Re: [openssl-users] Re: OpenSSL PKI Tutorial updated

[Zack Williams]

On Tue, Mar 25, 2014 at 10:54 AM, Erwann Abalea
 wrote:
>
>> 2. I couldn't figure out what the [additional_oids] section of the
>> Expert example's root-ca.conf file is for - either through research or
>> going through the commit history.  Could you elaborate on what that
>> accomplishes?
>>
>> https://pki-tutorial.readthedocs.org/en/latest/expert/root-ca.conf.html
>
> The OIDs are used in the CertificatePolicies extension of a subordinate CA
> of this root CA.
> For a policyId to be acceptable for an end-user certificate, this same
> policyId (or the special value anyPolicy) MUST be present in all CAs between
> this end-user cert and the root CA. The root CA is special in that it
> doesn't need to contain any CertificatePolicies extension.

So these are used to group or link the certificate chain together?

Is there guidance for generating and naming this OID? Given an OID in this form:

1.3.6.1.4.1.X.Y.Z

I'm assuming that you would register the top level number (X) with the
IANA (or other appropriate issuing body), but is there guidance to
setting Y and Z, which are 7 and 8 or 9 respectively in the Expert
example?

>> 3. Is there a reason to not set a pathLen in the basicConstraints
>> section of the Root CA's (to 1, to allow a maximum of one layer of
>> CA's below the Root), but to do so on the Intermediate CA's?
>
> Because it's not used by the standardized validation algorithm (RFC5280
> section 6, X.509 section 10).

I looked through RFC5280 section 6.1.4 (m), and it appears that
setting the pathLen would apply to the Root CA, and would cause
section (l) to fail on CA's created beyond the depth specified.  Am I
interpreting the RFC incorrectly?

Thanks,
Zack
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: How to sign a file with DER format?

[Dave Thompson]

The parameters field in an AlgorithmIdentifier is optional if NULL,

which it is for SHA-1, and SHA-2 and I think all hashes as well as many 

other algorithms. It appears the (older) SMIME_ API and smime utility 

does encode it and the (newer) CMS_ API and cms utility does not. 

A compliant recipient should handle both the same.

 

 

From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Kálmán bácsi
Sent: Tuesday, March 25, 2014 09:55
To: openssl-users@openssl.org
Subject: *** Spam *** Re: How to sign a file with DER format?

 

Dear Dave,

 

thanks, I modified the program and it works.

 

I got another question:

 

I compare the two files, one made by the program with the C API, and the
other made by command line tool.

 

There is one difference: after the sha1 line there is a NULL. I can't
"reproduce" it with the C API.

 

C src: http://pastebin.com/Sq6yiEB2

ASN output: http://pastebin.com/NdRDB4BQ

 

On Fri, Mar 21, 2014 at 11:37 PM, Dave Thompson 
wrote:

Streaming mode exists to allow unbounded data, whose length is not known and
may not fit in memory.

 

DER requires that the data be available and fit in memory and its length
known.

 

If you want DER don’t use streaming. apps/cms.c has options for both, if you
trace it through.

 

But why do you care? There is no requirement CMS itself be DER, only that
the data is fixed 

(so if detached *and* ASN.1 that means it should be DER) and if auth-attrs
is used (as is usual, 

and default in openssl) the signature is computed over a modified DER
encoding *of the attributes*. 

openssl does do the attributes (and in fact the signerinfos) in DER, since
they are available in memory.

 

 

From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Kálmán bácsi
Sent: Friday, March 21, 2014 03:42
To: openssl-users@openssl.org
Subject: *** Spam *** How to sign a file with DER format?

 

Hello,

I'm new to OpenSSL and got a question,

I try to sign a file with the C library, the base of the program is the
cms_sign.c example, only change is i2d_CMS_bio_stream() instead of
SMIME_write_CMS().

I noticed in the documentation that i2d_CMS_bio_stream outputs BER. Is there
any way to use DER? I googled it but find nothing, maybe used wrong
keywords...

Best regards,

Peter

 

Re: [openssl-users] Re: OpenSSL PKI Tutorial updated

[Erwann Abalea]

Le 25/03/2014 17:44, Zack Williams a écrit :

On Fri, Mar 21, 2014 at 12:25 AM, Stefan H. Holek  wrote:

I have updated the OpenSSL PKI Tutorial at Read the Docs. The tutorial provides 
three complete PKI examples you can play through and the prettiest 
configuration files this side of Neptune. Check it out!

https://pki-tutorial.readthedocs.org/

This is really awesome.   I've been trying to make sense of the config
files for cert generation and align to best practices (when I can find
them), and having good documentation is great.

A few questions:

1. Is there a reason you're not using SHA-256 hash by default - it
appears that SHA1 is being recommended against currently:
http://www.digicert.com/sha-2-ssl-certificates.htm


Good point.


2. I couldn't figure out what the [additional_oids] section of the
Expert example's root-ca.conf file is for - either through research or
going through the commit history.  Could you elaborate on what that
accomplishes?

https://pki-tutorial.readthedocs.org/en/latest/expert/root-ca.conf.html


The OIDs are used in the CertificatePolicies extension of a subordinate 
CA of this root CA.
For a policyId to be acceptable for an end-user certificate, this same 
policyId (or the special value anyPolicy) MUST be present in all CAs 
between this end-user cert and the root CA. The root CA is special in 
that it doesn't need to contain any CertificatePolicies extension.



3. Is there a reason to not set a pathLen in the basicConstraints
section of the Root CA's (to 1, to allow a maximum of one layer of
CA's below the Root), but to do so on the Intermediate CA's?


Because it's not used by the standardized validation algorithm (RFC5280 
section 6, X.509 section 10).

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: OpenSSL PKI Tutorial updated

[Zack Williams]

On Fri, Mar 21, 2014 at 12:25 AM, Stefan H. Holek  wrote:
> I have updated the OpenSSL PKI Tutorial at Read the Docs. The tutorial 
> provides three complete PKI examples you can play through and the prettiest 
> configuration files this side of Neptune. Check it out!
>
> https://pki-tutorial.readthedocs.org/

This is really awesome.   I've been trying to make sense of the config
files for cert generation and align to best practices (when I can find
them), and having good documentation is great.

A few questions:

1. Is there a reason you're not using SHA-256 hash by default - it
appears that SHA1 is being recommended against currently:
http://www.digicert.com/sha-2-ssl-certificates.htm

2. I couldn't figure out what the [additional_oids] section of the
Expert example's root-ca.conf file is for - either through research or
going through the commit history.  Could you elaborate on what that
accomplishes?

https://pki-tutorial.readthedocs.org/en/latest/expert/root-ca.conf.html

3. Is there a reason to not set a pathLen in the basicConstraints
section of the Root CA's (to 1, to allow a maximum of one layer of
CA's below the Root), but to do so on the Intermediate CA's?

Thanks,
Zack
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: How to sign a file with DER format?

[Kálmán bácsi]

Dear Dave,

thanks, I modified the program and it works.

I got another question:

I compare the two files, one made by the program with the C API, and the
other made by command line tool.

There is one difference: after the sha1 line there is a NULL. I can't
"reproduce" it with the C API.

C src: http://pastebin.com/Sq6yiEB2
ASN output: http://pastebin.com/NdRDB4BQ


On Fri, Mar 21, 2014 at 11:37 PM, Dave Thompson wrote:

> Streaming mode exists to allow unbounded data, whose length is not known
> and may not fit in memory.
>
>
>
> DER requires that the data be available and fit in memory and its length
> known.
>
>
>
> If you want DER don't use streaming. apps/cms.c has options for both, if
> you trace it through.
>
>
>
> But why do you care? There is no requirement CMS itself be DER, only that
> the data is fixed
>
> (so if detached **and** ASN.1 that means it should be DER) and if
> auth-attrs is used (as is usual,
>
> and default in openssl) the signature is computed over a modified DER
> encoding **of the attributes**.
>
> openssl does do the attributes (and in fact the signerinfos) in DER, since
> they are available in memory.
>
>
>
>
>
> *From:* owner-openssl-us...@openssl.org [mailto:
> owner-openssl-us...@openssl.org] *On Behalf Of *Kálmán bácsi
> *Sent:* Friday, March 21, 2014 03:42
> *To:* openssl-users@openssl.org
> *Subject:* *** Spam *** How to sign a file with DER format?
>
>
>
> Hello,
>
> I'm new to OpenSSL and got a question,
>
> I try to sign a file with the C library, the base of the program is the
> cms_sign.c example, only change is i2d_CMS_bio_stream() instead of
> SMIME_write_CMS().
>
> I noticed in the documentation that i2d_CMS_bio_stream outputs BER. Is
> there any way to use DER? I googled it but find nothing, maybe used wrong
> keywords...
>
> Best regards,
>
> Peter
>

Re: When P is larger than Q

[andrewarnott]

Thank you very much.






Sent from Surface Pro





From: Dave Thompson
Sent: ‎Tuesday‎, ‎March‎ ‎25‎, ‎2014 ‎1‎:‎58‎ ‎AM
To: openssl-users@openssl.org






I generated a cert for your privatekey using a fake CA I have 

for my testing (which I already set up in my systems).

 

If you want to set up your own, it’s simple in principle, but 

there are quite a few options and details. At a minimum:

 

- create a CA key and a selfsigned (root) cert for that key:

  openssl req –newkey rsa:2048 –x509 –days N –keyout cakey.pem –out cacert.pem

  # substitute other type and/or size/params of key if desired

  # specify –config file if not default

  # answer prompts for name (DN), or change config file, or use –subj

  # if desired set extensions in config file, or –extensions (section) on 
commandline 

- distribute cacert.pem and install where needed

- if using ‘ca’ below, create empty index.txt file 

- both ways create serial file with reasonable value e.g. 01

 

For each desired EE key&cert, in this case your single one:

- create a req (CSR) for that key, with suitable name (DN)

  openssl req –new –key foo.key –out foo.csr 

  # specify –config if not default and DN as above

  # can put extensions in CSR but usually better in cert below

 

and then issue a cert EITHER:

  openssl ca [-config xx] –in foo.csr –out foo.crt 

  # -days in config file or commandline

  # extensions in config file or referenced by command line if desired

OR:

  openssl x509 –req –days N –CA cacert.pem –CAkey cakey.pem –in foo.csr –out 
foo.crt

  # extensions referenced by commandline (only)

 

Use foo.crt in good health.

 




From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Andrew Arnott
Sent: Saturday, March 22, 2014 14:56
To: openssl-users@openssl.org
Subject: *** Spam *** Re: When P is larger than Q

 

Thanks Dave. Where do you get the cert file to use as input?











From: Dave Thompson
Sent: Friday, March 21, 2014 3:37 PM
To: openssl-users@openssl.org





I don’t think this violates any standard and it works fine on my Windows (which 
is 7).

I took your privatekey, which is indeed PKCS#1, generated a (fake) cert, put 
them in a PKCS12,

which Windows [7] imported okay and IE(9) was then able to use to authenticate 
to 

my test server (which trusts the fake cert). Where are you seeing the “Bad 
Data”? 

Re: When P is larger than Q

[Dave Thompson]

I generated a cert for your privatekey using a fake CA I have 

for my testing (which I already set up in my systems).

 

If you want to set up your own, it's simple in principle, but 

there are quite a few options and details. At a minimum:

 

- create a CA key and a selfsigned (root) cert for that key:

  openssl req -newkey rsa:2048 -x509 -days N -keyout cakey.pem -out
cacert.pem

  # substitute other type and/or size/params of key if desired

  # specify -config file if not default

  # answer prompts for name (DN), or change config file, or use -subj

  # if desired set extensions in config file, or -extensions (section) on
commandline 

- distribute cacert.pem and install where needed

- if using 'ca' below, create empty index.txt file 

- both ways create serial file with reasonable value e.g. 01

 

For each desired EE key&cert, in this case your single one:

- create a req (CSR) for that key, with suitable name (DN)

  openssl req -new -key foo.key -out foo.csr 

  # specify -config if not default and DN as above

  # can put extensions in CSR but usually better in cert below

 

and then issue a cert EITHER:

  openssl ca [-config xx] -in foo.csr -out foo.crt 

  # -days in config file or commandline

  # extensions in config file or referenced by command line if desired

OR:

  openssl x509 -req -days N -CA cacert.pem -CAkey cakey.pem -in foo.csr -out
foo.crt

  # extensions referenced by commandline (only)

 

Use foo.crt in good health.

 

From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Andrew Arnott
Sent: Saturday, March 22, 2014 14:56
To: openssl-users@openssl.org
Subject: *** Spam *** Re: When P is larger than Q

 

Thanks Dave. Where do you get the cert file to use as input?



From: Dave Thompson  
Sent: Friday, March 21, 2014 3:37 PM
To: openssl-users@openssl.org



I don't think this violates any standard and it works fine on my Windows
(which is 7).

I took your privatekey, which is indeed PKCS#1, generated a (fake) cert, put
them in a PKCS12,

which Windows [7] imported okay and IE(9) was then able to use to
authenticate to 

my test server (which trusts the fake cert). Where are you seeing the "Bad
Data"?