I'm not quite a cryptopp expert, so I could be wrong, but I believe that part of the problem might be that cryptopp doesn't generate x.509 certificates, but only public / private key pairs.
Before you can base64 encode it and put header and footer lines on it, you'll have to do the work of generate a certificate from the key pair. This work includes generating all the additional information that a certificate requires (distinguished names, a signing certificate from a CA, a signature, etc., etc., etc.) and encoding all this information as required for an x.509 certificate (ASN.1 DER encoding if you want to turn it into a PEM.)
Hope this helps (and hope I'm not lying :-)
- Joseph
The only point that is still not very clear in my mind is the PEM / DER conversion. The OpenSSL doc says about certificates conversion "The DER format is the DER encoding of the certificate and PEM is the base64 encoding of the DER encoding with header and footer lines added", which is what I thought I could do with keys. Does it mean it is true for entire certificate files but not for simple keys ?
Regards,
Cedric
-----Message d'origine----- De: Shawn Masters [mailto:[EMAIL PROTECTED] Date: vendredi 1 ao�t 2003 14:17 �: [EMAIL PROTECTED] Objet: Re: Key file and certificates
Yes, you are wrong. :-) This seems to be the biggest hurdle for
people to actually use PK. The keys are in general a collection of Integers. Some of these are extremely large and can only be handled easily in binary form. Now the way that these encoded depends heavily on some choices made (Endianess, length encoding, etc.).
I believe all of the formats you have listed use ASN.1 coding. This
is often referred to as the binary version of XML by the younger crowd, but it is much more powerful IMHO (also much older). It defines unambiguous ways of encoding things like Integers, and forming collections of them for things like keys.
You can find everything you need to understand this at the RSA lab
site where they have documents on the different formats and a starter guide on ASN.1. Then Wei has given you a very powerful/versatile set of tools to work with these formats. Some of them already have code for handling, but the rest shouldn't be very hard to conjure up. In general, once you understand the basic format and how crypto++ offers fundamental tools you should be able to read most of those formats in just a handful of lines of code.
If you want something that already has most of the higher level functions done for you, look at OpenSSL.
73, Shawn
[EMAIL PROTECTED] wrote:
Hi, me again
I would to know which key file and certificates formats are supported by CryptoPP, amoung PKCS12, PKCS7, PEM, CER, and all their little friends. Searching through the ML archive did not really answer me.
Two particular questions : 1. Am I wrong if I consider I can create a PEM file just by
Base64-encoding
a key generated by RSAES_OAEP_SHA_Decryptor::DEREncode, and then adding correct header and footer ?
2. I am particularly interested in using PKCS12 (.PFX) files ; in case it
is
not supported, are there available implementations that could be used with CryptoPP ?
Regards,
