[openssl-users] AES-GCM processing time
dear all i am using Authenticated Encryption AES-GCM. i am trying to calculate the processing time for encrypting a data message of size 500 byte clock_t startEncryption, endEncryption; double msecs1; startEncryption = clock(); unsigned char plaintext[500] = {'f','a','3','1','3','2','2','5','f','8','8','4','0','6','e','5','a','5','5','9','0','9','c','5','a','f','f','5','2','6','9','a','8','6','a','7','a','9','5','3','1','5','3','4','f','7','d','a','2','e','4','c','3','0','3','d','8','a','3','1','8','a','7','2','1','c','3','c','0','c','9','5','9','5','6','8','0','9','5','3','2','f','c','f','0','e','2','4','4','9','a','6','b','5','2','5','b','1','6','a','e','d','f','5','a','a','0','d','e','6','5','7','b','a','6','3','7','b','3','9','f','a','3','1','3','2','2','5','f','8','8','4','0','6','e','5','a','5','5','9','0','9','c','5','a','f','f','5','2','6','9','a','8','6','a','7','a','9','5','3','1','5','3','4','f','7','d','a','2','e','4','c','3','0','3','d','8','a','3','1','8','a','7','2','1','c','3','c','0','c','9','5','9','5','6','8','0','9','5','3','2','f','c','f','0','e','2','4','4','9','a','6','b','5','2','5','b','1','6','a','e','d','f','5','a','a','0','d','e','6','5','7','b','a','6','3','7','b','3','9', 'f','a','3','1','3','2','2','5','f','8','8','4','0','6','e','5','a','5','5','9','0','9','c','5','a','f','f','5','2','6','9','a','8','6','a','7','a','9','5','3','1','5','3','4','f','7','d','a','2','e','4','c','3','0','3','d','8','a','3','1','8','a','7','2','1','c','3','c','0','c','9','5','9','5','6','8','0','9','5','3','2','f','c','f','0','e','2','4','4','9','a','6','b','5','2','5','b','1','6','a','e','d','f','5','a','a','0','d','e','6','5','7','b','a','6','3','7','b','3','9' ,'f','a','3','1','3','2','2','5','f','8','8','4','0','6','e','5','a','5','5','9','0','9','c','5','a','f','f','5','2','6','9','a','8','6','a','7','a','9','5','3','1','5','3','4','f','7','d','a','2','e','4','c','3','0','3','d','8','a','3','1','8','a','7','2','1','c','3','c','0','c','9','5','9','5','6','8','0','9','5','3','2','f','c','f','0','e','2','4','4','9','a','6','b','5','2','5','b','1','6','a','e','d','f','5','a','a','0','d','e','6','5','7','b','a','6','3','7','b','3','9' ,'f','a','3','1','3','2','2','5','f','8','8','4','0','6','e','5','a','5','5','9'}; unsigned char key [32] = {'f','e','f','f','e',9,9,2,8,6,6,5,7,3,1,'c',6,'d',6,'a',8,'f',9,4,6,7,3,0,8,3,0,8}; //unsigned char key [48] = ; unsigned char aad[8] = {'f','e','e','d','f','a','c','e'}; //unsigned char iv[24] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; unsigned char iv[16] = {9,3,1,3,2,2,5,'d','f',8,8,4,0,6,'e',5}; unsigned char cipher[500]; unsigned char tag[16]; unsigned char extractedpalintext[500]; int encryptionsize = 0; encryptionsize = servertest.AuthenticationEncryption(plaintext,500,aad,8,key,32,iv,16,cipher,tag); servertest.AuthenticationDecryption(cipher,500,aad,8,tag,key,32,iv,16,extractedpalintext); servertest.AuthenticationDecryption(cipher,120,fakeaad,40,tag,key,32,iv,120,extractedpalintext); endEncryption = clock(); msecs1 = ((double) (endEncryption - startEncryption)) * 100.0 / CLOCKS_PER_SEC; couttime for encryption start startEncryption msec end time endEncryption msecendl; cout encryption start time msecs1msecendl; the time at start and end time time for encryption start 487 msec end time 487 msec this made the processing time is 0 msec functions for encryption and decryption int Server::AuthenticationEncryption(unsigned char plaintext[], int ptextsize, unsigned char aad[], int aadlen, unsigned char key[],int keysize, unsigned char iv[],int ivsize, unsigned char ciphertext[], unsigned char tag[]) { int len; int ciphertext_len; EVP_CIPHER_CTX *ctx; ctx = EVP_CIPHER_CTX_new(); //Initialize the encryption operation if (1 == EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) { coutsuccess inttializeendl; } else { coutsomething wrongendl; } //Set IV length should be more than 12 byte or 96 bit normally 16 if (1 == EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivsize, NULL)) { coutsuccess adding ivendl; } else { coutsomething wrongendl; } //Initialize key and IV if (1 == EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) { coutsuccess initialize key and iv endl; } else { coutsomething wrongendl; } //add AAD data if (1 == EVP_EncryptUpdate(ctx, NULL, len, aad, aadlen)) { coutsuccess adding AADendl; } else { coutsomething wrongendl; } //encrypt the message if (1 == EVP_EncryptUpdate(ctx, ciphertext, len, plaintext, ptextsize)) { coutsuccess encryptionendl; ciphertext_len = len; } else { coutsomething wrongendl; }
[openssl-users] GCM
dear all i'm trying to use AES-GCM model for encryption i use a sample code for that and my problem is ret = EVP_DecryptFinal_ex(ctx, plaintext + len, len); ret all the time is 0 this means that the plaintext is not trustworthy. encryption function int Server::AuthenticationEncryption(unsigned char plaintext[], int ptextsize, unsigned char aad[], int aadlen, unsigned char key[],int keysize, unsigned char iv[],int ivsize, unsigned char ciphertext[], unsigned char tag[]) { int len; int ciphertext_len; EVP_CIPHER_CTX *ctx; ctx = EVP_CIPHER_CTX_new(); //Initialize the encryption operation if (1 == EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) { coutsuccess inttializeendl; } else { coutsomething wrongendl; } //Set IV length should be more than 12 byte or 96 bit normally 16 if (1 == EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivsize, NULL)) { coutsuccess adding ivendl; } else { coutsomething wrongendl; } //Initialize key and IV if (1 == EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) { coutsuccess initialize key and iv endl; } else { coutsomething wrongendl; } //add AAD data if (1 == EVP_EncryptUpdate(ctx, NULL, len, aad, aadlen)) { coutsuccess adding AADendl; } else { coutsomething wrongendl; } //encrypt the message if (1 == EVP_EncryptUpdate(ctx, ciphertext, len, plaintext, ptextsize)) { coutsuccess encryptionendl; ciphertext_len = len; } else { coutsomething wrongendl; } //finalize the encryption if (1 == EVP_EncryptFinal_ex(ctx, ciphertext + len, len)) { coutsuccess final encryptionendl; ciphertext_len += len; coutcipher length is ciphertext_lenendl; } else { coutsomething wrongendl; } //get the tag EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag); return ciphertext_len; } decryption function int Server::AuthenticationDecryption(unsigned char ciphertext[], int ctextsize, unsigned char aad[], int aadlen, unsigned char tag[], unsigned char key[], int keysize, unsigned char iv[], int ivsize, unsigned char plaintext[]) { int len; int plaintext_len; EVP_CIPHER_CTX *ctx; ctx = EVP_CIPHER_CTX_new(); //Initialize the encryption operation if (1 == EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) { coutsuccess initializeendl; } else { coutsomething wrongendl; } //Set IV length should be more than 12 byte or 96 bit normally 16 if (1 == EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivsize, NULL)) { coutsuccess adding ivendl; } else { coutsomething wrongendl; } //Initialize key and IV if (1 == EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) { coutsuccess adding key and ivendl; } else { coutsomething wrongendl; } //add AAD data if (1 == EVP_DecryptUpdate(ctx, NULL, len, aad, aadlen)) { coutsuccess adding AADendl; } else { coutsomething wrongendl; } //Decrypt the message if (1 == EVP_DecryptUpdate(ctx, plaintext, len , ciphertext, ctextsize)) { coutsuccess decryptionendl; plaintext_len = len; } else { coutsomething wrongendl; } //add the tag if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag)) { coutsuccess adding tagendl; } else { coutsomething wrongendl; } //finalize the Decryption int ret = 1; ret = EVP_DecryptFinal_ex(ctx, plaintext + len, len); cout ret value is retendl; if (ret 0) { coutsuccess final decryptionendl; plaintext_len += len; coutpalin text is plaintext_lenendl; return plaintext_len; } else { coutdecrypt failendl; return -1; } return ret; } and in main () i use that unsigned char plaintext[120] = {'f','a','3','1','3','2','2','5','f','8','8','4','0','6','e','5','a','5','5','9','0','9','c','5','a','f','f','5','2','6','9','a','8','6','a','7','a','9','5','3','1','5','3','4','f','7','d','a','2','e','4','c','3','0','3','d','8','a','3','1','8','a','7','2','1','c','3','c','0','c','9','5','9','5','6','8','0','9','5','3','2','f','c','f','0','e','2','4','4','9','a','6','b','5','2','5','b','1','6','a','e','d','f','5','a','a','0','d','e','6','5','7','b','a','6','3','7','b','3','9'}; unsigned char key [32] = {'f','e','f','f','e',9,9,2,8,6,6,5,7,3,1,'c',6,'d',6,'a',8,'f',9,4,6,7,3,0,8,3,0,8}; unsigned char aad[40] =
sign problem
dear all i have a problem with c++ code for sign some data here is the code BIO *sgerr = NULL; const char szPath[MAX_FILE_NAME_SIZE] = sgerr.pem; sgerr = BIO_new_file(szPath,wb); couti'm in sign digestendl; //create private key EVP_PKEY *priv_key = NULL; priv_key = EVP_PKEY_new(); if (1 == EVP_PKEY_set1_RSA(priv_key,m_caKeyPairs)) { coutSuccessful key private createdendl; } else { coutprivate key is badendl; } EVP_MD_CTX *mdctx = NULL; mdctx = EVP_MD_CTX_create(); size_t *signlen = NULL; //Initialize the DigestSign operation if (1 == EVP_DigestSignInit(mdctx, NULL, EVP_sha1(), NULL, priv_key)) { coutinitialize correctendl; } else { coutsomething wrongendl; } //update with the message if (1 == EVP_DigestSignUpdate(mdctx, m_digestData,(DATA_SIZE + RSA_KEY_SIZE))) { coutdigest created successfullyendl; coutdigest is endl; for (int i = 0; i DIGEST_SIZE; i++) { printf(0x%.2x , m_digest[i]); } coutendl; } else { coutsomething wrongendl; } //Finalise the DigestSign operation determine the sign length if (1 == EVP_DigestSignFinal(mdctx, NULL, signlen)) { coutsign length is (*signlen)endl; } else { coutsomething wrongendl; } if (1 == EVP_DigestSignFinal(mdctx, m_signedDigest, signlen)) { coutsign successfully createdendl; } else { coutsomething wrongendl; } the output of this code in terminal during debugging i'm in sign digest Successful key private created initialize correct digest created successfully digest is 0x99 0x2d 0x5c 0x5b 0x2f 0x7a 0x85 0x98 0x7c 0x69 0xca 0x33 0x17 0xab 0x87 0x7c 0x79 0x73 0xd7 0x4a until i arrive to this point if (1 == EVP_DigestSignFinal(mdctx, NULL, signlen)) i got this error No source available for EVP_PKEY_sign() at 0xb7ede098 even this function just return the length of the sign note i'm using eclipse kepler and i don't know what i did wrong -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
sign problem
dear all i made an application a client server the client send a certificate request and server reply with the certificate and it creates a encrypted shared key and some data and sign the digest of the shared key and data my problem is 1- in SignDigest() in EVP_DigestSignFinal(mdctx, NULL, signlen); function return an error No source available for EVP_PKEY_sign() at 0xb7ede098 i don't know the reason for this error it should return the length of the sign only then i reserve a location in memory with this size please help me -- Warmest regards and best wishes for a good health,*urs sincerely * *mero* // // Name: certificate.cpp // Author : Amir // Version : // Copyright : Your copyright notice // Description : Hello World in C++, Ansi-style // #include iostream #include server.h #include client.h using namespace std; int main() { clock_t start, end; double msecs; start = clock(); Client clientest; Server servertest; X509 *cert; cert = servertest.CreateCertificate(clientest.MakeSignedCertReq()); clientest.SetCert(cert); clientest.CertConverter(); X509 *test; test = clientest.GetCert(); servertest.CheckCert(cert); int serial = 0; serial = clientest.ExtractCertSerial(); coutclient serial is serialendl; servertest.SetSharedKey(); servertest.EncryptSharedKey(cert); unsigned char enckey[RSA_KEY_SIZE]; servertest.GetEncryptedKey(enckey,RSA_KEY_SIZE); clientest.DecryptSharedKey(enckey); servertest.SetData(DATA_SIZE); servertest.SetDigestData(); servertest.CreateDigest(); servertest.SignDigest(); end = clock(); msecs = ((double) (end - start)) * 1000 / CLOCKS_PER_SEC; couttime is msecsmsecendl; return 0; } /* * client.cc * * Created on: Sep 17, 2014 * Author: amirale32 */ #include client.h Client :: Client() { m_myCertReq = X509_REQ_new(); m_myCert = X509_new(); m_name = X509_NAME_new(); m_rsa_keyPair = RSA_new(); m_puk = EVP_PKEY_new(); GenerateRSAKeyPair(); } Client :: ~Client() { X509_REQ_free(m_myCertReq); X509_free(m_myCert); RSA_free(m_rsa_keyPair); } void Client :: GenerateRSAKeyPair ( ) { m_rsa_keyPair = RSA_generate_key((8*RSA_KEY_SIZE),RSA_F4,NULL,NULL); BIO *pubout = NULL; const char szPath[MAX_FILE_NAME_SIZE] = clrsa.pem; pubout = BIO_new_file(szPath,wb); PEM_write_bio_RSAPublicKey (pubout , m_rsa_keyPair); BIO_free(pubout); } void Client::SetPublicKey() { EVP_PKEY_assign_RSA(m_puk,m_rsa_keyPair); BIO *out = NULL; const char szPath[MAX_FILE_NAME_SIZE] = cpuky.pem; out = BIO_new_file(szPath,wb); PEM_write_bio_PUBKEY(out,m_puk); } X509_REQ* Client::MakeSignedCertReq() { //adds all digest algorithms to the table OpenSSL_add_all_digests(); SetPublicKey(); //include the public key in the req X509_REQ_set_pubkey(m_myCertReq,m_puk); //set the subject name of the request m_name=X509_REQ_get_subject_name(m_myCertReq); //set the request X509_NAME_add_entry_by_txt(m_name,C,MBSTRING_ASC, (const unsigned char *)UK, -1, -1, 0); X509_NAME_add_entry_by_txt(m_name,CN,MBSTRING_ASC, (const unsigned char *)OpenSSL Group, -1, -1, 0); //sign the req X509_REQ_sign(m_myCertReq,m_puk,EVP_sha1()); BIO *out = NULL; const char szPath[MAX_FILE_NAME_SIZE] = req.pem; out = BIO_new_file(szPath,wb); PEM_write_bio_X509_REQ(out,m_myCertReq); BIO_free(out); return m_myCertReq; } void Client::SetCert(X509 *cert) { m_myCert = cert; BIO *out = NULL; const char szPath[MAX_FILE_NAME_SIZE] = clcrt.pem; out = BIO_new_file(szPath,wb); PEM_write_bio_X509 (out , cert); } int Client::CertConverter() { int len = i2d_X509(m_myCert, NULL); unsigned char *buf, *p; buf = (unsigned char *)OPENSSL_malloc(len); p = buf; i2d_X509(m_myCert, p); unsigned char certarray[len]; for (int i = 0 ; ilen ; i++) { certarray[i] = *(p-len+i); } coutcert len is lenendl; cout converted client cert isendl; for (int j = 0 ; jlen ; j++) { printf(0x%.2x , certarray[j]); } coutendl; X509 *certtest; unsigned char *buf1; buf1 = certarray; const unsigned char *p1 = buf1; p1 = buf1; certtest = d2i_X509(NULL, p1, CERT_SIZE); FILE * fcert; fcert = fopen(certarray.pem, wb); PEM_write_X509( fcert,//write the certificate to the file we've opened certtest //our certificate ); return 0; } X509* Client::GetCert() { return m_myCert; } int Client::ExtractCertSerial() { int serial = 0; unsigned char **out = NULL; ASN1_INTEGER *asn1_serial = NULL; asn1_serial = X509_get_serialNumber(m_myCert); serial = i2d_ASN1_INTEGER(asn1_serial, out); return (serial); } void Client::DecryptSharedKey(unsigned char encryptedkey[]) { int padding =
Re: sign problem
sorry sir what do you mean by your question On Wed, Nov 19, 2014 at 9:02 AM, Niraj Sorathiya nirajsorathiya...@gmail.com wrote: Hello Everyone, Where we are executing these client.cc,server.cc,client.h,server.h,certificate.cpp files ? As i want to make my own Digital Certificate using my own algorithm i was not understanding where to execute these files. Thankyou. Regards, Niraj. On Wed, Nov 19, 2014 at 12:12 AM, Scott Neugroschl scot...@xypro.com wrote: That looks like a debugger message, not an actual error from the code. *From:* owner-openssl-us...@openssl.org [mailto: owner-openssl-us...@openssl.org] *On Behalf Of *Amir Reda *Sent:* Tuesday, November 18, 2014 10:29 AM *To:* openssl-users@openssl.org *Subject:* sign problem dear all i made an application a client server the client send a certificate request and server reply with the certificate and it creates a encrypted shared key and some data and sign the digest of the shared key and data my problem is 1- in SignDigest() in EVP_DigestSignFinal(mdctx, NULL, signlen); function return an error No source available for EVP_PKEY_sign() at 0xb7ede098 i don't know the reason for this error it should return the length of the sign only then i reserve a location in memory with this size please help me -- Warmest regards and best wishes for a good health,*urs sincerely * *mero* -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
RSA sign
dear all i have a client server client application the server should created an encrypted shared key and some data and make digest of both of them (data and encrypted shared key) as an input to SHA1 then the server should sign the output of the hash with function SignDigest() which include function RSA_sign to sign the digest my problem is 1- the code give an error No source available for RSA_sign() at 0xb7ea85e5 2- i have tried to know what is the error so i added error = ERR_get_error(); but i got nothing can you tell me what i did wrong thanks allot for your reply -- Warmest regards and best wishes for a good health,*urs sincerely * *mero* // // Name: certificate.cpp // Author : Amir // Version : // Copyright : Your copyright notice // Description : Hello World in C++, Ansi-style // #include iostream #include server.h #include client.h using namespace std; int main() { clock_t start, end; double msecs; start = clock(); Client clientest; Server servertest; X509 *cert; cert = servertest.CreateCertificate(clientest.MakeSignedCertReq()); clientest.SetCert(cert); clientest.CertConverter(); X509 *test; test = clientest.GetCert(); servertest.CheckCert(cert); int serial = 0; serial = clientest.ExtractCertSerial(); coutclient serial is serialendl; servertest.SetSharedKey(); servertest.EncryptSharedKey(cert); unsigned char enckey[RSA_KEY_SIZE]; servertest.GetEncryptedKey(enckey,RSA_KEY_SIZE); clientest.DecryptSharedKey(enckey); servertest.SetData(DATA_SIZE); servertest.SetDigestData(); servertest.CreateDigest(); servertest.SignDigest(); end = clock(); msecs = ((double) (end - start)) * 1000 / CLOCKS_PER_SEC; couttime is msecsmsecendl; return 0; } /* * client.cc * * Created on: Sep 17, 2014 * Author: amirale32 */ #include client.h Client :: Client() { m_myCertReq = X509_REQ_new(); m_myCert = X509_new(); m_name = X509_NAME_new(); m_rsa_keyPair = RSA_new(); m_puk = EVP_PKEY_new(); GenerateRSAKeyPair(); } Client :: ~Client() { X509_REQ_free(m_myCertReq); X509_free(m_myCert); RSA_free(m_rsa_keyPair); } void Client :: GenerateRSAKeyPair ( ) { m_rsa_keyPair = RSA_generate_key((8*RSA_KEY_SIZE),RSA_F4,NULL,NULL); BIO *pubout = NULL; const char szPath[MAX_FILE_NAME_SIZE] = clrsa.pem; pubout = BIO_new_file(szPath,wb); PEM_write_bio_RSAPublicKey (pubout , m_rsa_keyPair); BIO_free(pubout); } void Client::SetPublicKey() { EVP_PKEY_assign_RSA(m_puk,m_rsa_keyPair); BIO *out = NULL; const char szPath[MAX_FILE_NAME_SIZE] = cpuky.pem; out = BIO_new_file(szPath,wb); PEM_write_bio_PUBKEY(out,m_puk); } X509_REQ* Client::MakeSignedCertReq() { //adds all digest algorithms to the table OpenSSL_add_all_digests(); SetPublicKey(); //include the public key in the req X509_REQ_set_pubkey(m_myCertReq,m_puk); //set the subject name of the request m_name=X509_REQ_get_subject_name(m_myCertReq); //set the request X509_NAME_add_entry_by_txt(m_name,C,MBSTRING_ASC, (const unsigned char *)UK, -1, -1, 0); X509_NAME_add_entry_by_txt(m_name,CN,MBSTRING_ASC, (const unsigned char *)OpenSSL Group, -1, -1, 0); //sign the req X509_REQ_sign(m_myCertReq,m_puk,EVP_sha1()); BIO *out = NULL; const char szPath[MAX_FILE_NAME_SIZE] = req.pem; out = BIO_new_file(szPath,wb); PEM_write_bio_X509_REQ(out,m_myCertReq); BIO_free(out); return m_myCertReq; } void Client::SetCert(X509 *cert) { m_myCert = cert; BIO *out = NULL; const char szPath[MAX_FILE_NAME_SIZE] = clcrt.pem; out = BIO_new_file(szPath,wb); PEM_write_bio_X509 (out , cert); } int Client::CertConverter() { int len = i2d_X509(m_myCert, NULL); unsigned char *buf, *p; buf = (unsigned char *)OPENSSL_malloc(len); p = buf; i2d_X509(m_myCert, p); unsigned char certarray[len]; for (int i = 0 ; ilen ; i++) { certarray[i] = *(p-len+i); } coutcert len is lenendl; cout converted client cert isendl; for (int j = 0 ; jlen ; j++) { printf(0x%.2x , certarray[j]); } coutendl; X509 *certtest; unsigned char *buf1; buf1 = certarray; const unsigned char *p1 = buf1; p1 = buf1; certtest = d2i_X509(NULL, p1, CERT_SIZE); FILE * fcert; fcert = fopen(certarray.pem, wb); PEM_write_X509( fcert,//write the certificate to the file we've opened certtest //our certificate ); return 0; } X509* Client::GetCert() { return m_myCert; } int Client::ExtractCertSerial() { int serial = 0; unsigned char **out = NULL; ASN1_INTEGER *asn1_serial = NULL; asn1_serial = X509_get_serialNumber(m_myCert); serial = i2d_ASN1_INTEGER(asn1_serial, out); return (serial); } void Client::DecryptSharedKey(unsigned char
sign issue
dear all i'm a Msc student that uses NS3 simulator to do some researches. my target for right now is to make a sample code for a client and a server then add it to the simulator as a brief 1-the client send a certificate request and the server send the certificate to the client 2- the client create a shared key and encrypt it using function RSA_public_encrypt and create some data and sign the data and encrypted shared key and send (client certificate and the data and the encrypted shared key and the sign (of both encrypted shared key and the data)) to the server side 3- the server will verify the certificate and decrypt the encrypted shared key using its private key. and verify the sign using the public key extracted from the client certificate i have created the certificate and its working well and verified and the encrypted shared key is done my problem is 1- how to sign both the data and encrypted shared key with the private key of the client even i have only RSA structure 2- the encrypted shared key should be encrypted by the public key of the server which can be extracted from the server certificate but the method it self RSA_public_encrypt got RSA structure as an argument 3-how can i verify the sign do i need to make all of the data and encrypted shared key to digest then sign it even i don't separated private and public key i have only RSA structure and how to do that thanks allot for help -- Warmest regards and best wishes for a good health,*urs sincerely * *mero* // // Name: certificate.cpp // Author : Amir // Version : // Copyright : Your copyright notice // Description : Hello World in C++, Ansi-style // #include iostream #include server.h #include client.h using namespace std; int main() { clock_t start, end; double msecs; start = clock(); Client clientest; Server servertest; X509 *cert; cert = servertest.CreateCertificate(clientest.MakeSignedCertReq()); clientest.SetCert(cert); clientest.CertConverter(); X509 *test; test = clientest.GetCert(); servertest.CheckCert(cert); int serial = 0; serial = clientest.ExtractCertSerial(); coutclient serial is serialendl; clientest.SetSharedKey(); clientest.EncryptSharedKey(); clientest.SetData(DATA_SIZE); clientest.SignData(); clientest.SetDigestData(DATA_SIZE,RSA_KEY_SIZE); X509 *certtest = NULL; unsigned char data[DATA_SIZE]; unsigned char signeddata[RSA_KEY_SIZE]; servertest.client-GetData(certtest,data,DATA_SIZE,signeddata,RSA_KEY_SIZE); //int serverserial = 0; //serverserial = servertest.ExtractCertSerial(); //coutserver serial is serverserialendl; end = clock(); msecs = ((double) (end - start)) * 1000 / CLOCKS_PER_SEC; couttime is msecsmsecendl; return 0; } /* * client.cc * * Created on: Sep 17, 2014 * Author: amirale32 */ #include client.h Client :: Client() { m_myCertReq = X509_REQ_new(); m_myCert = X509_new(); m_name = X509_NAME_new(); m_rsa_keyPair = RSA_new(); m_puk = EVP_PKEY_new(); GenerateRSAKeyPair(); } Client :: ~Client() { X509_REQ_free(m_myCertReq); X509_free(m_myCert); RSA_free(m_rsa_keyPair); } void Client :: GenerateRSAKeyPair ( ) { m_rsa_keyPair = RSA_generate_key((8*RSA_KEY_SIZE),RSA_F4,NULL,NULL); BIO *pubout = NULL; const char szPath[MAX_FILE_NAME_SIZE] = clrsa.pem; pubout = BIO_new_file(szPath,wb); PEM_write_bio_RSAPublicKey (pubout , m_rsa_keyPair); BIO_free(pubout); } void Client::SetPublicKey() { EVP_PKEY_assign_RSA(m_puk,m_rsa_keyPair); BIO *out = NULL; const char szPath[MAX_FILE_NAME_SIZE] = cpuky.pem; out = BIO_new_file(szPath,wb); PEM_write_bio_PUBKEY(out,m_puk); } X509_REQ* Client::MakeSignedCertReq() { //adds all digest algorithms to the table OpenSSL_add_all_digests(); SetPublicKey(); //include the public key in the req X509_REQ_set_pubkey(m_myCertReq,m_puk); //set the subject name of the request m_name=X509_REQ_get_subject_name(m_myCertReq); //set the request X509_NAME_add_entry_by_txt(m_name,C,MBSTRING_ASC, (const unsigned char *)UK, -1, -1, 0); X509_NAME_add_entry_by_txt(m_name,CN,MBSTRING_ASC, (const unsigned char *)OpenSSL Group, -1, -1, 0); //sign the req X509_REQ_sign(m_myCertReq,m_puk,EVP_sha1()); BIO *out = NULL; const char szPath[MAX_FILE_NAME_SIZE] = req.pem; out = BIO_new_file(szPath,wb); PEM_write_bio_X509_REQ(out,m_myCertReq); BIO_free(out); return m_myCertReq; } void Client::SetCert(X509 *cert) { m_myCert = cert; BIO *out = NULL; const char szPath[MAX_FILE_NAME_SIZE] = clcrt.pem; out = BIO_new_file(szPath,wb); PEM_write_bio_X509 (out , cert); } int Client::CertConverter() { int len = i2d_X509(m_myCert, NULL); unsigned char *buf, *p; buf =
sign and encryption issue
dear all i'm trying to use method RSA_private_encrypt () to sign some data (time stamp and random no) and send both data and sign and client certificate to server side. my problem is in server side to verify the time stamp and check its validity i use method RSA_public_decrypt () this function has RSA * as an argument to decrypt the data but i have only the public key which ill extract from the certificate that i receive from the client side. any help please and thanks allot -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
sign data and verify it
dear all i made a code to sign some data then verify it part of this data should be encrypted using rsa then sign it my problems is 1- i generate rsa key pairs and try to print it in a pem file but when i open the file it was empty 2- when i use function RSA_public_encrypt () to encrypt some data it does nothing because i print the data using cout before encryption then print it after encryption it was the same 3- the sign function RSA_sign () has a problem No source available for RSA_sign() at 0xb7e525e5 i have attached the code may be this help to solve my problem and know what i did wrong thx allot for help -- Warmest regards and best wishes for a good health,*urs sincerely * *mero* // // Name: rsa_sign.cpp // Author : Amir // Version : // Copyright : Your copyright notice // Description : Hello World in C++, Ansi-style // #include iostream #include sign.h using namespace std; int main() { Sign test; test.SetANData(16); test.SetGSData(16,256); test.EncryptSharedKey(); test.DecryptSharedKey(); test.SignData(); test.VerifyData(); return 0; } /* * sign.cc * * Created on: Nov 1, 2014 * Author: amir */ #include sign.h Sign::Sign() { SetSharedKey(); GenerateRSAPairs(); } Sign::~Sign() { RSA_free(m_rsa_pair); } void Sign::SetANData(int size) { coutandata is endl; for (int i = 0 ; isize ; i++) { m_anData[i]=i; coutm_anData[i]; } coutendl; } void Sign::SetGSData(int size, int sharedkeysize) { coutgsdata is endl; int totalsize = size +sharedkeysize; for (int i = 0 ; isize ; i++) { m_gsData[i]=i; coutm_gsData[i]; } for (int j = size ; jtotalsize ; j++) { m_gsData[j]= m_sharedKey[j]; coutm_gsData[j]; } coutendl; } void Sign::SetSharedKey() { coutshared key is endl; for (int i = 0; i256 ; i++) { m_sharedKey[i] = i; coutm_sharedKey[i]; } coutendl; } void Sign::GenerateRSAPairs() { m_rsa_pair = RSA_generate_key(2048,RSA_F4,NULL,NULL); BIO *pubout = NULL; const char szPath[10] = rsa.pem; pubout = BIO_new_file(szPath,wb); PEM_write_bio_RSAPublicKey (pubout , m_rsa_pair); } void Sign::EncryptSharedKey() { int padding = RSA_PKCS1_PADDING; RSA_public_encrypt(256,m_sharedKey,m_encryptedSharedKey,m_rsa_pair,padding); coutencrypted shared key is endl; for (int i = 0 ; i2048 ; i++) { coutm_encryptedSharedKey[i]; } coutendl; } void Sign::DecryptSharedKey() { int padding = RSA_PKCS1_PADDING; RSA_private_decrypt(2048,m_encryptedSharedKey,m_sharedKey,m_rsa_pair,padding); cout shared key is endl; for (int i = 0 ; i2048 ; i++) { coutm_sharedKey[i]; } coutendl; } void Sign::SignData() { couti'm hereendl; unsigned int *siglen = NULL; RSA_sign(NID_sha1, m_anData, 16, m_ANsignedData, siglen, m_rsa_pair); coutsign length is *siglenendl; } bool Sign::VerifyData() { int status = 0; status = RSA_verify(NID_sha1, m_anData, AN_Data_Size, m_ANsignedData, 256,m_rsa_pair); if (status == 1) { return true; coutverification is okendl; } else { return false; coutverification failendl; } return false; } /* * sign.h * * Created on: Nov 1, 2014 * Author: amir */ #ifndef SIGN_H_ #define SIGN_H_ #include iostream #include openssl/rsa.h #include openssl/pem.h #include openssl/x509.h #include openssl/conf.h #include stdlib.h #include stdio.h using namespace std; #define Shared_Key_Size 256 #define AN_Data_Size16 #define GS_Data_Size16 class Sign { public: Sign(); ~Sign(); void SetANData(int size); void SetGSData(int size,int sharedkeysize); void SetSharedKey(); void GenerateRSAPairs (); void EncryptSharedKey(); void DecryptSharedKey(); void SignData(); bool VerifyData(); private: unsigned char m_sharedKey[Shared_Key_Size]; unsigned char m_anData[AN_Data_Size]; unsigned char m_gsData[GS_Data_Size]; unsigned char m_encryptedSharedKey[2048]; unsigned char m_ANsignedData[256]; RSA *m_rsa_pair; }; #endif /* SIGN_H_ */
Re: sign data and verify it
dear sir i already installed ssl lib i use this command amir@amir-Master:~$ sudo apt-get install libssl-dev [sudo] password for amir: Reading package lists... Done Building dependency tree Reading state information... Done libssl-dev is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. amir@amir-Master:~$ as you can see it is already installed are there any solution On Fri, Oct 31, 2014 at 4:14 PM, Jeffrey Walton noloa...@gmail.com wrote: On Fri, Oct 31, 2014 at 6:57 AM, Amir Reda amirale...@gmail.com wrote: dear all i made a code for sign some data and verify it i am using eclipse as IDE and ubuntu 13.10 i have linked eclipse with ssl lib and crypto++ which i use in this code i got an error Invoking: Cross G++ Linker g++ -L/usr/include/openssl -L/usr/include/cryptopp -L/usr/include/crypto++ -L/usr/include -o sign ./src/sign.o -lssl -lcryptopp -lcrypto++ /usr/bin/ld: ./src/sign.o: undefined reference to symbol 'RSA_sign@@OPENSSL_1.0.0' /lib/i386-linux-gnu/libcrypto.so.1.0.0: error adding symbols: DSO missing from command line collect2: ld returned 1 exit status Be sure you have the dev package installed for Ubuntu. I think that's 'sudo apt-get install libssl-dev'.(See https://packages.debian.org/search?keywords=libssl-dev). Add '-lss -lcrypto'. They are the OpenSSL libraries. Add them in the order shown. '-lcryptopp -lcrypto++' are Wei Dai's Crypto++ libraries. Are you sure you need them? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
sign data and verify it
dear all i made a code for sign some data and verify it i am using eclipse as IDE and ubuntu 13.10 i have linked eclipse with ssl lib and crypto++ which i use in this code i got an error Invoking: Cross G++ Linker g++ -L/usr/include/openssl -L/usr/include/cryptopp -L/usr/include/crypto++ -L/usr/include -o sign ./src/sign.o -lssl -lcryptopp -lcrypto++ /usr/bin/ld: ./src/sign.o: undefined reference to symbol 'RSA_sign@ @OPENSSL_1.0.0' /lib/i386-linux-gnu/libcrypto.so.1.0.0: error adding symbols: DSO missing from command line collect2: ld returned 1 exit status what can i do i need real help -- Warmest regards and best wishes for a good health,*urs sincerely * *mero* /* * sign.cc * * Created on: Oct 30, 2014 * Author: amir */ #include sign.h Sign::Sign() { m_rsa_keyPairs = RSA_new(); GenerateRSAPairs(); SetSharedKey(); } Sign::~Sign() { RSA_free(m_rsa_keyPairs); } void Sign::SetANData(int size) { coutandata is endl; for (int i = 0 ; isize ; i++) { m_ANdata[i]=i; coutm_ANdata[i]; } } void Sign::SetGSData(int size,int sharedsize) { coutgsdata is endl; sharedsize = CryptoPP::AES::DEFAULT_KEYLENGTH; int totalsize = size +sharedsize; for (int i = 0 ; isize ; i++) { m_GSdata[i]=i; coutm_GSdata[i]; } for (int j = size ; jtotalsize ; j++) { m_GSdata[j]=m_sharedKey[j]; coutm_GSdata[j]; } } void Sign::SetSharedKey() { CryptoPP::AutoSeededRandomPool prng; prng.GenerateBlock( m_sharedKey, CryptoPP::AES::DEFAULT_KEYLENGTH); } void Sign::EncryptSharedKey() { int padding = RSA_PKCS1_PADDING; RSA_public_encrypt(CryptoPP::AES::DEFAULT_KEYLENGTH,m_sharedKey,m_encryptedSharedKey,m_rsa_keyPairs,padding); } void Sign::DecryptSharedKey() { int padding = RSA_PKCS1_PADDING; RSA_private_decrypt(RSA_size(m_rsa_keyPairs),m_encryptedSharedKey,m_sharedKey,m_rsa_keyPairs,padding); } void Sign::SignData(unsigned char *signeddata , const unsigned char *datatobesigned , unsigned int m_len , unsigned int *siglen) { RSA_sign(NID_sha1, datatobesigned, m_len, signeddata, siglen, m_rsa_keyPairs); coutsign length is siglenendl; } bool Sign::VerifySign(const unsigned char *signeddata , const unsigned char *datatobesigned , unsigned int m_len , unsigned int siglen) { int status = 0; status = RSA_verify(NID_sha1, datatobesigned, m_len, signeddata, siglen,m_rsa_keyPairs); if (status == 1) { return true; coutverification is okendl; } else { return false; coutverification failendl; } return false; } void Sign::GenerateRSAPairs() { m_rsa_keyPairs = RSA_generate_key(2048,RSA_F4,NULL,NULL); } // // Name: sign.cpp // Author : Amir // Version : // Copyright : Your copyright notice // Description : Hello World in C++, Ansi-style // #include iostream #include sign.h using namespace std; int main() { Sign test; test.SetANData(16); test.SetGSData(16,CryptoPP::AES::DEFAULT_KEYLENGTH); test.SignData(m_ANdata,m_ANsignData,16,256); test.VerifySign(m_ANdata,m_ANsignData,16,256); return 0; } /* * sign.h * * Created on: Oct 30, 2014 * Author: amir */ #ifndef SIGN_H_ #define SIGN_H_ #include iostream #include openssl/rsa.h #include openssl/pem.h #include openssl/conf.h #include cryptopp/config.h #include cryptopp/aes.h #include cryptopp/osrng.h #include cryptopp/hex.h #include cryptopp/cryptlib.h #include cryptopp/filters.h #include stdlib.h #include stdio.h using namespace std; class Sign { public: Sign(); ~Sign(); void SetANData(int size); void SetGSData(int size,int sharedsize); void SetSharedKey(); void GenerateRSAPairs(); void EncryptSharedKey(); void DecryptSharedKey(); void SignData(unsigned char *signeddata , const unsigned char *datatobesigned , unsigned int m_len , unsigned int *siglen); bool VerifySign(const unsigned char *signeddata , const unsigned char *datatobesigned , unsigned int m_len , unsigned int siglen); private: RSA*m_rsa_keyPairs; bytem_sharedKey[CryptoPP::AES::DEFAULT_KEYLENGTH]; unsigned char m_ANdata[16]; unsigned char m_GSdata[CryptoPP::AES::DEFAULT_KEYLENGTH + 16]; unsigned char m_ANsignData [256]; unsigned char m_GSsignData [256]; unsigned char m_encryptedSharedKey [2048]; }; #endif /* SIGN_H_ */
certificate
dear all i have made a client server. the server acts as CA the client sends a certificate request and the CA reply with a certificate my problem is i got an error with memory issue .also in order to troubleshoot this program i have put the CA self signed certificate in a file and also the certificate of the client in a pem file also i change the client certificate into an int and this make something unreadable thx allot for help -- Warmest regards and best wishes for a good health,*urs sincerely * *mero* // // Name: certificate.cpp // Author : Amir // Version : // Copyright : Your copyright notice // Description : Hello World in C++, Ansi-style // #include iostream #include server.h #include client.h using namespace std; int main() { clock_t start, end; double msecs; start = clock(); Client clientest; Server servertest; X509 *cert; cert = servertest.CreateCertificate(clientest.MakeSignedCertReq(1,20,90)); clientest.SetCert(cert); clientest.CertConverter(); end = clock(); msecs = ((double) (end - start)) * 1000 / CLOCKS_PER_SEC; couttime is msecsmsecendl; return 0; } /* * client.cc * * Created on: Sep 17, 2014 * Author: amirale32 */ #include client.h Client :: Client() { m_myCertReq = X509_REQ_new(); m_myCert = X509_new(); m_name = X509_NAME_new(); m_rsa_keyPair = RSA_new(); m_puk = EVP_PKEY_new(); GenerateRSAKeyPair(); SetPublicKey(); } Client :: ~Client() { X509_REQ_free(m_myCertReq); X509_free(m_myCert); X509_NAME_free(m_name); RSA_free(m_rsa_keyPair); EVP_PKEY_free(m_puk); } void Client :: GenerateRSAKeyPair ( ) { m_rsa_keyPair = RSA_generate_key(2048,RSA_F4,NULL,NULL); } void Client::SetPublicKey() { EVP_PKEY_assign_RSA(m_puk,m_rsa_keyPair); } X509_REQ* Client::MakeSignedCertReq(int bits, int serial, int days) { SetPublicKey(); //include the public key in the req X509_REQ_set_pubkey(m_myCertReq,m_puk); //set the subject name of the request m_name=X509_REQ_get_subject_name(m_myCertReq); //set the request X509_NAME_add_entry_by_txt(m_name,C,MBSTRING_ASC, (const unsigned char *)UK, -1, -1, 0); X509_NAME_add_entry_by_txt(m_name,CN,MBSTRING_ASC, (const unsigned char *)OpenSSL Group, -1, -1, 0); //sign the req X509_REQ_sign(m_myCertReq,m_puk,EVP_sha1()); return m_myCertReq; } void Client::SetCert(X509 *cert) { cout writing certificate\n; BIO *out = NULL; const char szPath[10] = x509.pem; out = BIO_new_file(szPath,wb); m_myCert = cert; int len; unsigned char *buf, *p; len = i2d_X509(cert, NULL); cout cert length = len endl; buf = (unsigned char *)OPENSSL_malloc(len); p = buf; i2d_X509(cert, p); cout cert=; for(int i=0; ilen; i++) cout buf[i]; cout endl; if(!PEM_write_bio_X509 (out , cert)) cout error writing certificate\n; } int Client::CertConverter() { int len = i2d_X509(m_myCert, NULL); unsigned char *buf, *p; buf = (unsigned char *)OPENSSL_malloc(len); p = buf; i2d_X509(m_myCert, p); unsigned char certarray[len]; for (int i = 0 ; ilen ; i++) { certarray[i] = *(p-len+i); } cout client cert is; for (int j = 0 ; jlen ; j++) { cout certarray[j]endl; } return 0; } /* * client.h * * Created on: Sep 17, 2014 * Author: amirale32 */ #ifndef CLIENT_H_ #define CLIENT_H_ #include stdlib.h #include stdio.h #include openssl/rsa.h #include openssl/conf.h #include openssl/x509.h #include openssl/pem.h #include server.h class Client { public: Client(); ~Client(); void GenerateRSAKeyPair (); void SetPublicKey (); X509_REQ *MakeSignedCertReq(int bits, int serial, int days); void SetCert (X509 *cert); int CertConverter (); private: X509_REQ *m_myCertReq; X509 *m_myCert; X509_NAME *m_name; RSA*m_rsa_keyPair; EVP_PKEY *m_puk; }; #endif /* CLIENT_H_ */ #include server.h Server::Server() { m_myCert = X509_new(); m_caKeyPairs = RSA_new(); m_pukey = EVP_PKEY_new(); m_issuerName = X509_NAME_new(); GenerateMyKeyPairs(); CreateMyCertificate(); //SetPublicKey(); } Server::~Server() { X509_free(m_myCert); RSA_free(m_caKeyPairs); X509_NAME_free(m_issuerName); } X509* Server::CreateCertificate(X509_REQ* req) { couthello i beganendl; X509 *m_req_reply; m_req_reply = X509_new(); {int len = i2d_X509(m_req_reply, NULL); cout cert length = len endl;} X509_NAME *subject = NULL; EVP_PKEY *pkey = NULL; X509_NAME *issuerSubject = X509_get_subject_name(m_myCert); X509_set_issuer_name(m_req_reply, issuerSubject); //xn_req = X509_REQ_get_subject_name(req); X509_set_subject_name(m_req_reply, subject); cout cert subject name: X509_get_subject_name(m_req_reply) endl;
certificates
dear all hope all are well. i have made a client server code the server is the certificate authority and the client send a certificate request the server got the request and reply with a certificate i have tried to put the certificate in a file in a pem format in order to make sure the certificate has been created but nothing created. and there are no compilation error please just try the code i can't see anything wrong with it please help 2- if i want to send the generated certificate to another client and make a verification code for that how can i made something like that i have searched in crypto https://www.openssl.org/docs/crypto/x509.html# but i couldn't find any function to do that thx allot for help -- Warmest regards and best wishes for a good health,*urs sincerely * *mero* /* * server.h * * Created on: Sep 17, 2014 * Author: amirale32 */ #ifndef SERVER_H_ #define SERVER_H_ #include stdlib.h #include iostream #include stdio.h #include openssl/asn1.h #include openssl/ssl.h #include openssl/rsa.h #include openssl/conf.h #include openssl/x509.h #include client.h using namespace std; class Server { public: Server(); ~Server(); X509 *CreateCertificate (X509_REQ *req); void CreateMyCertificate(); void GenerateMyKeyPairs ( ); void SetPublicKey (); private: X509 *m_myCert; RSA*m_caKeyPairs; EVP_PKEY *m_pukey; //Client *m_client; }; #endif /* SERVER_H_ */ // // Name: certificate.cpp // Author : Amir // Version : // Copyright : Your copyright notice // Description : Hello World in C++, Ansi-style // #include iostream #include server.h #include client.h using namespace std; int main() { Client clientest; Server servertest; X509 *cert; cert = servertest.CreateCertificate(clientest.MakeSignedCertReq(1,20,90)); clientest.SetCert(cert); return 0; } /* * client.cc * * Created on: Sep 17, 2014 * Author: amirale32 */ #include client.h Client :: Client() { m_myCertReq = X509_REQ_new(); m_myCert = X509_new(); m_name = X509_NAME_new(); m_rsa_keyPair = RSA_new(); m_puk = EVP_PKEY_new(); GenerateRSAKeyPair(); SetPublicKey(); } Client :: ~Client() { X509_REQ_free(m_myCertReq); X509_free(m_myCert); X509_NAME_free(m_name); RSA_free(m_rsa_keyPair); EVP_PKEY_free(m_puk); } void Client :: GenerateRSAKeyPair ( ) { m_rsa_keyPair = RSA_generate_key(2048,RSA_F4,NULL,NULL); } void Client::SetPublicKey() { EVP_PKEY_assign_RSA(m_puk,m_rsa_keyPair); } X509_REQ* Client::MakeSignedCertReq(int bits, int serial, int days) { X509_REQ_set_pubkey(m_myCertReq,m_puk); m_name=X509_REQ_get_subject_name(m_myCertReq); //X509_NAME_add_entry_by_txt(name,C,MBSTRING_ASC, UK, -1, -1, 0); //X509_NAME_add_entry_by_txt(name,CN,MBSTRING_ASC, OpenSSL Group, -1, -1, 0); X509_REQ_sign(m_myCertReq,m_puk,EVP_md5()); return m_myCertReq; } void Client::SetCert(X509 *cert) { FILE *out = NULL; m_myCert = cert; PEM_write_X509 (out , m_myCert); } /* * client.h * * Created on: Sep 17, 2014 * Author: amirale32 */ #ifndef CLIENT_H_ #define CLIENT_H_ #include stdlib.h #include stdio.h #include openssl/rsa.h #include openssl/conf.h #include openssl/x509.h #include openssl/pem.h #include server.h class Client { public: Client(); ~Client(); void GenerateRSAKeyPair (); void SetPublicKey (); X509_REQ *MakeSignedCertReq(int bits, int serial, int days); void SetCert (X509 *cert); private: X509_REQ *m_myCertReq; X509 *m_myCert; X509_NAME *m_name; RSA*m_rsa_keyPair; EVP_PKEY *m_puk; }; #endif /* CLIENT_H_ */ #include server.h Server::Server() { m_myCert = X509_new(); m_caKeyPairs = RSA_new(); m_pukey = EVP_PKEY_new(); GenerateMyKeyPairs(); CreateMyCertificate(); //SetPublicKey(); } Server::~Server() { X509_free(m_myCert); RSA_free(m_caKeyPairs); } X509* Server::CreateCertificate(X509_REQ* req) { couthello i began; X509 *m_req_reply; m_req_reply = X509_new(); X509_NAME *subject = NULL; EVP_PKEY *pkey = NULL; X509_NAME *issuerSubject = X509_get_subject_name(m_myCert); X509_set_issuer_name(m_req_reply, issuerSubject); //xn_req = X509_REQ_get_subject_name(req); X509_set_subject_name(m_req_reply, subject); pkey = X509_REQ_get_pubkey(req); //rv = X509_set_pubkey(reqreply, pkey); X509_gmtime_adj(X509_get_notBefore(m_req_reply), 0); X509_gmtime_adj(X509_get_notAfter(m_req_reply), 36400); X509_sign(m_req_reply, pkey, EVP_md5()); return m_req_reply; } void Server::CreateMyCertificate() { EVP_PKEY_assign_RSA(m_pukey, m_caKeyPairs); ASN1_INTEGER_set(X509_get_serialNumber(m_myCert), 1);
X509 problem
dear all i have problem in my code it is a client send a certificate request to server which reply by the X509 certificate my problem is i have put in the client side a function called void Client::SetCert(X509_REQ *req) that set the certificate for the client also write it in a pem file so i can make sure it has been created i run the project but nothing created and no syntax error i attached the code please i need help thx i don't know what to do Warmest regards and best wishes for a good health,*urs sincerely * *mero* // // Name: certificate.cpp // Author : Amir // Version : // Copyright : Your copyright notice // Description : Hello World in C++, Ansi-style // #include iostream #include server.h #include client.h using namespace std; int main() { Client clientest; Server servertest; clientest.SetCert(clientest.MakeSignedCertReq(1,2,90)); return 0; } /* * client.cc * * Created on: Sep 17, 2014 * Author: amirale32 */ #include client.h Client :: Client() { m_myCertReq = X509_REQ_new(); m_myCert = X509_new(); m_name = X509_NAME_new(); m_rsa_keyPair = RSA_new(); m_puk = EVP_PKEY_new(); GenerateRSAKeyPair(); SetPublicKey(); } Client :: ~Client() { X509_REQ_free(m_myCertReq); X509_free(m_myCert); X509_NAME_free(m_name); RSA_free(m_rsa_keyPair); EVP_PKEY_free(m_puk); } void Client :: GenerateRSAKeyPair ( ) { m_rsa_keyPair = RSA_generate_key(2048,RSA_F4,NULL,NULL); } void Client::SetPublicKey() { EVP_PKEY_assign_RSA(m_puk,m_rsa_keyPair); } X509_REQ* Client::MakeSignedCertReq(int bits, int serial, int days) { X509_REQ_set_pubkey(m_myCertReq,m_puk); m_name=X509_REQ_get_subject_name(m_myCertReq); //X509_NAME_add_entry_by_txt(name,C,MBSTRING_ASC, UK, -1, -1, 0); //X509_NAME_add_entry_by_txt(name,CN,MBSTRING_ASC, OpenSSL Group, -1, -1, 0); X509_REQ_sign(m_myCertReq,m_puk,EVP_md5()); return m_myCertReq; } void Client::SetCert(X509_REQ *req) { FILE *mycert; m_myCert = m_ca-CreateCertificate(m_myCertReq); PEM_write_X509(mycert, m_myCert); } /* * client.h * * Created on: Sep 17, 2014 * Author: amirale32 */ #ifndef CLIENT_H_ #define CLIENT_H_ #include stdlib.h #include stdio.h #include openssl/rsa.h #include openssl/conf.h #include openssl/x509.h #include server.h class Client { public: Client(); ~Client(); void GenerateRSAKeyPair (); void SetPublicKey (); X509_REQ *MakeSignedCertReq(int bits, int serial, int days); void SetCert (X509_REQ *req); private: X509_REQ *m_myCertReq; X509 *m_myCert; X509_NAME *m_name; RSA*m_rsa_keyPair; EVP_PKEY *m_puk; Server *m_ca; }; #endif /* CLIENT_H_ */ #include server.h Server::Server() { m_myCert = X509_new(); m_caKeyPairs = RSA_new(); m_pukey = EVP_PKEY_new(); GenerateMyKeyPairs(); CreateMyCertificate(); //SetPublicKey(); } Server::~Server() { X509_free(m_myCert); RSA_free(m_caKeyPairs); } X509* Server::CreateCertificate(X509_REQ* req) { X509 *m_req_reply; m_req_reply = X509_new(); X509_NAME *subject = NULL; EVP_PKEY *pkey = NULL; X509_NAME *issuerSubject = X509_get_subject_name(m_myCert); X509_set_issuer_name(m_req_reply, issuerSubject); //xn_req = X509_REQ_get_subject_name(req); X509_set_subject_name(m_req_reply, subject); pkey = X509_REQ_get_pubkey(req); //rv = X509_set_pubkey(reqreply, pkey); X509_gmtime_adj(X509_get_notBefore(m_req_reply), 0); X509_gmtime_adj(X509_get_notAfter(m_req_reply), 36400); X509_sign(m_req_reply, pkey, EVP_md5()); return m_req_reply; } void Server::CreateMyCertificate() { EVP_PKEY_assign_RSA(m_pukey, m_caKeyPairs); ASN1_INTEGER_set(X509_get_serialNumber(m_myCert), 1); X509_gmtime_adj(X509_get_notBefore(m_myCert), 0); X509_gmtime_adj(X509_get_notAfter(m_myCert), 31536000L); X509_set_pubkey(m_myCert, m_pukey); X509_NAME * name; name = X509_get_subject_name(m_myCert); X509_set_issuer_name(m_myCert, name); X509_sign(m_myCert, m_pukey, EVP_md5()); } void Server::GenerateMyKeyPairs() { m_caKeyPairs = RSA_generate_key(2048,RSA_F4 , NULL , NULL); } void Server::SetPublicKey() { EVP_PKEY_assign_RSA(m_pukey,m_caKeyPairs); } /* * server.cc * * Created on: Sep 17, 2014 * Author: amirale32 */ /* * server.h * * Created on: Sep 17, 2014 * Author: amirale32 */ #ifndef SERVER_H_ #define SERVER_H_ #include stdlib.h #include stdio.h #include openssl/asn1.h #include openssl/ssl.h #include openssl/rsa.h #include openssl/conf.h #include openssl/x509.h class Server { public: Server(); ~Server(); X509 *CreateCertificate (X509_REQ *req); void CreateMyCertificate(); void GenerateMyKeyPairs ( ); void SetPublicKey ();
Re: X509 problem
no sir it is defined i have a pointer from the server as an attribute in the client side if it isn't defined it will give a syntax error and i don't have a syntax error thx for reply On Wed, Sep 24, 2014 at 2:44 PM, nicolas@free.fr wrote: it seems that function CreateCertificate is not defined in client.cc Regards - Mail original - De: Amir Reda amirale...@gmail.com À: openssl-users@openssl.org Envoyé: Mercredi 24 Septembre 2014 13:37:13 Objet: X509 problem dear all i have problem in my code it is a client send a certificate request to server which reply by the X509 certificate my problem is i have put in the client side a function called void Client::SetCert(X509_REQ *req) that set the certificate for the client also write it in a pem file so i can make sure it has been created i run the project but nothing created and no syntax error i attached the code please i need help thx i don't know what to do Warmest regards and best wishes for a good health , urs sincerely mero __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
Re: compilation error
/amirale32/workspace/certificate/Debug/../src/server.cc:48: undefined reference to `X509_get_subject_name' /home/amirale32/workspace/certificate/Debug/../src/server.cc:49: undefined reference to `X509_set_issuer_name' /home/amirale32/workspace/certificate/Debug/../src/server.cc:50: undefined reference to `EVP_md5' /home/amirale32/workspace/certificate/Debug/../src/server.cc:50: undefined reference to `X509_sign' ./src/server.o: In function `Server::GenerateMyKeyPairs()': /home/amirale32/workspace/certificate/Debug/../src/server.cc:56: undefined reference to `RSA_generate_key' ./src/server.o: In function `Server::SetPublicKey()': /home/amirale32/workspace/certificate/Debug/../src/server.cc:62: undefined reference to `EVP_PKEY_assign' collect2: error: ld returned 1 exit status make: *** [certificate] Error 1 Note i have followed the steps for that links http://amgadmadkour.blogspot.com/2011/09/compiling-open-ssl-programs-in-eclipse.html http://askubuntu.com/questions/211038/cant-find-openssl http://stackoverflow.com/questions/7860657/undefined-reference-to-eclipse-c but i failed please hellpp On Thu, Sep 18, 2014 at 11:46 PM, Scott Neugroschl scot...@xypro.com wrote: It’s -lssl, not -lopenssl. *From:* owner-openssl-us...@openssl.org [mailto: owner-openssl-us...@openssl.org] *On Behalf Of *Amir Reda *Sent:* Thursday, September 18, 2014 1:33 PM *To:* openssl-users@openssl.org *Subject:* compilation error /usr/bin/ld: cannot find -lopenssl this is the error when i have tried to compile the code i attached below i install the openssl lib in ubuntu 12.10 i use eclipse and add at the linker setting openssl usr/include/openssl i don't know how to solve this problem please help -- Warmest regards and best wishes for a good health,*urs sincerely * *mero* -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
Re: compilation error
thx allot for reply i have looked at the directory usr/lib i found the folder ssl but i couldn't find the folder of crypto so what can i do On Fri, Sep 19, 2014 at 7:46 PM, Jeffrey Walton noloa...@gmail.com wrote: On Fri, Sep 19, 2014 at 3:33 AM, Amir Reda amirale...@gmail.com wrote: thx allot for quick reply i have modified the library name to ssl but i have the same problem with the linker error is Building file: ../src/certificate.cpp Invoking: Cross G++ Compiler g++ -O0 -g3 -Wall -c -fmessage-length=0 -MMD -MP -MFsrc/certificate.d -MTsrc/certificate.d -o src/certificate.o ../src/certificate.cpp Finished building: ../src/certificate.cpp Building file: ../src/client.cc Invoking: Cross G++ Compiler g++ -O0 -g3 -Wall -c -fmessage-length=0 -MMD -MP -MFsrc/client.d -MTsrc/client.d -o src/client.o ../src/client.cc Finished building: ../src/client.cc Building target: certificate Invoking: Cross G++ Linker g++ -L/usr/include/openssl -o certificate ./src/certificate.o ./src/client.o ./src/server.o -lssl ./src/client.o: In function `Client::Client()': /home/amirale32/workspace/certificate/Debug/../src/client.cc:12: undefined reference to `X509_REQ_new' ... I believe that should be: g++ -L/usr/lib '-L' is for library paths, not include paths. Additionally, you need to include both libraries in your linker invocation. So it should be: g++ *.o -o myprogr.exe -L/usr/lib -lssl -lcrypto 'ld' is a single pass linker, so the order of '-lss -lcrypto' matters. See the ld(1) man page for details. http://linux.die.net/man/1/ld. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
compilation error
/usr/bin/ld: cannot find -lopenssl this is the error when i have tried to compile the code i attached below i install the openssl lib in ubuntu 12.10 i use eclipse and add at the linker setting openssl usr/include/openssl i don't know how to solve this problem please help -- Warmest regards and best wishes for a good health,*urs sincerely * *mero* // // Name: certificate.cpp // Author : Amir // Version : // Copyright : Your copyright notice // Description : Hello World in C++, Ansi-style // #include iostream #include server.h #include client.h using namespace std; int main() { Client clientest; Server servertest; clientest.SetCert(clientest.MakeSignedCertReq(1,2,90)); return 0; } /* * client.cc * * Created on: Sep 17, 2014 * Author: amirale32 */ #include client.h Client :: Client() { m_myCertReq = X509_REQ_new(); m_myCert = X509_new(); m_name = X509_NAME_new(); m_rsa_keyPair = RSA_new(); m_puk = EVP_PKEY_new(); GenerateRSAKeyPair(); SetPublicKey(); } Client :: ~Client() { X509_REQ_free(m_myCertReq); X509_free(m_myCert); X509_NAME_free(m_name); RSA_free(m_rsa_keyPair); EVP_PKEY_free(m_puk); } void Client :: GenerateRSAKeyPair ( ) { m_rsa_keyPair = RSA_generate_key(2048,RSA_F4,NULL,NULL); } void Client::SetPublicKey() { EVP_PKEY_assign_RSA(m_puk,m_rsa_keyPair); } X509_REQ* Client::MakeSignedCertReq(int bits, int serial, int days) { X509_REQ_set_pubkey(m_myCertReq,m_puk); m_name=X509_REQ_get_subject_name(m_myCertReq); //X509_NAME_add_entry_by_txt(name,C,MBSTRING_ASC, UK, -1, -1, 0); //X509_NAME_add_entry_by_txt(name,CN,MBSTRING_ASC, OpenSSL Group, -1, -1, 0); X509_REQ_sign(m_myCertReq,m_puk,EVP_md5()); return m_myCertReq; } void Client::SetCert(X509_REQ *req) { m_myCert = m_ca-CreateCertificate(m_myCertReq); } /* * client.h * * Created on: Sep 17, 2014 * Author: amirale32 */ #ifndef CLIENT_H_ #define CLIENT_H_ #include stdlib.h #include stdio.h #include openssl/rsa.h #include openssl/conf.h #include openssl/x509.h #include server.h class Client { public: Client(); ~Client(); void GenerateRSAKeyPair (); void SetPublicKey (); X509_REQ *MakeSignedCertReq(int bits, int serial, int days); void SetCert (X509_REQ *req); private: X509_REQ *m_myCertReq; X509 *m_myCert; X509_NAME *m_name; RSA*m_rsa_keyPair; EVP_PKEY *m_puk; Server *m_ca; }; #endif /* CLIENT_H_ */ #include server.h Server::Server() { m_myCert = X509_new(); m_caKeyPairs = RSA_new(); m_pukey = EVP_PKEY_new(); GenerateMyKeyPairs(); CreateMyCertificate(); SetPublicKey(); } Server::~Server() { X509_free(m_myCert); RSA_free(m_caKeyPairs); EVP_PKEY_free(m_pukey); } X509* Server::CreateCertificate(X509_REQ* req) { X509 *m_req_reply; m_req_reply = X509_new(); X509_NAME *subject = NULL; EVP_PKEY *pkey = NULL; X509_NAME *issuerSubject = X509_get_subject_name(m_myCert); X509_set_issuer_name(m_req_reply, issuerSubject); //xn_req = X509_REQ_get_subject_name(req); X509_set_subject_name(m_req_reply, subject); pkey = X509_REQ_get_pubkey(req); //rv = X509_set_pubkey(reqreply, pkey); X509_gmtime_adj(X509_get_notBefore(m_req_reply), 0); X509_gmtime_adj(X509_get_notAfter(m_req_reply), 36400); X509_sign(m_req_reply, pkey, EVP_md5()); return m_req_reply; } void Server::CreateMyCertificate() { EVP_PKEY_assign_RSA(m_pukey, m_caKeyPairs); ASN1_INTEGER_set(X509_get_serialNumber(m_myCert), 1); X509_gmtime_adj(X509_get_notBefore(m_myCert), 0); X509_gmtime_adj(X509_get_notAfter(m_myCert), 31536000L); X509_set_pubkey(m_myCert, m_pukey); X509_NAME * name; name = X509_get_subject_name(m_myCert); X509_set_issuer_name(m_myCert, name); X509_sign(m_myCert, m_pukey, EVP_md5()); } void Server::GenerateMyKeyPairs() { m_caKeyPairs = RSA_generate_key(2048,RSA_F4 , NULL , NULL); } void Server::SetPublicKey() { EVP_PKEY_assign_RSA(m_pukey,m_caKeyPairs); } /* * server.cc * * Created on: Sep 17, 2014 * Author: amirale32 */ /* * server.h * * Created on: Sep 17, 2014 * Author: amirale32 */ #ifndef SERVER_H_ #define SERVER_H_ #include stdlib.h #include stdio.h #include openssl/asn1.h #include openssl/ssl.h #include openssl/rsa.h #include openssl/conf.h #include openssl/x509.h class Server { public: Server(); ~Server(); X509 *CreateCertificate (X509_REQ *req); void CreateMyCertificate(); void GenerateMyKeyPairs ( ); void SetPublicKey (); private: X509 *m_myCert; RSA*m_caKeyPairs; EVP_PKEY *m_pukey; }; #endif /* SERVER_H_ */
certificate error
dear all i have made a client server code the client sends a X509 request and the server reply the X509 certificate but i have 2 questions 1- did i fill all the attributes of the X509 certificate in this code or not 2- when i compile this code using eclipse i got allot of errors but all are the same /home/amirale32/workspace/certificate/Debug/../src/client.cc:34: undefined reference to `RSA_generate_key' ./src/client.o: In function `Client::SetPublicKey()': i have attached the code thx allot for help -- Warmest regards and best wishes for a good health,*urs sincerely * *mero* // // Name: certificate.cpp // Author : Amir // Version : // Copyright : Your copyright notice // Description : Hello World in C++, Ansi-style // #include iostream #include server.h #include client.h using namespace std; int main() { Client clientest; Server servertest; clientest.SetCert(clientest.MakeSignedCertReq(1,2,90)); return 0; } /* * client.cc * * Created on: Sep 17, 2014 * Author: amirale32 */ #include client.h Client :: Client() { m_myCertReq = X509_REQ_new(); m_myCert = X509_new(); m_name = X509_NAME_new(); m_rsa_keyPair = RSA_new(); m_puk = EVP_PKEY_new(); GenerateRSAKeyPair(); SetPublicKey(); } Client :: ~Client() { X509_REQ_free(m_myCertReq); X509_free(m_myCert); X509_NAME_free(m_name); RSA_free(m_rsa_keyPair); EVP_PKEY_free(m_puk); } void Client :: GenerateRSAKeyPair ( ) { m_rsa_keyPair = RSA_generate_key(2048,RSA_F4,NULL,NULL); } void Client::SetPublicKey() { EVP_PKEY_assign_RSA(m_puk,m_rsa_keyPair); } X509_REQ* Client::MakeSignedCertReq(int bits, int serial, int days) { X509_REQ_set_pubkey(m_myCertReq,m_puk); m_name=X509_REQ_get_subject_name(m_myCertReq); //X509_NAME_add_entry_by_txt(name,C,MBSTRING_ASC, UK, -1, -1, 0); //X509_NAME_add_entry_by_txt(name,CN,MBSTRING_ASC, OpenSSL Group, -1, -1, 0); X509_REQ_sign(m_myCertReq,m_puk,EVP_md5()); return m_myCertReq; } void Client::SetCert(X509_REQ *req) { m_myCert = m_ca-CreateCertificate(m_myCertReq); } /* * client.h * * Created on: Sep 17, 2014 * Author: amirale32 */ #ifndef CLIENT_H_ #define CLIENT_H_ #include openssl/rsa.h #include openssl/conf.h #include openssl/x509.h #include server.h class Client { public: Client(); ~Client(); void GenerateRSAKeyPair (); void SetPublicKey (); X509_REQ *MakeSignedCertReq(int bits, int serial, int days); void SetCert (X509_REQ *req); private: X509_REQ *m_myCertReq; X509 *m_myCert; X509_NAME *m_name; RSA*m_rsa_keyPair; EVP_PKEY *m_puk; Server *m_ca; }; #endif /* CLIENT_H_ */ #include server.h Server::Server() { m_myCert = X509_new(); m_caKeyPairs = RSA_new(); m_pukey = EVP_PKEY_new(); GenerateMyKeyPairs(); CreateMyCertificate(); SetPublicKey(); } Server::~Server() { X509_free(m_myCert); RSA_free(m_caKeyPairs); EVP_PKEY_free(m_pukey); } X509* Server::CreateCertificate(X509_REQ* req) { X509 *m_req_reply; m_req_reply = X509_new(); X509_NAME *subject = NULL; EVP_PKEY *pkey = NULL; X509_NAME *issuerSubject = X509_get_subject_name(m_myCert); X509_set_issuer_name(m_req_reply, issuerSubject); //xn_req = X509_REQ_get_subject_name(req); X509_set_subject_name(m_req_reply, subject); pkey = X509_REQ_get_pubkey(req); //rv = X509_set_pubkey(reqreply, pkey); X509_gmtime_adj(X509_get_notBefore(m_req_reply), 0); X509_gmtime_adj(X509_get_notAfter(m_req_reply), 36400); X509_sign(m_req_reply, pkey, EVP_md5()); return m_req_reply; } void Server::CreateMyCertificate() { EVP_PKEY_assign_RSA(m_pukey, m_caKeyPairs); ASN1_INTEGER_set(X509_get_serialNumber(m_myCert), 1); X509_gmtime_adj(X509_get_notBefore(m_myCert), 0); X509_gmtime_adj(X509_get_notAfter(m_myCert), 31536000L); X509_set_pubkey(m_myCert, m_pukey); X509_NAME * name; name = X509_get_subject_name(m_myCert); X509_set_issuer_name(m_myCert, name); X509_sign(m_myCert, m_pukey, EVP_md5()); } void Server::GenerateMyKeyPairs() { m_caKeyPairs = RSA_generate_key(2048,RSA_F4 , NULL , NULL); } void Server::SetPublicKey() { EVP_PKEY_assign_RSA(m_pukey,m_caKeyPairs); } /* * server.cc * * Created on: Sep 17, 2014 * Author: amirale32 */ /* * server.h * * Created on: Sep 17, 2014 * Author: amirale32 */ #ifndef SERVER_H_ #define SERVER_H_ #include openssl/asn1.h #include openssl/ssl.h #include openssl/rsa.h #include openssl/conf.h #include openssl/x509.h class Server { public: Server(); ~Server(); X509 *CreateCertificate (X509_REQ *req); void CreateMyCertificate(); void GenerateMyKeyPairs ( ); void SetPublicKey (); private: X509 *m_myCert; RSA
certificate
dear all i have just made a code to make a certificate request from a node and my certificate authority reply with the certificate the node has attributes as below X509_REQ *x; EVP_PKEY *prk; EVP_PKEY *puk; X509m_myCert; //RSA structure contain both private and public key RSA*rsa_keyPair; X509_NAME *name; the function which made the certificate request is X509_REQ* AeroRoutingProtocol :: MakeSignedCertReq (int bits, int serial, int days) { X509_REQ_set_pubkey(x,puk); name=X509_REQ_get_subject_name(x); // it gives errors i don't knoe why //X509_NAME_add_entry_by_txt(name,C,MBSTRING_ASC, UK, -1, -1, 0); //X509_NAME_add_entry_by_txt(name,CN,MBSTRING_ASC, OpenSSL Group, -1, -1, 0); X509_REQ_sign(x,puk,EVP_md5()); return x; } the certificate authority receive this request and reply by the certificate the function that make certificate as below X509* CertificateAuthority :: CreateCertificate (X509 *issuer, X509_REQ *req, RSA *key ) { X509 *cert = NULL; int rv; X509_NAME *xn_req = NULL, *subject = NULL; EVP_PKEY *pkey = NULL; //create the certificate X509 * x509; x509 = X509_new(); X509_NAME *issuerSubject = X509_get_subject_name(issuer); X509_set_issuer_name(cert, issuerSubject); xn_req = X509_REQ_get_subject_name(req); X509_set_subject_name(cert, subject); pkey = X509_REQ_get_pubkey(req); rv = X509_set_pubkey(cert, pkey); X509_gmtime_adj(X509_get_notBefore(cert), 0); X509_gmtime_adj(X509_get_notAfter(cert), 36400); signCertificateWithKey(cert, key); return cert; } when i compile i got this error ../src/aerorp/model/certificate-authority.cc: In member function ‘X509* ns3::AeroRP::CertificateAuthority::CreateCertificate(X509*, X509_REQ*, RSA*)’: ../src/aerorp/model/certificate-authority.cc:58:37: error: ‘signCertificateWithKey’ was not declared in this scope thanks allot for help -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
generate key errors
dear all i'm trying to generate rsa keypair to be used in a class that has an attribute RSA*rsa_keyPair; and i use function RSA AeroRoutingProtocol :: GenerateRSAKeyPair ( ) { rsa_keyPair = RSA_generate_key(2084,RSA_F4,NULL,NULL); return rsa_keyPair; } when i try to compile this code i got this error In member function ‘RSA ns3::AeroRP::AeroRoutingProtocol::GenerateRSAKeyPair()’: ../src/aerorp/model/aerorp-routing-protocol.cc:1322:13: error: could not convert ‘((ns3::AeroRP::AeroRoutingProtocol*)this)-ns3::AeroRP::AeroRoutingProtocol::rsa_keyPair’ from ‘RSA* {aka rsa_st*}’ to ‘RSA {aka rsa_st}’ ../src/aerorp/model/aerorp-routing-protocol.cc:1323:3: error: control reaches end of non-void function [-Werror=return-type] cc1plus: all warnings being treated as errors i need help please -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
create certificate
dear all i'm trying to make my certificate authority which will create certificate when receive certificate signing request i write this code 1- i create the CSR and sign it which created in the node itself 2- i send the CSR to CA to create a certificate for the node which send previous CSR code for CSR * X509_REQ * AeroRoutingProtocol :: MakeSignedCertReq (int bits, int serial, int days) * { * X509_REQ_set_pubkey(x,puk); * name=X509_REQ_get_subject_name(x); * X509_NAME_add_entry_by_txt(name,C,MBSTRING_ASC, UK, -1, -1, 0); * X509_NAME_add_entry_by_txt(name,CN,MBSTRING_ASC, OpenSSL Group, -1, -1, 0); * X509_REQ_sign(x,puk,EVP_md5()); * return x; * } X509 CreateCertificate (X509 *issuer, X509_REQ *req, RSA *key); X509 CertificateAuthority::CreateCertificate (X509 *issuer, X509_REQ *req, RSA *key ) { X509 *cert = NULL; int rv; X509_NAME *xn_req = NULL, *subject = NULL; EVP_PKEY *pkey = NULL; //create the certificate X509 * x509; x509 = X509_new(); X509_NAME *issuerSubject = X509_get_subject_name(issuer); X509_set_issuer_name(cert, issuerSubject); xn_req = X509_REQ_get_subject_name(req); X509_set_subject_name(cert, subject); pkey = X509_REQ_get_pubkey(req); rv = X509_set_pubkey(cert, pkey); X509_gmtime_adj(X509_get_notBefore(cert), 0); X509_gmtime_adj(X509_get_notAfter(cert), 36400); signCertificateWithKey(cert, key); return cert; } is that correct or i miss something -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
certificate issue
Dear all i need help if i have a certificate in X509 structure how can i convert it into unsigned int format this is too important for me thanks for your help -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
Certificate
Dear all I need your help for those points 1- i want create 102 certificate from a certificate authority that i made ((101 node and 1 CA) 2- change the certificate that i have created into unsigned int in order to fit the simulator that i work with as a header type i use NS3 simulator please i need help -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
Re: Certificate
thanks allot sir for reply. i have attached my code for certificate authority i'm working with network simulator NS3 to simulate an AdHoc network what i want do is a certificate authority that provide me with 1- create a certificate for all the nodes in the network should be 101 node and a certificate for the certificate authority itself 2- change the certificate into unsigned int in order to fit the simulator packet structure 3- certificate authority should provide each node with the private key which will be stored to be used later i need help to construct this please and thanks allot for helping me On Tue, Aug 26, 2014 at 2:26 PM, Mauricio Tavares raubvo...@gmail.com wrote: On Aug 26, 2014 2:45 AM, Amir Reda amirale...@gmail.com wrote: Dear all I need your help for those points 1- i want create 102 certificate from a certificate authority that i made ((101 node and 1 CA) 2- change the certificate that i have created into unsigned int in order to fit the simulator that i work with as a header type i use NS3 simulator please i need help What is the problem exactly? Post the cert creation script you wrote and the errors you are getting. -- Warmest regards and best wishes for a good health,urs sincerely mero -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
Re: Certificate
thanks allot sir for reply. i have attached my code for certificate authority i'm working with network simulator NS3 to simulate an AdHoc network what i want do is a certificate authority that provide me with 1- create a certificate for all the nodes in the network should be 101 node and a certificate for the certificate authority itself 2- change the certificate into unsigned int in order to fit the simulator packet structure 3- certificate authority should provide each node with the private key which will be stored to be used later i need help to construct this please and thanks allot for helping me On Tue, Aug 26, 2014 at 2:26 PM, Mauricio Tavares raubvo...@gmail.com wrote: On Aug 26, 2014 2:45 AM, Amir Reda amirale...@gmail.com wrote: Dear all I need your help for those points 1- i want create 102 certificate from a certificate authority that i made ((101 node and 1 CA) 2- change the certificate that i have created into unsigned int in order to fit the simulator that i work with as a header type i use NS3 simulator please i need help What is the problem exactly? Post the cert creation script you wrote and the errors you are getting. -- Warmest regards and best wishes for a good health,urs sincerely mero -- Warmest regards and best wishes for a good health,*urs sincerely * *mero* /* -*- Mode: C++; c-file-style: gnu; indent-tabs-mode:nill; -*- */ /* * Copyright (c) 2012 Amir Reda * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation; * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * *Based on AeroRP *Authors: Dr/ Sherif Khatab s.khat...@fci-cu.edu.eg * Eng/ Amir mohamed Reda amirale...@gmail.com */ #ifndef AeroRPCA_H #define AeroRPCA_H #include iostream #include ns3/header.h #include ns3/ipv4-address.h #include ns3/nstime.h #include ns3/enum.h #include ns3/simulator.h #include map namespace ns3 { namespace AeroRP { class CertificateAuthority { public: X509 CreateCertificate (uint32_t sn , X509_NAME name , RSA pubKey ); void SetMyPrivateKey (); RSA GetMyPrivateKey (); void SetMyPublicKey (RSA caPrivateKey); RSA GetMyPublicKey (); RSA GeneratePrivateKey (int bits, unsigned long exp, void (*cb)(int, int, void), void *cb_arg ); private: //std::mapIpv4Address,std::pair IssuerTableEntry , Time m_issuerTable; //std::mapIpv4Address,std::pair Certificate , Time m_certificate; RSA m_caPublicKey; RSA m_caPrivatekey; }; } } /* -*- Mode: C++; c-file-style: gnu; indent-tabs-mode:nill; -*- */ /* * Copyright (c) 2012 Amir Reda * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation; * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * *Based on AeroRP *Authors: Dr/ Sherif Khatab s.khat...@fci-cu.edu.eg * Eng/ Amir mohamed Reda amirale...@gmail.com */ namespace ns3 { namespace AeroRP { X509 CertificateAuthority::CreateCertificate (uint32_t sn , X509_NAME name , RSA pubKey ) { //create the certificate X509 * x509; x509 = X509_new(); //add some x509 properties to the certificate ASN1_INTEGER_set(X509_get_serialNumber(x509), sn); //adds the specified number of seconds to the current time X509_gmtime_adj(X509_get_notBefore(x509), 0); //ets the certificate's notAfter property to 365 days from now X509_gmtime_adj(X509_get_notAfter(x509), 31536000L); //set the key X509_set_pubkey(x509, pubKey); //set name X509_set_issuer_name(x509, name); X509_sign(x509, m_caPrivatekey, EVP_sha1()); } void CertificateAuthority :: SetMyPrivateKey (int bits, unsigned long exp, void (*cb)(int, int, void), void *cb_arg ) { // all the variables isn't changed i need to make them variables //create private key //EVP_PKEY * pkey; //pkey = EVP_PKEY_new(); //generate rsa key m_caPrivatekey = GeneratePrivateKey( bits//2048,/* number of bits for the key - 2048