Bonjour,
Le 26/04/2013 15:15, redpath a écrit :
I am adding a custom extension to an x509 a png icon basically (bytes).
Since the png icon is too large to post the data I have subsituted it with
a
file called sample.txt that has a text line "This is a sample".
The code excerpt to add the extension is below.
getdata("sample.txt",&length); //abstracted
nid = OBJ_create("1.03", "samplealias", "sample");
Avoid the use of existing OIDs for private purpose. 1.3 is already
defined (/ISO/Identified-Organization).
Register for your own private OID (ask for one under the 1.3.6.1.4.1
branch, for example), and do whatever you want in your sandbox.
ASN1_OCTET_STRING_set(os,(unsigned char*)data,length);
ret = X509_EXTENSION_create_by_NID( NULL, nid, 0, os );
X509_add_ext(x,ret,-1);
*I have 2 Questions
(1) the x509 before adding a custom extension looks like this*
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=UK, CN=OpenSSL Group
Validity
Not Before: Apr 26 12:48:18 2013 GMT
Not After : Apr 26 12:48:18 2014 GMT
Subject: C=UK, CN=OpenSSL Group
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:df:82:85:c6:0b:18:50:75:35:6b:3b:cc:2e:94:
a0:b4:a6:8e:21:19:9e:28:ca:46:54:b5:5f:75:c4:
bb:a2:19:c7:51:c4:19:0d:ef:ce:65:39:0f:90:90:
2b:2a:46:76:f4:03:be:a7:f2:76:4d:26:af:8e:ce:
84:43:52:74:d1
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
8b:a6:4d:0a:0b:b6:8f:13:f6:58:10:a2:a4:cc:9c:ba:37:8c:
53:07:22:f0:93:29:17:78:b4:0a:28:91:ae:24:86:bf:2f:bf:
d8:bc:4a:97:bd:36:09:c2:b3:21:fa:fe:fe:90:91:31:00:5e:
01:f9:19:1b:54:89:f9:1f:b5:fa
-----BEGIN CERTIFICATE-----
MIIBODCB46ADAgECAgEAMA0GCSqGSIb3DQEBBQUAMCUxCzAJBgNVBAYTAlVLMRYw
FAYDVQQDEw1PcGVuU1NMIEdyb3VwMB4XDTEzMDQyNjEyNDgxOFoXDTE0MDQyNjEy
NDgxOFowJTELMAkGA1UEBhMCVUsxFjAUBgNVBAMTDU9wZW5TU0wgR3JvdXAwXDAN
BgkqhkiG9w0BAQEFAANLADBIAkEA34KFxgsYUHU1azvMLpSgtKaOIRmeKMpGVLVf
dcS7ohnHUcQZDe/OZTkPkJArKkZ29AO+p/J2TSavjs6EQ1J00QIDAQABMA0GCSqG
SIb3DQEBBQUAA0EAi6ZNCgu2jxP2WBCipMycujeMUwci8JMpF3i0CiiRriSGvy+/
2LxKl702CcKzIfr+/pCRMQBeAfkZG1SJ+R+1+g==
-----END CERTIFICATE-----
*After I added the extension you can see my field added and thats great*
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=UK, CN=OpenSSL Group
Validity
Not Before: Apr 26 12:49:39 2013 GMT
Not After : Apr 26 12:49:39 2014 GMT
Subject: C=UK, CN=OpenSSL Group
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:cf:53:10:b6:c4:ef:f3:a7:7d:39:64:18:75:2a:
77:a9:82:52:59:a9:29:e8:d6:57:de:9e:4e:3f:6a:
69:b6:b5:48:c2:ab:5a:1e:f0:c4:8d:25:2a:3d:21:
04:49:59:46:b6:d5:23:39:38:26:68:71:1d:67:31:
d4:dc:a4:3b:09
Exponent: 65537 (0x10001)
* X509v3 extensions:
sample:
This is a sample
*
Signature Algorithm: sha1WithRSAEncryption
af:5e:52:9d:cc:e7:5e:2c:63:81:76:53:c6:92:cb:81:3d:a7:
16:63:3d:97:2a:c1:dc:12:64:e1:5b:16:f3:8b:f4:5e:e2:0c:
3f:04:4d:b8:67:b7:35:75:8a:7b:b0:3a:c8:f0:7b:7d:2e:b3:
b3:6a:9d:07:21:87:32:b6:4d:4f
-----BEGIN CERTIFICATE-----
MIIBVjCCAQCgAwIBAgIBADANBgkqhkiG9w0BAQUFADAlMQswCQYDVQQGEwJVSzEW
MBQGA1UEAxMNT3BlblNTTCBHcm91cDAeFw0xMzA0MjYxMjQ5MzlaFw0xNDA0MjYx
MjQ5MzlaMCUxCzAJBgNVBAYTAlVLMRYwFAYDVQQDEw1PcGVuU1NMIEdyb3VwMFww
DQYJKoZIhvcNAQEBBQADSwAwSAJBAM9TELbE7/OnfTlkGHUqd6mCUlmpKejWV96e
Tj9qaba1SMKrWh7wxI0lKj0hBElZRrbVIzk4JmhxHWcx1NykOwkCAwEAAaMbMBkw
FwYBKwQSVGhpcyBpcyBhIHNhbXBsZQoKMA0GCSqGSIb3DQEBBQUAA0EAr15Snczn
XixjgXZTxpLLgT2nFmM9lyrB3BJk4VsW84v0XuIMPwRNuGe3NXWKe7A6yPB7fS6z
s2qdByGHMrZNTw==
-----END CERTIFICATE-----
The extension is here, it looks fine, but it's not.
The content of your extension is a simple string: "This is a
sample\n\n", where the content of an extension is supposed to be the DER
encoding of "something".
*But I noticed that the end data has gotten larger?
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----*
*And of course it is much larger when using a real PNG, very much so.. Why
is that?
I'm not sure I understand the question. You had no extension in your
first certificate, you added an extension with 18 bytes of content, and
are wondering if it's normal that your certificate is now bigger?
To the 18 bytes of content, you have to add 2 bytes for the enclosing
OCTET STRING, 3 bytes for your OID (it's a small one, encoded in 1
byte), and 2 bytes for the enclosing SEQUENCE.
Add also 2 bytes for the SEQUENCE OF containing all the extensions, and
2 more bytes for the EXPLICIT TAGged struct containing all that.
That's 29 bytes. Or 39 characters once encoded in Base64.
If your PNG content is bigger, the result will be bigger. No magic here.
I simply want to add the extension data. Is this okay and correct*
Add some ASN.1 around your PNG file, encode the result in DER, and it'll
be ok.
*(2) My second question: I am not sure I understand the nid and its fields
for use?*
nid = OBJ_create("1.03", "samplealias", "sample");
I see that the "sample" is used for the extension name in the x509 but what
are the other fields.
I guess later I will create the same exact nid to get the Field from the
x509.
man OBJ_create
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
