When I generate a key pair with an openssl genrsa command I get a private
key. But where is the corresponding public key stored?
--
View this message in context:
http://www.nabble.com/Where-does-openssl-store-public-keys--tf3809376.html#a10781490
Sent from the OpenSSL - User mailing list
leseul schrieb:
When I generate a key pair with an openssl genrsa command I get a private
key. But where is the corresponding public key stored?
There seems to be an openssl command pkey
(http://www.openssl.org/docs/apps/pkey.html) for this, but my version
does not know it.
A workaround
I'm trying to use a couple of simple functions of the openssl CLI and
can't figure it out from the docs nor the mailing list archives. Since
it seems that I'm going to have to review the source code to understand
the proper syntax, I'd like to expand the documentation to share this
knowledge
Bernhard Froehlich wrote:
If you want to generate a key pair you may be better off using openssl
req with the -newkey option, which also generates a certificate request
for the newly generated key.
Hope it helps.
Ted
;)
Thank you for your reply but the question was not that. I
Bruno,
A database line is structured as followed:
1. state of the cert (V=valid, R=revoked, E=expired where the state is not
changes automatically if a cert expires)
2. end of validity
3. revocation time (empty when the cert ist not revoked)
4. serial number in hex
5. Where the cert can be
Hello,
When I generate a key pair with an openssl genrsa command I get a private
key. But where is the corresponding public key stored?
After genrsa private and public key are stored in the same file.
Best regards,
--
Marek Marcola [EMAIL PROTECTED]
What is it that you're trying to do with the CLI? We might be able to
assist with that.
As for documentation, write it up and email it as an attachment to
[EMAIL PROTECTED] rt is the request tracker, and it'll make it possible
to keep track of its status.
-Kyle H
On 5/24/07, Peter Kuykendall
On Fri, May 25, 2007, Peter Kuykendall wrote:
Kyle Hamilton wrote:
This is OK if your key happens to be text, but I'm stuck on how to pass
a binary key. After figuring out the basic syntax, my new problem is
that the real key is random binary stuff, and I don't know if there is a
way
Still no response :-(
Could someone please help me clarify my doubts?
thanks,
~ Urjit
- Original Message -
From: Urjit Gokhale [EMAIL PROTECTED]
To: openssl-users@openssl.org
Sent: Thursday, May 24, 2007 4:28 PM
Subject: Re: Certificates, users and machines
Thanks for your reply.
I
Kyle Hamilton wrote:
What is it that you're trying to do with the CLI? We might be able to
assist with that.
Thanks Kyle. I'm actually doing 2 separate things. I'll list the 2nd
one in a separate thread.
I'm using openssl version 0.9.8e
This task is simply to generate a sha1 HMAC across
Hello Bruno and Thomas,
Number 1 and 4-6 are definitively right as long as I know. I think that
number 2 and 3 are correct too. But I‘m not quiet sure.
Thomas would you be so kind and tell me in what format the time is written?
Or just give me link where I can find the information; my search
Hello,
I would like to have your opinion on one scenario, and my approach to
provide needed functionality:
1) I have a server that listens to connection requests from the clients over
the internet (meaning anyone and everyone who knows my ip/port can send me
connection request. I am not
Urjit Gokhale wrote:
It seems that you are making the common mistake of conflating authentication
with authorization. Certs are useful in binding pubkeys to identities and
subsequently in verifying possession of the private key by being able to
perform decryption.
The SSL protocol has
domi schrieb:
Hello Bruno and Thomas,
Number 1 and 4-6 are definitively right as long as I know. I think that
number 2 and 3 are correct too. But I‘m not quiet sure.
Thomas would you be so kind and tell me in what format the time is written?
Or just give me link where I can find the
... is it necessary to
issue ONE certificate to EACH individual.
Yes. The problem of granting access based on membership in a
group is an authorization problem.
Correct.
This doesn't have
anything to do with certificates -- permissions and roles
change independently of binding
Mouse wrote:
I.e. for the sake of the argument identity
Michael may have an attribute employee of Tenebras, and another
attribute permitted access to dev repository A12.
Well, the Subject Distinguished Name should have the Organization,
but I strongly disagree with you if you think access
Much appreciated Endhy.
Garyc
--- Endhy Aziz [EMAIL PROTECTED] wrote:
I wrote :
One of the chapter, Designing With SSL may help
.
Should be :
One of the chapter, Coding With SSL may help
Regards,
--Endhy
Thank you very much for the response.
For both the responses I got, it looks like the server need to access the
information (whether identity or attribute or whatever) present in the
certificate
and use that to decide the permissions for the peer that represented this
certificate.
Is my
On 2007.05.25 at 08:16:19 -0400, Mouse wrote:
I'm driving at Attribute Certificates. They are supposed to have shorter
life than identity certs, but still long enough to be usable.
I've seen project to add attribute certificates to OpenSSL.
http://openpmi.sourceforge.net/
You can try to
Hello,
Took the client and server code from the Network
Security with OpenSSL chapter 5. Built the server and
client code non-secure. This part worked like a charm.
Having a problem building the secure version. I'm
using Windows VC++ and windows and attempting to use
the 5.5 client. I would
Greetings,
I have a method that creates a certificate signing request. I need to add
extended key usage extensions to my request that specify the OIDs for both
server and client, i.e. 1.3.6.1.5.5.7.3.1 and 1.3.6.1.5.5.7.3.2.
The documentation is not helping me understand how to do this and I
Hello,
Running Windows and built using VC++.
I have discovered that my SSL_CTX * is null
when attempting to call:
SSL_CTX * ctx = SSL_CTX_new(SSLv23_client_method());
why would this happen? Its a little confusing it
builds fine.
Thanks,
Garyc
SSL_CTX * ctx =
--- gary clark [EMAIL PROTECTED]
Hello,
After performing the following:
SSL_CTX * ctx = SSL_CTX_new(SSLv23_client_method());
Huh! Dumped the result of theh failure and errorcode.
The ctx value is:
ctx=0x0
OPENSSL_Uplink(100EA000,07): no OPENSSL_Applink
The above failure of ERR_print_errors_fp(stderr);
Could somebody be so
Did you call SSL_library_init(),SSL_load_error_strings(), etc.?
gary clark [EMAIL PROTECTED] wrote: Hello,
After performing the following:
SSL_CTX * ctx = SSL_CTX_new(SSLv23_client_method());
Huh! Dumped the result of theh failure and errorcode.
The ctx value is:
ctx=0x0
Hello,
I managed to get past the problem of loading the
certificate:
I am now calling the below:
if
(SSL_CTX_use_PrivateKey_file(ctx,CERTFILE,SSL_FILETYPE_PEM)!=1)
{
ERR_print_errors_fp(stderr);
printf(Error loading private key file!);
}
I see the
Hello,
I loaded the key file into the SSL_CTX and that
appeared to work i.e client.key. Is this correct?
I used the book and thought that CERTFILE,client.pem
was being used in the
function:SSL_CTX_use_PrivateKey_file.
if
(SSL_CTX_use_PrivateKey_file(ctx,CERTFILE,SSL_FILETYPE_PEM)!=1)
Well, the Subject Distinguished Name should have the
Organization...
Can you envision long-lived certs issued by gov't - like passports? In that
case, Organization would not have the same semantics. But this is less
relevant for our discussion.
...but I strongly disagree with you if you
For both the responses I got, it looks like the server need
to access the information (whether identity or attribute or
whatever) present in the certificate and use that to decide
the permissions for the peer that represented this certificate.
Is my understanding correct?
Partially so. An
I have been unsuccessful in compiling openssl-0.9.8 on AIX 5.1 (32-bit
ppc) using gcc (GCC) 4.0.0
My configure setting is:
./config no-shared
The configure completes successfully. I start the make command and the
app appears to compile but stops at this point in the process.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Huffman
Sent: Friday, May 25, 2007 6:29 PM
To: openssl-users@openssl.org
Subject: Unable to compile on AIX 5.1
I have been unsuccessful in compiling openssl-0.9.8 on AIX 5.1 (32-bit
ppc) using gcc
and you've just multiplied your public key computation
load by a factor of three of four.
No, you merely double it. One - check that the identity cert is
valid, two
- that the attribute cert that *you* are interested in (out of a
dozen that
may be attached to this identity cert) is OK.
31 matches
Mail list logo
