</A> <H2>NAME</H2>  xmlsec1 - sign, verify, encrypt and decrypt XML documents <A 
NAME="lbAC">&nbsp;</A> <H2>SYNOPSIS</H2>  <B>xmlsec</B>  <I>&lt;command&gt; </I>[<I>&lt;options&gt;</I>] 
[<I>&lt;files&gt;</I>] <A NAME="lbAD">&nbsp;</A> <H2>DESCRIPTION</H2>  xmlsec is a command line tool for 
signing, verifying, encrypting and decrypting XML documents. The allowed &lt;command&gt; values are: <DL 
COMPACT> <DT><B>--help</B><DD> display this help information and exit <DT><B>--help-all</B><DD> display help 
information for all commands/options and exit <DT><B>--help-</B>&lt;cmd&gt;<DD> display help information for 
command &lt;cmd&gt; and exit <DT><B>--version</B><DD> print versio
 n information and exit <DT><B>--keys</B><DD> keys XML file manipulation <DT><B>--sign</B><DD> sign data and 
output XML document <DT><B>--verify</B><DD> verify signed document <DT><B>--sign-tmpl</B><DD> create and sign 
dynamicaly generated signature template <DT><B>--encrypt</B><DD> encrypt data and output XML document 
<DT><B>--decrypt</B><DD> decrypt data from XML document </DL> <A NAME="lbAE">&nbsp;</A> <H2>OPTIONS</H2>  <DL 
COMPACT> <DT> <B>--ignore-manifests</B> <DT><DD> <DD>do not process &lt;dsig:Manifest&gt; elements <DT> 
<B>--store-references</B> <DT><DD> <DD>store and print the result of &lt;dsig:Reference/&gt; element 
processing just before calculating digest <DT> <B>--store-signatures</B> <DT><DD> <DD>store and print the 
result of &lt;dsig:Signature&gt; processing just before calculating signature <DT> 
<B>--enabled-reference-uris</B> &lt;list&gt; <DT><DD> <DD>comma separated list of of the following values: 
&quot;empty&quot;, &quot;same-doc&quot;, &quot;local&quot;
 ,&quot;remote&quot; to restrict possible URI attribute values for the &lt;dsig:Reference&gt; element <DT> 
<B>--enable-visa3d-hack</B> <DT><DD> <DD>enables Visa3D protocol specific hack for URI attributes processing 
when we are trying not to use XPath/XPointer engine; this is a hack and I don't know what else might be 
broken in your application when you use it (also check &quot;--id-attr&quot; option because you might need 
it) <DT> <B>--binary-data</B> &lt;file&gt; <DT><DD> <DD>binary &lt;file&gt; to encrypt <DT> <B>--xml-data</B> 
&lt;file&gt; <DT><DD> <DD>XML &lt;file&gt; to encrypt <DT> <B>--enabled-cipher-reference-uris</B> 
&lt;list&gt; <DT><DD> <DD>comma separated list of of the following values: &quot;empty&quot;, 
&quot;same-doc&quot;, &quot;local&quot;,&quot;remote&quot; to restrict possible URI attribute values for the 
&lt;enc:CipherReference&gt; element <DT> <B>--session-key</B> &lt;keyKlass&gt;-&lt;keySize&gt; <DT><DD> 
<DD>generate new session &lt;keyKlass&gt; key of
  &lt;keySize&gt; bits size (for example, &quot;--session des-192&quot; generates a new 192 bits DES key for 
DES3 encryption) <DT> <B>--output</B> &lt;filename&gt; <DT><DD> <DD>write result document to file 
&lt;filename&gt; <DT> <B>--print-debug</B> <DT><DD> <DD>print debug information to stdout <DT> 
<B>--print-xml-debug</B> <DT><DD> <DD>print debug information to stdout in xml format <DT> <B>--dtd-file</B> 
&lt;file&gt; <DT><DD> <DD>load the specified file as the DTD <DT> <B>--node-id</B> &lt;id&gt; <DT><DD> 
<DD>set the operation start point to the node with given &lt;id&gt; <DT> <B>--node-name</B> 
[&lt;namespace-uri&gt;:]&lt;name&gt; <DT><DD> <DD>set the operation start point to the first node with given 
&lt;name&gt; and &lt;namespace&gt; URI <DT> <B>--node-xpath</B> &lt;expr&gt; <DT><DD> <DD>set the operation 
start point to the first node selected by the specified XPath expression <DT> 
<B>--id-attr[</B>:&lt;attr-name&gt;] [&lt;node-namespace-uri&gt;:]&lt;node-name&gt; <DT><
 DD> <DD>adds attributes &lt;attr-name&gt; (default value &quot;id&quot;) from all nodes 
with&lt;node-name&gt; and namespace &lt;node-namespace-uri&gt; to the list of known ID attributes; this is a 
hack and if you can use DTD or schema to declare ID attributes instead (see &quot;--dtd-file&quot; option), I 
don't know what else might be broken in your application when you use this hack <DT> 
<B>--enabled-key-data</B> &lt;list&gt; <DT><DD> <DD>comma separated list of enabled key data (list of 
registered key data klasses is available with &quot;--list-key-data&quot; command); by default, all 
registered key data are enabled <DT> <B>--enabled-retrieval-uris</B> &lt;list&gt; <DT><DD> <DD>comma 
separated list of of the following values: &quot;empty&quot;, &quot;same-doc&quot;, 
&quot;local&quot;,&quot;remote&quot; to restrict possible URI attribute values for the 
&lt;dsig:RetrievalMethod&gt; element. <DT> <B>--gen-key[</B>:&lt;name&gt;] &lt;keyKlass&gt;-&lt;keySize&gt; 
<DT><DD> <DD>ge
 nerate new &lt;keyKlass&gt; key of &lt;keySize&gt; bits size, set the key name to &lt;name&gt; and add the 
result to keys manager (for example, &quot;--gen:mykey rsa-1024&quot; generates a new 1024 bits RSA key and 
sets it's name to &quot;mykey&quot;) <DT> <B>--keys-file</B> &lt;file&gt; <DT><DD> <DD>load keys from XML 
file <DT> <B>--privkey-pem[</B>:&lt;name&gt;] &lt;file&gt;[,&lt;cafile&gt;[,&lt;cafile&gt;[...]]] <DT><DD> 
<DD>load private key from PEM file and certificates that verify this key <DT> 
<B>--privkey-der[</B>:&lt;name&gt;] &lt;file&gt;[,&lt;cafile&gt;[,&lt;cafile&gt;[...]]] <DT><DD> <DD>load 
private key from DER file and certificates that verify this key <DT> <B>--pkcs8-pem[</B>:&lt;name&gt;] 
&lt;file&gt;[,&lt;cafile&gt;[,&lt;cafile&gt;[...]]] <DT><DD> <DD>load private key from PKCS8 PEM file and PEM 
certificates that verify this key <DT> <B>--pkcs8-der[</B>:&lt;name&gt;] 
&lt;file&gt;[,&lt;cafile&gt;[,&lt;cafile&gt;[...]]] <DT><DD> <DD>load private key from PKCS
 8 DER file and DER certificates that verify this key <DT> <B>--pubkey-pem[</B>:&lt;name&gt;] &lt;file&gt; 
<DT><DD> <DD>load public key from PEM file <DT> <B>--pubkey-der[</B>:&lt;name&gt;] &lt;file&gt; <DT><DD> 
<DD>load public key from DER file <DT> <B>--aeskey[</B>:&lt;name&gt;] &lt;file&gt; <DT><DD> <DD>load AES key 
from binary file &lt;file&gt; <DT> <B>--deskey[</B>:&lt;name&gt;] &lt;file&gt; <DT><DD> <DD>load DES key from 
binary file &lt;file&gt; <DT> <B>--hmackey[</B>:&lt;name&gt;] &lt;file&gt; <DT><DD> <DD>load HMAC key from 
binary file &lt;file&gt; <DT> <B>--pwd</B> &lt;password&gt; <DT><DD> <DD>the password to use for reading keys 
and certs <DT> <B>--pkcs12[</B>:&lt;name&gt;] &lt;file&gt; <DT><DD> <DD>load load private key from pkcs12 
file &lt;file&gt; <DT> <B>--pubkey-cert-pem[</B>:&lt;name&gt;] &lt;file&gt; <DT><DD> <DD>load public key from 
PEM cert file <DT> <B>--pubkey-cert-der[</B>:&lt;name&gt;] &lt;file&gt; <DT><DD> <DD>load public key from DER 
cert file <DT> <
 B>--trusted-pem</B> &lt;file&gt; <DT><DD> <DD>load trusted (root) certificate from PEM file &lt;file&gt; 
<DT> <B>--untrusted-pem</B> &lt;file&gt; <DT><DD> <DD>load untrusted certificate from PEM file &lt;file&gt; 
<DT> <B>--trusted-der</B> &lt;file&gt; <DT><DD> <DD>load trusted (root) certificate from DER file 
&lt;file&gt; <DT> <B>--untrusted-der</B> &lt;file&gt; <DT><DD> <DD>load untrusted certificate from DER file 
&lt;file&gt; <DT> <B>--verification-time</B> &lt;time&gt; <DT><DD> <DD>the local time in &quot;YYYY-MM-DD 
HH:MM:SS&quot; format used certificates verification <DT> <B>--depth</B> &lt;number&gt; <DT><DD> <DD>maximum 
certificates chain depth <DT> <B>--X509-skip-strict-checks</B> <DT><DD> <DD>skip strict checking of X509 data 
<DT> <B>--crypto</B> &lt;name&gt; <DT><DD> <DD>the name of the crypto engine to use from the following list: 
openssl, mscrypto, nss, gnutls, gcrypt (if no crypto engine is specified then the default one is used) <DT> 
<B>--crypto-config</B> &lt;p
 ath&gt; <DT><DD> <DD>path to crypto engine configuration <DT> <B>--repeat</B> &lt;number&gt; <DT><DD> 
<DD>repeat the operation &lt;number&gt; times <DT> <B>--disable-error-msgs</B> <DT><DD> <DD>do not print 
xmlsec error messages <DT> <B>--print-crypto-error-msgs</B> <DT><DD> <DD>print errors stack at the end <DT> 
<B>--help</B> <DT><DD> <DD>print help information about the command </DL> <A NAME="lbAF">&nbsp;</A> 
<H2>AUTHOR</H2>  Written by Aleksey Sanin &lt;<A HREF="mailto:aleksey aleksey com">aleksey aleksey 
com</A>&gt;. <A NAME="lbAG">&nbsp;</A> <H2>REPORTING BUGS</H2>  Report bugs to <A 
HREF="http://www.aleksey.com/xmlsec/bugs.html";>http://www.aleksey.com/xmlsec/bugs.html</A> <A 
NAME="lbAH">&nbsp;</A> <H2>COPYRIGHT</H2>  Copyright &#169; 2002-2003 Aleksey Sanin. <BR>  This is free 
software: see the source for copying information. <P>  <HR> <A NAME="index">&nbsp;</A><H2>Index</H2> <DL> 
<DT><A HREF="#lbAB">NAME</A><DD> <DT><A HREF="#lbAC">SYNOPSIS</A><DD> <DT><A HREF="#lbAD"
DESCRIPTION</A><DD> <DT><A HREF="#lbAE">OPTIONS</A><DD> <DT><A HREF="#lbAF">AUTHOR</A><DD> <DT><A 
HREF="#lbAG">REPORTING BUGS</A><DD> <DT><A HREF="#lbAH">COPYRIGHT</A><DD> </DL> <HR> This document was 
created by <A HREF="/cgi-bin/man/man2html">man2html</A>, using the manual pages.<BR> Time: 00:23:42 GMT, 
March 03, 2015 </BODY> </HTML> 
\ No newline at end of file
diff --git a/man/xmlsec1-config.1 b/man/xmlsec1-config.1
index c6f7d68..609cd2d 100644
--- a/man/xmlsec1-config.1
+++ b/man/xmlsec1-config.1
@@ -1,5 +1,5 @@
-.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.36.
-.TH XMLSEC1-CONFIG "1" "May 2014" "xmlsec1-config 1.2.20" "User Commands"
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.44.1.
+.TH XMLSEC1-CONFIG "1" "March 2015" "xmlsec1-config 1.2.20" "User Commands"
 .SH NAME
 xmlsec1-config \- detail installed version of xmlsec library
 .SH SYNOPSIS
diff --git a/man/xmlsec1.1 b/man/xmlsec1.1
index f75bc4d..6c747a6 100644
--- a/man/xmlsec1.1
+++ b/man/xmlsec1.1
@@ -1,5 +1,5 @@
-.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.36.
-.TH XMLSEC1 "1" "May 2014" "xmlsec1 1.2.20 (openssl)" "User Commands"
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.44.1.
+.TH XMLSEC1 "1" "March 2015" "xmlsec1 1.2.20 (openssl)" "User Commands"
 .SH NAME
 xmlsec1 \- sign, verify, encrypt and decrypt XML documents
 .SH SYNOPSIS
@@ -264,6 +264,6 @@ Written by Aleksey Sanin <aleksey aleksey com>.
 .SH "REPORTING BUGS"
 Report bugs to http://www.aleksey.com/xmlsec/bugs.html
 .SH COPYRIGHT
-Copyright \(co 2002-2003 Aleksey Sanin.
+Copyright \(co 2002\-2003 Aleksey Sanin.
 .br
 This is free software: see the source for copying information.
diff --git a/src/openssl/signatures.c b/src/openssl/signatures.c
index 2fd3d35..2ccb690 100644
--- a/src/openssl/signatures.c
+++ b/src/openssl/signatures.c
@@ -24,7 +24,10 @@
 
 #ifndef XMLSEC_NO_DSA
 
-#define XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE                       (20 * 2)
+/**
+ * See https://bugzilla.gnome.org/show_bug.cgi?id=745493 for discussion
+ */
+#define XMLSEC_OPENSSL_DSA_SIGNATURE_MAX_SIZE                       (32 * 2)
 
 #ifndef XMLSEC_NO_SHA1
 static const EVP_MD *xmlSecOpenSSLDsaSha1Evp                    (void);
@@ -670,8 +673,8 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT
              * for dsa signature we use a fixed constant */
             signSize = EVP_PKEY_size(ctx->pKey);
 #ifndef XMLSEC_NO_DSA
-            if(signSize < XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE) {
-                signSize = XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE;
+            if(signSize < XMLSEC_OPENSSL_DSA_SIGNATURE_MAX_SIZE) {
+                signSize = XMLSEC_OPENSSL_DSA_SIGNATURE_MAX_SIZE;
             }
 #endif /* XMLSEC_NO_DSA */
 #ifndef XMLSEC_NO_ECDSA
@@ -760,33 +763,52 @@ xmlSecOpenSSLDsaEvpSign(int type ATTRIBUTE_UNUSED,
                         const unsigned char *dgst, unsigned int dlen,
                         unsigned char *sig, unsigned int *siglen, void *dsa) {
     DSA_SIG *s;
-    int rSize, sSize;
+    int size, rSize, sSize;
 
+    /* signature size = r + s + 8 bytes, we just need r+s */
+    size = DSA_size(dsa);
+    if(size < 8) {
+        *siglen=0;
+        return(0);
+    }
+    size = (size - 8) /  2;
+    if(2 * size > XMLSEC_OPENSSL_DSA_SIGNATURE_MAX_SIZE) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_SIZE,
+                    "size=%d > %d",
+                    size, XMLSEC_OPENSSL_DSA_SIGNATURE_MAX_SIZE);
+        return(0);
+    }
+
+    /* calculate signature */
     s = DSA_do_sign(dgst, dlen, dsa);
     if(s == NULL) {
         *siglen=0;
         return(0);
     }
 
+    /* get signature components */
     rSize = BN_num_bytes(s->r);
     sSize = BN_num_bytes(s->s);
-    if((rSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2)) ||
-       (sSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2))) {
+    if((rSize > size) || (sSize > size)) {
         xmlSecError(XMLSEC_ERRORS_HERE,
                     NULL,
                     NULL,
                     XMLSEC_ERRORS_R_INVALID_SIZE,
                     "size(r)=%d or size(s)=%d > %d",
-                    rSize, sSize, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2);
+                    rSize, sSize, size);
         DSA_SIG_free(s);
         return(0);
     }
 
-    memset(sig, 0, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE);
-    BN_bn2bin(s->r, sig + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2) - rSize);
-    BN_bn2bin(s->s, sig + XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE - sSize);
-    *siglen = XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE;
+    memset(sig, 0, 2 * size);
+    BN_bn2bin(s->r, sig + size - rSize);
+    BN_bn2bin(s->s, sig + 2*size - sSize);
+    *siglen = 2 * size;
 
+    /* done */
     DSA_SIG_free(s);
     return(1);
 }
@@ -797,26 +819,42 @@ xmlSecOpenSSLDsaEvpVerify(int type ATTRIBUTE_UNUSED,
                         const unsigned char *sigbuf, unsigned int siglen,
                         void *dsa) {
     DSA_SIG *s;
+    int size;
     int ret = -1;
 
+    /* signature size = r + s + 8 bytes, we just need r+s */
+    size = DSA_size(dsa);
+    if(size < 8) {
+        return(0);
+    }
+    size = (size - 8) / 2;
+    if(2 * size > XMLSEC_OPENSSL_DSA_SIGNATURE_MAX_SIZE) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_SIZE,
+                    "size=%d > %d",
+                    size, XMLSEC_OPENSSL_DSA_SIGNATURE_MAX_SIZE);
+        return(0);
+    }
+
     s = DSA_SIG_new();
     if (s == NULL) {
         return(ret);
     }
 
-    if(siglen != XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE) {
+    if(siglen != 2 * size) {
         xmlSecError(XMLSEC_ERRORS_HERE,
                     NULL,
                     NULL,
                     XMLSEC_ERRORS_R_INVALID_SIZE,
                     "invalid length %d (%d expected)",
-                    siglen, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE);
+                    siglen, 2 * size);
         goto done;
     }
 
-    s->r = BN_bin2bn(sigbuf, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL);
-    s->s = BN_bin2bn(sigbuf + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2),
-                       XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL);
+    s->r = BN_bin2bn(sigbuf, size, NULL);
+    s->s = BN_bin2bn(sigbuf + size, size, NULL);
     if((s->r == NULL) || (s->s == NULL)) {
         xmlSecError(XMLSEC_ERRORS_HERE,
                     NULL,
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha256-dsa2048-sha256.tmpl 
b/tests/aleksey-xmldsig-01/enveloping-sha256-dsa2048-sha256.tmpl
new file mode 100644
index 0000000..f0597b7
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha256-dsa2048-sha256.tmpl
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
+  <SignedInfo>
+    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; />
+    <SignatureMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
+    <Reference URI="#object">
+      <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+      <DigestValue></DigestValue>
+    </Reference>
+  </SignedInfo>
+  <SignatureValue>
+  </SignatureValue>
+  <KeyInfo>
+    <X509Data/>
+  </KeyInfo>
+  <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha256-dsa2048-sha256.xml 
b/tests/aleksey-xmldsig-01/enveloping-sha256-dsa2048-sha256.xml
new file mode 100644
index 0000000..9423da2
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha256-dsa2048-sha256.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
+  <SignedInfo>
+    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+    <SignatureMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
+    <Reference URI="#object">
+      <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+      <DigestValue>iDhYt78o294fA6pzQ7k44+eejrQMi+WX3l3UrUdtL1Q=</DigestValue>
+    </Reference>
+  </SignedInfo>
+  <SignatureValue>WGF1z2lw2lwWQl4e9gNW6yZDZb2xyRBxfGUAt1ttirKSDGUvUgEYrgMrs170D9xU
+QqEiVsFVAQqBEBD82JL5Fg==</SignatureValue>
+  <KeyInfo>
+    <X509Data>
+<X509Certificate>MIID9zCCA2CgAwIBAgIJAK+ii7kzrdqsMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEQMA4G
+A1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3
+DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMCAXDTE0MDUyMzE3NTA1OVoYDzIxMTQw
+NDI5MTc1MDU5WjCBrjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
+PTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtz
+ZXkuY29tL3htbHNlYykxEDAOBgNVBAsTB1Jvb3QgQ0ExFjAUBgNVBAMTDUFsZWtz
+ZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtY4MCNj/qrOzVuex1BD/PuCYTDDOLLVj
+tpKXQteQPqy0kgMwuQgRwdNnICIHQbnFKL40XoyACJVWKM7b0LkvWJNeyVzXPqEE
+9ZPmNxWGUjVcr7powT7v8V7S2QflUnr8ZvR4XWwkZJ9EYKNhenijgJ5yYDrXCWdv
+C+fnjBjv2LcCAwEAAaOCARcwggETMB0GA1UdDgQWBBQGtaSsp6p1ROoVnE/fBYNP
+ah7+CzCB4wYDVR0jBIHbMIHYgBQGtaSsp6p1ROoVnE/fBYNPah7+C6GBtKSBsTCB
+rjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhN
+TCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNl
+YykxEDAOBgNVBAsTB1Jvb3QgQ0ExFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf
+BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbYIJAK+ii7kzrdqsMAwGA1Ud
+EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEARpb86RP/ck55X+NunXeIX81i763b
+j7Z1VJwFbA/QfupzxnqJ2IP/lxC8YxJ3Bp2IJMI7rC9r0poa41ZxI5rGHip97Dpg
+sxPF9lkRUmKBBQjkICOq1w/4d2DRInBoqXttD+0WsqDfNDVK+7kSE07ytn3RzHCj
+j0gv0PdxmuCsR/E=</X509Certificate>
+<X509Certificate>MIIDzzCCAzigAwIBAgIJAK+ii7kzrdqtMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEQMA4G
+A1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3
+DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMCAXDTE0MDUyMzE3NTIzOFoYDzIxMTQw
+NDI5MTc1MjM4WjCBnDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
+PTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtz
+ZXkuY29tL3htbHNlYykxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG
+9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
+QQCyuvKJ2CuUPD33ghPt4Q8MilesHxVbbpyKfmabrYVpDGVDmOKKp337qJUZZ95K
+fwlXbR2j0zyKWJmvRxUx+PsTAgMBAAGjggFFMIIBQTAMBgNVHRMEBTADAQH/MCwG
+CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQU/uTsUyTwlZXHELXhRLVdOWVa434wgeMGA1UdIwSB2zCB2IAUBrWkrKeq
+dUTqFZxP3wWDT2oe/guhgbSkgbEwga4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
+YWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFyeSAoaHR0cDov
+L3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMRAwDgYDVQQLEwdSb290IENBMRYwFAYD
+VQQDEw1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3Nl
+eS5jb22CCQCvoou5M63arDANBgkqhkiG9w0BAQUFAAOBgQBuTAW63AgWqqUDPGi8
+BiXbdKHhFP4J8qgkdv5WMa6SpSWVgNgOYXkK/BSg1aSmQtGv8/8UvBRPoJnO4y0N
+jWUFf1ubOgUNmedYNLq7YbTp8yTGWeogCyM2xdWELMP8BMgQL0sP+MDAFMKO3itY
+mEWnCEsP15HKSTms54RNj7oJ+A==</X509Certificate>
+<X509Certificate>MIIGmTCCBkOgAwIBAgIJAK+ii7kzrdqyMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG
+A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz
+ZXkuY29tMCAXDTE1MDMwNTIyNTQwOVoYDzIxMTUwMjA5MjI1NDA5WjCBzDELMAkG
+A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1
+cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxLjAs
+BgNVBAsTJVRlc3QgVGhpcmQgTGV2ZWwgRFNBIDIwNDggQ2VydGlmaWNhdGUxFjAU
+BgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVr
+c2V5LmNvbTCCA0cwggI5BgcqhkjOOAQBMIICLAKCAQEA3h/6T60pCdSKYh+y66Rt
+6/R4jUoLXisrxTtU7acbcjeWZ0RcKtJM/zBBiOPSd+TfOxewOUzQFs6Xt2lWrreS
+3wLpWp9qcAW+xbVr/+OBJqShBnzEmrPc5l16shZWb7Lsz/ymvAgvZpUQkf8QkxSs
+29ts6mLwrff4+o/6Ta2w61/whJRaFxwRtftmmwOVF5AcvppeowRHBSvDEv210G9T
+1vXO8/5Q1q30hR/BgiB9wWJDcW95Ygw2WRqfe0drl+zJfbIFBouci2NOoTVGKw7s
+UsjruQMBzQ8J/1VEnV2oh9rLR19mYD35tyZlDzumE3lHuzza/F2QRlIWGR1xWcHJ
+rwIhAMDsLCKBC/+7J8cGViJbMEqu75keyH2YewaYykGXfLx9AoIBABJdcRq29Jsi
+zyar65NYt/o05QAiALmJMRRiv/DYX6zOUiXm2LXMee6XvaPt3b8OcM1QubBCdjKV
+982Swtc09rS/XrBeWOFJjdsAWxR+e9iKe4YshlJW1YCid595LVXZfA2wqnjrOuGz
++WA5OK+CO4VlabsZ7GrdXn5brFSe+LMxSJY34LcWxQZkNQyvek92zLRAngdTkYOa
+i1li0XHeZxenzv62VnbNeXrMFwdSkukivDCZOLaUgi7Ms07nojstNlbMEkgDT9U2
+rTdHxkxI9bmpSR5jla7pxuX35qgNvXz4jNgB6PIg5eznJlmzdmG5VePw+PIU2fAp
+XpHj1JVxE7IDggEGAAKCAQEAqh1v9VPCu2tkvTsFFN5PWL8XNct0oclgPI9kYx8F
+LDKEZ1MW5am2UfFeFFzjjt4+Pqzhz4BvVJqG75vNmizfnWTW3bFI8qJpuot1kRgD
+2elpK2W9YxfXkEgps7t0L7p5AIJ/lhQ+JuKuFOS1zMlLHZ8CL+DSCv6q0liwjSDj
+THNICMUqBmoTxFm2j0+sO3SPB4dTZNyzDanFxammaJ8ah0AuNp15nkPYXG5/48Zq
+qv+QM6YAxaZgADlyJfNFsNln22m/TfDT53iqMPxVNhJdUiWy5hVTKN3GpSoNkctq
+7uCcO1yTIH8QtyluWxrc/NYbOMy+bub/zIvAHz57RDdXMqOCAUUwggFBMAwGA1Ud
+EwQFMAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBTS4K/9+Uc2bNwMc2bazv8es4GKmjCB4wYDVR0jBIHb
+MIHYgBT+5OxTJPCVlccQteFEtV05ZVrjfqGBtKSBsTCBrjELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJy
+YXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxEDAOBgNVBAsTB1Jv
+b3QgQ0ExFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnht
+bHNlY0BhbGVrc2V5LmNvbYIJAK+ii7kzrdqtMA0GCSqGSIb3DQEBBQUAA0EAGN7+
+p/0NF8rNfgawPc1pEcRnYxDNTtNtY0ybAh052l/jLYThz/0f7klUu4VXTKYY8wnE
++IzoJB6Zzegun8uEqw==</X509Certificate>
+</X509Data>
+  </KeyInfo>
+  <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha256-dsa3072-sha256.tmpl 
b/tests/aleksey-xmldsig-01/enveloping-sha256-dsa3072-sha256.tmpl
new file mode 100644
index 0000000..f0597b7
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha256-dsa3072-sha256.tmpl
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
+  <SignedInfo>
+    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; />
+    <SignatureMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
+    <Reference URI="#object">
+      <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+      <DigestValue></DigestValue>
+    </Reference>
+  </SignedInfo>
+  <SignatureValue>
+  </SignatureValue>
+  <KeyInfo>
+    <X509Data/>
+  </KeyInfo>
+  <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha256-dsa3072-sha256.xml 
b/tests/aleksey-xmldsig-01/enveloping-sha256-dsa3072-sha256.xml
new file mode 100644
index 0000000..dc473dc
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha256-dsa3072-sha256.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
+  <SignedInfo>
+    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+    <SignatureMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
+    <Reference URI="#object">
+      <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+      <DigestValue>iDhYt78o294fA6pzQ7k44+eejrQMi+WX3l3UrUdtL1Q=</DigestValue>
+    </Reference>
+  </SignedInfo>
+  <SignatureValue>XJQVvHJwOVNPctX/VY4B6diavxIWSoZhQAluwforH7Jkb5BCChueuUQllNep616M
+Fs3A2JcCrr2MAwQ8Bq9Jdw==</SignatureValue>
+  <KeyInfo>
+    <X509Data>
+<X509Certificate>MIID9zCCA2CgAwIBAgIJAK+ii7kzrdqsMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEQMA4G
+A1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3
+DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMCAXDTE0MDUyMzE3NTA1OVoYDzIxMTQw
+NDI5MTc1MDU5WjCBrjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
+PTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtz
+ZXkuY29tL3htbHNlYykxEDAOBgNVBAsTB1Jvb3QgQ0ExFjAUBgNVBAMTDUFsZWtz
+ZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtY4MCNj/qrOzVuex1BD/PuCYTDDOLLVj
+tpKXQteQPqy0kgMwuQgRwdNnICIHQbnFKL40XoyACJVWKM7b0LkvWJNeyVzXPqEE
+9ZPmNxWGUjVcr7powT7v8V7S2QflUnr8ZvR4XWwkZJ9EYKNhenijgJ5yYDrXCWdv
+C+fnjBjv2LcCAwEAAaOCARcwggETMB0GA1UdDgQWBBQGtaSsp6p1ROoVnE/fBYNP
+ah7+CzCB4wYDVR0jBIHbMIHYgBQGtaSsp6p1ROoVnE/fBYNPah7+C6GBtKSBsTCB
+rjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhN
+TCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNl
+YykxEDAOBgNVBAsTB1Jvb3QgQ0ExFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf
+BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbYIJAK+ii7kzrdqsMAwGA1Ud
+EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEARpb86RP/ck55X+NunXeIX81i763b
+j7Z1VJwFbA/QfupzxnqJ2IP/lxC8YxJ3Bp2IJMI7rC9r0poa41ZxI5rGHip97Dpg
+sxPF9lkRUmKBBQjkICOq1w/4d2DRInBoqXttD+0WsqDfNDVK+7kSE07ytn3RzHCj
+j0gv0PdxmuCsR/E=</X509Certificate>
+<X509Certificate>MIIDzzCCAzigAwIBAgIJAK+ii7kzrdqtMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEQMA4G
+A1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3
+DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMCAXDTE0MDUyMzE3NTIzOFoYDzIxMTQw
+NDI5MTc1MjM4WjCBnDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
+PTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtz
+ZXkuY29tL3htbHNlYykxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG
+9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
+QQCyuvKJ2CuUPD33ghPt4Q8MilesHxVbbpyKfmabrYVpDGVDmOKKp337qJUZZ95K
+fwlXbR2j0zyKWJmvRxUx+PsTAgMBAAGjggFFMIIBQTAMBgNVHRMEBTADAQH/MCwG
+CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQU/uTsUyTwlZXHELXhRLVdOWVa434wgeMGA1UdIwSB2zCB2IAUBrWkrKeq
+dUTqFZxP3wWDT2oe/guhgbSkgbEwga4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
+YWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFyeSAoaHR0cDov
+L3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMRAwDgYDVQQLEwdSb290IENBMRYwFAYD
+VQQDEw1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3Nl
+eS5jb22CCQCvoou5M63arDANBgkqhkiG9w0BAQUFAAOBgQBuTAW63AgWqqUDPGi8
+BiXbdKHhFP4J8qgkdv5WMa6SpSWVgNgOYXkK/BSg1aSmQtGv8/8UvBRPoJnO4y0N
+jWUFf1ubOgUNmedYNLq7YbTp8yTGWeogCyM2xdWELMP8BMgQL0sP+MDAFMKO3itY
+mEWnCEsP15HKSTms54RNj7oJ+A==</X509Certificate>
+<X509Certificate>MIIIGjCCB8SgAwIBAgIJAK+ii7kzrdqzMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG
+A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz
+ZXkuY29tMCAXDTE1MDMwNTIyNTQ1M1oYDzIxMTUwMjA5MjI1NDUzWjCBzDELMAkG
+A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1
+cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxLjAs
+BgNVBAsTJVRlc3QgVGhpcmQgTGV2ZWwgRFNBIDMwNzIgQ2VydGlmaWNhdGUxFjAU
+BgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVr
+c2V5LmNvbTCCBMgwggM6BgcqhkjOOAQBMIIDLQKCAYEA44gyKnZNNfMz0+FQK/Op
+YkrSm1/aWlzM3B1MWFsnFMNB0r+5Fby/EYerAf+k/PNCR+j719VJiU/N+E2YvYhi
+6AHKpKLb57IWL1taFHeYbryf8DgMVV6zpaJBj/6SZD1iiWLyf8cygN0t0n9c9N8Y
+Z8a4Ge9J0X1K94jhtsteMNIfFhv5cnkagwdar5GsVF146kYBgufcAvQLU9xxE+nt
+qGQebYF2OHpBCzWbX3k7Acx6w/VqwJjlK4fRUlSOgXZreMlu2s96WSGo2LxZUYEj
+72kVZvnVanwgmuHouE5bhirL9tKQ7ZdvYKBF4Ki0UaZaLG7bPgKnFB9bkjDZA+5p
++ohxnFph02gS/4dNB9qwF5LYcME81rP2deoInVpD+Am1940ynpBIOOxvUVHkzL9P
+De9WT9RYo2qitW9Ze0CYkzL6JlcaCLQL/FuJoV4+xZRDnVZHNBIoCXQnSARuznZF
+3BXPFGt6+vXOSh0HWGFdYIpNCQAgFvQxt+MeTMjojT4PAiEAwoh7eB78mIJOxLEU
+HGA1vpvIPYF3Muqk0PEv8Ti4Wd8CggGBAIt6oRx2SXjlMwDGCnKFXwvcGB/FkDri
+0NAH+kxQZycXVGVZ7/pU7DFmtkifKul0DB4H2S61uOphRPZBbWgzQ3QhD0DVuc7O
+SyRJoDEEcgCQj2epOAt5AZaXOL7PxZQ6w+l/Wm45EVTzxRl/tLoVFwCE6FWIXmO3
+mIitgDmBBWwKH5Iukr6S2ePHO/P3/WsHQdvgHPDiXGTEWv+WAdZC0LP28JkEBuyw
+8ccunEbtUDongjYpfPZdN7Iy/Tj2t9ZS/hIgOAuzlfByEz49aS48Ushz8ss5jyh6
+YPevI4YqDYeh8YUVv6hsf7e22xWx1Ptg1TttcAo1P64nBujQBP3bH0ZYNuQLdzos
+n8HmQSmktgIRrptFYzJ6kjMurxkM9wGHlKv1v3zMzAG8gwAp6Q56cVXsKyWlfEF+
+MMGK6jTXJo/ZQ/msFhGSQ/uZRjxwesa9Xj3Q3hZ+tWcQWt06yav2/xXUPko5zgRu
+omRKNVFIfZPahBIiET0ZyVoj4Khj9LvJEwOCAYYAAoIBgQDJio6mTgj0/mg3XTDo
+zuL6v77a3clglfU6GN5mxn9rh9JdRIe7jzQJnvU8q0TnqFnmcTr4rmdjS5V3+1XH
+IGO/NUAuL3w1kPW1KmTc/HuYerW+N5pm7ZyX71bBWkfx0TQWjOXeDnoSZQ1NBuj8
+GkHbcG0fICJQHd2f1q9AJ8dFME/bCk1Mi/Y/jJ9Kr0AEKPQwnt0SZhdhqOp6Er0T
+ItbsHt9bruc45GmuyZGgkn+wEI7G3x7BL484UaplNo0sF43tWmB35ZEffxWOYFlL
+LkoXTlZnSnXW7zx8oXTOIbn9K33A9NgXuDpMg7IouUh0FYV2dVjvNqwk8dZrON+p
+AtV7CQvN6pzePg/oBJrUlV/NO2j0BuZvl9ARv2JYkrZufFtmMNBbof6j+WbFnIqb
+27XCLl1a70Q1WKCvE8qD3LiZHx/7lsrcaTV8KZF8d5kzgXRISFs5NkYFxru/LjBP
+777FLH23QTW2getPS9yExUw9kteFaF4yOUB5KgeEleZlT+SjggFFMIIBQTAMBgNV
+HRMEBTADAQH/MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0
+aWZpY2F0ZTAdBgNVHQ4EFgQUlIEFcjRTD1H8Y7jeWfisarvxRnIwgeMGA1UdIwSB
+2zCB2IAU/uTsUyTwlZXHELXhRLVdOWVa436hgbSkgbEwga4xCzAJBgNVBAYTAlVT
+MRMwEQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGli
+cmFyeSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMRAwDgYDVQQLEwdS
+b290IENBMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4
+bWxzZWNAYWxla3NleS5jb22CCQCvoou5M63arTANBgkqhkiG9w0BAQUFAANBAA93
+upXGmGSg0hyBphu86KkwUVnaeh4GTtx2v1C1qBPH4AAh/oKpzIYpTn3t7uAsiTk7
+im7eapblsXBRezkRoK4=</X509Certificate>
+</X509Data>
+  </KeyInfo>
+  <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/keys/README b/tests/keys/README
index 1451502..2da3363 100644
--- a/tests/keys/README
+++ b/tests/keys/README
@@ -11,6 +11,8 @@ README
  ca2cert.pem   Second-level RSA cert for ca2key.pem
  dsakey.pem    DSA private key
  dsacert.pem   Third level DSA cert for dsakey.pem
+ dsa2048key.pem DSA private key (2048 bits)
+ dsa3072key.pem DSA private key (3072 bits)
  rsakey.pem    RSA private key
  rsacert.pem   Third level RSA cert for rsacert.pem
  hmackey.bin   HMAC key ('secret')
@@ -37,12 +39,24 @@ README
     > openssl verify -CAfile cacert.pem ca2cert.pem
 
  C. Generate and sign DSA key with second level CA
-    > openssl dsaparam -out dsakey.pem -genkey 512
+    > openssl dsaparam -out dsakey.pem -genkey 1024
     > openssl req -config ./openssl.cnf -new -key dsakey.pem -out dsareq.pem
     > openssl ca -config ./openssl.cnf -cert ca2cert.pem -keyfile ca2key.pem \
            -out dsacert.pem -infiles dsareq.pem
     > openssl verify -CAfile cacert.pem -untrusted ca2cert.pem dsacert.pem
 
+    > openssl dsaparam -out dsa2048key.pem -genkey 2048
+    > openssl req -config ./openssl.cnf -new -key dsa2048key.pem -out dsa2048req.pem
+    > openssl ca -config ./openssl.cnf -cert ca2cert.pem -keyfile ca2key.pem \
+        -out dsa2048cert.pem -infiles dsa2048req.pem
+    > openssl verify -CAfile cacert.pem -untrusted ca2cert.pem dsa2048cert.pem
+
+    > openssl dsaparam -out dsa3072key.pem -genkey 3072
+    > openssl req -config ./openssl.cnf -new -key dsa3072key.pem -out dsa3072req.pem
+    > openssl ca -config ./openssl.cnf -cert ca2cert.pem -keyfile ca2key.pem \
+        -out dsa3072cert.pem -infiles dsa3072req.pem
+    > openssl verify -CAfile cacert.pem -untrusted ca2cert.pem dsa3072cert.pem
+
  D. Generate and sign RSA key with second level CA
     > openssl genrsa -out rsakey.pem
     > openssl req -config ./openssl.cnf -new -key rsakey.pem -out rsareq.pem
@@ -74,11 +88,15 @@ README
     > openssl rsa -inform PEM -outform DER -in expiredkey.pem -out expiredkey.der
   DSA key:
     > openssl dsa -inform PEM -outform DER -in dsakey.pem -out dsakey.der
+    > openssl dsa -inform PEM -outform DER -in dsa2048key.pem -out dsa2048key.der
+    > openssl dsa -inform PEM -outform DER -in dsa3072key.pem -out dsa3072key.der
 
   - Convert PEM cert file to DER file
     > openssl x509 -outform DER -in cacert.pem -out cacert.der 
     > openssl x509 -outform DER -in ca2cert.pem -out ca2cert.der 
     > openssl x509 -outform DER -in dsacert.pem -out dsacert.der 
+    > openssl x509 -outform DER -in dsa2048cert.pem -out dsa2048cert.der 
+    > openssl x509 -outform DER -in dsa3072cert.pem -out dsa3072cert.der 
     > openssl x509 -outform DER -in rsacert.pem -out rsacert.der 
     > openssl x509 -outform DER -in largersacert.pem -out largersacert.der 
     > openssl x509 -outform DER -in expiredcert.pem -out expiredcert.der 
@@ -100,6 +118,10 @@ README
    encrypted
      > openssl pkcs8 -in dsakey.pem -inform pem -out dsakey.p8-pem -outform pem -topk8
      > openssl pkcs8 -in dsakey.der -inform der -out dsakey.p8-der -outform der -topk8
+     > openssl pkcs8 -in dsa2048key.pem -inform pem -out dsa2048key.p8-pem -outform pem -topk8
+     > openssl pkcs8 -in dsa2048key.der -inform der -out dsa2048key.p8-der -outform der -topk8
+     > openssl pkcs8 -in dsa3072key.pem -inform pem -out dsa3072key.p8-pem -outform pem -topk8
+     > openssl pkcs8 -in dsa3072key.der -inform der -out dsa3072key.p8-der -outform der -topk8
      > openssl pkcs8 -in rsakey.pem -inform pem -out rsakey.p8-pem -outform pem -topk8
      > openssl pkcs8 -in rsakey.der -inform der -out rsakey.p8-der -outform der -topk8
      > openssl pkcs8 -in largersakey.pem -inform pem -out largersakey.p8-pem \
@@ -114,6 +136,12 @@ README
     > cat dsakey.pem dsacert.pem ca2cert.pem cacert.pem > alldsa.pem
     > openssl pkcs12 -export -in alldsa.pem -name TestDsaKey -out dsakey.p12
 
+    > cat dsa2048key.pem dsa2048cert.pem ca2cert.pem cacert.pem > alldsa2048.pem
+    > openssl pkcs12 -export -in alldsa2048.pem -name TestDsa2048Key -out dsa2048key.p12
+
+    > cat dsa3072key.pem dsa3072cert.pem ca2cert.pem cacert.pem > alldsa3072.pem
+    > openssl pkcs12 -export -in alldsa3072.pem -name TestDsa3072Key -out dsa3072key.p12
+
     > cat rsakey.pem rsacert.pem ca2cert.pem cacert.pem > allrsa.pem
     > openssl pkcs12 -export -in allrsa.pem -name TestRsaKey -out rsakey.p12
 
diff --git a/tests/keys/demoCA/index.txt b/tests/keys/demoCA/index.txt
index 4fa08b6..c8270ea 100644
--- a/tests/keys/demoCA/index.txt
+++ b/tests/keys/demoCA/index.txt
@@ -4,3 +4,5 @@ V       21140429175426Z         AFA28BB933ADDAAE        unknown /C=US/ST=California/O=XML 
Security L
 V      21140429175534Z         AFA28BB933ADDAAF        unknown /C=US/ST=California/O=XML Security Library 
(http://www.aleksey.com/xmlsec)/OU=Test Third Level RSA Certificate/CN=Aleksey Sanin/emailAddress=xmlsec 
aleksey com
 V      21140429175706Z         AFA28BB933ADDAB0        unknown /C=US/ST=California/O=XML Security Library 
(http://www.aleksey.com/xmlsec)/OU=Test Large RSA Key/CN=Aleksey Sanin/emailAddress=xmlsec aleksey com
 V      140524175816Z           AFA28BB933ADDAB1        unknown /C=US/ST=California/O=XML Security Library 
(http://www.aleksey.com/xmlsec)/OU=Test Expired RSA Certificate/CN=Aleksey Sanin/emailAddress=xmlsec aleksey 
com
+V      21150209225409Z         AFA28BB933ADDAB2        unknown /C=US/ST=California/O=XML Security Library 
(http://www.aleksey.com/xmlsec)/OU=Test Third Level DSA 2048 Certificate/CN=Aleksey Sanin/emailAddress=xmlsec 
aleksey com
+V      21150209225453Z         AFA28BB933ADDAB3        unknown /C=US/ST=California/O=XML Security Library 
(http://www.aleksey.com/xmlsec)/OU=Test Third Level DSA 3072 Certificate/CN=Aleksey Sanin/emailAddress=xmlsec 
aleksey com
diff --git a/tests/keys/demoCA/index.txt.old b/tests/keys/demoCA/index.txt.old
index 050ef06..ea799d2 100644
--- a/tests/keys/demoCA/index.txt.old
+++ b/tests/keys/demoCA/index.txt.old
@@ -3,3 +3,5 @@ V       21140429175238Z         AFA28BB933ADDAAD        unknown /C=US/ST=California/O=XML 
Security L
 V      21140429175426Z         AFA28BB933ADDAAE        unknown /C=US/ST=California/O=XML Security Library 
(http://www.aleksey.com/xmlsec)/OU=Test Third Level DSA Certificate/CN=Aleksey Sanin/emailAddress=xmlsec 
aleksey com
 V      21140429175534Z         AFA28BB933ADDAAF        unknown /C=US/ST=California/O=XML Security Library 
(http://www.aleksey.com/xmlsec)/OU=Test Third Level RSA Certificate/CN=Aleksey Sanin/emailAddress=xmlsec 
aleksey com
 V      21140429175706Z         AFA28BB933ADDAB0        unknown /C=US/ST=California/O=XML Security Library 
(http://www.aleksey.com/xmlsec)/OU=Test Large RSA Key/CN=Aleksey Sanin/emailAddress=xmlsec aleksey com
+V      140524175816Z           AFA28BB933ADDAB1        unknown /C=US/ST=California/O=XML Security Library 
(http://www.aleksey.com/xmlsec)/OU=Test Expired RSA Certificate/CN=Aleksey Sanin/emailAddress=xmlsec aleksey 
com
+V      21150209225409Z         AFA28BB933ADDAB2        unknown /C=US/ST=California/O=XML Security Library 
(http://www.aleksey.com/xmlsec)/OU=Test Third Level DSA 2048 Certificate/CN=Aleksey Sanin/emailAddress=xmlsec 
aleksey com
diff --git a/tests/keys/demoCA/newcerts/AFA28BB933ADDAB2.pem b/tests/keys/demoCA/newcerts/AFA28BB933ADDAB2.pem
new file mode 100644
index 0000000..370106f
--- /dev/null
+++ b/tests/keys/demoCA/newcerts/AFA28BB933ADDAB2.pem
@@ -0,0 +1,128 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 12655831530416757426 (0xafa28bb933addab2)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), CN=Aleksey 
Sanin/emailAddress=xmlsec aleksey com
+        Validity
+            Not Before: Mar  5 22:54:09 2015 GMT
+            Not After : Feb  9 22:54:09 2115 GMT
+        Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Third 
Level DSA 2048 Certificate, CN=Aleksey Sanin/emailAddress=xmlsec aleksey com
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+                pub: 
+                    00:aa:1d:6f:f5:53:c2:bb:6b:64:bd:3b:05:14:de:
+                    4f:58:bf:17:35:cb:74:a1:c9:60:3c:8f:64:63:1f:
+                    05:2c:32:84:67:53:16:e5:a9:b6:51:f1:5e:14:5c:
+                    e3:8e:de:3e:3e:ac:e1:cf:80:6f:54:9a:86:ef:9b:
+                    cd:9a:2c:df:9d:64:d6:dd:b1:48:f2:a2:69:ba:8b:
+                    75:91:18:03:d9:e9:69:2b:65:bd:63:17:d7:90:48:
+                    29:b3:bb:74:2f:ba:79:00:82:7f:96:14:3e:26:e2:
+                    ae:14:e4:b5:cc:c9:4b:1d:9f:02:2f:e0:d2:0a:fe:
+                    aa:d2:58:b0:8d:20:e3:4c:73:48:08:c5:2a:06:6a:
+                    13:c4:59:b6:8f:4f:ac:3b:74:8f:07:87:53:64:dc:
+                    b3:0d:a9:c5:c5:a9:a6:68:9f:1a:87:40:2e:36:9d:
+                    79:9e:43:d8:5c:6e:7f:e3:c6:6a:aa:ff:90:33:a6:
+                    00:c5:a6:60:00:39:72:25:f3:45:b0:d9:67:db:69:
+                    bf:4d:f0:d3:e7:78:aa:30:fc:55:36:12:5d:52:25:
+                    b2:e6:15:53:28:dd:c6:a5:2a:0d:91:cb:6a:ee:e0:
+                    9c:3b:5c:93:20:7f:10:b7:29:6e:5b:1a:dc:fc:d6:
+                    1b:38:cc:be:6e:e6:ff:cc:8b:c0:1f:3e:7b:44:37:
+                    57:32
+                P:   
+                    00:de:1f:fa:4f:ad:29:09:d4:8a:62:1f:b2:eb:a4:
+                    6d:eb:f4:78:8d:4a:0b:5e:2b:2b:c5:3b:54:ed:a7:
+                    1b:72:37:96:67:44:5c:2a:d2:4c:ff:30:41:88:e3:
+                    d2:77:e4:df:3b:17:b0:39:4c:d0:16:ce:97:b7:69:
+                    56:ae:b7:92:df:02:e9:5a:9f:6a:70:05:be:c5:b5:
+                    6b:ff:e3:81:26:a4:a1:06:7c:c4:9a:b3:dc:e6:5d:
+                    7a:b2:16:56:6f:b2:ec:cf:fc:a6:bc:08:2f:66:95:
+                    10:91:ff:10:93:14:ac:db:db:6c:ea:62:f0:ad:f7:
+                    f8:fa:8f:fa:4d:ad:b0:eb:5f:f0:84:94:5a:17:1c:
+                    11:b5:fb:66:9b:03:95:17:90:1c:be:9a:5e:a3:04:
+                    47:05:2b:c3:12:fd:b5:d0:6f:53:d6:f5:ce:f3:fe:
+                    50:d6:ad:f4:85:1f:c1:82:20:7d:c1:62:43:71:6f:
+                    79:62:0c:36:59:1a:9f:7b:47:6b:97:ec:c9:7d:b2:
+                    05:06:8b:9c:8b:63:4e:a1:35:46:2b:0e:ec:52:c8:
+                    eb:b9:03:01:cd:0f:09:ff:55:44:9d:5d:a8:87:da:
+                    cb:47:5f:66:60:3d:f9:b7:26:65:0f:3b:a6:13:79:
+                    47:bb:3c:da:fc:5d:90:46:52:16:19:1d:71:59:c1:
+                    c9:af
+                Q:   
+                    00:c0:ec:2c:22:81:0b:ff:bb:27:c7:06:56:22:5b:
+                    30:4a:ae:ef:99:1e:c8:7d:98:7b:06:98:ca:41:97:
+                    7c:bc:7d
+                G:   
+                    12:5d:71:1a:b6:f4:9b:22:cf:26:ab:eb:93:58:b7:
+                    fa:34:e5:00:22:00:b9:89:31:14:62:bf:f0:d8:5f:
+                    ac:ce:52:25:e6:d8:b5:cc:79:ee:97:bd:a3:ed:dd:
+                    bf:0e:70:cd:50:b9:b0:42:76:32:95:f7:cd:92:c2:
+                    d7:34:f6:b4:bf:5e:b0:5e:58:e1:49:8d:db:00:5b:
+                    14:7e:7b:d8:8a:7b:86:2c:86:52:56:d5:80:a2:77:
+                    9f:79:2d:55:d9:7c:0d:b0:aa:78:eb:3a:e1:b3:f9:
+                    60:39:38:af:82:3b:85:65:69:bb:19:ec:6a:dd:5e:
+                    7e:5b:ac:54:9e:f8:b3:31:48:96:37:e0:b7:16:c5:
+                    06:64:35:0c:af:7a:4f:76:cc:b4:40:9e:07:53:91:
+                    83:9a:8b:59:62:d1:71:de:67:17:a7:ce:fe:b6:56:
+                    76:cd:79:7a:cc:17:07:52:92:e9:22:bc:30:99:38:
+                    b6:94:82:2e:cc:b3:4e:e7:a2:3b:2d:36:56:cc:12:
+                    48:03:4f:d5:36:ad:37:47:c6:4c:48:f5:b9:a9:49:
+                    1e:63:95:ae:e9:c6:e5:f7:e6:a8:0d:bd:7c:f8:8c:
+                    d8:01:e8:f2:20:e5:ec:e7:26:59:b3:76:61:b9:55:
+                    e3:f0:f8:f2:14:d9:f0:29:5e:91:e3:d4:95:71:13:
+                    b2
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                D2:E0:AF:FD:F9:47:36:6C:DC:0C:73:66:DA:CE:FF:1E:B3:81:8A:9A
+            X509v3 Authority Key Identifier: 
+                keyid:FE:E4:EC:53:24:F0:95:95:C7:10:B5:E1:44:B5:5D:39:65:5A:E3:7E
+                DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root 
CA/CN=Aleksey Sanin/emailAddress=xmlsec aleksey com
+                serial:AF:A2:8B:B9:33:AD:DA:AD
+
+    Signature Algorithm: sha1WithRSAEncryption
+         18:de:fe:a7:fd:0d:17:ca:cd:7e:06:b0:3d:cd:69:11:c4:67:
+         63:10:cd:4e:d3:6d:63:4c:9b:02:1d:39:da:5f:e3:2d:84:e1:
+         cf:fd:1f:ee:49:54:bb:85:57:4c:a6:18:f3:09:c4:f8:8c:e8:
+         24:1e:99:cd:e8:2e:9f:cb:84:ab
+-----BEGIN CERTIFICATE-----
+MIIGmTCCBkOgAwIBAgIJAK+ii7kzrdqyMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG
+A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz
+ZXkuY29tMCAXDTE1MDMwNTIyNTQwOVoYDzIxMTUwMjA5MjI1NDA5WjCBzDELMAkG
+A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1
+cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxLjAs
+BgNVBAsTJVRlc3QgVGhpcmQgTGV2ZWwgRFNBIDIwNDggQ2VydGlmaWNhdGUxFjAU
+BgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVr
+c2V5LmNvbTCCA0cwggI5BgcqhkjOOAQBMIICLAKCAQEA3h/6T60pCdSKYh+y66Rt
+6/R4jUoLXisrxTtU7acbcjeWZ0RcKtJM/zBBiOPSd+TfOxewOUzQFs6Xt2lWrreS
+3wLpWp9qcAW+xbVr/+OBJqShBnzEmrPc5l16shZWb7Lsz/ymvAgvZpUQkf8QkxSs
+29ts6mLwrff4+o/6Ta2w61/whJRaFxwRtftmmwOVF5AcvppeowRHBSvDEv210G9T
+1vXO8/5Q1q30hR/BgiB9wWJDcW95Ygw2WRqfe0drl+zJfbIFBouci2NOoTVGKw7s
+UsjruQMBzQ8J/1VEnV2oh9rLR19mYD35tyZlDzumE3lHuzza/F2QRlIWGR1xWcHJ
+rwIhAMDsLCKBC/+7J8cGViJbMEqu75keyH2YewaYykGXfLx9AoIBABJdcRq29Jsi
+zyar65NYt/o05QAiALmJMRRiv/DYX6zOUiXm2LXMee6XvaPt3b8OcM1QubBCdjKV
+982Swtc09rS/XrBeWOFJjdsAWxR+e9iKe4YshlJW1YCid595LVXZfA2wqnjrOuGz
++WA5OK+CO4VlabsZ7GrdXn5brFSe+LMxSJY34LcWxQZkNQyvek92zLRAngdTkYOa
+i1li0XHeZxenzv62VnbNeXrMFwdSkukivDCZOLaUgi7Ms07nojstNlbMEkgDT9U2
+rTdHxkxI9bmpSR5jla7pxuX35qgNvXz4jNgB6PIg5eznJlmzdmG5VePw+PIU2fAp
+XpHj1JVxE7IDggEGAAKCAQEAqh1v9VPCu2tkvTsFFN5PWL8XNct0oclgPI9kYx8F
+LDKEZ1MW5am2UfFeFFzjjt4+Pqzhz4BvVJqG75vNmizfnWTW3bFI8qJpuot1kRgD
+2elpK2W9YxfXkEgps7t0L7p5AIJ/lhQ+JuKuFOS1zMlLHZ8CL+DSCv6q0liwjSDj
+THNICMUqBmoTxFm2j0+sO3SPB4dTZNyzDanFxammaJ8ah0AuNp15nkPYXG5/48Zq
+qv+QM6YAxaZgADlyJfNFsNln22m/TfDT53iqMPxVNhJdUiWy5hVTKN3GpSoNkctq
+7uCcO1yTIH8QtyluWxrc/NYbOMy+bub/zIvAHz57RDdXMqOCAUUwggFBMAwGA1Ud
+EwQFMAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBTS4K/9+Uc2bNwMc2bazv8es4GKmjCB4wYDVR0jBIHb
+MIHYgBT+5OxTJPCVlccQteFEtV05ZVrjfqGBtKSBsTCBrjELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJy
+YXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxEDAOBgNVBAsTB1Jv
+b3QgQ0ExFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnht
+bHNlY0BhbGVrc2V5LmNvbYIJAK+ii7kzrdqtMA0GCSqGSIb3DQEBBQUAA0EAGN7+
+p/0NF8rNfgawPc1pEcRnYxDNTtNtY0ybAh052l/jLYThz/0f7klUu4VXTKYY8wnE
++IzoJB6Zzegun8uEqw==
+-----END CERTIFICATE-----
diff --git a/tests/keys/demoCA/newcerts/AFA28BB933ADDAB3.pem b/tests/keys/demoCA/newcerts/AFA28BB933ADDAB3.pem
new file mode 100644
index 0000000..d23189d
--- /dev/null
+++ b/tests/keys/demoCA/newcerts/AFA28BB933ADDAB3.pem
@@ -0,0 +1,160 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 12655831530416757427 (0xafa28bb933addab3)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), CN=Aleksey 
Sanin/emailAddress=xmlsec aleksey com
+        Validity
+            Not Before: Mar  5 22:54:53 2015 GMT
+            Not After : Feb  9 22:54:53 2115 GMT
+        Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Third 
Level DSA 3072 Certificate, CN=Aleksey Sanin/emailAddress=xmlsec aleksey com
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+                pub: 
+                    00:c9:8a:8e:a6:4e:08:f4:fe:68:37:5d:30:e8:ce:
+                    e2:fa:bf:be:da:dd:c9:60:95:f5:3a:18:de:66:c6:
+                    7f:6b:87:d2:5d:44:87:bb:8f:34:09:9e:f5:3c:ab:
+                    44:e7:a8:59:e6:71:3a:f8:ae:67:63:4b:95:77:fb:
+                    55:c7:20:63:bf:35:40:2e:2f:7c:35:90:f5:b5:2a:
+                    64:dc:fc:7b:98:7a:b5:be:37:9a:66:ed:9c:97:ef:
+                    56:c1:5a:47:f1:d1:34:16:8c:e5:de:0e:7a:12:65:
+                    0d:4d:06:e8:fc:1a:41:db:70:6d:1f:20:22:50:1d:
+                    dd:9f:d6:af:40:27:c7:45:30:4f:db:0a:4d:4c:8b:
+                    f6:3f:8c:9f:4a:af:40:04:28:f4:30:9e:dd:12:66:
+                    17:61:a8:ea:7a:12:bd:13:22:d6:ec:1e:df:5b:ae:
+                    e7:38:e4:69:ae:c9:91:a0:92:7f:b0:10:8e:c6:df:
+                    1e:c1:2f:8f:38:51:aa:65:36:8d:2c:17:8d:ed:5a:
+                    60:77:e5:91:1f:7f:15:8e:60:59:4b:2e:4a:17:4e:
+                    56:67:4a:75:d6:ef:3c:7c:a1:74:ce:21:b9:fd:2b:
+                    7d:c0:f4:d8:17:b8:3a:4c:83:b2:28:b9:48:74:15:
+                    85:76:75:58:ef:36:ac:24:f1:d6:6b:38:df:a9:02:
+                    d5:7b:09:0b:cd:ea:9c:de:3e:0f:e8:04:9a:d4:95:
+                    5f:cd:3b:68:f4:06:e6:6f:97:d0:11:bf:62:58:92:
+                    b6:6e:7c:5b:66:30:d0:5b:a1:fe:a3:f9:66:c5:9c:
+                    8a:9b:db:b5:c2:2e:5d:5a:ef:44:35:58:a0:af:13:
+                    ca:83:dc:b8:99:1f:1f:fb:96:ca:dc:69:35:7c:29:
+                    91:7c:77:99:33:81:74:48:48:5b:39:36:46:05:c6:
+                    bb:bf:2e:30:4f:ef:be:c5:2c:7d:b7:41:35:b6:81:
+                    eb:4f:4b:dc:84:c5:4c:3d:92:d7:85:68:5e:32:39:
+                    40:79:2a:07:84:95:e6:65:4f:e4
+                P:   
+                    00:e3:88:32:2a:76:4d:35:f3:33:d3:e1:50:2b:f3:
+                    a9:62:4a:d2:9b:5f:da:5a:5c:cc:dc:1d:4c:58:5b:
+                    27:14:c3:41:d2:bf:b9:15:bc:bf:11:87:ab:01:ff:
+                    a4:fc:f3:42:47:e8:fb:d7:d5:49:89:4f:cd:f8:4d:
+                    98:bd:88:62:e8:01:ca:a4:a2:db:e7:b2:16:2f:5b:
+                    5a:14:77:98:6e:bc:9f:f0:38:0c:55:5e:b3:a5:a2:
+                    41:8f:fe:92:64:3d:62:89:62:f2:7f:c7:32:80:dd:
+                    2d:d2:7f:5c:f4:df:18:67:c6:b8:19:ef:49:d1:7d:
+                    4a:f7:88:e1:b6:cb:5e:30:d2:1f:16:1b:f9:72:79:
+                    1a:83:07:5a:af:91:ac:54:5d:78:ea:46:01:82:e7:
+                    dc:02:f4:0b:53:dc:71:13:e9:ed:a8:64:1e:6d:81:
+                    76:38:7a:41:0b:35:9b:5f:79:3b:01:cc:7a:c3:f5:
+                    6a:c0:98:e5:2b:87:d1:52:54:8e:81:76:6b:78:c9:
+                    6e:da:cf:7a:59:21:a8:d8:bc:59:51:81:23:ef:69:
+                    15:66:f9:d5:6a:7c:20:9a:e1:e8:b8:4e:5b:86:2a:
+                    cb:f6:d2:90:ed:97:6f:60:a0:45:e0:a8:b4:51:a6:
+                    5a:2c:6e:db:3e:02:a7:14:1f:5b:92:30:d9:03:ee:
+                    69:fa:88:71:9c:5a:61:d3:68:12:ff:87:4d:07:da:
+                    b0:17:92:d8:70:c1:3c:d6:b3:f6:75:ea:08:9d:5a:
+                    43:f8:09:b5:f7:8d:32:9e:90:48:38:ec:6f:51:51:
+                    e4:cc:bf:4f:0d:ef:56:4f:d4:58:a3:6a:a2:b5:6f:
+                    59:7b:40:98:93:32:fa:26:57:1a:08:b4:0b:fc:5b:
+                    89:a1:5e:3e:c5:94:43:9d:56:47:34:12:28:09:74:
+                    27:48:04:6e:ce:76:45:dc:15:cf:14:6b:7a:fa:f5:
+                    ce:4a:1d:07:58:61:5d:60:8a:4d:09:00:20:16:f4:
+                    31:b7:e3:1e:4c:c8:e8:8d:3e:0f
+                Q:   
+                    00:c2:88:7b:78:1e:fc:98:82:4e:c4:b1:14:1c:60:
+                    35:be:9b:c8:3d:81:77:32:ea:a4:d0:f1:2f:f1:38:
+                    b8:59:df
+                G:   
+                    00:8b:7a:a1:1c:76:49:78:e5:33:00:c6:0a:72:85:
+                    5f:0b:dc:18:1f:c5:90:3a:e2:d0:d0:07:fa:4c:50:
+                    67:27:17:54:65:59:ef:fa:54:ec:31:66:b6:48:9f:
+                    2a:e9:74:0c:1e:07:d9:2e:b5:b8:ea:61:44:f6:41:
+                    6d:68:33:43:74:21:0f:40:d5:b9:ce:ce:4b:24:49:
+                    a0:31:04:72:00:90:8f:67:a9:38:0b:79:01:96:97:
+                    38:be:cf:c5:94:3a:c3:e9:7f:5a:6e:39:11:54:f3:
+                    c5:19:7f:b4:ba:15:17:00:84:e8:55:88:5e:63:b7:
+                    98:88:ad:80:39:81:05:6c:0a:1f:92:2e:92:be:92:
+                    d9:e3:c7:3b:f3:f7:fd:6b:07:41:db:e0:1c:f0:e2:
+                    5c:64:c4:5a:ff:96:01:d6:42:d0:b3:f6:f0:99:04:
+                    06:ec:b0:f1:c7:2e:9c:46:ed:50:3a:27:82:36:29:
+                    7c:f6:5d:37:b2:32:fd:38:f6:b7:d6:52:fe:12:20:
+                    38:0b:b3:95:f0:72:13:3e:3d:69:2e:3c:52:c8:73:
+                    f2:cb:39:8f:28:7a:60:f7:af:23:86:2a:0d:87:a1:
+                    f1:85:15:bf:a8:6c:7f:b7:b6:db:15:b1:d4:fb:60:
+                    d5:3b:6d:70:0a:35:3f:ae:27:06:e8:d0:04:fd:db:
+                    1f:46:58:36:e4:0b:77:3a:2c:9f:c1:e6:41:29:a4:
+                    b6:02:11:ae:9b:45:63:32:7a:92:33:2e:af:19:0c:
+                    f7:01:87:94:ab:f5:bf:7c:cc:cc:01:bc:83:00:29:
+                    e9:0e:7a:71:55:ec:2b:25:a5:7c:41:7e:30:c1:8a:
+                    ea:34:d7:26:8f:d9:43:f9:ac:16:11:92:43:fb:99:
+                    46:3c:70:7a:c6:bd:5e:3d:d0:de:16:7e:b5:67:10:
+                    5a:dd:3a:c9:ab:f6:ff:15:d4:3e:4a:39:ce:04:6e:
+                    a2:64:4a:35:51:48:7d:93:da:84:12:22:11:3d:19:
+                    c9:5a:23:e0:a8:63:f4:bb:c9:13
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                94:81:05:72:34:53:0F:51:FC:63:B8:DE:59:F8:AC:6A:BB:F1:46:72
+            X509v3 Authority Key Identifier: 
+                keyid:FE:E4:EC:53:24:F0:95:95:C7:10:B5:E1:44:B5:5D:39:65:5A:E3:7E
+                DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root 
CA/CN=Aleksey Sanin/emailAddress=xmlsec aleksey com
+                serial:AF:A2:8B:B9:33:AD:DA:AD
+
+    Signature Algorithm: sha1WithRSAEncryption
+         0f:77:ba:95:c6:98:64:a0:d2:1c:81:a6:1b:bc:e8:a9:30:51:
+         59:da:7a:1e:06:4e:dc:76:bf:50:b5:a8:13:c7:e0:00:21:fe:
+         82:a9:cc:86:29:4e:7d:ed:ee:e0:2c:89:39:3b:8a:6e:de:6a:
+         96:e5:b1:70:51:7b:39:11:a0:ae
+-----BEGIN CERTIFICATE-----
+MIIIGjCCB8SgAwIBAgIJAK+ii7kzrdqzMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG
+A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz
+ZXkuY29tMCAXDTE1MDMwNTIyNTQ1M1oYDzIxMTUwMjA5MjI1NDUzWjCBzDELMAkG
+A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1
+cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxLjAs
+BgNVBAsTJVRlc3QgVGhpcmQgTGV2ZWwgRFNBIDMwNzIgQ2VydGlmaWNhdGUxFjAU
+BgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVr
+c2V5LmNvbTCCBMgwggM6BgcqhkjOOAQBMIIDLQKCAYEA44gyKnZNNfMz0+FQK/Op
+YkrSm1/aWlzM3B1MWFsnFMNB0r+5Fby/EYerAf+k/PNCR+j719VJiU/N+E2YvYhi
+6AHKpKLb57IWL1taFHeYbryf8DgMVV6zpaJBj/6SZD1iiWLyf8cygN0t0n9c9N8Y
+Z8a4Ge9J0X1K94jhtsteMNIfFhv5cnkagwdar5GsVF146kYBgufcAvQLU9xxE+nt
+qGQebYF2OHpBCzWbX3k7Acx6w/VqwJjlK4fRUlSOgXZreMlu2s96WSGo2LxZUYEj
+72kVZvnVanwgmuHouE5bhirL9tKQ7ZdvYKBF4Ki0UaZaLG7bPgKnFB9bkjDZA+5p
++ohxnFph02gS/4dNB9qwF5LYcME81rP2deoInVpD+Am1940ynpBIOOxvUVHkzL9P
+De9WT9RYo2qitW9Ze0CYkzL6JlcaCLQL/FuJoV4+xZRDnVZHNBIoCXQnSARuznZF
+3BXPFGt6+vXOSh0HWGFdYIpNCQAgFvQxt+MeTMjojT4PAiEAwoh7eB78mIJOxLEU
+HGA1vpvIPYF3Muqk0PEv8Ti4Wd8CggGBAIt6oRx2SXjlMwDGCnKFXwvcGB/FkDri
+0NAH+kxQZycXVGVZ7/pU7DFmtkifKul0DB4H2S61uOphRPZBbWgzQ3QhD0DVuc7O
+SyRJoDEEcgCQj2epOAt5AZaXOL7PxZQ6w+l/Wm45EVTzxRl/tLoVFwCE6FWIXmO3
+mIitgDmBBWwKH5Iukr6S2ePHO/P3/WsHQdvgHPDiXGTEWv+WAdZC0LP28JkEBuyw
+8ccunEbtUDongjYpfPZdN7Iy/Tj2t9ZS/hIgOAuzlfByEz49aS48Ushz8ss5jyh6
+YPevI4YqDYeh8YUVv6hsf7e22xWx1Ptg1TttcAo1P64nBujQBP3bH0ZYNuQLdzos
+n8HmQSmktgIRrptFYzJ6kjMurxkM9wGHlKv1v3zMzAG8gwAp6Q56cVXsKyWlfEF+
+MMGK6jTXJo/ZQ/msFhGSQ/uZRjxwesa9Xj3Q3hZ+tWcQWt06yav2/xXUPko5zgRu
+omRKNVFIfZPahBIiET0ZyVoj4Khj9LvJEwOCAYYAAoIBgQDJio6mTgj0/mg3XTDo
+zuL6v77a3clglfU6GN5mxn9rh9JdRIe7jzQJnvU8q0TnqFnmcTr4rmdjS5V3+1XH
+IGO/NUAuL3w1kPW1KmTc/HuYerW+N5pm7ZyX71bBWkfx0TQWjOXeDnoSZQ1NBuj8
+GkHbcG0fICJQHd2f1q9AJ8dFME/bCk1Mi/Y/jJ9Kr0AEKPQwnt0SZhdhqOp6Er0T
+ItbsHt9bruc45GmuyZGgkn+wEI7G3x7BL484UaplNo0sF43tWmB35ZEffxWOYFlL
+LkoXTlZnSnXW7zx8oXTOIbn9K33A9NgXuDpMg7IouUh0FYV2dVjvNqwk8dZrON+p
+AtV7CQvN6pzePg/oBJrUlV/NO2j0BuZvl9ARv2JYkrZufFtmMNBbof6j+WbFnIqb
+27XCLl1a70Q1WKCvE8qD3LiZHx/7lsrcaTV8KZF8d5kzgXRISFs5NkYFxru/LjBP
+777FLH23QTW2getPS9yExUw9kteFaF4yOUB5KgeEleZlT+SjggFFMIIBQTAMBgNV
+HRMEBTADAQH/MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0
+aWZpY2F0ZTAdBgNVHQ4EFgQUlIEFcjRTD1H8Y7jeWfisarvxRnIwgeMGA1UdIwSB
+2zCB2IAU/uTsUyTwlZXHELXhRLVdOWVa436hgbSkgbEwga4xCzAJBgNVBAYTAlVT
+MRMwEQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGli
+cmFyeSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMRAwDgYDVQQLEwdS
+b290IENBMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4
+bWxzZWNAYWxla3NleS5jb22CCQCvoou5M63arTANBgkqhkiG9w0BAQUFAANBAA93
+upXGmGSg0hyBphu86KkwUVnaeh4GTtx2v1C1qBPH4AAh/oKpzIYpTn3t7uAsiTk7
+im7eapblsXBRezkRoK4=
+-----END CERTIFICATE-----
diff --git a/tests/keys/demoCA/serial b/tests/keys/demoCA/serial
index 4c8059c..adf3394 100644
--- a/tests/keys/demoCA/serial
+++ b/tests/keys/demoCA/serial
@@ -1 +1 @@
-AFA28BB933ADDAB2
+AFA28BB933ADDAB4
diff --git a/tests/keys/demoCA/serial.old b/tests/keys/demoCA/serial.old
index a774cc1..b63ebda 100644
--- a/tests/keys/demoCA/serial.old
+++ b/tests/keys/demoCA/serial.old
@@ -1 +1 @@
-AFA28BB933ADDAB1
+AFA28BB933ADDAB3
diff --git a/tests/keys/dsa2048cert.der b/tests/keys/dsa2048cert.der
new file mode 100644
index 0000000..95617d6
Binary files /dev/null and b/tests/keys/dsa2048cert.der differ
diff --git a/tests/keys/dsa2048cert.pem b/tests/keys/dsa2048cert.pem
new file mode 100644
index 0000000..370106f
--- /dev/null
+++ b/tests/keys/dsa2048cert.pem
@@ -0,0 +1,128 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 12655831530416757426 (0xafa28bb933addab2)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), CN=Aleksey 
Sanin/emailAddress=xmlsec aleksey com
+        Validity
+            Not Before: Mar  5 22:54:09 2015 GMT
+            Not After : Feb  9 22:54:09 2115 GMT
+        Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Third 
Level DSA 2048 Certificate, CN=Aleksey Sanin/emailAddress=xmlsec aleksey com
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+                pub: 
+                    00:aa:1d:6f:f5:53:c2:bb:6b:64:bd:3b:05:14:de:
+                    4f:58:bf:17:35:cb:74:a1:c9:60:3c:8f:64:63:1f:
+                    05:2c:32:84:67:53:16:e5:a9:b6:51:f1:5e:14:5c:
+                    e3:8e:de:3e:3e:ac:e1:cf:80:6f:54:9a:86:ef:9b:
+                    cd:9a:2c:df:9d:64:d6:dd:b1:48:f2:a2:69:ba:8b:
+                    75:91:18:03:d9:e9:69:2b:65:bd:63:17:d7:90:48:
+                    29:b3:bb:74:2f:ba:79:00:82:7f:96:14:3e:26:e2:
+                    ae:14:e4:b5:cc:c9:4b:1d:9f:02:2f:e0:d2:0a:fe:
+                    aa:d2:58:b0:8d:20:e3:4c:73:48:08:c5:2a:06:6a:
+                    13:c4:59:b6:8f:4f:ac:3b:74:8f:07:87:53:64:dc:
+                    b3:0d:a9:c5:c5:a9:a6:68:9f:1a:87:40:2e:36:9d:
+                    79:9e:43:d8:5c:6e:7f:e3:c6:6a:aa:ff:90:33:a6:
+                    00:c5:a6:60:00:39:72:25:f3:45:b0:d9:67:db:69:
+                    bf:4d:f0:d3:e7:78:aa:30:fc:55:36:12:5d:52:25:
+                    b2:e6:15:53:28:dd:c6:a5:2a:0d:91:cb:6a:ee:e0:
+                    9c:3b:5c:93:20:7f:10:b7:29:6e:5b:1a:dc:fc:d6:
+                    1b:38:cc:be:6e:e6:ff:cc:8b:c0:1f:3e:7b:44:37:
+                    57:32
+                P:   
+                    00:de:1f:fa:4f:ad:29:09:d4:8a:62:1f:b2:eb:a4:
+                    6d:eb:f4:78:8d:4a:0b:5e:2b:2b:c5:3b:54:ed:a7:
+                    1b:72:37:96:67:44:5c:2a:d2:4c:ff:30:41:88:e3:
+                    d2:77:e4:df:3b:17:b0:39:4c:d0:16:ce:97:b7:69:
+                    56:ae:b7:92:df:02:e9:5a:9f:6a:70:05:be:c5:b5:
+                    6b:ff:e3:81:26:a4:a1:06:7c:c4:9a:b3:dc:e6:5d:
+                    7a:b2:16:56:6f:b2:ec:cf:fc:a6:bc:08:2f:66:95:
+                    10:91:ff:10:93:14:ac:db:db:6c:ea:62:f0:ad:f7:
+                    f8:fa:8f:fa:4d:ad:b0:eb:5f:f0:84:94:5a:17:1c:
+                    11:b5:fb:66:9b:03:95:17:90:1c:be:9a:5e:a3:04:
+                    47:05:2b:c3:12:fd:b5:d0:6f:53:d6:f5:ce:f3:fe:
+                    50:d6:ad:f4:85:1f:c1:82:20:7d:c1:62:43:71:6f:
+                    79:62:0c:36:59:1a:9f:7b:47:6b:97:ec:c9:7d:b2:
+                    05:06:8b:9c:8b:63:4e:a1:35:46:2b:0e:ec:52:c8:
+                    eb:b9:03:01:cd:0f:09:ff:55:44:9d:5d:a8:87:da:
+                    cb:47:5f:66:60:3d:f9:b7:26:65:0f:3b:a6:13:79:
+                    47:bb:3c:da:fc:5d:90:46:52:16:19:1d:71:59:c1:
+                    c9:af
+                Q:   
+                    00:c0:ec:2c:22:81:0b:ff:bb:27:c7:06:56:22:5b:
+                    30:4a:ae:ef:99:1e:c8:7d:98:7b:06:98:ca:41:97:
+                    7c:bc:7d
+                G:   
+                    12:5d:71:1a:b6:f4:9b:22:cf:26:ab:eb:93:58:b7:
+                    fa:34:e5:00:22:00:b9:89:31:14:62:bf:f0:d8:5f:
+                    ac:ce:52:25:e6:d8:b5:cc:79:ee:97:bd:a3:ed:dd:
+                    bf:0e:70:cd:50:b9:b0:42:76:32:95:f7:cd:92:c2:
+                    d7:34:f6:b4:bf:5e:b0:5e:58:e1:49:8d:db:00:5b:
+                    14:7e:7b:d8:8a:7b:86:2c:86:52:56:d5:80:a2:77:
+                    9f:79:2d:55:d9:7c:0d:b0:aa:78:eb:3a:e1:b3:f9:
+                    60:39:38:af:82:3b:85:65:69:bb:19:ec:6a:dd:5e:
+                    7e:5b:ac:54:9e:f8:b3:31:48:96:37:e0:b7:16:c5:
+                    06:64:35:0c:af:7a:4f:76:cc:b4:40:9e:07:53:91:
+                    83:9a:8b:59:62:d1:71:de:67:17:a7:ce:fe:b6:56:
+                    76:cd:79:7a:cc:17:07:52:92:e9:22:bc:30:99:38:
+                    b6:94:82:2e:cc:b3:4e:e7:a2:3b:2d:36:56:cc:12:
+                    48:03:4f:d5:36:ad:37:47:c6:4c:48:f5:b9:a9:49:
+                    1e:63:95:ae:e9:c6:e5:f7:e6:a8:0d:bd:7c:f8:8c:
+                    d8:01:e8:f2:20:e5:ec:e7:26:59:b3:76:61:b9:55:
+                    e3:f0:f8:f2:14:d9:f0:29:5e:91:e3:d4:95:71:13:
+                    b2
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                D2:E0:AF:FD:F9:47:36:6C:DC:0C:73:66:DA:CE:FF:1E:B3:81:8A:9A
+            X509v3 Authority Key Identifier: 
+                keyid:FE:E4:EC:53:24:F0:95:95:C7:10:B5:E1:44:B5:5D:39:65:5A:E3:7E
+                DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root 
CA/CN=Aleksey Sanin/emailAddress=xmlsec aleksey com
+                serial:AF:A2:8B:B9:33:AD:DA:AD
+
+    Signature Algorithm: sha1WithRSAEncryption
+         18:de:fe:a7:fd:0d:17:ca:cd:7e:06:b0:3d:cd:69:11:c4:67:
+         63:10:cd:4e:d3:6d:63:4c:9b:02:1d:39:da:5f:e3:2d:84:e1:
+         cf:fd:1f:ee:49:54:bb:85:57:4c:a6:18:f3:09:c4:f8:8c:e8:
+         24:1e:99:cd:e8:2e:9f:cb:84:ab
+-----BEGIN CERTIFICATE-----
+MIIGmTCCBkOgAwIBAgIJAK+ii7kzrdqyMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG
+A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz
+ZXkuY29tMCAXDTE1MDMwNTIyNTQwOVoYDzIxMTUwMjA5MjI1NDA5WjCBzDELMAkG
+A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1
+cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxLjAs
+BgNVBAsTJVRlc3QgVGhpcmQgTGV2ZWwgRFNBIDIwNDggQ2VydGlmaWNhdGUxFjAU
+BgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVr
+c2V5LmNvbTCCA0cwggI5BgcqhkjOOAQBMIICLAKCAQEA3h/6T60pCdSKYh+y66Rt
+6/R4jUoLXisrxTtU7acbcjeWZ0RcKtJM/zBBiOPSd+TfOxewOUzQFs6Xt2lWrreS
+3wLpWp9qcAW+xbVr/+OBJqShBnzEmrPc5l16shZWb7Lsz/ymvAgvZpUQkf8QkxSs
+29ts6mLwrff4+o/6Ta2w61/whJRaFxwRtftmmwOVF5AcvppeowRHBSvDEv210G9T
+1vXO8/5Q1q30hR/BgiB9wWJDcW95Ygw2WRqfe0drl+zJfbIFBouci2NOoTVGKw7s
+UsjruQMBzQ8J/1VEnV2oh9rLR19mYD35tyZlDzumE3lHuzza/F2QRlIWGR1xWcHJ
+rwIhAMDsLCKBC/+7J8cGViJbMEqu75keyH2YewaYykGXfLx9AoIBABJdcRq29Jsi
+zyar65NYt/o05QAiALmJMRRiv/DYX6zOUiXm2LXMee6XvaPt3b8OcM1QubBCdjKV
+982Swtc09rS/XrBeWOFJjdsAWxR+e9iKe4YshlJW1YCid595LVXZfA2wqnjrOuGz
++WA5OK+CO4VlabsZ7GrdXn5brFSe+LMxSJY34LcWxQZkNQyvek92zLRAngdTkYOa
+i1li0XHeZxenzv62VnbNeXrMFwdSkukivDCZOLaUgi7Ms07nojstNlbMEkgDT9U2
+rTdHxkxI9bmpSR5jla7pxuX35qgNvXz4jNgB6PIg5eznJlmzdmG5VePw+PIU2fAp
+XpHj1JVxE7IDggEGAAKCAQEAqh1v9VPCu2tkvTsFFN5PWL8XNct0oclgPI9kYx8F
+LDKEZ1MW5am2UfFeFFzjjt4+Pqzhz4BvVJqG75vNmizfnWTW3bFI8qJpuot1kRgD
+2elpK2W9YxfXkEgps7t0L7p5AIJ/lhQ+JuKuFOS1zMlLHZ8CL+DSCv6q0liwjSDj
+THNICMUqBmoTxFm2j0+sO3SPB4dTZNyzDanFxammaJ8ah0AuNp15nkPYXG5/48Zq
+qv+QM6YAxaZgADlyJfNFsNln22m/TfDT53iqMPxVNhJdUiWy5hVTKN3GpSoNkctq
+7uCcO1yTIH8QtyluWxrc/NYbOMy+bub/zIvAHz57RDdXMqOCAUUwggFBMAwGA1Ud
+EwQFMAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBTS4K/9+Uc2bNwMc2bazv8es4GKmjCB4wYDVR0jBIHb
+MIHYgBT+5OxTJPCVlccQteFEtV05ZVrjfqGBtKSBsTCBrjELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJy
+YXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxEDAOBgNVBAsTB1Jv
+b3QgQ0ExFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnht
+bHNlY0BhbGVrc2V5LmNvbYIJAK+ii7kzrdqtMA0GCSqGSIb3DQEBBQUAA0EAGN7+
+p/0NF8rNfgawPc1pEcRnYxDNTtNtY0ybAh052l/jLYThz/0f7klUu4VXTKYY8wnE
++IzoJB6Zzegun8uEqw==
+-----END CERTIFICATE-----
diff --git a/tests/keys/dsa2048key.der b/tests/keys/dsa2048key.der
new file mode 100644
index 0000000..d5848e0
Binary files /dev/null and b/tests/keys/dsa2048key.der differ
diff --git a/tests/keys/dsa2048key.p12 b/tests/keys/dsa2048key.p12
new file mode 100644
index 0000000..f37040a
Binary files /dev/null and b/tests/keys/dsa2048key.p12 differ
diff --git a/tests/keys/dsa2048key.p8-der b/tests/keys/dsa2048key.p8-der
new file mode 100644
index 0000000..ef0acf2
Binary files /dev/null and b/tests/keys/dsa2048key.p8-der differ
diff --git a/tests/keys/dsa2048key.p8-pem b/tests/keys/dsa2048key.p8-pem
new file mode 100644
index 0000000..7881652
--- /dev/null
+++ b/tests/keys/dsa2048key.p8-pem
@@ -0,0 +1,16 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICkTAbBgkqhkiG9w0BBQMwDgQI91oYgqxFl0sCAggABIICcBrX4V56uQzG60QS
+4Q+zK6lvto6OAN+YSAdJ+f4K2YLXOZbJO6NmUFdN4geQzU2yDuk4I+KE9Ztcp1Zk
++nSmoHe0RGUak/vKftJvnicLOJht38dx+Vz3jqiOZD7d9Pxyhsp8qIOIGwKCm1Vy
+OguvX420USnwpF8Y/VnRfGPco7WjW/hRO68JPSYvteW2RaQSAyJMeUElVr0L5SPV
+NuzriEsUcVLxmO52/Ycld6p92UXH4ztO2XNQ8SLVxr96s8Cd3HGOCv4bIQWERCSo
+RQM3M2btjD2GMq+EfyTDGN7rxxZ4iRMB/f08ZALVqnmQaUj/lFhnxeTTWYnhaiNW
+s9C6v0GPjfwp9kDhDjcno16//UvBJEPEu56lRn9fONsBiWMGj1SHx148oYKudSYQ
+qunTybRDilhy/5cqZmm1JYxgXeDVhLUdjBUuTQN4O/+nCKbYX2GiPAje3C20QQP9
+RgaGo+M0gf2bz8dylPTivMch7aM1zfkE8kqf3gXvQWD7UfUXxiaX90Pdr7LLzm/P
++RWaD+yPKtN0wIQriWsqHGsiRRYW3KTLSlYaYrtmNleiVpdKG/c0et/QaXzrMsXh
+CSSZj438An7YMF9UdtAx5RjYr72USBrNbp8FKuQEo3fj1HNJaEHdrYZfkpEoCNxW
+u77r37/N7SjtgMpmEHT8gLBo+rs7cNmwwK6cH0xtg4PspEu9MjRobfV7QxqSzv+V
+ot9Ynhn3KXSzYgp2xqdOdGUJ+iUqdgQorfa+zU5NDOPqGWNKouKSDzMW/xcmcJui
+Jwc/uoAIMSjX3y7vz4Z/Q4FvLQDHyfvyvqADNt3x06ZCkCsgMg==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/keys/dsa2048key.pem b/tests/keys/dsa2048key.pem
new file mode 100644
index 0000000..a0b5d42
--- /dev/null
+++ b/tests/keys/dsa2048key.pem
@@ -0,0 +1,34 @@
+-----BEGIN DSA PARAMETERS-----
+MIICLAKCAQEA3h/6T60pCdSKYh+y66Rt6/R4jUoLXisrxTtU7acbcjeWZ0RcKtJM
+/zBBiOPSd+TfOxewOUzQFs6Xt2lWrreS3wLpWp9qcAW+xbVr/+OBJqShBnzEmrPc
+5l16shZWb7Lsz/ymvAgvZpUQkf8QkxSs29ts6mLwrff4+o/6Ta2w61/whJRaFxwR
+tftmmwOVF5AcvppeowRHBSvDEv210G9T1vXO8/5Q1q30hR/BgiB9wWJDcW95Ygw2
+WRqfe0drl+zJfbIFBouci2NOoTVGKw7sUsjruQMBzQ8J/1VEnV2oh9rLR19mYD35
+tyZlDzumE3lHuzza/F2QRlIWGR1xWcHJrwIhAMDsLCKBC/+7J8cGViJbMEqu75ke
+yH2YewaYykGXfLx9AoIBABJdcRq29Jsizyar65NYt/o05QAiALmJMRRiv/DYX6zO
+UiXm2LXMee6XvaPt3b8OcM1QubBCdjKV982Swtc09rS/XrBeWOFJjdsAWxR+e9iK
+e4YshlJW1YCid595LVXZfA2wqnjrOuGz+WA5OK+CO4VlabsZ7GrdXn5brFSe+LMx
+SJY34LcWxQZkNQyvek92zLRAngdTkYOai1li0XHeZxenzv62VnbNeXrMFwdSkuki
+vDCZOLaUgi7Ms07nojstNlbMEkgDT9U2rTdHxkxI9bmpSR5jla7pxuX35qgNvXz4
+jNgB6PIg5eznJlmzdmG5VePw+PIU2fApXpHj1JVxE7I=
+-----END DSA PARAMETERS-----
+-----BEGIN DSA PRIVATE KEY-----
+MIIDVgIBAAKCAQEA3h/6T60pCdSKYh+y66Rt6/R4jUoLXisrxTtU7acbcjeWZ0Rc
+KtJM/zBBiOPSd+TfOxewOUzQFs6Xt2lWrreS3wLpWp9qcAW+xbVr/+OBJqShBnzE
+mrPc5l16shZWb7Lsz/ymvAgvZpUQkf8QkxSs29ts6mLwrff4+o/6Ta2w61/whJRa
+FxwRtftmmwOVF5AcvppeowRHBSvDEv210G9T1vXO8/5Q1q30hR/BgiB9wWJDcW95
+Ygw2WRqfe0drl+zJfbIFBouci2NOoTVGKw7sUsjruQMBzQ8J/1VEnV2oh9rLR19m
+YD35tyZlDzumE3lHuzza/F2QRlIWGR1xWcHJrwIhAMDsLCKBC/+7J8cGViJbMEqu
+75keyH2YewaYykGXfLx9AoIBABJdcRq29Jsizyar65NYt/o05QAiALmJMRRiv/DY
+X6zOUiXm2LXMee6XvaPt3b8OcM1QubBCdjKV982Swtc09rS/XrBeWOFJjdsAWxR+
+e9iKe4YshlJW1YCid595LVXZfA2wqnjrOuGz+WA5OK+CO4VlabsZ7GrdXn5brFSe
++LMxSJY34LcWxQZkNQyvek92zLRAngdTkYOai1li0XHeZxenzv62VnbNeXrMFwdS
+kukivDCZOLaUgi7Ms07nojstNlbMEkgDT9U2rTdHxkxI9bmpSR5jla7pxuX35qgN
+vXz4jNgB6PIg5eznJlmzdmG5VePw+PIU2fApXpHj1JVxE7ICggEBAKodb/VTwrtr
+ZL07BRTeT1i/FzXLdKHJYDyPZGMfBSwyhGdTFuWptlHxXhRc447ePj6s4c+Ab1Sa
+hu+bzZos351k1t2xSPKiabqLdZEYA9npaStlvWMX15BIKbO7dC+6eQCCf5YUPibi
+rhTktczJSx2fAi/g0gr+qtJYsI0g40xzSAjFKgZqE8RZto9PrDt0jweHU2Tcsw2p
+xcWppmifGodALjadeZ5D2Fxuf+PGaqr/kDOmAMWmYAA5ciXzRbDZZ9tpv03w0+d4
+qjD8VTYSXVIlsuYVUyjdxqUqDZHLau7gnDtckyB/ELcpblsa3PzWGzjMvm7m/8yL
+wB8+e0Q3VzICIB9PWz6BWBYKojMpNr4DVTBQnwurewOuPPB7YS0OamXE
+-----END DSA PRIVATE KEY-----
diff --git a/tests/keys/dsa3072cert.der b/tests/keys/dsa3072cert.der
new file mode 100644
index 0000000..d8e82b5
Binary files /dev/null and b/tests/keys/dsa3072cert.der differ
diff --git a/tests/keys/dsa3072cert.pem b/tests/keys/dsa3072cert.pem
new file mode 100644
index 0000000..d23189d
--- /dev/null
+++ b/tests/keys/dsa3072cert.pem
@@ -0,0 +1,160 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 12655831530416757427 (0xafa28bb933addab3)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), CN=Aleksey 
Sanin/emailAddress=xmlsec aleksey com
+        Validity
+            Not Before: Mar  5 22:54:53 2015 GMT
+            Not After : Feb  9 22:54:53 2115 GMT
+        Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Third 
Level DSA 3072 Certificate, CN=Aleksey Sanin/emailAddress=xmlsec aleksey com
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+                pub: 
+                    00:c9:8a:8e:a6:4e:08:f4:fe:68:37:5d:30:e8:ce:
+                    e2:fa:bf:be:da:dd:c9:60:95:f5:3a:18:de:66:c6:
+                    7f:6b:87:d2:5d:44:87:bb:8f:34:09:9e:f5:3c:ab:
+                    44:e7:a8:59:e6:71:3a:f8:ae:67:63:4b:95:77:fb:
+                    55:c7:20:63:bf:35:40:2e:2f:7c:35:90:f5:b5:2a:
+                    64:dc:fc:7b:98:7a:b5:be:37:9a:66:ed:9c:97:ef:
+                    56:c1:5a:47:f1:d1:34:16:8c:e5:de:0e:7a:12:65:
+                    0d:4d:06:e8:fc:1a:41:db:70:6d:1f:20:22:50:1d:
+                    dd:9f:d6:af:40:27:c7:45:30:4f:db:0a:4d:4c:8b:
+                    f6:3f:8c:9f:4a:af:40:04:28:f4:30:9e:dd:12:66:
+                    17:61:a8:ea:7a:12:bd:13:22:d6:ec:1e:df:5b:ae:
+                    e7:38:e4:69:ae:c9:91:a0:92:7f:b0:10:8e:c6:df:
+                    1e:c1:2f:8f:38:51:aa:65:36:8d:2c:17:8d:ed:5a:
+                    60:77:e5:91:1f:7f:15:8e:60:59:4b:2e:4a:17:4e:
+                    56:67:4a:75:d6:ef:3c:7c:a1:74:ce:21:b9:fd:2b:
+                    7d:c0:f4:d8:17:b8:3a:4c:83:b2:28:b9:48:74:15:
+                    85:76:75:58:ef:36:ac:24:f1:d6:6b:38:df:a9:02:
+                    d5:7b:09:0b:cd:ea:9c:de:3e:0f:e8:04:9a:d4:95:
+                    5f:cd:3b:68:f4:06:e6:6f:97:d0:11:bf:62:58:92:
+                    b6:6e:7c:5b:66:30:d0:5b:a1:fe:a3:f9:66:c5:9c:
+                    8a:9b:db:b5:c2:2e:5d:5a:ef:44:35:58:a0:af:13:
+                    ca:83:dc:b8:99:1f:1f:fb:96:ca:dc:69:35:7c:29:
+                    91:7c:77:99:33:81:74:48:48:5b:39:36:46:05:c6:
+                    bb:bf:2e:30:4f:ef:be:c5:2c:7d:b7:41:35:b6:81:
+                    eb:4f:4b:dc:84:c5:4c:3d:92:d7:85:68:5e:32:39:
+                    40:79:2a:07:84:95:e6:65:4f:e4
+                P:   
+                    00:e3:88:32:2a:76:4d:35:f3:33:d3:e1:50:2b:f3:
+                    a9:62:4a:d2:9b:5f:da:5a:5c:cc:dc:1d:4c:58:5b:
+                    27:14:c3:41:d2:bf:b9:15:bc:bf:11:87:ab:01:ff:
+                    a4:fc:f3:42:47:e8:fb:d7:d5:49:89:4f:cd:f8:4d:
+                    98:bd:88:62:e8:01:ca:a4:a2:db:e7:b2:16:2f:5b:
+                    5a:14:77:98:6e:bc:9f:f0:38:0c:55:5e:b3:a5:a2:
+                    41:8f:fe:92:64:3d:62:89:62:f2:7f:c7:32:80:dd:
+                    2d:d2:7f:5c:f4:df:18:67:c6:b8:19:ef:49:d1:7d:
+                    4a:f7:88:e1:b6:cb:5e:30:d2:1f:16:1b:f9:72:79:
+                    1a:83:07:5a:af:91:ac:54:5d:78:ea:46:01:82:e7:
+                    dc:02:f4:0b:53:dc:71:13:e9:ed:a8:64:1e:6d:81:
+                    76:38:7a:41:0b:35:9b:5f:79:3b:01:cc:7a:c3:f5:
+                    6a:c0:98:e5:2b:87:d1:52:54:8e:81:76:6b:78:c9:
+                    6e:da:cf:7a:59:21:a8:d8:bc:59:51:81:23:ef:69:
+                    15:66:f9:d5:6a:7c:20:9a:e1:e8:b8:4e:5b:86:2a:
+                    cb:f6:d2:90:ed:97:6f:60:a0:45:e0:a8:b4:51:a6:
+                    5a:2c:6e:db:3e:02:a7:14:1f:5b:92:30:d9:03:ee:
+                    69:fa:88:71:9c:5a:61:d3:68:12:ff:87:4d:07:da:
+                    b0:17:92:d8:70:c1:3c:d6:b3:f6:75:ea:08:9d:5a:
+                    43:f8:09:b5:f7:8d:32:9e:90:48:38:ec:6f:51:51:
+                    e4:cc:bf:4f:0d:ef:56:4f:d4:58:a3:6a:a2:b5:6f:
+                    59:7b:40:98:93:32:fa:26:57:1a:08:b4:0b:fc:5b:
+                    89:a1:5e:3e:c5:94:43:9d:56:47:34:12:28:09:74:
+                    27:48:04:6e:ce:76:45:dc:15:cf:14:6b:7a:fa:f5:
+                    ce:4a:1d:07:58:61:5d:60:8a:4d:09:00:20:16:f4:
+                    31:b7:e3:1e:4c:c8:e8:8d:3e:0f
+                Q:   
+                    00:c2:88:7b:78:1e:fc:98:82:4e:c4:b1:14:1c:60:
+                    35:be:9b:c8:3d:81:77:32:ea:a4:d0:f1:2f:f1:38:
+                    b8:59:df
+                G:   
+                    00:8b:7a:a1:1c:76:49:78:e5:33:00:c6:0a:72:85:
+                    5f:0b:dc:18:1f:c5:90:3a:e2:d0:d0:07:fa:4c:50:
+                    67:27:17:54:65:59:ef:fa:54:ec:31:66:b6:48:9f:
+                    2a:e9:74:0c:1e:07:d9:2e:b5:b8:ea:61:44:f6:41:
+                    6d:68:33:43:74:21:0f:40:d5:b9:ce:ce:4b:24:49:
+                    a0:31:04:72:00:90:8f:67:a9:38:0b:79:01:96:97:
+                    38:be:cf:c5:94:3a:c3:e9:7f:5a:6e:39:11:54:f3:
+                    c5:19:7f:b4:ba:15:17:00:84:e8:55:88:5e:63:b7:
+                    98:88:ad:80:39:81:05:6c:0a:1f:92:2e:92:be:92:
+                    d9:e3:c7:3b:f3:f7:fd:6b:07:41:db:e0:1c:f0:e2:
+                    5c:64:c4:5a:ff:96:01:d6:42:d0:b3:f6:f0:99:04:
+                    06:ec:b0:f1:c7:2e:9c:46:ed:50:3a:27:82:36:29:
+                    7c:f6:5d:37:b2:32:fd:38:f6:b7:d6:52:fe:12:20:
+                    38:0b:b3:95:f0:72:13:3e:3d:69:2e:3c:52:c8:73:
+                    f2:cb:39:8f:28:7a:60:f7:af:23:86:2a:0d:87:a1:
+                    f1:85:15:bf:a8:6c:7f:b7:b6:db:15:b1:d4:fb:60:
+                    d5:3b:6d:70:0a:35:3f:ae:27:06:e8:d0:04:fd:db:
+                    1f:46:58:36:e4:0b:77:3a:2c:9f:c1:e6:41:29:a4:
+                    b6:02:11:ae:9b:45:63:32:7a:92:33:2e:af:19:0c:
+                    f7:01:87:94:ab:f5:bf:7c:cc:cc:01:bc:83:00:29:
+                    e9:0e:7a:71:55:ec:2b:25:a5:7c:41:7e:30:c1:8a:
+                    ea:34:d7:26:8f:d9:43:f9:ac:16:11:92:43:fb:99:
+                    46:3c:70:7a:c6:bd:5e:3d:d0:de:16:7e:b5:67:10:
+                    5a:dd:3a:c9:ab:f6:ff:15:d4:3e:4a:39:ce:04:6e:
+                    a2:64:4a:35:51:48:7d:93:da:84:12:22:11:3d:19:
+                    c9:5a:23:e0:a8:63:f4:bb:c9:13
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                94:81:05:72:34:53:0F:51:FC:63:B8:DE:59:F8:AC:6A:BB:F1:46:72
+            X509v3 Authority Key Identifier: 
+                keyid:FE:E4:EC:53:24:F0:95:95:C7:10:B5:E1:44:B5:5D:39:65:5A:E3:7E
+                DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root 
CA/CN=Aleksey Sanin/emailAddress=xmlsec aleksey com
+                serial:AF:A2:8B:B9:33:AD:DA:AD
+
+    Signature Algorithm: sha1WithRSAEncryption
+         0f:77:ba:95:c6:98:64:a0:d2:1c:81:a6:1b:bc:e8:a9:30:51:
+         59:da:7a:1e:06:4e:dc:76:bf:50:b5:a8:13:c7:e0:00:21:fe:
+         82:a9:cc:86:29:4e:7d:ed:ee:e0:2c:89:39:3b:8a:6e:de:6a:
+         96:e5:b1:70:51:7b:39:11:a0:ae
+-----BEGIN CERTIFICATE-----
+MIIIGjCCB8SgAwIBAgIJAK+ii7kzrdqzMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG
+A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz
+ZXkuY29tMCAXDTE1MDMwNTIyNTQ1M1oYDzIxMTUwMjA5MjI1NDUzWjCBzDELMAkG
+A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1
+cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxLjAs
+BgNVBAsTJVRlc3QgVGhpcmQgTGV2ZWwgRFNBIDMwNzIgQ2VydGlmaWNhdGUxFjAU
+BgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVr
+c2V5LmNvbTCCBMgwggM6BgcqhkjOOAQBMIIDLQKCAYEA44gyKnZNNfMz0+FQK/Op
+YkrSm1/aWlzM3B1MWFsnFMNB0r+5Fby/EYerAf+k/PNCR+j719VJiU/N+E2YvYhi
+6AHKpKLb57IWL1taFHeYbryf8DgMVV6zpaJBj/6SZD1iiWLyf8cygN0t0n9c9N8Y
+Z8a4Ge9J0X1K94jhtsteMNIfFhv5cnkagwdar5GsVF146kYBgufcAvQLU9xxE+nt
+qGQebYF2OHpBCzWbX3k7Acx6w/VqwJjlK4fRUlSOgXZreMlu2s96WSGo2LxZUYEj
+72kVZvnVanwgmuHouE5bhirL9tKQ7ZdvYKBF4Ki0UaZaLG7bPgKnFB9bkjDZA+5p
++ohxnFph02gS/4dNB9qwF5LYcME81rP2deoInVpD+Am1940ynpBIOOxvUVHkzL9P
+De9WT9RYo2qitW9Ze0CYkzL6JlcaCLQL/FuJoV4+xZRDnVZHNBIoCXQnSARuznZF
+3BXPFGt6+vXOSh0HWGFdYIpNCQAgFvQxt+MeTMjojT4PAiEAwoh7eB78mIJOxLEU
+HGA1vpvIPYF3Muqk0PEv8Ti4Wd8CggGBAIt6oRx2SXjlMwDGCnKFXwvcGB/FkDri
+0NAH+kxQZycXVGVZ7/pU7DFmtkifKul0DB4H2S61uOphRPZBbWgzQ3QhD0DVuc7O
+SyRJoDEEcgCQj2epOAt5AZaXOL7PxZQ6w+l/Wm45EVTzxRl/tLoVFwCE6FWIXmO3
+mIitgDmBBWwKH5Iukr6S2ePHO/P3/WsHQdvgHPDiXGTEWv+WAdZC0LP28JkEBuyw
+8ccunEbtUDongjYpfPZdN7Iy/Tj2t9ZS/hIgOAuzlfByEz49aS48Ushz8ss5jyh6
+YPevI4YqDYeh8YUVv6hsf7e22xWx1Ptg1TttcAo1P64nBujQBP3bH0ZYNuQLdzos
+n8HmQSmktgIRrptFYzJ6kjMurxkM9wGHlKv1v3zMzAG8gwAp6Q56cVXsKyWlfEF+
+MMGK6jTXJo/ZQ/msFhGSQ/uZRjxwesa9Xj3Q3hZ+tWcQWt06yav2/xXUPko5zgRu
+omRKNVFIfZPahBIiET0ZyVoj4Khj9LvJEwOCAYYAAoIBgQDJio6mTgj0/mg3XTDo
+zuL6v77a3clglfU6GN5mxn9rh9JdRIe7jzQJnvU8q0TnqFnmcTr4rmdjS5V3+1XH
+IGO/NUAuL3w1kPW1KmTc/HuYerW+N5pm7ZyX71bBWkfx0TQWjOXeDnoSZQ1NBuj8
+GkHbcG0fICJQHd2f1q9AJ8dFME/bCk1Mi/Y/jJ9Kr0AEKPQwnt0SZhdhqOp6Er0T
+ItbsHt9bruc45GmuyZGgkn+wEI7G3x7BL484UaplNo0sF43tWmB35ZEffxWOYFlL
+LkoXTlZnSnXW7zx8oXTOIbn9K33A9NgXuDpMg7IouUh0FYV2dVjvNqwk8dZrON+p
+AtV7CQvN6pzePg/oBJrUlV/NO2j0BuZvl9ARv2JYkrZufFtmMNBbof6j+WbFnIqb
+27XCLl1a70Q1WKCvE8qD3LiZHx/7lsrcaTV8KZF8d5kzgXRISFs5NkYFxru/LjBP
+777FLH23QTW2getPS9yExUw9kteFaF4yOUB5KgeEleZlT+SjggFFMIIBQTAMBgNV
+HRMEBTADAQH/MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0
+aWZpY2F0ZTAdBgNVHQ4EFgQUlIEFcjRTD1H8Y7jeWfisarvxRnIwgeMGA1UdIwSB
+2zCB2IAU/uTsUyTwlZXHELXhRLVdOWVa436hgbSkgbEwga4xCzAJBgNVBAYTAlVT
+MRMwEQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGli
+cmFyeSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMRAwDgYDVQQLEwdS
+b290IENBMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4
+bWxzZWNAYWxla3NleS5jb22CCQCvoou5M63arTANBgkqhkiG9w0BAQUFAANBAA93
+upXGmGSg0hyBphu86KkwUVnaeh4GTtx2v1C1qBPH4AAh/oKpzIYpTn3t7uAsiTk7
+im7eapblsXBRezkRoK4=
+-----END CERTIFICATE-----
diff --git a/tests/keys/dsa3072key.der b/tests/keys/dsa3072key.der
new file mode 100644
index 0000000..c3cfe1c
Binary files /dev/null and b/tests/keys/dsa3072key.der differ
diff --git a/tests/keys/dsa3072key.p12 b/tests/keys/dsa3072key.p12
new file mode 100644
index 0000000..39a71a1
Binary files /dev/null and b/tests/keys/dsa3072key.p12 differ
diff --git a/tests/keys/dsa3072key.p8-der b/tests/keys/dsa3072key.p8-der
new file mode 100644
index 0000000..19b7f73
Binary files /dev/null and b/tests/keys/dsa3072key.p8-der differ
diff --git a/tests/keys/dsa3072key.p8-pem b/tests/keys/dsa3072key.p8-pem
new file mode 100644
index 0000000..4f8be16
--- /dev/null
+++ b/tests/keys/dsa3072key.p8-pem
@@ -0,0 +1,22 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIDkTAbBgkqhkiG9w0BBQMwDgQI/mbFSvEwrg0CAggABIIDcJaVzTBawa3Q2z81
+PrWS+W4m/puvKonLKeVi1yRwtpcowD7T4UDPI7Ymmm4snNnbGT5MgHmYNNedm/30
+6U4JcROowefIlyHEHL4CKFkQAPccnM0QJ44Djj2OfLKMocmL24u+bSthKTmFAdo5
+JnJc0KNc715eJKlW6UMFhEML5xxFjymvluohxOzO/bNQwuE4S85ICWUvd6JzZ97l
+9Utz7UNg7UyRBPuXX6YtjA0s+sjaA1TS6eFgsX2ZxKelOpjooqdSAY7dpTx0/sG8
+bPaJSAuEfDfcbQH02smB5CoW5qf5oBecrbiAys/PSUAhf9nR7uLPD3rs8dF5szJA
+sXED4NvC8FXlHPWcyfxIRXRv9+5Q0bSKidcQRVvxOrMQyAcSkkceZuRULYtjaQDd
+4V/snKG/6+tHdlchEObuI0qZOCjlRdVso/4A3l7ApS++FGCsjBE3TUFxQZo/JMdE
+iOAG+G/tFq6O8OSWngK/k4BdfyPEHpZnUVDvqzzBPH03WJsQttzSDxwuYANk9996
+xt732wpo15FQejOWFwDn9g0wMKhuTDN92QIKv6JlcZbIICA/VN83S5/hQaGCjA+l
+gnryloZd8cmPfrIGzfCg8IpE8Iz3wPEfSv5UsXVzXIwPYU6Nrj0B4eJ7wV9PbPuE
+vCElu7Z/Q4/27OztJVoa+McVgZd9peZjLDNwgPENdDAnCDxvUz4IXqvAuoGTL35A
+pNUvpRPx1ITT1l4bvZBEnsPpMmiTtmt3IYtNN2nhBPzVo3hStIuATO19LDCUdSsA
+MPMObQaiofEpxuZ0LGR3Kajw+29R2u+B/P5/6FVVLkgLuXsT4atOxgAh4wyQ77dU
+tPcYRGFFI675a/59oRtZRy2MgDbwJuBiV0hNi1O/2V947Cek1c9EYvLNijiVtBkf
+bSVjRZ2hHCuk8t+FIW3XvGQGXHRqsjswJCgQXv/O+KeZsGbCxAvRkqyIEChAATg2
+OUoUK3VOQmf6pg07OZIKvALF3NhhAJTiP9TyFs8AnUa/ILnBqA/kKGy+uUi9Nn2z
+Y8AEWvr21H45Y6HA51zKRR66RkrZXSMuMcEFo1rdja/SOfMpilI9RqhBnGCsLqiq
++h39z8KWmi3/VrIGKSJ5rQE90nzGJa8lU6QFHi6hC92X76fDL2IUFU0WcJvimLlP
+3Eb3jHQ=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/keys/dsa3072key.pem b/tests/keys/dsa3072key.pem
new file mode 100644
index 0000000..3b2d3e5
--- /dev/null
+++ b/tests/keys/dsa3072key.pem
@@ -0,0 +1,48 @@
+-----BEGIN DSA PARAMETERS-----
+MIIDLQKCAYEA44gyKnZNNfMz0+FQK/OpYkrSm1/aWlzM3B1MWFsnFMNB0r+5Fby/
+EYerAf+k/PNCR+j719VJiU/N+E2YvYhi6AHKpKLb57IWL1taFHeYbryf8DgMVV6z
+paJBj/6SZD1iiWLyf8cygN0t0n9c9N8YZ8a4Ge9J0X1K94jhtsteMNIfFhv5cnka
+gwdar5GsVF146kYBgufcAvQLU9xxE+ntqGQebYF2OHpBCzWbX3k7Acx6w/VqwJjl
+K4fRUlSOgXZreMlu2s96WSGo2LxZUYEj72kVZvnVanwgmuHouE5bhirL9tKQ7Zdv
+YKBF4Ki0UaZaLG7bPgKnFB9bkjDZA+5p+ohxnFph02gS/4dNB9qwF5LYcME81rP2
+deoInVpD+Am1940ynpBIOOxvUVHkzL9PDe9WT9RYo2qitW9Ze0CYkzL6JlcaCLQL
+/FuJoV4+xZRDnVZHNBIoCXQnSARuznZF3BXPFGt6+vXOSh0HWGFdYIpNCQAgFvQx
+t+MeTMjojT4PAiEAwoh7eB78mIJOxLEUHGA1vpvIPYF3Muqk0PEv8Ti4Wd8CggGB
+AIt6oRx2SXjlMwDGCnKFXwvcGB/FkDri0NAH+kxQZycXVGVZ7/pU7DFmtkifKul0
+DB4H2S61uOphRPZBbWgzQ3QhD0DVuc7OSyRJoDEEcgCQj2epOAt5AZaXOL7PxZQ6
+w+l/Wm45EVTzxRl/tLoVFwCE6FWIXmO3mIitgDmBBWwKH5Iukr6S2ePHO/P3/WsH
+QdvgHPDiXGTEWv+WAdZC0LP28JkEBuyw8ccunEbtUDongjYpfPZdN7Iy/Tj2t9ZS
+/hIgOAuzlfByEz49aS48Ushz8ss5jyh6YPevI4YqDYeh8YUVv6hsf7e22xWx1Ptg
+1TttcAo1P64nBujQBP3bH0ZYNuQLdzosn8HmQSmktgIRrptFYzJ6kjMurxkM9wGH
+lKv1v3zMzAG8gwAp6Q56cVXsKyWlfEF+MMGK6jTXJo/ZQ/msFhGSQ/uZRjxwesa9
+Xj3Q3hZ+tWcQWt06yav2/xXUPko5zgRuomRKNVFIfZPahBIiET0ZyVoj4Khj9LvJ
+Ew==
+-----END DSA PARAMETERS-----
+-----BEGIN DSA PRIVATE KEY-----
+MIIE1wIBAAKCAYEA44gyKnZNNfMz0+FQK/OpYkrSm1/aWlzM3B1MWFsnFMNB0r+5
+Fby/EYerAf+k/PNCR+j719VJiU/N+E2YvYhi6AHKpKLb57IWL1taFHeYbryf8DgM
+VV6zpaJBj/6SZD1iiWLyf8cygN0t0n9c9N8YZ8a4Ge9J0X1K94jhtsteMNIfFhv5
+cnkagwdar5GsVF146kYBgufcAvQLU9xxE+ntqGQebYF2OHpBCzWbX3k7Acx6w/Vq
+wJjlK4fRUlSOgXZreMlu2s96WSGo2LxZUYEj72kVZvnVanwgmuHouE5bhirL9tKQ
+7ZdvYKBF4Ki0UaZaLG7bPgKnFB9bkjDZA+5p+ohxnFph02gS/4dNB9qwF5LYcME8
+1rP2deoInVpD+Am1940ynpBIOOxvUVHkzL9PDe9WT9RYo2qitW9Ze0CYkzL6Jlca
+CLQL/FuJoV4+xZRDnVZHNBIoCXQnSARuznZF3BXPFGt6+vXOSh0HWGFdYIpNCQAg
+FvQxt+MeTMjojT4PAiEAwoh7eB78mIJOxLEUHGA1vpvIPYF3Muqk0PEv8Ti4Wd8C
+ggGBAIt6oRx2SXjlMwDGCnKFXwvcGB/FkDri0NAH+kxQZycXVGVZ7/pU7DFmtkif
+Kul0DB4H2S61uOphRPZBbWgzQ3QhD0DVuc7OSyRJoDEEcgCQj2epOAt5AZaXOL7P
+xZQ6w+l/Wm45EVTzxRl/tLoVFwCE6FWIXmO3mIitgDmBBWwKH5Iukr6S2ePHO/P3
+/WsHQdvgHPDiXGTEWv+WAdZC0LP28JkEBuyw8ccunEbtUDongjYpfPZdN7Iy/Tj2
+t9ZS/hIgOAuzlfByEz49aS48Ushz8ss5jyh6YPevI4YqDYeh8YUVv6hsf7e22xWx
+1Ptg1TttcAo1P64nBujQBP3bH0ZYNuQLdzosn8HmQSmktgIRrptFYzJ6kjMurxkM
+9wGHlKv1v3zMzAG8gwAp6Q56cVXsKyWlfEF+MMGK6jTXJo/ZQ/msFhGSQ/uZRjxw
+esa9Xj3Q3hZ+tWcQWt06yav2/xXUPko5zgRuomRKNVFIfZPahBIiET0ZyVoj4Khj
+9LvJEwKCAYEAyYqOpk4I9P5oN10w6M7i+r++2t3JYJX1OhjeZsZ/a4fSXUSHu480
+CZ71PKtE56hZ5nE6+K5nY0uVd/tVxyBjvzVALi98NZD1tSpk3Px7mHq1vjeaZu2c
+l+9WwVpH8dE0Fozl3g56EmUNTQbo/BpB23BtHyAiUB3dn9avQCfHRTBP2wpNTIv2
+P4yfSq9ABCj0MJ7dEmYXYajqehK9EyLW7B7fW67nOORprsmRoJJ/sBCOxt8ewS+P
+OFGqZTaNLBeN7Vpgd+WRH38VjmBZSy5KF05WZ0p11u88fKF0ziG5/St9wPTYF7g6
+TIOyKLlIdBWFdnVY7zasJPHWazjfqQLVewkLzeqc3j4P6ASa1JVfzTto9Abmb5fQ
+Eb9iWJK2bnxbZjDQW6H+o/lmxZyKm9u1wi5dWu9ENVigrxPKg9y4mR8f+5bK3Gk1
+fCmRfHeZM4F0SEhbOTZGBca7vy4wT+++xSx9t0E1toHrT0vchMVMPZLXhWheMjlA
+eSoHhJXmZU/kAiAJlxSx721HQx7dCU+U3FcT28sdzvwYwd2Xt14n8vyo3w==
+-----END DSA PRIVATE KEY-----
diff --git a/tests/testDSig.sh b/tests/testDSig.sh
index aed6a02..7afdd7c 100755
--- a/tests/testDSig.sh
+++ b/tests/testDSig.sh
@@ -320,6 +320,24 @@ execDSigTest $res_success \
     "$priv_key_option $topfolder/keys/largersakey$priv_key_suffix.$priv_key_format --pwd secret123" \
     "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
 
+execDSigTest $res_success \
+    "" \
+    "aleksey-xmldsig-01/enveloping-sha256-dsa2048-sha256" \
+    "sha256 dsa-sha256" \
+    "dsa x509" \
+    "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+    "$priv_key_option $topfolder/keys/dsa2048key$priv_key_suffix.$priv_key_format --pwd secret123" \
+    "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+    "" \
+    "aleksey-xmldsig-01/enveloping-sha256-dsa3072-sha256" \
+    "sha256 dsa-sha256" \
+    "dsa x509" \
+    "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+    "$priv_key_option $topfolder/keys/dsa3072key$priv_key_suffix.$priv_key_format --pwd secret123" \
+    "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
 #
 # To generate expired cert run the following command
 # > xmlsec1 sign --pkcs12 tests/keys/expiredkey.p12 --pwd secret123 --output out.xml 
./tests/aleksey-xmldsig-01/enveloping-expired-cert.tmpl


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]