Re: Regarding Certificate renewal
Ho there, from the technical perspective (which is the thing this list is concerned with) a renewed certificate is a new certificate for the same keys as the old one. No step of the three you list as necessary is necessary from the openssl point of view, but may be required by your CA. The data contained in the renewed certificate, beside the public part of the key, is completely up to the issuing CA and usually laid down in their policies. So, you should address your questions to the CA you want to get your certificates from. If you are implementing your own CA, you have to decide what you want to do. Or was your question about best practices when creating a CA policy? Hope this helps at least a bit, Ted ;) Am 21.01.2014 06:51, schrieb Kamalraj Madhurakasan: Hello guys, I would like to know whether my understanding about certificate renewal is correct or not. To renew the certificate: 1. we need to generate a new CSR from the private key 2. revoke the old certificate 3. get the new CSR signed by the CA with validity extended The fields that are common between old and new renewed certificate will be: 1. SKI 2. AKI 3. Issuer 4. Public Key The fields are not be common are: 1. subject (I see that while generating new CSR we can change the subject) 2. Serial number 3. Other fields Please share your inputs on this. Thanks Kamalraj -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Regarding Certificate renewal
Hello Ted, In our application we have requirement to introduce new option which allows customers to renew their certificates which was installed in it already. We would like to find out whether the new certificate is really a renewal certificate of old one so that we can allow them to replace the old one with new one. So to find out the match we decided to use fields (Issuer Or subject) And Serial number. But when I used openssl to create renew certificate as in the steps I mentioned already I see that the subject can be altered and serial number is different. From your mail I understand that other than public key, any field can be different or same based on the CA that customer uses. We have many customers across globe and they get their certificates signed and renewed by many CA in market. So my conclusion, is its up to us to decide now on choosing match fields. Let me know if I am missing something. Thanks Kamalraj On Tue, Jan 21, 2014 at 1:30 PM, Bernhard Fröhlich t...@convey.de wrote: Ho there, from the technical perspective (which is the thing this list is concerned with) a renewed certificate is a new certificate for the same keys as the old one. No step of the three you list as necessary is necessary from the openssl point of view, but may be required by your CA. The data contained in the renewed certificate, beside the public part of the key, is completely up to the issuing CA and usually laid down in their policies. So, you should address your questions to the CA you want to get your certificates from. If you are implementing your own CA, you have to decide what you want to do. Or was your question about best practices when creating a CA policy? Hope this helps at least a bit, Ted ;) Am 21.01.2014 06:51, schrieb Kamalraj Madhurakasan: Hello guys, I would like to know whether my understanding about certificate renewal is correct or not. To renew the certificate: 1. we need to generate a new CSR from the private key 2. revoke the old certificate 3. get the new CSR signed by the CA with validity extended The fields that are common between old and new renewed certificate will be: 1. SKI 2. AKI 3. Issuer 4. Public Key The fields are not be common are: 1. subject (I see that while generating new CSR we can change the subject) 2. Serial number 3. Other fields Please share your inputs on this. Thanks Kamalraj -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Regarding Certificate renewal
Am 21.01.2014 11:21, schrieb Kamalraj Madhurakasan: Hello Ted, In our application we have requirement to introduce new option which allows customers to renew their certificates which was installed in it already. We would like to find out whether the new certificate is really a renewal certificate of old one so that we can allow them to replace the old one with new one. So to find out the match we decided to use fields (Issuer Or subject) And Serial number. But when I used openssl to create renew certificate as in the steps I mentioned already I see that the subject can be altered and serial number is different. From your mail I understand that other than public key, any field can be different or same based on the CA that customer uses. We have many customers across globe and they get their certificates signed and renewed by many CA in market. So my conclusion, is its up to us to decide now on choosing match fields. Let me know if I am missing something. Now, I don't know the details of your software, but I'd advise to use the subject fields (maybe only some of them) to identify the customer. Though there's no guarantee, my guess is that in most renewed certificates the subject won't change... Also you'll catch those customers who'll want to use new keys. Same issuer makes some sense, because usually another CA will have more or less subtle differences in the subject fields. Of course you'll never get 100% of all renewed certificates, but a good percentage should be possible. I'd not restrict identification to the same public key, because that's only a technical detail, but has no intrinsic connection to the person who uses it. The serial number is definitively useless for your purpose. All this has not much to do with openssl, so maybe we should move to private discussion if you still have questions. And maybe I should think about consulting charges... :-) Hope this helps, Ted Thanks Kamalraj On Tue, Jan 21, 2014 at 1:30 PM, Bernhard Fröhlich t...@convey.de mailto:t...@convey.de wrote: Ho there, from the technical perspective (which is the thing this list is concerned with) a renewed certificate is a new certificate for the same keys as the old one. No step of the three you list as necessary is necessary from the openssl point of view, but may be required by your CA. The data contained in the renewed certificate, beside the public part of the key, is completely up to the issuing CA and usually laid down in their policies. So, you should address your questions to the CA you want to get your certificates from. If you are implementing your own CA, you have to decide what you want to do. Or was your question about best practices when creating a CA policy? Hope this helps at least a bit, Ted ;) Am 21.01.2014 06:51, schrieb Kamalraj Madhurakasan: Hello guys, I would like to know whether my understanding about certificate renewal is correct or not. To renew the certificate: 1. we need to generate a new CSR from the private key 2. revoke the old certificate 3. get the new CSR signed by the CA with validity extended The fields that are common between old and new renewed certificate will be: 1. SKI 2. AKI 3. Issuer 4. Public Key The fields are not be common are: 1. subject (I see that while generating new CSR we can change the subject) 2. Serial number 3. Other fields Please share your inputs on this. Thanks Kamalraj -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org mailto:openssl-users@openssl.org Automated List Manager majord...@openssl.org mailto:majord...@openssl.org -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
Re: openssl 1.0.1e and X509_STORE_add_cert
Hello, Adding some more infor about openssl version used: /etc/trusted_certs # openssl version -a OpenSSL 1.0.1e-fips 11 Feb 2013 built on: Wed Oct 16 10:54:53 EDT 2013 platform: linux-generic32 options: bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long) idea(int) blowfish(ptr) compiler: armv7at2vfpneon-target-linux-gnueabi-gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIO -Wall -g -Os -fomit-frame-pointer -pipek OPENSSLDIR: /usr/lib/ssl engines: dynamic Is it something wrong about the way is compiled? Regards, Ionut On Mon, Jan 20, 2014 at 1:39 PM, Putinei .Ionut putineiio...@gmail.comwrote: Hello guys, seen in changelog The functions X509_STORE_add_cert() now checks for an exact match, rather than just subject name. Can someone please explain me how to debug this and make things work? Maybe because certificates are wrong...or using deprecated api? PS: the problem with validate peer on ssl connection was solved by setting the clock properly. Still need to load the trust chain so I can verify some signed xmls. Thanks, Ionut On Tue, Jan 14, 2014 at 2:52 PM, Putinei .Ionut putineiio...@gmail.comwrote: Hello guys, I do not know if this is a openssl issue or curl/xmlsec. I have certificates for trust chain (x509) that are not loaded by xmlsec and also does not validate peer on ssl connection. The fails in xmlsec report error at openssl function X509_STORE_add_cert Run environment is arm. xmlsec library on host (x86) it works it works is same version. On host openssl is older.the default version from ubuntu 12.04 and i have no problems ..neither with errors from xmlsec neither from curl. *certifcates have same md5sum both on host and arm environment. If you know a patch that is must apply please share. Thanks, Ionut
Re: Prime number generation goes in infinite loop in OpenAT
Hi Michel, In my case, 'add' and 'rem' parameters are NULL I also agree with you, that 'goto' should be avoided, but that is written by OpenSSL guys. Can you please let me know, how did you get rid of this problem. I have checked everywhere, but did not get any solution, which can solve my problem. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Reissuing problem of X509 DER with newer versions of OpenSSL
Thank you Mr. Henson. -- View this message in context: http://openssl.6102.n7.nabble.com/Reissuing-problem-of-X509-DER-with-newer-versions-of-OpenSSL-tp48201p48233.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl 1.0.1e and X509_STORE_add_cert
Hello, Please ignore this. Did a very big mistake because was not paying attention to what is actually loaded Seems like symlink created my c_rehash where loaded with success prior to reaching the actual certificate. Again I am sorry, Ionut On Tue, Jan 21, 2014 at 2:36 PM, Putinei .Ionut putineiio...@gmail.comwrote: Hello, Adding some more infor about openssl version used: /etc/trusted_certs # openssl version -a OpenSSL 1.0.1e-fips 11 Feb 2013 built on: Wed Oct 16 10:54:53 EDT 2013 platform: linux-generic32 options: bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long) idea(int) blowfish(ptr) compiler: armv7at2vfpneon-target-linux-gnueabi-gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIO -Wall -g -Os -fomit-frame-pointer -pipek OPENSSLDIR: /usr/lib/ssl engines: dynamic Is it something wrong about the way is compiled? Regards, Ionut On Mon, Jan 20, 2014 at 1:39 PM, Putinei .Ionut putineiio...@gmail.comwrote: Hello guys, seen in changelog The functions X509_STORE_add_cert() now checks for an exact match, rather than just subject name. Can someone please explain me how to debug this and make things work? Maybe because certificates are wrong...or using deprecated api? PS: the problem with validate peer on ssl connection was solved by setting the clock properly. Still need to load the trust chain so I can verify some signed xmls. Thanks, Ionut On Tue, Jan 14, 2014 at 2:52 PM, Putinei .Ionut putineiio...@gmail.comwrote: Hello guys, I do not know if this is a openssl issue or curl/xmlsec. I have certificates for trust chain (x509) that are not loaded by xmlsec and also does not validate peer on ssl connection. The fails in xmlsec report error at openssl function X509_STORE_add_cert Run environment is arm. xmlsec library on host (x86) it works it works is same version. On host openssl is older.the default version from ubuntu 12.04 and i have no problems ..neither with errors from xmlsec neither from curl. *certifcates have same md5sum both on host and arm environment. If you know a patch that is must apply please share. Thanks, Ionut
RSA_public_decrypt(), and RSA_private_encrypt()
Dear experts: We want to be able to specify padding. RSA_PKCS1_PADDING or RSA_NO_PADDING. I would like to use EVP API instead of RSA_Public_decrypt(), and RSA_Private_encrypt(). Which API should I use? I am currently using EVP_SignInit()/Update/Final() to do rsa sign, and EVP_VerifyInit/Update/Final to do rsa verify. Thanks in advance for any suggestion. Helen
Re: Prime number generation goes in infinite loop in OpenAT
Hi Nischal, As previously mentioned, I solved my problem using what I assume to be the appropriate parameters. So, it won't help you directly. I was only suggesting that infinite loop in those funtions seems to occur because of misuse/bad call/bad context, ... we would normally expect to return immediatly with an error code and that it may be possible to code the underlying logic with clear end/exit loop condition(s). I was also hoping to draw attention to more qualified people on this matter. Le 21/01/2014 10:45, Nischal a écrit : Hi Michel, In my case, 'add' and 'rem' parameters are NULL I also agree with you, that 'goto' should be avoided, but that is written by OpenSSL guys. Can you please let me know, how did you get rid of this problem. I have checked everywhere, but did not get any solution, which can solve my problem. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Prime number generation goes in infinite loop in OpenAT
I didn't see it before, but in fact, it is stated in the 'bugs' section : |RSA_generate_key()| goes into an infinite loop for illegal input values. Did you read : http://www.openssl.org/docs/crypto/RSA_generate_key.html || Le 21/01/2014 17:50, Michel a écrit : Hi Nischal, As previously mentioned, I solved my problem using what I assume to be the appropriate parameters. So, it won't help you directly. I was only suggesting that infinite loop in those funtions seems to occur because of misuse/bad call/bad context, ... we would normally expect to return immediatly with an error code and that it may be possible to code the underlying logic with clear end/exit loop condition(s). I was also hoping to draw attention to more qualified people on this matter. Le 21/01/2014 10:45, Nischal a écrit : Hi Michel, In my case, 'add' and 'rem' parameters are NULL I also agree with you, that 'goto' should be avoided, but that is written by OpenSSL guys. Can you please let me know, how did you get rid of this problem. I have checked everywhere, but did not get any solution, which can solve my problem. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RSA_public_decrypt(), and RSA_private_encrypt()
On 21 January 2014 15:44, HelenH Zhang helen...@yahoo.com wrote: Dear experts: We want to be able to specify padding. RSA_PKCS1_PADDING or RSA_NO_PADDING. I would like to use EVP API instead of RSA_Public_decrypt(), and RSA_Private_encrypt(). Which API should I use? I am currently using EVP_SignInit()/Update/Final() to do rsa sign, and EVP_VerifyInit/Update/Final to do rsa verify. Thanks in advance for any suggestion. Helen Padding can be set using EVP_PKEY_CTX_set_rsa_padding. See: https://www.openssl.org/docs/crypto/EVP_PKEY_CTX_ctrl.html Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: DH_generate_key() segmentation fault
Hi, Thank you all for your quick responses. I am using openssl 1.0.1 on a Linux machine. The DH_new() works correctly in my machine. It does not return NULL. Only the problem occurs in these lines- BN_bin2bn(parmp,strlen(parmp), dhPar2-p); BN_bin2bn(parmg,strlen(parmg), dhPar2-g); For unknown reasons, it does not convert, and place the BIGNUM in dhPar2-p or dhPar2-g. Instead I use PEM_write_bio_DHparams() and PEM_read_bio_DHparams(), and it works like charm. Thank you for your help. On Tuesday, January 21, 2014 6:05 AM, Dave Thompson dthomp...@prinpay.com wrote: From: owner-openssl-us...@openssl.org On Behalf Of Matt Caswell Sent: Monday, January 20, 2014 15:45 On 20 January 2014 15:34, khan wahid rr...@yahoo.com wrote: Hi, I am trying to implement DH key exchage using openssl in the same program, so I generate DH parameters once, and then transfer the p and g to another DH object, here is my code- snip void hexprint(unsigned char *printBuf, int len) snip int main(int argc, char *argv[]) { DH *dhPar=DH_new(); DH *dhPar2=DH_new(); time_t rt; srand((unsigned) time(rt)); openssl doesn't use the C-library RNG rand(). It has its own RAND_*, which is automatically seeded (for generate) with time, and (for all SSLeay) other possibly platform-dependent stuff like /dev/random. C rand() isn't designed to be, and usually(?) isn't, a CSPRNG. unsigned char *dhSec1; unsigned char *dhSec2; printf(Generate parameter \n); DH_generate_parameters_ex(dhPar, 1024, DH_GENERATOR_2, 0); unsigned char *parmp=malloc(sizeof(unsigned char *) * BN_num_bytes(dhPar-p)); unsigned char *parmg=malloc(sizeof(unsigned char *) * BN_num_bytes(dhPar-g)); You should check the return values of these calls to check that they have worked! However I will assume that this is not your problem (see below)... Also the size is wrong (albeit on the safe side). You actually want BN_num_bytes(whatever) times sizeof (unsigned char /*not ptr*/) which is always 1 on every C everywhere and thus can be omitted. The idiom is T * ptr = malloc (nelem * sizeof (T /* not T* */)) or T * ptr = malloc ( nelem * sizeof *ptr ). The latter can be more robust in getting the type correct if the malloc and assignment are separated in the code, if you are still using C90 (e.g. Microsoft) or prefer the classic organization of all declarations at the top. memset(parmp, 0, BN_num_bytes(dhPar-p)); memset(parmg, 0, BN_num_bytes(dhPar-g)); BN_bn2bin(dhPar-p,parmp); BN_bn2bin(dhPar-g,parmg); BN_bin2bn(parmp,strlen(parmp), dhPar2-p); BN_bin2bn(parmg,strlen(parmg), dhPar2-g); You should not use strlen to find the length of binary data. This could potentially cause a seg fault. Or a silently incorrect value, which is harder to debug. You have not said what version of openssl you are running, so I have checked the standard default behaviour of Openssl 1.0.1f. DH_new does I'm pretty sure this area hasn't changed in a long time. not allocate the BIGNUMs for p and g. They are set to NULL. The call to BN_bin2bn will check the value of its 3rd argument. If it is null it will allocate a BIGNUM and return it. Therefore this is what is happening to your code. The values of p and g will remain as NULL, and the allocated BIGNUMs are being ignored by your code. DH_generate_key(dhPar); This is clearly going to fail (with a seg fault) because the parameters have not been set (as noted above). Additional issues: openssl current (PKCS3) DH parameters in general can contain L (xsize) in addition to p and g, although parameters generated by (current) DH_generate_parameters[_ex] don't. Reportedly 1.0.2 will support X9.42 parameters with full q. Within one process' memory (as this is) instead of converting BN to external form and then back, you can just call BN_dup. And for this whole use case you can just call DHparams_dup. In real use you more often need to copy DH parameters from one process to another, often via storage in between. openssl supports the PKCS3 format for this, with i2d/d2i or PEM_read/write, which if you can use it is easier and probably safer than designing and coding your own. If you have not already found it, you should check this page which gives details and code samples of working with DH: http://wiki.openssl.org/index.php/Diffie_Hellman Apparently not much tested; i2d_DHparams_bio writes or sends only the parameters not any key -- even though the same DH struct contains both/all. There is (currently) no DH_ level routines to read and write a public OR private key, but the EVP_ generic PUBKEY and PrivateKey routines do so, as X.509 SubjectPublickKeyInfo aka SPKI or PKCS#8, which include params plus y or x and y. There are three possible cases: - ephemeral parameters: A must
RE: DH_generate_key() segmentation fault
As two other people have already said, you cannot use strlen() on binary data. BN_bin2bn(parmp,strlen(parmp), dhPar2-p); BN_bin2bn(parmg,strlen(parmg), dhPar2-g); /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
Re: RSA_public_decrypt(), and RSA_private_encrypt()
Thank you, Matt for your quick reply. I have additional questions: I looked both links below: https://www.openssl.org/docs/crypto/EVP_PKEY_encrypt.html https://www.openssl.org/docs/crypto/EVP_PKEY_decrypt.html One for encryption, one for decryption, however, example code in the links are the same, which can not be true. I have the following code segment: ERR_load_crypto_strings(); pkey = EVP_PKEY_new(); rc = EVP_PKEY_assign_RSA(pkey, rsaKey); if (rc) { ctx = EVP_PKEY_CTX_new(pkey); if (!ctx) { rc = -1; } rc = EVP_PKEY_CTX_set_signature_md(ctx, md); if (rc == 1) rc = EVP_PKEY_encrypt_init(ctx); if (rc == 1) rc = EVP_PKEY_CTX_set_rsa_padding(ctx, pad); if (rc == 1) rc = EVP_PKEY_encrypt(ctx, out, outlen, in, inlen) = 0) } EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); This code should perform similar function as EVP_Sign... except padding part. Is it correct? Thanks Helen From: Matt Caswell fr...@baggins.org To: openssl-users@openssl.org Sent: Tuesday, January 21, 2014 1:35 PM Subject: Re: RSA_public_decrypt(), and RSA_private_encrypt() On 21 January 2014 15:44, HelenH Zhang helen...@yahoo.com wrote: Dear experts: We want to be able to specify padding. RSA_PKCS1_PADDING or RSA_NO_PADDING. I would like to use EVP API instead of RSA_Public_decrypt(), and RSA_Private_encrypt(). Which API should I use? I am currently using EVP_SignInit()/Update/Final() to do rsa sign, and EVP_VerifyInit/Update/Final to do rsa verify. Thanks in advance for any suggestion. Helen Padding can be set using EVP_PKEY_CTX_set_rsa_padding. See: https://www.openssl.org/docs/crypto/EVP_PKEY_CTX_ctrl.html Matt __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org