Re: Weird input :-( on Certificate Generation
On Sat, Dec 28, 2002, Pj wrote: I want to automate self signed certificate generation For my customers, so that my software detects expiration of the Certificate and runs the appropriate commands to generate the new cert. Like this: openssl genrsa -rand .rnd -out key.pem 1024 openssl req -new -key key.pem -out cert.pem -x509 -config openssl.cnf theData.txt theData.txt would contain lines to feed stdin ( req.c contains fgets(buf,1024,stdin) ) However the openssl.exe comes up with weird input :-( whenever I try this, due to a missing \n In the data, even though each line in theData.txt ends in hex 0D0A This is a little confusing, so before I hack req.c, does anyone have a suggestion about this, Maybe someone has done this already and knows of the black art I am missing.! Alternately is there a way of putting the data into the openssl.cnf file, so that no prompts from Stdin need to take place at all? Yes, its in the fine manual for req... Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[libcrypto] RSA / separate keys
Needing public key encryption for an application, i took a look at libcrypto. The problem is coping with it... I'm trying to use the rsa-algorithm. How do I seperate the public and the private key? If I generate my key with RSA_generate_key i'm getting a RSA* struct with both keys(a key pair). Now I want to save the public key in one location, the private key in another. I didn't find a function for it. Is my approach incorrect? First I tried to use EVP*-Functions, but i didn't find any helpful documentation or tutorial(besides the spanish one in the list-archive mentioned). What is the easiest way to use public key cryptography with libcrypto? Thanks in Advance. Michael Bäumer __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Dr. Stephen = RE: Weird input :-( on Certificate Generation
Dr. Stephen Shoot! Im not running unix, (win32) so I cant read the manpages! Any chance of dumping that page for me?? I Would greatly appreciate it... Thanks. Pj. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dr. Stephen Henson Sent: Saturday, 28 December 2002 8:55 PM To: [EMAIL PROTECTED] Subject: Re: Weird input :-( on Certificate Generation On Sat, Dec 28, 2002, Pj wrote: I want to automate self signed certificate generation For my customers, so that my software detects expiration of the Certificate and runs the appropriate commands to generate the new cert. Like this: openssl genrsa -rand .rnd -out key.pem 1024 openssl req -new -key key.pem -out cert.pem -x509 -config openssl.cnf theData.txt theData.txt would contain lines to feed stdin ( req.c contains fgets(buf,1024,stdin) ) However the openssl.exe comes up with weird input :-( whenever I try this, due to a missing \n In the data, even though each line in theData.txt ends in hex 0D0A This is a little confusing, so before I hack req.c, does anyone have a suggestion about this, Maybe someone has done this already and knows of the black art I am missing.! Alternately is there a way of putting the data into the openssl.cnf file, so that no prompts from Stdin need to take place at all? Yes, its in the fine manual for req... Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Weird input :-( on Certificate Generation
Ignore my last silly statement about the man pages, Sorry. Pj. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dr. Stephen Henson Sent: Saturday, 28 December 2002 8:55 PM To: [EMAIL PROTECTED] Subject: Re: Weird input :-( on Certificate Generation On Sat, Dec 28, 2002, Pj wrote: I want to automate self signed certificate generation For my customers, so that my software detects expiration of the Certificate and runs the appropriate commands to generate the new cert. Like this: openssl genrsa -rand .rnd -out key.pem 1024 openssl req -new -key key.pem -out cert.pem -x509 -config openssl.cnf theData.txt theData.txt would contain lines to feed stdin ( req.c contains fgets(buf,1024,stdin) ) However the openssl.exe comes up with weird input :-( whenever I try this, due to a missing \n In the data, even though each line in theData.txt ends in hex 0D0A This is a little confusing, so before I hack req.c, does anyone have a suggestion about this, Maybe someone has done this already and knows of the black art I am missing.! Alternately is there a way of putting the data into the openssl.cnf file, so that no prompts from Stdin need to take place at all? Yes, its in the fine manual for req... Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [libcrypto] RSA / separate keys
On Sat, Dec 28, 2002, Michel Bäumer wrote: Needing public key encryption for an application, i took a look at libcrypto. The problem is coping with it... I'm trying to use the rsa-algorithm. How do I seperate the public and the private key? If I generate my key with RSA_generate_key i'm getting a RSA* struct with both keys(a key pair). Now I want to save the public key in one location, the private key in another. I didn't find a function for it. Is my approach incorrect? First I tried to use EVP*-Functions, but i didn't find any helpful documentation or tutorial(besides the spanish one in the list-archive mentioned). What is the easiest way to use public key cryptography with libcrypto? The relevant PEM functions will do the job. Things like: PEM_write_RSAPrivateKey and PEM_write_RSA_RSA_PUBKEY will do what you need. As for whether you should use the RSA functions directly or EVP it depends on what you actually want to do. Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Hardware Accelerators
Hello, I'm wondering if anybody here knows of any PCI-based SSL acceleration hardware that will work for me? I'm using FreeBSD 4.7 with OpenSSL 0.9.6g and apache 1.3.27. Thanks! Scott Johnson [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: SOLVED: Using pcAnyhwere with public-key encryption and self-signed certificates
Neil, How's about just posting to the group so that it becomes searchable on the internet? Nothing like adding to the sum total of human knowledge.. Thanks, Ms. Jimi Thompson Those who are too smart to engage in politics are punished by being governed by those who are dumber. - Plato -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Neil Aggarwal Sent: Friday, December 27, 2002 7:41 AM To: Open SSL mailing list Subject: SOLVED: Using pcAnyhwere with public-key encryption and self-signed certificates Hello All: Thanks to some generous help from David Hayes, I now have a complete procedure to generate self-signed public-key certificates and use them with pcAnywhere 10.5. This allows me to use pcAnywhere securely over the Internet without having to go thru the additional expense of purchasing certificates from a certification company such as Verisign. I know this information will be valuable for other members on this list and am willing to contribute it to the community. If anyone would like my notes on how to do this, please let me know. Thanks, Neil Aggarwal [EMAIL PROTECTED] -- Neil Aggarwal JAMM Consulting, Inc.(972) 612-6056, http://www.JAMMConsulting.com Custom Internet DevelopmentWebsites, Ecommerce, Java, databases __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
