RE: Unsigned CRL
David Schwartz wrote: I need this CRL for testing needs )) That really doesn't make any sense. What is the point of testing with something that bears no relationship to anything in the real world? If you want to test if your CRL logic works, create your own test CA, your own test certificate, and your own test CRL signed by the test CA. Replicate the real world situation with test data and make sure your code works as intended. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] Friend, testing is testing. I'm testing mobile phones and there is a lot of tests that doesn't make any sense in the real world. So... -- View this message in context: http://www.nabble.com/Unsigned-CRL-and-CRL-v1-tf4510330.html#a12963323 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
certificate withou private key
Hy! Is it possible to create a certificate with openssl without using the coresponding private key (which is stored in a smartcard) but with the public key only? Mathias __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: certificate withou private key
Hello, Is it possible to create a certificate with openssl without using the coresponding private key (which is stored in a smartcard) but with the public key only? To create certificate with OpenSSL you need Certificate Request. This request should be generated with your smartcard software toolkit. This toolkit usually lets you generate new key pair on your smartcard and certificate request. After saving this certificate request to file you may certify this as with other certificate requests. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: certificate withou private key
Yes. No. Maybe. Such a question suggests some possible confusion. A certificate is a binding of a keypair to an identity. While only the public key is contained in the cert, some proof of possession of the corresponding private key is required. This usually requires a certificate signing request that includes a component signed using that private key. The private key need not be present to the signer, and in fact must not be if non-repudiation is desired. In the case of smart cards and embedded devices, the keypair and CSR are generated and the private key is never exposed. Google the terms 'PKCS#10' 'SPKAC' and 'CSR' - Michael -Original Message- From: Mathias Tausig [EMAIL PROTECTED] Subj: certificate withou private key Date: Sun 2007 Sep 30 14:33 Size: 459 bytes To: openssl-users@openssl.org Hy! Is it possible to create a certificate with openssl without using the coresponding private key (which is stored in a smartcard) but with the public key only? Mathias __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: certificate withou private key
Mathias Tausig schrieb: Hy! Is it possible to create a certificate with openssl without using the coresponding private key (which is stored in a smartcard) but with the public key only? Mathias It depends on which private key you are talking about... A certificate as such is a piece of information signed by a CA. To create a certificate you'll need the CA's private key. Usually the information contained in the certificate links a public key with some other information, like your eMail or a hostname. So It should be possible to create a certificate if you have access to the CA's private key (which might well reside on a smartcard) and the user's public key. But IIRC the standard procedures involve a CSR signed by the user, so you might have to play around a bit... BTW, private keys residing on a smartcard are supported by OpenSSL if you have an engine driver like, for example, opensc... Hope it helps. Ted ;) smime.p7s Description: S/MIME Cryptographic Signature
Re: certificate withou private key
Hi, you do not need the private key corresponding to the public key in the certificate in order to generate it. You need only the public key, and the private key from the issuing entity (the CA) to generate the certificate signature. If you are issuing a self-signed certificate, then you'll need to use the private key on the smart-card in order to generate the signature needed in the certificate. I hope this clarifies your doubts :D Later, Max Mathias Tausig wrote: Hy! Is it possible to create a certificate with openssl without using the coresponding private key (which is stored in a smartcard) but with the public key only? -- Best Regards, Massimiliano Pala --o Massimiliano Pala [OpenCA Project Manager][EMAIL PROTECTED] [EMAIL PROTECTED] Dartmouth Computer Science Dept Home Phone: +1 (603) 397-3883 PKI/Trust - Office 063Work Phone: +1 (603) 646-9179 --o smime.p7s Description: S/MIME Cryptographic Signature
Re: recompile applications when upgrade openssl?
On Fri, Sep 28, 2007 at 06:26:36PM +0200, peter pilsl wrote: On my linuxserver many application rely on openssl: from apache over cyrus-imap to sendmail and many others like named. Now I'd finally like to upgrade openssl from 0.9.6 to 0.9.8e to fix some security-issues. (I know its about time). My question now is: do I need to recompile all applications that rely on openssl or is enough just to rebuild the new openssl and put the libs in the proper place? The 0.9.8 and 0.9.6 releases are not binary compatible. All applications that use OpenSSL need to be recompiled. In many cases it is easier to upgrade to a complete system where 0.9.8 is the default OpenSSL release than to try to recompile everything and not run into issues with vendor updates that assume the original API, ... -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
[no subject]
Hi, I'm building a program for the YMCA I work at that needs to retrieve an ODBC username and password from a server. I doubt anyone would try to sniff the data however for completion's sake I would like to implement an SSL connection between my client and my server. However if I take this one step forward I also need to encrypt the ODBC connection data that resides on the server. How do I make sure that the ODBC username and password file is secure? Should I encrypt that file with a public key and hard code the private key into the server? I am fairly new to encryption and I have never programmed with it before so these questions may seem ignorant, please excuse me if that is the case. Are there any issues, with hard coding the private key into the server program, that I should be aware of? As well if I do use the OpenSSL library can it be compiled on OS X, Windows XP, and Linux? I'm developing my program using wxWidgets and would like to maintain as much cross compatibility as I can. Liam __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]