Hello all:
I find myself needing to create some test certificates with SMIME Capabilities
encoded in them. Now, the ASN.1 prototype for these are:
SMIMECapabilities ::= SEQUENCE OF SMIMECapability
SMIMECapability ::= SEQUENCE {
capabilityID OBJECT IDENTIFIER,
parameters ANY DEFINED BY capabilityID OPTIONAL }
To me, this means that, in an extensions section of openssl.cnf, I should be
able to do something like:
[my_cert_extensions]
basicConstraints = CA:FALSE
keyUsage = critical, keyEncipherment, dataEncipherment
SMIME-CAPS = ASN1:SEQUENCE:smime_seq
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
[ smime_seq ]
capabilityID.0 = OID:sha1
capabilityID.1 = OID:sha256
capabilityID.2 = OID:sha1WithRSA
capabilityID.3 = OID:aes-256-ecb
capabilityID.4 = OID:aes-256-cbc
capabilityID.5 = OID:aes-256-ofb
capabilityID.6 = OID:aes-128-ecb
capabilityID.7 = OID:aes-128-cbc
capabilityID.8 = OID:aes-128-ecb
And it should work - my problem is that it is devilishly hard to verify and
see whether this is, in fact, correct. Not to mention there is a complete lack
of any examples of functional certificates out there that I can find. That,
and there is a notable lack of client programs that will spit out the contents
of this extension in any sort of form that is useful.
Can one of the OpenSSL gurus please let me know if I'm on the right path?
Thanks.
--
Patrick Patterson
President and Chief PKI Architect,
Carillon Information Security Inc.
http://www.carillon.ca
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
