Due to my requirements for separate certs for each of my customers, I'm attempting to automate this cert creation process and am using PHP to create and store the private & public keys. Unfortunately the method for doing this within PHP is quite different than the openssl command line method that's used in the example, so I'm attempting to emulate that given example within PHP and want to ensure that I'm not overlooking something.
I've created a very simple test script (shown below) to simply and quickly create the cert pairs. Tests using these generated certs all seem to show that everything is working correctly and rsync does indeed find "Matched data" and only sends a chunk of the file and not the whole thing. And, of course, all back and forth encryption/decryptions are successful. But, I suspect that I really haven't generated these certs with the exact parameters as specified in the example and was wondering if anyone could see an obvious problem, or even tell me what parameters of the cert generation itself are critical to this whole process? If I'd incorrectly specified the cert generation parameters would it still work, but maybe not optimally? Below are my test script and the 2 generated test certs (which I've attempted to escape so that an e-mail client wouldn't try to use 'em -- though I'm unsure whether it would even matter). Comments anyone? Thanx, Chuck Test Script ========================= <?php // Setup CSR info $dn = array('countryName' => 'US', 'stateOrProvinceName' => 'FL', 'localityName' => 'Orlando', 'organizationName' => 'Business', 'organizationalUnitName' => 'none', 'commonName' => 'Business', 'emailAddress' => '[EMAIL PROTECTED]', ); // Specify Key parameters $key_conf = array( 'private_key_bits' => 1536, 'private_key_type' => OPENSSL_KEYTYPE_RSA, 'encrypt_key' => FALSE, ); $pw = ''; $numdays = 1085; $privkey = openssl_pkey_new($key_conf); $csr = openssl_csr_new($dn, $privkey); $cert = openssl_csr_sign($csr, null, $privkey, $numdays); openssl_pkey_export_to_file($privkey, 'test.key'); openssl_x509_export_to_file($cert, 'test.pub'); ?> Private Cert - test.key =========================================== #-----BEGIN RSA PRIVATE KEY----- #MIIDfAIBAAKBwQCdYQFngtGBQ+FmwgEIo565UNuHYuBUEGXwb0T/76Cg4UTlMwqq #1u9RLTeYuWzRMq+rJJmr+6ZfdP2vySw4HL/XzfvpekSC3CYku3CJ7wg/FH0GIxiz #SPlLAtPsDR73j3yTOIJgMmgUJY3FQyTyRpQ48XJNfpIsDeUgki6fC/Vk6Lqd1uOw #D1pVLMN6e5GUwevyaGpqFQaTx21Z2ANWqc8gjoJv3pKeHbfVfHzUGOxSSKdC0B3P #sQYMIEp1yTE9ItsCAwEAAQKBwH7oaql95FPI2Upzx0GgL65gdaaHJT6kuo9YKtv3 #8B/LiDMLJd79054ySFLvs8A+j0oDCaiWFWOEg83s+6uEA2+Su0FbR0P/IwMb43RX #PN8hNnBsfM6WWfETJrGDIyWeniJ+JVmmGbW04B897mkzPOIQH1LHR1ESbnbQfACZ #sWue9Fnz1GCGiZOw3ojT+CM2Kz94sy6ZsX242KjK1nWv75qUwqacgs5UZdz8xSEi #NCmEVU+CAvyuzn4IynF/iRhngQJhAM6gJeERCSn7ZU+JQBw+XAnPLVx0XNqDMUQJ #uCGrPUJaLG3lkw3PIxq9qyefP5dQPoZgyf103C+H7OafaicEyw3Wl6rc7pkpT1vK #unqmbiqY2uyLP45288TvLvGV058ITQJhAML8Th7QNNmCBVR8XbW0VEr5B57uBmMq #cXjdyFSBQv+teuw9qnD7a2rS/RKE474hY6/nwlYWNKnz5zbT2Fmy8PSz5nOhQYj9 #JVlcpepE5N7KY2BPKg+xOG0Of8IoE3vrxwJgGTgkx26r3qrnd6i54XifBTd7QuCV #ALqohbRl+/4JkRKuf49YvoO8tiPWQxTFzzMlHoOrw7rCsS529MMaUr7cBcleY6Vp #ndoT7JE254duxNY5SkvIqxvLrwq+gRAXbz61AmAWBDct84SEKtI/P+u04K/D52qc #33OJLvmxFBnSsOXHyObgVfYw27K9VSWOOcMdbNe8vQaMgeVga1HoNvNu7W2Xs9iJ #peOofC0Dchqp4S2WmnOuJEIzk2czqTdzzOKmU3ECYQCXMKcLI3vVptiirzBPsjbI #7UAya/gFGtLXXFdNcDAVIVA+rDdWwSWBmN1QglYIdGrdu+t1gjw9awZ/EsjGa90p #SOkout0eX9jqXp5PJjTocYgxPZtE45fwOcJoW9xqa34= #-----END RSA PRIVATE KEY----- Public Cert - test.pub ============================ #-----BEGIN CERTIFICATE----- #MIIDzDCCAvWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJVUzEL #MAkGA1UECBMCRkwxEjAQBgNVBAcTCU1lbGJvdXJuZTERMA8GA1UEChMIQnVzaW5l #c3MxDTALBgNVBAsTBG5vbmUxETAPBgNVBAMTCEJ1c2luZXNzMRgwFgYJKoZIhvcN #AQkBFgljb0BlYS5uZXQwHhcNMDgwNDI3MjAzOTMwWhcNMTEwNDE3MjAzOTMwWjB9 #MQswCQYDVQQGEwJVUzELMAkGA1UECBMCRkwxEjAQBgNVBAcTCU1lbGJvdXJuZTER #MA8GA1UEChMIQnVzaW5lc3MxDTALBgNVBAsTBG5vbmUxETAPBgNVBAMTCEJ1c2lu #ZXNzMRgwFgYJKoZIhvcNAQkBFgljb0BlYS5uZXQwgd8wDQYJKoZIhvcNAQEBBQAD #gc0AMIHJAoHBAJ1hAWeC0YFD4WbCAQijnrlQ24di4FQQZfBvRP/voKDhROUzCqrW #71EtN5i5bNEyr6skmav7pl90/a/JLDgcv9fN++l6RILcJiS7cInvCD8UfQYjGLNI #+UsC0+wNHvePfJM4gmAyaBQljcVDJPJGlDjxck1+kiwN5SCSLp8L9WToup3W47AP #WlUsw3p7kZTB6/JoamoVBpPHbVnYA1apzyCOgm/ekp4dt9V8fNQY7FJIp0LQHc+x #BgwgSnXJMT0i2wIDAQABo4HbMIHYMB0GA1UdDgQWBBR0+jj2imA8nyB9UwBIjJO2 #QuuDnDCBqAYDVR0jBIGgMIGdgBR0+jj2imA8nyB9UwBIjJO2QuuDnKGBgaR/MH0x #CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJGTDESMBAGA1UEBxMJTWVsYm91cm5lMREw #DwYDVQQKEwhCdXNpbmVzczENMAsGA1UECxMEbm9uZTERMA8GA1UEAxMIQnVzaW5l #c3MxGDAWBgkqhkiG9w0BCQEWCWNvQGVhLm5ldIIBADAMBgNVHRMEBTADAQH/MA0G #CSqGSIb3DQEBBAUAA4HBAEYocJY76tGHJYf/FcKGCfFQkXD5R2Xnh6eGI6IT6pOZ #uyhDhn5dsmkgS57JZbcvRETLuvkLnrCLSU40f9e0E6bhfo6po8CM3eUylStDykOQ #h8f5Kph2junSGv7ay3DHbt6Ou/ExLPA0dwsD7olrHWnRg52NuuakPHDPPFydPVVn #1FnTRKmmKJ6c2+pScnb8HMVhMhGuppVFIlOw10ALLx8+tC1zUeZSnJlFxSikGnYc #rnYI1Kt+97PbBvx2ouLMlA== #-----END CERTIFICATE----- ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Rsyncrypto-devel mailing list Rsyncrypto-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rsyncrypto-devel