RE: OpenSSL, IIS, and OFX Keys

Tipton, Michael Fri, 24 Nov 2000 10:27:18 -0800
Thank you, 
I'll give it a try..

I'm using 0.9.5 right now.. when I tried to compile 0.9.6 I get..

BN_ASM        =bn_asm.o
DES_ENC       =des_enc.o fcrypt_b.o
BF_ENC        =bf_enc.o
CAST_ENC      =c_enc.o
RC4_ENC       =rc4_enc.o
RC5_ENC       =rc5_enc.o
MD5_OBJ_ASM   =
SHA1_OBJ_ASM  =
RMD160_OBJ_ASM=
PROCESSOR     =
RANLIB        =true
PERL          =perl
THIRTY_TWO_BIT mode
DES_PTR used
DES_RISC1 used
DES_UNROLL used
BN_LLONG mode
RC4_INDEX mode
RC4_CHUNK is undefined
Makefile => Makefile.ssl
The symlink function is unimplemented at ./util/mklink.pl line 53.
make: *** [links] Error 255

I've banged my head on it some but if anyone knows the fix.. 




C. Michael Tipton
BB&T Online Banking Services
Client Server Systems Analyst

-----Original Message-----
From: Dr S N Henson [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 24, 2000 1:21 PM
To: [EMAIL PROTECTED]
Subject: Re: OpenSSL, IIS, and OFX Keys


"Tipton, Michael" wrote:
> 
> I am using OpenSLL to extract the private keys from my IIS Key Backup
files.
> I am able to accomplish this fine except for certain servers we have.
These
> servers keys/certs are marked as OFX (Financial Exchange). These are a
> special type of key/cert that you have to specificly request from Verisign
,
> etc.. When I try to extract from these files I am getting the same error
> that I get if I use a wrong password.
> 
> unable to load key
> 207:error:0D08C007:asn1 encoding routines:D2I_NETSCAPE_PKEY:expecting an
> asn1 se
> quence:n_pkey.c:311:address=167888280 offset=0
> 207:error:0D08E08B:asn1 encoding routines:d2i_Netscape_RSA_2:unable to
> decode rs
> a private key:n_pkey.c:268:
> 207:error:0D08D06F:asn1 encoding routines:d2i_Netscape_RSA:decoding
> error:n_pkey
> .c:2450:address=167873496 offset=17
> 
> I am guessing that there is a string that marks the type of key/cert and
> openssl is not recognizing the code for OFX when it unencrypts / validates
> the file. It checks the info and does not find an expected string so
thinks
> the passowrd/unencrypt is bad.. This is pure speculation on my part.
> 
> Does anyone have any idea if this is what is going on, and more
importantly
> a way to fix / workaround it?
> 

Try using the -sgckey option in OpenSSL 0.9.6

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
RE: OpenSSL, IIS, and OFX Keys

Reply via email to
