Due to my requirements for separate certs for each of my customers, I'm
attempting to automate this cert creation process and am using PHP to
create and store the private & public keys. Unfortunately the method
for doing this within PHP is quite different than the openssl command
line method that's used in the example, so I'm attempting to emulate
that given example within PHP and want to ensure that I'm not
overlooking something.
I've created a very simple test script (shown below) to simply and
quickly create the cert pairs. Tests using these generated certs all
seem to show that everything is working correctly and rsync does indeed
find "Matched data" and only sends a chunk of the file and not the whole
thing. And, of course, all back and forth encryption/decryptions are
successful.
But, I suspect that I really haven't generated these certs with the
exact parameters as specified in the example and was wondering if anyone
could see an obvious problem, or even tell me what parameters of the
cert generation itself are critical to this whole process? If I'd
incorrectly specified the cert generation parameters would it still
work, but maybe not optimally?
Below are my test script and the 2 generated test certs (which I've
attempted to escape so that an e-mail client wouldn't try to use 'em --
though I'm unsure whether it would even matter). Comments anyone?
Thanx,
Chuck
Test Script
=========================
<?php
// Setup CSR info
$dn = array('countryName' => 'US',
'stateOrProvinceName' => 'FL',
'localityName' => 'Orlando',
'organizationName' => 'Business',
'organizationalUnitName' => 'none',
'commonName' => 'Business',
'emailAddress' => '[EMAIL PROTECTED]',
);
// Specify Key parameters
$key_conf = array( 'private_key_bits' => 1536,
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'encrypt_key' => FALSE,
);
$pw = '';
$numdays = 1085;
$privkey = openssl_pkey_new($key_conf);
$csr = openssl_csr_new($dn, $privkey);
$cert = openssl_csr_sign($csr, null, $privkey, $numdays);
openssl_pkey_export_to_file($privkey, 'test.key');
openssl_x509_export_to_file($cert, 'test.pub');
?>
Private Cert - test.key
===========================================
#-----BEGIN RSA PRIVATE KEY-----
#MIIDfAIBAAKBwQCdYQFngtGBQ+FmwgEIo565UNuHYuBUEGXwb0T/76Cg4UTlMwqq
#1u9RLTeYuWzRMq+rJJmr+6ZfdP2vySw4HL/XzfvpekSC3CYku3CJ7wg/FH0GIxiz
#SPlLAtPsDR73j3yTOIJgMmgUJY3FQyTyRpQ48XJNfpIsDeUgki6fC/Vk6Lqd1uOw
#D1pVLMN6e5GUwevyaGpqFQaTx21Z2ANWqc8gjoJv3pKeHbfVfHzUGOxSSKdC0B3P
#sQYMIEp1yTE9ItsCAwEAAQKBwH7oaql95FPI2Upzx0GgL65gdaaHJT6kuo9YKtv3
#8B/LiDMLJd79054ySFLvs8A+j0oDCaiWFWOEg83s+6uEA2+Su0FbR0P/IwMb43RX
#PN8hNnBsfM6WWfETJrGDIyWeniJ+JVmmGbW04B897mkzPOIQH1LHR1ESbnbQfACZ
#sWue9Fnz1GCGiZOw3ojT+CM2Kz94sy6ZsX242KjK1nWv75qUwqacgs5UZdz8xSEi
#NCmEVU+CAvyuzn4IynF/iRhngQJhAM6gJeERCSn7ZU+JQBw+XAnPLVx0XNqDMUQJ
#uCGrPUJaLG3lkw3PIxq9qyefP5dQPoZgyf103C+H7OafaicEyw3Wl6rc7pkpT1vK
#unqmbiqY2uyLP45288TvLvGV058ITQJhAML8Th7QNNmCBVR8XbW0VEr5B57uBmMq
#cXjdyFSBQv+teuw9qnD7a2rS/RKE474hY6/nwlYWNKnz5zbT2Fmy8PSz5nOhQYj9
#JVlcpepE5N7KY2BPKg+xOG0Of8IoE3vrxwJgGTgkx26r3qrnd6i54XifBTd7QuCV
#ALqohbRl+/4JkRKuf49YvoO8tiPWQxTFzzMlHoOrw7rCsS529MMaUr7cBcleY6Vp
#ndoT7JE254duxNY5SkvIqxvLrwq+gRAXbz61AmAWBDct84SEKtI/P+u04K/D52qc
#33OJLvmxFBnSsOXHyObgVfYw27K9VSWOOcMdbNe8vQaMgeVga1HoNvNu7W2Xs9iJ
#peOofC0Dchqp4S2WmnOuJEIzk2czqTdzzOKmU3ECYQCXMKcLI3vVptiirzBPsjbI
#7UAya/gFGtLXXFdNcDAVIVA+rDdWwSWBmN1QglYIdGrdu+t1gjw9awZ/EsjGa90p
#SOkout0eX9jqXp5PJjTocYgxPZtE45fwOcJoW9xqa34=
#-----END RSA PRIVATE KEY-----
Public Cert - test.pub
============================
#-----BEGIN CERTIFICATE-----
#MIIDzDCCAvWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJVUzEL
#MAkGA1UECBMCRkwxEjAQBgNVBAcTCU1lbGJvdXJuZTERMA8GA1UEChMIQnVzaW5l
#c3MxDTALBgNVBAsTBG5vbmUxETAPBgNVBAMTCEJ1c2luZXNzMRgwFgYJKoZIhvcN
#AQkBFgljb0BlYS5uZXQwHhcNMDgwNDI3MjAzOTMwWhcNMTEwNDE3MjAzOTMwWjB9
#MQswCQYDVQQGEwJVUzELMAkGA1UECBMCRkwxEjAQBgNVBAcTCU1lbGJvdXJuZTER
#MA8GA1UEChMIQnVzaW5lc3MxDTALBgNVBAsTBG5vbmUxETAPBgNVBAMTCEJ1c2lu
#ZXNzMRgwFgYJKoZIhvcNAQkBFgljb0BlYS5uZXQwgd8wDQYJKoZIhvcNAQEBBQAD
#gc0AMIHJAoHBAJ1hAWeC0YFD4WbCAQijnrlQ24di4FQQZfBvRP/voKDhROUzCqrW
#71EtN5i5bNEyr6skmav7pl90/a/JLDgcv9fN++l6RILcJiS7cInvCD8UfQYjGLNI
#+UsC0+wNHvePfJM4gmAyaBQljcVDJPJGlDjxck1+kiwN5SCSLp8L9WToup3W47AP
#WlUsw3p7kZTB6/JoamoVBpPHbVnYA1apzyCOgm/ekp4dt9V8fNQY7FJIp0LQHc+x
#BgwgSnXJMT0i2wIDAQABo4HbMIHYMB0GA1UdDgQWBBR0+jj2imA8nyB9UwBIjJO2
#QuuDnDCBqAYDVR0jBIGgMIGdgBR0+jj2imA8nyB9UwBIjJO2QuuDnKGBgaR/MH0x
#CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJGTDESMBAGA1UEBxMJTWVsYm91cm5lMREw
#DwYDVQQKEwhCdXNpbmVzczENMAsGA1UECxMEbm9uZTERMA8GA1UEAxMIQnVzaW5l
#c3MxGDAWBgkqhkiG9w0BCQEWCWNvQGVhLm5ldIIBADAMBgNVHRMEBTADAQH/MA0G
#CSqGSIb3DQEBBAUAA4HBAEYocJY76tGHJYf/FcKGCfFQkXD5R2Xnh6eGI6IT6pOZ
#uyhDhn5dsmkgS57JZbcvRETLuvkLnrCLSU40f9e0E6bhfo6po8CM3eUylStDykOQ
#h8f5Kph2junSGv7ay3DHbt6Ou/ExLPA0dwsD7olrHWnRg52NuuakPHDPPFydPVVn
#1FnTRKmmKJ6c2+pScnb8HMVhMhGuppVFIlOw10ALLx8+tC1zUeZSnJlFxSikGnYc
#rnYI1Kt+97PbBvx2ouLMlA==
#-----END CERTIFICATE-----
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Rsyncrypto-devel mailing list
Rsyncrypto-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rsyncrypto-devel
