Re: Unsigned CRL

Sat, 29 Sep 2007 12:56:00 -0700 


Keith Thompson-3 wrote:
> 
> On Sat 07-09-29 08:44, BSC wrote:
>> Bernhard Froehlich wrote:
>> > BSC schrieb:
>> >> I need to generate unsigned (not signed by any certificate) CRL
>> >>
>> >> How can I do this? Maybe it is possible to crack signed CRL and eraze
>> a
>> >> signature?
>> >>   
>> > I cannot imagine any use for an unsigned CRL, since everyone could
>> forge 
>> > such a CRL. So I doubt it is possible to generate one that is
>> understood 
>> > by any SSL application.
>> 
>> Thanks but it's not the answer I've been loocking for ((
> 
> Perhaps not, but it's probably the best and most accurate answer
> you're going to get.
> 
> *Why* do you want an unsigned CRL?  What would such a thing give you
> that a standard signed CRL would not?  How do you expect to use it,
> given that most or all of the software that uses CRLs requires a
> verified signature?
> 
> A CRL is basically a list of certificate serial numbers with a
> cryptographic signature.  It sounds like what you're looking for is
> just a list of serial numbers.  You can easily extract such a list
> by running the command
> 
>     openssl crl -in CRL-FILENAME -noout -text
> 
> and perhaps massaging the output.  The result isn't strictly speaking
> a CRL at all, but perhaps it's what you're looking for.
> 
> -- 
> Keith Thompson <[EMAIL PROTECTED]>  San Diego Supercomputer Center
> <http://users.sdsc.edu/~kst/>  858-822-0853
> "We must do something.  This is something.  Therefore, we must do this."
>     -- Antony Jay and Jonathan Lynn, "Yes Minister"
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           [EMAIL PROTECTED]
> 
> 


I need this CRL for testing needs ))

Thank U very much I'll try to follow your advise ))



One more question: How can I create CRL version 1 (v1) I'm trying hard but
the only thing I can create is a CRL v2 without extensions ((
-- 
View this message in context: 
http://www.nabble.com/Unsigned-CRL-tf4510330.html#a12959126
Sent from the OpenSSL - User mailing list archive at Nabble.com.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]






















					Reply via email to