Re: CRLs and self-signed root certs.
On Sat, Dec 02, 2000 at 12:05:46PM +, Ben Laurie wrote: Bodo Moeller wrote: Peter Gutmann [EMAIL PROTECTED]: Mats Nilsson [EMAIL PROTECTED]: Should a self-signed root certificate ever need to be revoked, shall it list itself in its usual CRL(s), as the last thing it does before it is thrown away, or is it sufficient (from its users' standpoint) that it simply ceases to issue more CRLs? Noone knows (and I don't just mean that as a shoulder-shrug response, I mean that noone, at least on the PKIX list, actually knows what's supposed to happen in this situation). The behaviour from current apps is that some will accept a self-revocation, some will reject it, and a small number will crash or fail in some other way. I like the idea of having the application crash in such a situation: Obviously the application developers noticed the similarity to the Epimenides paradoxon [1] and did not see any other way out except having the program vanish in a puff of logic. Eh? Surely if a cert revokes itself then one of two things has happened: a) The legitimate owner revoked it b) Someone else got hold of the private key and revoked it in either case, you want the cert to be revoked, right? Sure. As I explained, there's nothing paradoxical about the Epimenides paradoxon either; but still it's often cited as a prototypical paradoxon. (I had hoped for someone to point out that the Greek did not have a senate ...) -- Bodo Möller [EMAIL PROTECTED] PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: CRLs and self-signed root certs.
Ben Laurie [EMAIL PROTECTED] wrote: Eh? Surely if a cert revokes itself then one of two things has happened: a) The legitimate owner revoked it b) Someone else got hold of the private key and revoked it in either case, you want the cert to be revoked, right? In case b, nothing would stop the imposter to issue yet another CRL, one where the root certificate is no longer marked as revoked. It would surely fool some users. It's quite clear that an out-of-band procedure is necessary. Goetz Babin-Ebell [EMAIL PROTECTED] wrote: You can generate a new root certificate and use it to sign the new CRL which lists the old root certificate as revoked... I'm not sure one should recognize the new root ca to be a legitimate revoker of the orignal certificate. Isn't it so, that only the issuer of a certificate can revoke a certificate? (where being an "issuer" is equivalent to holding the private key) Mats __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re:
Alex Cosic a crit : Hi, My question is on how to connect JSSE (java based client) with openssl based web engine server. I have tried so far and what I have got is that I could not create SSL socket with my opensl server, which works fine with my openssl client (even when I used JNI approach to use C llibrary from Java. Any suggestion? Alex Cosic Hi ! I've also an apache web server on linux and i have no probleme to connect to from a win PC using the socket class ( i've also securised my Client using SSL prtotocol ) but i've not try the SSLSocket class from JSSE ! Try to look at your configuration ! and see if the CipherSuite are available or something like this ! I' gona try JSSE ! Bsets Regards Fred
Key genration in IE
Hi all, Please help me. My problems are as follows: 1. I have generated key pair in Netscape (at client side) and then subsequently I have created Certificate (at server side) using -SPKAC option of "ca" command i.e signing the request with root private key. This works fine. My problem is how can I generate the key pair in IE and then create certificate using openssl like what I have done in Netscape. Has any one done this? Please help me. I need your help despaerately - I tried a lot using actiovex etc. 2. In case of signing a text in Netscape, there is no problem- crypto.signText() of Java Script works fine and the output is PKCS#7 object. I can also verify at the server using "verify" command of OpenCA. Could You please tell me how can I sign a text in the IE such that ouput will be PKCS#7 object? 3. If I have a crypto API which can generate a hash of a data and then sign it using the private key of the certificate, then is it possible to output a PKCS#7 signed-object?If yes, How it can be done. Please help me. Thanking you in advance, Tridib _ Chat with your friends as soon as they come online. Get Rediff Bol at http://bol.rediff.com Participate in crazy auctions at http://auctions.rediff.com/auctions/ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Key genration in IE
"Tridib, Mumbai" wrote: 3. If I have a crypto API which can generate a hash of a data and then sign it using the private key of the certificate, then is it possible to output a PKCS#7 signed-object?If yes, How it can be done. Technically talking, yes, but only pkcs#7 _without_ any signed attribute. You'd need to create a new pkcs#7 the standard way, and instead of calling the sign function, fill the signature inside signerinfo, with the data you got from the crypto API. Get the RFC2630, understand the inside format of PKCS#7, understand how this is represented inside openssl, do it. It's not going to be very easy. I wonder if including a function DoPkcs7FromPkcs1Signature would be an option in OpenSSL ? __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: cvs commit: openssl FAQ
Jeffrey Altman wrote: From the GNUTLS site: "You should view this as an alternative implementation of OpenSSL (actually GNUTLS is closer to Eric Young's SSLEAY rather than OpenSSL)." What does this mean? A great news for everyone for writes GPL code that needs crypto. When the FSF bugs you, you tell them that your code is intended to be used with GNUTLS :-) Unfortunately, it just won't work with the current version, but users have the choice to get the source code of GNUTLS and debug it or to get OpenSSL and get going. If you distribute pre-compiled code (a linux distribution ?), just distribute the pre-compiled GNUTLS in addition to OpenSSL, and have a choice at some point between using the GNUTLS or OpenSSL library for crypto, with a big warning that it just won't work if you choose GNUTLS, because it's only an alpha version. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Key genration in IE
"Tridib, Mumbai" wrote: My problem is how can I generate the key pair in IE [..] Has any one done this? Use the force and read the source: http://www.pyca.de Ciao, Michael. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
engine propose
Hi all, we are using OpenSSL with smart card. We made hard intervention into OpenSSL code, that enable use smard card as a key file. When I use RSA key in file I use standard file, if I want use card, I use special file with some setting in this file. I simply call PEM_read_bio_RSAPrivateKey() with key_file or card_file and use EVP_RSA. I think this will be good idea for select key from engine or some similar action. Bad is, to many intervention into many file are needed. But the result is perfect and simple for use. My question is: Is some easier way to achieve this? (I meam, use card_file as key_file.) Martin __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
pkcs7 processing
I am trying to create a pkcs7-formatted certificate. This is for an IPsec user. In the IPsec world, even in the year 2000, we are having silly interoperability battles over raw vs. PEM vs. pkcs7 certificate formats. I tried using 'openssl pkcs7 -inform DER -in cert7.p7c -print_certs' with the file in the crypto/pkcs7/p7 directory, but it can't parse that. It claims the length is wrong somewhere. Other samples also fail. I am able to parse a copy of the Verisign test CA root. So... I'm now trying to establish what is happening here. I have a question about the code. In apps/pkcs7.c, it reads the pkcs7-formatted blob in, with a d2i_PKCS7_bio call. I would expect that the 'p7' structure that produces contains a raw copy of the 'content' of of the PKCS7 in p7-d.ptr. But, this seems to point to pointers. Before I go nuts stepping through the code, is this the right place to look? I am looking because I want to figure out what format is in the p7 structure so when I create one I create it with the proper arguments. p.s. all those layers and layers and layers of macros makes it hard to walk through this code. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: pkcs7 processing
At 09:08 AM 12/4/00 -0800, Rodney wrote: p.s. all those layers and layers and layers of macros makes it hard to walk through this code. Amen to that! If I didn't have Visual SlickEdit I'd be tearing my hair out. It's still difficult to manually trace through the function pointers though. Tom Biggs '89 FJ1200 DoD #1146 "The whole aim of practical politics is to keep the populace alarmed - and hence clamorous to be led to safety - by menacing it with an endless series of hobgoblins, all of them imaginary." -- H.L. Mencken __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: pkcs7 processing
Rodney Thayer wrote: I am trying to create a pkcs7-formatted certificate. This is for an IPsec user. In the IPsec world, even in the year 2000, we are having silly interoperability battles over raw vs. PEM vs. pkcs7 certificate formats. I tried using 'openssl pkcs7 -inform DER -in cert7.p7c -print_certs' with the file in the crypto/pkcs7/p7 directory, but it can't parse that. It claims the length is wrong somewhere. Other samples also fail. Yes the stuff in there is broken. What it's for only Eric knows. It should really be cleared out. I am able to parse a copy of the Verisign test CA root. So... I'm now trying to establish what is happening here. I have a question about the code. In apps/pkcs7.c, it reads the pkcs7-formatted blob in, with a d2i_PKCS7_bio call. I would expect that the 'p7' structure that produces contains a raw copy of the 'content' of of the PKCS7 in p7-d.ptr. But, this seems to point to pointers. Before I go nuts stepping through the code, is this the right place to look? I am looking because I want to figure out what format is in the p7 structure so when I create one I create it with the proper arguments. Well there isn't any "content" in the typical PKCS#7 certificates only form. What you get in there is the PKCS#7 fields parsed out. If you compare the stuff in there with a PKCS#7 specification it isn't too hard to see the correspondence between the two. The certificates only form is particularly simple. The code to extract certificates in in apps/pkcs7.c and to generate a PKCS#7 certificates only structure is in apps/crl2pk7.c Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: CRLs and self-signed root certs.
I can imagine a scenario whereby an organization might choose to sign a death notice before going out of business. For example, suppose a commercial CA decided to go out of business, there might be benefits to their signing a CRL including their root certificate. Frank -Original Message- From: Ben Laurie [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 02, 2000 7:06 AM To: [EMAIL PROTECTED] Subject: Re: CRLs and self-signed root certs. Bodo Moeller wrote: Peter Gutmann [EMAIL PROTECTED]: Mats Nilsson [EMAIL PROTECTED]: Should a self-signed root certificate ever need to be revoked, shall it list itself in its usual CRL(s), as the last thing it does before it is thrown away, or is it sufficient (from its users' standpoint) that it simply ceases to issue more CRLs? Noone knows (and I don't just mean that as a shoulder-shrug response, I mean that noone, at least on the PKIX list, actually knows what's supposed to happen in this situation). The behaviour from current apps is that some will accept a self-revocation, some will reject it, and a small number will crash or fail in some other way. I like the idea of having the application crash in such a situation: Obviously the application developers noticed the similarity to the Epimenides paradoxon [1] and did not see any other way out except having the program vanish in a puff of logic. Eh? Surely if a cert revokes itself then one of two things has happened: a) The legitimate owner revoked it b) Someone else got hold of the private key and revoked it in either case, you want the cert to be revoked, right? Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: CRLs and self-signed root certs.
Mats Nilsson wrote: Goetz Babin-Ebell [EMAIL PROTECTED] wrote: You can generate a new root certificate and use it to sign the new CRL which lists the old root certificate as revoked... I'm not sure one should recognize the new root ca to be a legitimate revoker of the orignal certificate. Isn't it so, that only the issuer of a certificate can revoke a certificate? (where being an "issuer" is equivalent to holding the private key) No. Everybody can issue a CRL. A CA can issue a CRL with own revokated certificates but it can issue a CRL with revoked certificates of other CAs (at least in X509v3...) When you revoke your root certificate, you could issue a CRL and ask another CA to include your root certificate in their CRL. By Goetz -- Goetz Babin-Ebell, TC TrustCenter GmbH, http://www.trustcenter.de Sonninstr. 24-28, 20097 Hamburg, Germany Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: CRLs and self-signed root certs.
Frank Balluffi wrote: I can imagine a scenario whereby an organization might choose to sign a death notice before going out of business. For example, suppose a commercial CA decided to go out of business, there might be benefits to their signing a CRL including their root certificate. The question is: Has the CA issued certs and are they valid at the point of the revokation of the CA cert ? Who maintains these certs ? At least in Germany a public CA that goes out of bussines has to find another CA that maintains the valid issued certificates. And this new CA has a CRL, where it can publish the revokation of the old root cert of the old CA. By Goetz -- Goetz Babin-Ebell, TC TrustCenter GmbH, http://www.trustcenter.de Sonninstr. 24-28, 20097 Hamburg, Germany Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: CRLs and self-signed root certs.
Goetz Babin-Ebell [EMAIL PROTECTED] writes: Everybody can issue a CRL. Only a CA with CRL signing enabled can issue a CRL. A CA can issue a CRL with own revokated certificates but it can issue a CRL with revoked certificates of other CAs (at least in X509v3...) A CA can't revoke another CA's certificates, only certificates which it has issued. Peter. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: CRLs and self-signed root certs.
Yes. RFC 2459 (and X.509) call this an indirect CRL. See the issuing distribution point CRL extension and the certificate issuer CRL entry extension. Frank -Original Message- From: Rich Salz [mailto:[EMAIL PROTECTED]] Sent: Monday, December 04, 2000 3:27 PM To: [EMAIL PROTECTED] Subject: Re: CRLs and self-signed root certs. A CA can't revoke another CA's certificates, only certificates which it has issued. Not so clear -- the CRL contains the issuer DN and a list of serial#'s (basically), but it doesn't have to be the signed by a cert with that DN. (Yes, most clients will properly fail to verify, but the data structure most definitely allows for delegated CRL signing. In sure Entrust has some deltaCRL use that does this. :) /r$ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: CRLs and self-signed root certs.
Peter Gutmann wrote: Goetz Babin-Ebell [EMAIL PROTECTED] writes: Everybody can issue a CRL. Only a CA with CRL signing enabled can issue a CRL. Everybody who can generate a certificate with the propper flags can generate a CRL. But he has to find a way to let the user trust him in issuing the CRL... A CA can issue a CRL with own revokated certificates but it can issue a CRL with revoked certificates of other CAs (at least in X509v3...) A CA can't revoke another CA's certificates, only certificates which it has issued. ?? ITU-T X509 (06/97): 11.2 Management of certificates [...] (page 25:) - The CA shall maintain: [...] b) a time-stamped list of revoked certificates of all CAs known to the CA, certified by the CA. 2 possible meanings: - It maintains a CRL of certificates issued by other CAs. - It maintains a CRL of certificates issued by CAs that use certificates that this CA issued. But in the definition of a CRL I didn't find anything saying that it can only revoke own certificates... By Goetz -- Goetz Babin-Ebell, TC TrustCenter GmbH, http://www.trustcenter.de Sonninstr. 24-28, 20097 Hamburg, Germany Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: CRLs and self-signed root certs.
Goetz Babin-Ebell [EMAIL PROTECTED] writes: Peter Gutmann wrote: Goetz Babin-Ebell [EMAIL PROTECTED] writes: Everybody can issue a CRL. Only a CA with CRL signing enabled can issue a CRL. Everybody who can generate a certificate with the propper flags can generate a CRL. Sure, but this presupposes: A CA can issue a CRL with own revokated certificates but it can issue a CRL with revoked certificates of other CAs (at least in X509v3...) A CA can't revoke another CA's certificates, only certificates which it has issued. [...] But in the definition of a CRL I didn't find anything saying that it can only revoke own certificates... The standard can say pretty much anything it wants on the topic, but given that most current apps barely support any kind of CRL checking I'd say the usefulness of issuing one of these cross-CRLs is slightly lower than that of opening your window and shouting "Certificate 1234 from CA xyz is now revoked" out into the wind (at least one or two people will take notice of that, if only to shout back at you to shut up :-). Look at the way Sun revoked their CA cert a while back for an example of how far CRL functionality is trusted in the real world, and then extrapolate from normal CRLs to cross-CRLs... Does anyone know of any generally-available (non-special-case, single-vendor, customised, etc etc) application which will handle one of these cross-CRLs? Peter. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Key genration in IE
Hi,Would you please talk more about the crypto object in the Netscape javascript?I want a detailed reference of it. As to IE,I have collected the answer from this maillist long time ago, I would like to share it,again.And I still wonder what other function the xenroll object(or other object) offer. I am looking for some way to sign and verify signature, encrypt and decrypt data in IE and Netscape browser, not by ActiveX. List: openssl-users Subject: Re: apply cert from browser From: Thomas Reinke [EMAIL PROTECTED] Date: 2000-04-30 13:56:05 [Download message RAW] For Netscape, checking the tag KEYGEN. For IE, check the object XENROLL, as in the following example: === CREATING A REQUEST === OBJECT classid="clsid:43F8F289-7A20-11D0-8F06-00C04FC295E1" CODEBASE="xenroll.dll" id=xenroll /OBJECT You create the key pair and request with VBscript - this should be called when user has entered the data and tries to submit the form: ' Construct DN DN = "C="+country+"+O="+org+"+CN="+cn+"+EMAIL="+email ' Set the xenroll properties xenroll.providerType = 1' Microsoft xenroll.providerName = "Microsoft Base Cryptographic Provider v1.0" xenroll.HashAlgorithm= "MD5"' or "SHA1" ' xenroll.KeySpec = 2 ' AT_SIGNATURE xenroll.KeySpec = 1' AT_KEYEXCHANGE ' Make your pick here :) ' xenroll.GenKeyFlags = 1 ' CRYPT_EXPORTABLE ' xenroll.GenKeyFlags = 2 ' CRYPT_USER_PROTECTED xenroll.GenKeyFlags = 3 ' Create the request request = xenroll.CreatePKCS10(DN, "1.3.6.1.5.5.7.3.2") TheForm.pkcs10Request.value = _ "-BEGIN NEW CERTIFICATE REQUEST-" + _ CHR(13) + _ request + _ "-END NEW CERTIFICATE REQUEST-" This will give you a vanilla PEM-formatted PKCS10 request that you can submit and process in a CA of your choice, getting back a cert. === INSTALLING THE CERTIFICATE === The cert must be included in another VBscript routine on the page that installs the certificate. Like this: SCRIPT LANGUAGE="VBScript" Sub INSTALL_OnClick Dim sz10 sz10 = _ "-BEGIN CERTIFICATE-" _ "MIICIjCCAYugAwIBAgICECAwDQYJKoZIhvcNAQEEBQAwOzELMAkGA1UEBhMCRUUx" _ .. your certificate here.. "whateverisinyourcertxxxLB3B+01hWzjyYqWoLpp6y3gNbIzLSnHcD59pNpho8" _ "8t37wrgh4g3+Hxq6Pvfm3zbY//qDnw==" _ "-END CERTIFICATE-" xenroll.DeleteRequestCert = TRUE err.clear xenroll.WriteCertToCSP = true xenroll.acceptPKCS7(sz10) if err.number 0 then result = MsgBox("Bad luck, error code " err.number, 0, "Error") else result = MsgBox("You got lucky today!", 0, "") end if End Sub /SCRIPT Cheers, Thomas - Original Message - From: "Tridib, Mumbai" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, December 04, 2000 6:18 PM Subject: Key genration in IE Hi all, Please help me. My problems are as follows: 1. I have generated key pair in Netscape (at client side) and then subsequently I have created Certificate (at server side) using -SPKAC option of "ca" command i.e signing the request with root private key. This works fine. My problem is how can I generate the key pair in IE and then create certificate using openssl like what I have done in Netscape. Has any one done this? Please help me. I need your help despaerately - I tried a lot using actiovex etc. 2. In case of signing a text in Netscape, there is no problem- crypto.signText() of Java Script works fine and the output is PKCS#7 object. I can also verify at the server using "verify" command of OpenCA. Could You please tell me how can I sign a text in the IE such that ouput will be PKCS#7 object? 3. If I have a crypto API which can generate a hash of a data and then sign it using the private key of the certificate, then is it possible to output a PKCS#7 signed-object?If yes, How it can be done. Please help me. Thanking you in advance, Tridib _ Chat with your friends as soon as they come online. Get Rediff Bol at http://bol.rediff.com Participate in crazy auctions at http://auctions.rediff.com/auctions/ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: cvs commit: openssl/crypto/bn bn_mul.c bn_lcl.h
On Mon, Dec 04, 2000 at 06:12:02PM +0100, [EMAIL PROTECTED] wrote: I haven't yet changed the comments that describe bn_mul_recursive() and bn_mul_part_recursive(). Don't forget the bn_internal manpage, please. void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, -BN_ULONG *t) + int dna, int dnb, BN_ULONG *t) So, what's the difference between bn_mul_recursive and bn_mul_part_recursive now? __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]