RE: what it is X509_STORE ?
hello i thank you very much sir, i'v other question , where i put the name of signature algorithm which i use it to sign a certificate , cause in my config file i put only the MD5 function (but it is a hash function and i can't use it to sign, am i wrong??) in my sslcreat.pl # create request config file (look please the bold underlined ligne ) sub create_ca_config_file { my ($file) = @_; open TMP, $file; print TMP [ ca ]\n; print TMP default_ca = CA_default\n; print TMP [ CA_default ]\n; print TMP dir = $ARAN_CA_DIR\n; print TMP database = \$dir/index.txt\n; print TMP new_certs_dir = \$dir/newcerts\n; print TMP certificate = \$dir/cacert.pem\n; print TMP serial = \$dir/serial\n; print TMP private_key = \$dir/private/cakey.pem\n; print TMP RANDFILE = \$dir/private/.rand\n; print TMP \n; print TMP default_days = $ARAN_CA_DAYS\n; print TMP default_crl_days = 30\n; print TMP default_md = md5\n; print TMP \n; print TMP policy = policy_any\n; print TMP \n; print TMP [ policy_any ]\n; print TMP countryName = optional\n; print TMP stateOrProvinceName = optional\n; print TMP organizationName = optional\n; print TMP organizationalUnitName = optional\n; print TMP commonName = supplied\n; print TMP emailAddress = optional\n; print TMP \n; print TMP [ req ]\n; print TMP default_bits = 1024\n; print TMP distinguished_name = req_distinguished_name\n; print TMP prompt = no\n; print TMP \n; print TMP [ req_distinguished_name ]\n; print TMP CN = ARAN CA\n; print TMP \n; close TMP; } best regards Date: Tue, 24 Feb 2009 08:34:54 +0100 Subject: Re: what it is X509_STORE ? From: toondel...@gmail.com To: openssl-users@openssl.org It is a certificate memory store where you should put your certificates (CA, root etc..) of your trusted path that are needed by your application for signature verifycation. Thjis is also the place you will put your CRL. Have a look at X509_STORE _xxx and X509_load_xxx. functions. You might also consider using PEM_read_xxx fnuctions for your signing certificate. regards Emmanuel 2009/2/24 sarym binome binome_...@hotmail.com: hello i try create a X509 certificate for a CA and certificates signed by the CA , and i want to check it (verify it) , somebody tell me what it is X509_STORE ? thanks. Tous vos amis discutent sur Messenger, et vous ? Téléchargez Messenger, c'est gratuit ! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org _ Découvrez toutes les possibilités de communication avec vos proches http://www.microsoft.com/windows/windowslive/default.aspx
certificat sign algorithm!
hello where i put the name of signature algorithm which i use it to sign a certificate , cause in my config file i put only the MD5 function (but it is a hash function and i can't use it to sign, am i wrong??). how can the verify function deduce which function to use . in my sslcreat.pl # create request config file (look please the bold underlined ligne ) sub create_ca_config_file { my ($file) = @_; open TMP, $file; print TMP [ ca ]\n; print TMP default_ca = CA_default\n; print TMP [ CA_default ]\n; print TMP dir = $ARAN_CA_DIR\n; print TMP database = \$dir/index.txt\n; print TMP new_certs_dir = \$dir/newcerts\n; print TMP certificate = \$dir/cacert.pem\n; print TMP serial = \$dir/serial\n; print TMP private_key = \$dir/private/cakey.pem\n; print TMP RANDFILE = \$dir/private/.rand\n; print TMP \n; print TMP default_days = $ARAN_CA_DAYS\n; print TMP default_crl_days = 30\n; print TMP default_md = md5\n; print TMP \n; print TMP policy = policy_any\n; print TMP \n; print TMP [ policy_any ]\n; print TMP countryName = optional\n; print TMP stateOrProvinceName = optional\n; print TMP organizationName = optional\n; print TMP organizationalUnitName = optional\n; print TMP commonName = supplied\n; print TMP emailAddress = optional\n; print TMP \n; print TMP [ req ]\n; print TMP default_bits = 1024\n; print TMP distinguished_name = req_distinguished_name\n; print TMP prompt = no\n; print TMP \n; print TMP [ req_distinguished_name ]\n; print TMP CN = ARAN CA\n; print TMP \n; close TMP; } best regards Téléchargez le nouveau Windows Live Messenger ! Téléchargez Messenger, c'est gratuit ! _ Sur Windows Live Ideas, découvrez en exclusivité de nouveaux services en ligne... si nouveaux qu'ils ne sont pas encore sortis officiellement sur le marché ! http://ideas.live.com
Re: what it is X509_STORE ?
Please don't use md5. Use sha128 or sha256 instead, if you can. How signing works is this: 1) The signer creates the data he wishes to sign. (In this case, a certificate.) 2) The signer performs the specified hash function over the data he wishes to sign. (This is done via md5, sha1, sha2, sha256, sha128, etc.) 3) The signer encrypts the output of the hash function with his private key. 4) The signer appends the encrypted blob of the hash to the data, along with information as to what hash function he used. To verify a signature, the verifier does this: 1) The verifier receives the data he wishes to verify the signature of. 2) The verifier removes the information appended in section 4 of the signer's procedure. 3) The verifier performs the specified hash function over the data he wishes to verify. (This is specified by the signer, not the verifier, since the signer only did a single hash.) He saves the output in variable A. 4) The verifier decrypts the encrypted blob of the hash, using the signer's public key. He saves this output in variable B. 5) The verifier verifies that A == B. If it matches, the data is the same that was signed. If it does not match, the data is not the same that was signed. The reason you should not use MD5 is because recent attacks have been demonstrated against it which would allow, in certain circumstances, certificates to be forged (hash collisions can be generated, and are only expected to become easier as time goes on). SHA-1 has the same types of attacks, though much less advanced, described against it. Regardless, the default_md line stands for default message digest -- i.e., default hash type. MD5 works there, but as I said you should try not to use it. -Kyle H On Tue, Feb 24, 2009 at 12:13 AM, sarym binome binome_...@hotmail.com wrote: hello i thank you very much sir, i'v other question , where i put the name of signature algorithm which i use it to sign a certificate , cause in my config file i put only the MD5 function (but it is a hash function and i can't use it to sign, am i wrong??) in my sslcreat.pl # create request config file (look please the bold underlined ligne ) sub create_ca_config_file { my ($file) = @_; open TMP, $file; print TMP [ ca ]\n; print TMP default_ca = CA_default\n; print TMP [ CA_default ]\n; print TMP dir = $ARAN_CA_DIR\n; print TMP database = \$dir/index.txt\n; print TMP new_certs_dir = \$dir/newcerts\n; print TMP certificate = \$dir/cacert.pem\n; print TMP serial = \$dir/serial\n; print TMP private_key = \$dir/private/cakey.pem\n; print TMP RANDFILE = \$dir/private/.rand\n; print TMP \n; print TMP default_days = $ARAN_CA_DAYS\n; print TMP default_crl_days = 30\n; print TMP default_md = md5\n; print TMP \n; print TMP policy = policy_any\n; print TMP \n; print TMP [ policy_any ]\n; print TMP countryName = optional\n; print TMP stateOrProvinceName = optional\n; print TMP organizationName = optional\n; print TMP organizationalUnitName = optional\n; print TMP commonName = supplied\n; print TMP emailAddress = optional\n; print TMP \n; print TMP [ req ]\n; print TMP default_bits = 1024\n; print TMP distinguished_name = req_distinguished_name\n; print TMP prompt = no\n; print TMP \n; print TMP [ req_distinguished_name ]\n; print TMP CN = ARAN CA\n; print TMP \n; close TMP; } best regards Date: Tue, 24 Feb 2009 08:34:54 +0100 Subject: Re: what it is X509_STORE ? From: toondel...@gmail.com To: openssl-users@openssl.org It is a certificate memory store where you should put your certificates (CA, root etc..) of your trusted path that are needed by your application for signature verifycation. Thjis is also the place you will put your CRL. Have a look at X509_STORE _xxx and X509_load_xxx. functions. You might also consider using PEM_read_xxx fnuctions for your signing certificate. regards Emmanuel 2009/2/24 sarym binome binome_...@hotmail.com: hello i try create a X509 certificate for a CA and certificates signed by the CA , and i want to check it (verify it) , somebody tell me what it is X509_STORE ? thanks. Tous vos amis discutent sur Messenger, et vous ? Téléchargez Messenger, c'est gratuit ! __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org Découvrez toutes les possibilités de communication avec vos proches __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager
Re: what it is X509_STORE ?
Well if I remember well, you don't specify the key type in the config file, but when you create the key file itself (req -newkey command in openssl). BTW, for alternative certificate store usage, you can use SSL_CTX_x functions. 2009/2/24 sarym binome binome_...@hotmail.com: hello i thank you very much sir, i'v other question , where i put the name of signature algorithm which i use it to sign a certificate , cause in my config file i put only the MD5 function (but it is a hash function and i can't use it to sign, am i wrong??) in my sslcreat.pl # create request config file (look please the bold underlined ligne ) sub create_ca_config_file { my ($file) = @_; open TMP, $file; print TMP [ ca ]\n; print TMP default_ca = CA_default\n; print TMP [ CA_default ]\n; print TMP dir = $ARAN_CA_DIR\n; print TMP database = \$dir/index.txt\n; print TMP new_certs_dir = \$dir/newcerts\n; print TMP certificate = \$dir/cacert.pem\n; print TMP serial = \$dir/serial\n; print TMP private_key = \$dir/private/cakey.pem\n; print TMP RANDFILE = \$dir/private/.rand\n; print TMP \n; print TMP default_days = $ARAN_CA_DAYS\n; print TMP default_crl_days = 30\n; print TMP default_md = md5\n; print TMP \n; print TMP policy = policy_any\n; print TMP \n; print TMP [ policy_any ]\n; print TMP countryName = optional\n; print TMP stateOrProvinceName = optional\n; print TMP organizationName = optional\n; print TMP organizationalUnitName = optional\n; print TMP commonName = supplied\n; print TMP emailAddress = optional\n; print TMP \n; print TMP [ req ]\n; print TMP default_bits = 1024\n; print TMP distinguished_name = req_distinguished_name\n; print TMP prompt = no\n; print TMP \n; print TMP [ req_distinguished_name ]\n; print TMP CN = ARAN CA\n; print TMP \n; close TMP; } best regards Date: Tue, 24 Feb 2009 08:34:54 +0100 Subject: Re: what it is X509_STORE ? From: toondel...@gmail.com To: openssl-users@openssl.org It is a certificate memory store where you should put your certificates (CA, root etc..) of your trusted path that are needed by your application for signature verifycation. Thjis is also the place you will put your CRL. Have a look at X509_STORE _xxx and X509_load_xxx. functions. You might also consider using PEM_read_xxx fnuctions for your signing certificate. regards Emmanuel 2009/2/24 sarym binome binome_...@hotmail.com: hello i try create a X509 certificate for a CA and certificates signed by the CA , and i want to check it (verify it) , somebody tell me what it is X509_STORE ? thanks. Tous vos amis discutent sur Messenger, et vous ? Téléchargez Messenger, c'est gratuit ! __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org Découvrez toutes les possibilités de communication avec vos proches __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
get public Key from a certificate
hello how can i get the public Key from a certificate ? ( please give me just the name of the function, for example i use to get a public key from a private key : PrivKey = RSA_generate_key(512, RSA_F4, NULL, NULL); PubKey = RSAPublicKey_dup(PrivKey); ) if i send a certificate , i'm not oblige to send a public key , i deduce it from a a certificate (am i wrong ???!) ) best regards _ Sur Windows Live Ideas, découvrez en exclusivité de nouveaux services en ligne... si nouveaux qu'ils ne sont pas encore sortis officiellement sur le marché ! http://ideas.live.com
Problem using CRL
Hello, Sorry for double posting if any, but I just figured out that my previous post might not have passed some filters due to my nick-name. I have a problem when using CRL. My certificate setup is the following: = = | Cert1 | | Root | = = | | = | CA | = /|\ / | \ / | \ = = = | Cert2 | | CRL | |revoked| = = = Cert1 is self signed certificate and used to sign S/MIME message on my app (for which I own the private key). Cert2 is a used to signed S/MIME messages on a client app. revoked is a certificate that has been revoked and is mentionned as such in the CRL. My application has Cert1, Root and CA in its trust anchor and is configured to use Cert1 and its private key to sign messages as well as verify messages it has previously signed (that are read from disk for re-send for example). As long as I don't use the CRL, everything is fine: I can sign messages with Cert1, and verify messages signed by Cert1, Cert2 and revoked. If I introduce the CRL in my certificate store (using X509_load_crl_file), the messages signed with revoked certificate are rejected as expected. But as a side effect, the messages I signed with Cert1 are also rejected with error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:Verify error:unable to get local issuer certificate error when I try to verify them within my app. The error occurs wheter I use X509_V_FLAG_CRL_CHECK_ALL or not. Signing still works. Do I miss something or is it a normal behaviour when using CRL ? Is it related to the fact that Cert1 is self signed ? OpenSSL version: 0.9.8.i OS: HPUX 11.23i Regards, Emmanuel __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
[no subject]
Greetings. I have recently done some testing with OpenSSL versions 0.9.8i and 0.9.8j. Basically, the application is opening 10,000 connections between a client and server on the same Linux machine. I've noticed quite a difference in memory utilization when monitered with the Linux top command. 0.9.8i will show an increase in memory from before the connections being opened to after of maybe 1 GB. (The system has 32 GB available) With 0.9.8j, from before the connections being opened to after, an increase of 12+ GB is observed. This is quite a difference, and may be causing some problems. At one point, the program seg faulted with a double free or corruption error. I can not reproduce this consistently, however. Everything runs well with version 0.9.8i. I'm wondering if anyone might know what is responsible for the significant difference in memory usage between the two versions? I should be using the same SSL CTX for all of the connections. Hopefully I'm providing enough information. I have done some searching, and found one issue with a memory leak in version 0.9.8j: http://article.gmane.org/gmane.comp.encryption.openssl.devel/14996 But I don't think this is the issue I am seeing. From the CHANGES log, I noticed that TLS extensions are enabled by default in 0.9.8j, but don't know if that's the reason for the increase in memory usage? Thanks in advance. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Memory untilization in version 0.9.8j
Forgot to include a subject line, my apoligies. From: jetso...@hotmail.com To: openssl-users@openssl.org Subject: Date: Tue, 24 Feb 2009 14:48:01 + Greetings. I have recently done some testing with OpenSSL versions 0.9.8i and 0.9.8j. Basically, the application is opening 10,000 connections between a client and server on the same Linux machine. I've noticed quite a difference in memory utilization when monitered with the Linux top command. 0.9.8i will show an increase in memory from before the connections being opened to after of maybe 1 GB. (The system has 32 GB available) With 0.9.8j, from before the connections being opened to after, an increase of 12+ GB is observed. This is quite a difference, and may be causing some problems. At one point, the program seg faulted with a double free or corruption error. I can not reproduce this consistently, however. Everything runs well with version 0.9.8i. I'm wondering if anyone might know what is responsible for the significant difference in memory usage between the two versions? I should be using the same SSL CTX for all of the connections. Hopefully I'm providing enough information. I have done some searching, and found one issue with a memory leak in version 0.9.8j: http://article.gmane.org/gmane.comp.encryption.openssl.devel/14996 But I don't think this is the issue I am seeing. From the CHANGES log, I noticed that TLS extensions are enabled by default in 0.9.8j, but don't know if that's the reason for the increase in memory usage? Thanks in advance. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Need help with keytool
I need to turn PKI certs into JKSes. I have some instructions from one of the developers, but it refers to a KeyTool UI which, it turns out, is not part of the base OS install, but, Oh, just go out and search the Internet for one... No thanks. Besides, I'd like to script this stuff. The man page for keytool doesn't help me much, as I know, basically, nothing about this stuff. The terminology is meaningless to me :-( ( Speaking of which, if anyone can direct me to some kind of tutorial or online lesson about the basics of PKI, SSL, etc. that would be awesome! ) So... I'd like to request some assistance in turning the following instructions into CLI 'keytool' commands. After creating a PKCS12 file... 9. Use KeyTool UI (Java tool), go to File-Open Keystore and open certificate.p12 10. Right click on the displayed keypair and Rename it to 'key' 11. Import the COC CA-13 certificate into the new keystore using Tools-Import Trusted Certificate 12. Go to File-Save Keystore As and use 'password' 13. Save the file as subscriber.jks I am told that renaming the keypair is important, as our application cares. Same with using the password 'password'. Thanks, SSL People! -- *** * John Oliver http://www.john-oliver.net/ * * * *** __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PKCS7 (time.certum.pl)
Thanks! No it means that the service is an RFC3161 time stamp which OpenSSL doesn't currently support. You can perform limited verification of these using the smime command line utility for example... openssl smime -verify -inform DER -out ts.der -in timstamp -noverify will verify the integrity of the timestamp though you could avoid -noverify and include the correct CA. The ts.der file will contain details of the object being timestamped. Bye Jan __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Error reading EC Private Key from PEM file
Hi again, I forgot to include a subject and I have some extra information on this as well so thought I'd send more. I have printed out the human readable error output of the call to PEM_read_PrivateKey and it is a s such: error:0906B072:lib(9):func(107):reason(114) From looking through the EVP error codes function 107 is PEM_GET_EVP_CIPHER_INFO and reason 114 is PEM_R_UNSUPPORTED_ENCRYPTION. Now I created the private key using OpenSSL so it seems odd to me that it would be considered unsupported. Some relevant info from the key file is: Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,C1897FAC7F2375FD I have read that the cipher type is determined from the salt, i.e. C1897..., and a few other variables such as iv (?) that I haven't had much luck in determining. Any ideas why PEM_read_PrivateKey would still be returning NULL??? By the way I am using version 0.9.8g which I know is slightly outdated if that makes a difference. -John Larson From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Larson, John Sent: Monday, February 23, 2009 5:17 PM To: openssl-users@openssl.org Subject: Hi all, I am working on some code that takes an existing EC Private Key stored in a PEM file and uses it to create a digital signature. In my code the call I make to read the private key continues to return a NULL pointer. I perform the call as such: pkey = PEM_read_PrivateKey(keyFile, NULL, NULL, password); I have confirmed both that I am referencing the correct file and that the pass phrase I use (password in this example) is correct. I confirmed the password by executing on the command line: openssl ec -in signer_key.pem -passin pass:password Any ideas why my function call would still return NULL? John Larson JIPM Systems Engineer, ViaSat Inc. Work: (760) 930-3594 Cell: (510) 435-3277
RE: get public Key from a certificate
if you have a certificate in a X509 object, the x509.h header mentions the function: EVP_PKEY *X509_get_pubkey(X509 *x); From: binome_...@hotmail.com To: openssl-users@openssl.org Subject: get public Key from a certificate Date: Tue, 24 Feb 2009 10:29:42 + hello how can i get the public Key from a certificate ? ( please give me just the name of the function, for example i use to get a public key from a private key : PrivKey = RSA_generate_key(512, RSA_F4, NULL, NULL); PubKey = RSAPublicKey_dup(PrivKey); ) if i send a certificate , i'm not oblige to send a public key , i deduce it from a a certificate (am i wrong ???!) ) best regards _ Windows Live™ Hotmail®…more than just e-mail. http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t2_hm_justgotbetter_howitworks_022009__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Error reading EC Private Key from PEM file
first - do you use FIPS? if yes, 1) the you need to include in the very beginning // for use with privkey with password OpenSSL_add_all_algorithms(); PKCS5_PBE_add(); 2) convert the key before use: openSSL pkcs8 -in privkey_pass.pem -topk8 -v2 des3 -out cprivkey_pass.pem second - use the call back to set password Galina On Tue, Feb 24, 2009 at 10:48 AM, Larson, John john.lar...@viasat.comwrote: Hi again, I forgot to include a subject and I have some extra information on this as well so thought I’d send more. I have printed out the human readable error output of the call to PEM_read_PrivateKey and it is a s such: error:0906B072:lib(9):func(107):reason(114) From looking through the EVP error codes function 107 is PEM_GET_EVP_CIPHER_INFO and reason 114 is PEM_R_UNSUPPORTED_ENCRYPTION. Now I created the private key using OpenSSL so it seems odd to me that it would be considered unsupported. Some relevant info from the key file is: Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,C1897FAC7F2375FD I have read that the cipher type is determined from the salt, i.e. C1897…, and a few other variables such as iv (?) that I haven’t had much luck in determining. Any ideas why PEM_read_PrivateKey would still be returning NULL??? By the way I am using version 0.9.8g which I know is slightly outdated if that makes a difference. -John Larson -- *From:* owner-openssl-us...@openssl.org [mailto: owner-openssl-us...@openssl.org] *On Behalf Of *Larson, John *Sent:* Monday, February 23, 2009 5:17 PM *To:* openssl-users@openssl.org *Subject:* Hi all, I am working on some code that takes an existing EC Private Key stored in a PEM file and uses it to create a digital signature. In my code the call I make to read the private key continues to return a NULL pointer. I perform the call as such: pkey = PEM_read_PrivateKey(keyFile, NULL, NULL, “password”); I have confirmed both that I am referencing the correct file and that the pass phrase I use (“password” in this example) is correct. I confirmed the password by executing on the command line: openssl ec -in signer_key.pem –passin pass:password Any ideas why my function call would still return NULL? John Larson *JIPM Systems Engineer, ViaSat Inc*. Work: (760) 930-3594 Cell: (510) 435-3277
Re: Error reading EC Private Key from PEM file
On Tue, Feb 24, 2009, Larson, John wrote: Hi again, I have printed out the human readable error output of the call to PEM_read_PrivateKey and it is a s such: error:0906B072:lib(9):func(107):reason(114) From looking through the EVP error codes function 107 is PEM_GET_EVP_CIPHER_INFO and reason 114 is PEM_R_UNSUPPORTED_ENCRYPTION. Now I created the private key using OpenSSL so it seems odd to me that it would be considered unsupported. Some relevant info from the key file is: This possibly: http://www.openssl.org/support/faq.html#PROG8 And this avoids having to look through the files for an error message: http://www.openssl.org/support/faq.html#PROG7 Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Error reading EC Private Key from PEM file
Made the fix and that seems to be the case, thanks! -John Larson -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Tuesday, February 24, 2009 9:18 AM To: openssl-users@openssl.org Subject: Re: Error reading EC Private Key from PEM file On Tue, Feb 24, 2009, Larson, John wrote: Hi again, I have printed out the human readable error output of the call to PEM_read_PrivateKey and it is a s such: error:0906B072:lib(9):func(107):reason(114) From looking through the EVP error codes function 107 is PEM_GET_EVP_CIPHER_INFO and reason 114 is PEM_R_UNSUPPORTED_ENCRYPTION. Now I created the private key using OpenSSL so it seems odd to me that it would be considered unsupported. Some relevant info from the key file is: This possibly: http://www.openssl.org/support/faq.html#PROG8 And this avoids having to look through the files for an error message: http://www.openssl.org/support/faq.html#PROG7 Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS Server
Thanks a lot Kyle. That was a very clear explanation. One final question. Given that non fips mode openssl can talk with fips validated implementations , Lets say i have a server which is using openssl in non fips mode which speaks and suports all the ciphers (including the FIPS ciphers) .Now for a FIPS validated client is there any way for the client to tell that it is speaking with a non fips server.? If not the server could claim to be FIPS compliant and trick the client while in reality it is not FIPS compliant but is just speaking fips ciphers that the client proposes. Is the above possible then? On Mon, Feb 23, 2009 at 3:13 AM, Kyle Hamilton aerow...@gmail.com wrote: On Sun, Feb 22, 2009 at 7:56 AM, smitha daggubati smithad...@gmail.com wrote: Thanks David and kyle for your time. Kyle, though current practice includes procurement, not necessarily implementation I did not understand the above statement? Can you elaborate.. thanks Srinivas In order for the US Federal government to purchase any system which is to hold confidential data (including private information such as names/addresses/social security numbers/etc), that system *must* (by law and regulation) include cryptography which is FIPS 140-1 or FIPS 140-2 validated. Any device which provides cryptography which is purchased by the US Federal government *must* be FIPS validated -- meaning, it must have a mode of operation which has been validated to FIPS 140-1 or FIPS 140-2. Typically, FIPS-validated cryptography is not easily interoperable with non-FIPS-validated cryptography. For example, with Windows Server, if one domain controller is set to mandate use of FIPS-compliant cryptography and another domain controller for the same domain is not, those domain controllers will not talk with each other at all (because they have different expectations as to what authentication algorithms and methods are to be used). The practical upshot of this is that the government buys things with FIPS-validated cryptography as a mandatory checklist item, but often, they can't follow the security policy to turn it on due to interoperability requirements. OpenSSL is one of the relatively few TLS cryptographic providers which can, even when in non-FIPS mode, negotiate communication with FIPS-validated, FIPS-mode-enabled TLS implementations. (SSLv2 and SSLv3 cannot be used in FIPS mode, because the key agreement mechanism uses/relies on MD5; TLSv1 uses both MD5 and SHA-1, but the NIST guidance is that even though it uses MD5, it is okay to use it because it doesn't rely solely on MD5 to provide its security.) -Kyle H
Re: FIPS Server
Hey there; On February 24, 2009 02:07:39 pm smitha daggubati wrote: Thanks a lot Kyle. That was a very clear explanation. One final question. Given that non fips mode openssl can talk with fips validated implementations , Lets say i have a server which is using openssl in non fips mode which speaks and suports all the ciphers (including the FIPS ciphers) .Now for a FIPS validated client is there any way for the client to tell that it is speaking with a non fips server.? If not the server could claim to be FIPS compliant and trick the client while in reality it is not FIPS compliant but is just speaking fips ciphers that the client proposes. Is the above possible then? I think you are still completely missing what FIPS is for - FIPS is a specification that tells you which ciphers and protocols certain departments in the US Government consider secure, and a bunch of limitations and requirements as to how those ciphers and protocols are implemented That's it, that's all. It isn't some magic pixie crypto dust that you sprinkle on your application and call it secure. Providing assurance as to the identity of the endpoints of your communication channel is up to you. -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: FIPS Server
One final question. Given that non fips mode openssl can talk with fips validated implementations , Lets say i have a server which is using openssl in non fips mode which speaks and suports all the ciphers (including the FIPS ciphers) .Now for a FIPS validated client is there any way for the client to tell that it is speaking with a non fips server.? That depends on the implementation. There are many ways, but they're outside the scope of FIPS itself. For example, suppose you're part of a military organization. Your certificates can include a field that says that such certificates are only issued to FIPS-certified endpoints. You can refuse to talk to any server that doesn't present a certificate with that extension. Normally though, you can't care. My browser's job is to make sure that when I send my credit card to Amazon.com, only Amazon.com gets it. But it can't control what Amazon.com does with the information once they have it. That's out of scope. So you are talking about the security of the other endpoint, which is logically not the responsibility of an endpoint. If not the server could claim to be FIPS compliant and trick the client while in reality it is not FIPS compliant but is just speaking fips ciphers that the client proposes. Is the above possible then? If the client can be tricked by the server, it's broken. If this was a problem in your implementation, then you should have implemented a mechanism to ensure it can't happen. This is why you need threat models and security evaluations. Again, one sane way to do this is to use a CA that you trust to certify that endpoints are trustworthy for whatever trust you need to extend to them. An endpoint could be FIPS-compliant and could publish all its secrets in the New York Times. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help with keytool
On Tue, Feb 24, 2009 at 08:02:30AM -0800, John Oliver wrote: I need to turn PKI certs into JKSes. I have some instructions from one JKS is Java KeyStore or some such. It's a database of certificates and private keys. You can't turn a certificate into a .jks but you can store certificates into one. None of this stuff is to do with OpenSSL, so this list may not be the best place for answers. And I'm not anything like an expert on keytool or JCA, but I will try to explain a bit. of the developers, but it refers to a KeyTool UI which, it turns out, is not part of the base OS install, but, Oh, just go out and search the Internet for one... No thanks. Besides, I'd like to script this So helpful, they are. stuff. The man page for keytool doesn't help me much, as I know, basically, nothing about this stuff. The terminology is meaningless to me :-( ( Speaking of which, if anyone can direct me to some kind of tutorial or online lesson about the basics of PKI, SSL, etc. that would be awesome! ) So... I'd like to request some assistance in turning the following instructions into CLI 'keytool' commands. Spoiler: I don't think there is a way using the tool you've chosen, but read on for my best guesses. After creating a PKCS12 file... 9. Use KeyTool UI (Java tool), go to File-Open Keystore and open certificate.p12 -storetype pkcs12 -keystore certificate.p12 are needed to specify the keystore file and its (non-default) type. You will need these for all steps that operate on this file. 10. Right click on the displayed keypair and Rename it to 'key' -changealias -alias OLDNAME -destalias key Names are aliases in keytool. I don't believe that PKI terminology includes the concept of naming a keypair. 11. Import the COC CA-13 certificate into the new keystore using Tools-Import Trusted Certificate -importcert -file THE_CERTIFICATE_FILE I think you will be required to specify -alias SOME_NAME, and you may want to add -trustcacerts. 12. Go to File-Save Keystore As and use 'password' Meaningless for keytool, which loads and saves the same -keystore file. 13. Save the file as subscriber.jks I don't think Sun keytool will do thist step. You can export certificates but not private keys -- at least, I've never found a way to move private keys in or out using keytool. And there doesn't seem to be an option to transform one type of store into another. The part we haven't been told is why you have to start with a PKCS#12 bag if you have to end up with a JKS bag. Any procedure that requires generating a private key outside of Sun keytool is not going to work if it has to produce a JKS bag using keytool. The java.security.Keystore class appears to be able to store externally-provided keys, but keytool doesn't let you at that method. If you could use -genseckey to let keytool generate the key, you could start with a .jks and there'd be no problem. I am told that renaming the keypair is important, as our application cares. Same with using the password 'password'. :-O Do they leave a key under the doormat, too? -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Friends don't let friends publish revisable-form documents. pgpVHchmnYVTo.pgp Description: PGP signature
ECDSA/Using private and Public keys
I'm extremely new to this so any help would be much appreciated. Ultimately I need to use pre-computed Public and Private EC keys to digitally sign and verify a message. I can't seem to be able to take the DER encoded keys and produce a usable EC_KEY for calling the ECDSA_sign() or ECDSA_verify() functions. To try to simplify, I attempted the following unrelated code (error checking removed) int len; unsigned char *pptr; unsigned char buf[1024]; intret; ECDSA_SIG *sig; EC_KEY*newkey; EC_KEY*eckey = EC_KEY_new(); // Get the EC Group eckey-group = EC_GROUP_new_by_curve_name(NID_secp192k1); // Generate a new key if (!EC_KEY_generate_key(eckey)) { printf(Error generating key!\n); return 0; } // Get the private key in DER pptr = buf; len = i2d_ECPrivateKey(eckey, pptr); // Convert the private key back from DER/allocate new eckey newkey = d2i_ECPrivateKey(NULL, pptr, len); if (newkey == NULL) { printf(This always fails!!\n); } Why does the call to d2i_ECPrivateKey(NULL, pptr, len); always fail? (the length returned from the previous call is 222), generating the key, allocation and group by name all appears to work. I think what I am really lacking is an understanding of how the ECDSA library is meant to be used. Are there any examples of how to do this? Everything I find seems to use the above 'generate key' rather than using pre-computed keys. I would have thought that I passed my known key into the d2i_ECPrivateKey() function and used the result from that point forward. Is this not the normal use flow? Thanks in advance for any advice (or pointers on where to read more), Ryan
RE: ECDSA/Using private and Public keys
Why does the call to d2i_ECPrivateKey(NULL, pptr, len); always fail? Because you didn't pass it a key. Change that 'NULL' to 'eckey'. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ECDSA/Using private and Public keys
On Tue, Feb 24, 2009, Ryan Tolonen wrote: // Get the private key in DER pptr = buf; len = i2d_ECPrivateKey(eckey, pptr); // Convert the private key back from DER/allocate new eckey newkey = d2i_ECPrivateKey(NULL, pptr, len); Why does the call to d2i_ECPrivateKey(NULL, pptr, len); always fail? (the length returned from the previous call is 222), generating the key, allocation and group by name all appears to work. http://www.openssl.org/support/faq.html#PROG3 Is relevant here. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help with keytool
On Tue, Feb 24, 2009 at 03:48:21PM -0500, Mark H. Wood wrote: On Tue, Feb 24, 2009 at 08:02:30AM -0800, John Oliver wrote: I need to turn PKI certs into JKSes. I have some instructions from one JKS is Java KeyStore or some such. It's a database of certificates and private keys. You can't turn a certificate into a .jks but you can store certificates into one. See what I mean about not knowing the right terminology? :-) None of this stuff is to do with OpenSSL, so this list may not be the best place for answers. And I'm not anything like an expert on keytool or JCA, but I will try to explain a bit. Where would be a better forum for these questions, then? of the developers, but it refers to a KeyTool UI which, it turns out, is not part of the base OS install, but, Oh, just go out and search the Internet for one... No thanks. Besides, I'd like to script this So helpful, they are. Yeah... :-) I did finally get the tool they used, and I think I made it work. I'd still like to be able to script this stuff, though. stuff. The man page for keytool doesn't help me much, as I know, basically, nothing about this stuff. The terminology is meaningless to me :-( ( Speaking of which, if anyone can direct me to some kind of tutorial or online lesson about the basics of PKI, SSL, etc. that would be awesome! ) So... I'd like to request some assistance in turning the following instructions into CLI 'keytool' commands. Spoiler: I don't think there is a way using the tool you've chosen, but read on for my best guesses. Well, I didn't choose so much as assume. If there is a more appropriate tool, I'm all ears! :-) After creating a PKCS12 file... 9. Use KeyTool UI (Java tool), go to File-Open Keystore and open certificate.p12 -storetype pkcs12 -keystore certificate.p12 are needed to specify the keystore file and its (non-default) type. You will need these for all steps that operate on this file. 10. Right click on the displayed keypair and Rename it to 'key' -changealias -alias OLDNAME -destalias key Names are aliases in keytool. I don't believe that PKI terminology includes the concept of naming a keypair. 11. Import the COC CA-13 certificate into the new keystore using Tools-Import Trusted Certificate -importcert -file THE_CERTIFICATE_FILE I think you will be required to specify -alias SOME_NAME, and you may want to add -trustcacerts. 12. Go to File-Save Keystore As and use 'password' Meaningless for keytool, which loads and saves the same -keystore file. 13. Save the file as subscriber.jks I don't think Sun keytool will do thist step. You can export certificates but not private keys -- at least, I've never found a way to move private keys in or out using keytool. And there doesn't seem to be an option to transform one type of store into another. Well... this might be another case of my simply not knowing the correct terminology, but if this goofy Java tool will happily save as , or create, or export to, or whetever it's actually doing, to a .jks... it doesn't seem to me that that would be something that should be impossible for the real tool. The part we haven't been told is why you have to start with a PKCS#12 bag if you have to end up with a JKS bag. Any procedure that requires generating a private key outside of Sun keytool is not going to work if it has to produce a JKS bag using keytool. The java.security.Keystore class appears to be able to store externally-provided keys, but keytool doesn't let you at that method. No idea. It's very likely that the answer is, Because that's the way Joe did it when he figured out how to create the keystore, and it worked, and nobody has cared to revisit the process since. If you could use -genseckey to let keytool generate the key, you could start with a .jks and there'd be no problem. I'm actually starting with a private key and a certificate for the server, both in PEM format. The PKCS12 is created like: openssl pkcs12 -export -chain -in cert.pem -CApath . -CAfile 14.pem -inkey key.pem -out certificate.p12 14.pem contains the PEM certificates for the CA that signed the cert for the host and the PEM for the Root CA that signed the intermediate CA. If there's a more appropriate way to do this, I'm flexible! Thanks so much for your response! -- *** * John Oliver http://www.john-oliver.net/ * * * *** __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need help with keytool
On Tue, Feb 24, 2009 at 03:48:21PM -0500, Mark H. Wood wrote: On Tue, Feb 24, 2009 at 08:02:30AM -0800, John Oliver wrote: 10. Right click on the displayed keypair and Rename it to 'key' -changealias -alias OLDNAME -destalias key Question: When I did this with the GUI tool, the OLDNAME was something like a spastic orangutang had been given some crystal meth and then a few seconds on the keyboard. It didn't appear to have any relation to anything. Is there any way to read that value in, or say Whatever it was called before, I don't care, call it 'key' now? -- *** * John Oliver http://www.john-oliver.net/ * * * *** __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org