Due to my requirements for separate certs for each of my customers, I'm 
attempting to automate this cert creation process and am using PHP to 
create and store the private & public keys.  Unfortunately the method 
for doing this within PHP is quite different than the openssl command 
line method that's used in the example, so I'm attempting to emulate 
that given example within PHP and want to ensure that I'm not 
overlooking something.

I've created a very simple test script (shown below) to simply and 
quickly create the cert pairs. Tests using these generated certs all 
seem to show that everything is working correctly and rsync does indeed 
find "Matched data" and only sends a chunk of the file and not the whole 
thing.  And, of course, all back and forth encryption/decryptions are 
successful.

But, I suspect that I really haven't generated these certs with the 
exact parameters as specified in the example and was wondering if anyone 
could see an obvious problem, or even tell me what parameters of the 
cert generation itself are critical to this whole process?  If I'd 
incorrectly specified the cert generation parameters would it still 
work, but maybe not optimally?

Below are my test script and the 2 generated test certs (which I've 
attempted to escape so that an e-mail client wouldn't try to use 'em -- 
though I'm unsure whether it would even matter).  Comments anyone?


Thanx,
Chuck



Test Script
=========================
<?php

// Setup CSR info
$dn = array('countryName'                       => 'US',
                        'stateOrProvinceName'   => 'FL',
                        'localityName'          => 'Orlando',
                        'organizationName'      => 'Business',
                        'organizationalUnitName' => 'none',
                        'commonName'            => 'Business',
                        'emailAddress'          => '[EMAIL PROTECTED]',
                        );
                        
// Specify Key parameters
$key_conf = array(      'private_key_bits'      => 1536,
                        'private_key_type'      => OPENSSL_KEYTYPE_RSA,
                        'encrypt_key'           => FALSE,
                                );
                                
$pw = '';
$numdays = 1085;                        


$privkey = openssl_pkey_new($key_conf);
$csr = openssl_csr_new($dn, $privkey);
$cert = openssl_csr_sign($csr, null, $privkey, $numdays);
openssl_pkey_export_to_file($privkey, 'test.key');
openssl_x509_export_to_file($cert, 'test.pub');
?>


Private Cert - test.key
===========================================
#-----BEGIN RSA PRIVATE KEY-----
#MIIDfAIBAAKBwQCdYQFngtGBQ+FmwgEIo565UNuHYuBUEGXwb0T/76Cg4UTlMwqq
#1u9RLTeYuWzRMq+rJJmr+6ZfdP2vySw4HL/XzfvpekSC3CYku3CJ7wg/FH0GIxiz
#SPlLAtPsDR73j3yTOIJgMmgUJY3FQyTyRpQ48XJNfpIsDeUgki6fC/Vk6Lqd1uOw
#D1pVLMN6e5GUwevyaGpqFQaTx21Z2ANWqc8gjoJv3pKeHbfVfHzUGOxSSKdC0B3P
#sQYMIEp1yTE9ItsCAwEAAQKBwH7oaql95FPI2Upzx0GgL65gdaaHJT6kuo9YKtv3
#8B/LiDMLJd79054ySFLvs8A+j0oDCaiWFWOEg83s+6uEA2+Su0FbR0P/IwMb43RX
#PN8hNnBsfM6WWfETJrGDIyWeniJ+JVmmGbW04B897mkzPOIQH1LHR1ESbnbQfACZ
#sWue9Fnz1GCGiZOw3ojT+CM2Kz94sy6ZsX242KjK1nWv75qUwqacgs5UZdz8xSEi
#NCmEVU+CAvyuzn4IynF/iRhngQJhAM6gJeERCSn7ZU+JQBw+XAnPLVx0XNqDMUQJ
#uCGrPUJaLG3lkw3PIxq9qyefP5dQPoZgyf103C+H7OafaicEyw3Wl6rc7pkpT1vK
#unqmbiqY2uyLP45288TvLvGV058ITQJhAML8Th7QNNmCBVR8XbW0VEr5B57uBmMq
#cXjdyFSBQv+teuw9qnD7a2rS/RKE474hY6/nwlYWNKnz5zbT2Fmy8PSz5nOhQYj9
#JVlcpepE5N7KY2BPKg+xOG0Of8IoE3vrxwJgGTgkx26r3qrnd6i54XifBTd7QuCV
#ALqohbRl+/4JkRKuf49YvoO8tiPWQxTFzzMlHoOrw7rCsS529MMaUr7cBcleY6Vp
#ndoT7JE254duxNY5SkvIqxvLrwq+gRAXbz61AmAWBDct84SEKtI/P+u04K/D52qc
#33OJLvmxFBnSsOXHyObgVfYw27K9VSWOOcMdbNe8vQaMgeVga1HoNvNu7W2Xs9iJ
#peOofC0Dchqp4S2WmnOuJEIzk2czqTdzzOKmU3ECYQCXMKcLI3vVptiirzBPsjbI
#7UAya/gFGtLXXFdNcDAVIVA+rDdWwSWBmN1QglYIdGrdu+t1gjw9awZ/EsjGa90p
#SOkout0eX9jqXp5PJjTocYgxPZtE45fwOcJoW9xqa34=
#-----END RSA PRIVATE KEY-----


Public Cert - test.pub
============================
#-----BEGIN CERTIFICATE-----
#MIIDzDCCAvWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJVUzEL
#MAkGA1UECBMCRkwxEjAQBgNVBAcTCU1lbGJvdXJuZTERMA8GA1UEChMIQnVzaW5l
#c3MxDTALBgNVBAsTBG5vbmUxETAPBgNVBAMTCEJ1c2luZXNzMRgwFgYJKoZIhvcN
#AQkBFgljb0BlYS5uZXQwHhcNMDgwNDI3MjAzOTMwWhcNMTEwNDE3MjAzOTMwWjB9
#MQswCQYDVQQGEwJVUzELMAkGA1UECBMCRkwxEjAQBgNVBAcTCU1lbGJvdXJuZTER
#MA8GA1UEChMIQnVzaW5lc3MxDTALBgNVBAsTBG5vbmUxETAPBgNVBAMTCEJ1c2lu
#ZXNzMRgwFgYJKoZIhvcNAQkBFgljb0BlYS5uZXQwgd8wDQYJKoZIhvcNAQEBBQAD
#gc0AMIHJAoHBAJ1hAWeC0YFD4WbCAQijnrlQ24di4FQQZfBvRP/voKDhROUzCqrW
#71EtN5i5bNEyr6skmav7pl90/a/JLDgcv9fN++l6RILcJiS7cInvCD8UfQYjGLNI
#+UsC0+wNHvePfJM4gmAyaBQljcVDJPJGlDjxck1+kiwN5SCSLp8L9WToup3W47AP
#WlUsw3p7kZTB6/JoamoVBpPHbVnYA1apzyCOgm/ekp4dt9V8fNQY7FJIp0LQHc+x
#BgwgSnXJMT0i2wIDAQABo4HbMIHYMB0GA1UdDgQWBBR0+jj2imA8nyB9UwBIjJO2
#QuuDnDCBqAYDVR0jBIGgMIGdgBR0+jj2imA8nyB9UwBIjJO2QuuDnKGBgaR/MH0x
#CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJGTDESMBAGA1UEBxMJTWVsYm91cm5lMREw
#DwYDVQQKEwhCdXNpbmVzczENMAsGA1UECxMEbm9uZTERMA8GA1UEAxMIQnVzaW5l
#c3MxGDAWBgkqhkiG9w0BCQEWCWNvQGVhLm5ldIIBADAMBgNVHRMEBTADAQH/MA0G
#CSqGSIb3DQEBBAUAA4HBAEYocJY76tGHJYf/FcKGCfFQkXD5R2Xnh6eGI6IT6pOZ
#uyhDhn5dsmkgS57JZbcvRETLuvkLnrCLSU40f9e0E6bhfo6po8CM3eUylStDykOQ
#h8f5Kph2junSGv7ay3DHbt6Ou/ExLPA0dwsD7olrHWnRg52NuuakPHDPPFydPVVn
#1FnTRKmmKJ6c2+pScnb8HMVhMhGuppVFIlOw10ALLx8+tC1zUeZSnJlFxSikGnYc
#rnYI1Kt+97PbBvx2ouLMlA==
#-----END CERTIFICATE-----




-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Rsyncrypto-devel mailing list
Rsyncrypto-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rsyncrypto-devel

Reply via email to