[openssl-users] AES-GCM processing time
dear all
i am using Authenticated Encryption AES-GCM. i am trying to calculate the
processing time for encrypting a data message of size 500 byte
clock_t startEncryption, endEncryption;
double msecs1;
startEncryption = clock();
unsigned char plaintext[500] =
{'f','a','3','1','3','2','2','5','f','8','8','4','0','6','e','5','a','5','5','9','0','9','c','5','a','f','f','5','2','6','9','a','8','6','a','7','a','9','5','3','1','5','3','4','f','7','d','a','2','e','4','c','3','0','3','d','8','a','3','1','8','a','7','2','1','c','3','c','0','c','9','5','9','5','6','8','0','9','5','3','2','f','c','f','0','e','2','4','4','9','a','6','b','5','2','5','b','1','6','a','e','d','f','5','a','a','0','d','e','6','5','7','b','a','6','3','7','b','3','9','f','a','3','1','3','2','2','5','f','8','8','4','0','6','e','5','a','5','5','9','0','9','c','5','a','f','f','5','2','6','9','a','8','6','a','7','a','9','5','3','1','5','3','4','f','7','d','a','2','e','4','c','3','0','3','d','8','a','3','1','8','a','7','2','1','c','3','c','0','c','9','5','9','5','6','8','0','9','5','3','2','f','c','f','0','e','2','4','4','9','a','6','b','5','2','5','b','1','6','a','e','d','f','5','a','a','0','d','e','6','5','7','b','a','6','3','7','b','3','9',
'f','a','3','1','3','2','2','5','f','8','8','4','0','6','e','5','a','5','5','9','0','9','c','5','a','f','f','5','2','6','9','a','8','6','a','7','a','9','5','3','1','5','3','4','f','7','d','a','2','e','4','c','3','0','3','d','8','a','3','1','8','a','7','2','1','c','3','c','0','c','9','5','9','5','6','8','0','9','5','3','2','f','c','f','0','e','2','4','4','9','a','6','b','5','2','5','b','1','6','a','e','d','f','5','a','a','0','d','e','6','5','7','b','a','6','3','7','b','3','9'
,'f','a','3','1','3','2','2','5','f','8','8','4','0','6','e','5','a','5','5','9','0','9','c','5','a','f','f','5','2','6','9','a','8','6','a','7','a','9','5','3','1','5','3','4','f','7','d','a','2','e','4','c','3','0','3','d','8','a','3','1','8','a','7','2','1','c','3','c','0','c','9','5','9','5','6','8','0','9','5','3','2','f','c','f','0','e','2','4','4','9','a','6','b','5','2','5','b','1','6','a','e','d','f','5','a','a','0','d','e','6','5','7','b','a','6','3','7','b','3','9'
,'f','a','3','1','3','2','2','5','f','8','8','4','0','6','e','5','a','5','5','9'};
unsigned char key [32] =
{'f','e','f','f','e',9,9,2,8,6,6,5,7,3,1,'c',6,'d',6,'a',8,'f',9,4,6,7,3,0,8,3,0,8};
//unsigned char key [48] = ;
unsigned char aad[8] = {'f','e','e','d','f','a','c','e'};
//unsigned char iv[24] =
{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
unsigned char iv[16] = {9,3,1,3,2,2,5,'d','f',8,8,4,0,6,'e',5};
unsigned char cipher[500];
unsigned char tag[16];
unsigned char extractedpalintext[500];
int encryptionsize = 0;
encryptionsize =
servertest.AuthenticationEncryption(plaintext,500,aad,8,key,32,iv,16,cipher,tag);
servertest.AuthenticationDecryption(cipher,500,aad,8,tag,key,32,iv,16,extractedpalintext);
servertest.AuthenticationDecryption(cipher,120,fakeaad,40,tag,key,32,iv,120,extractedpalintext);
endEncryption = clock();
msecs1 = ((double) (endEncryption - startEncryption)) * 100.0 /
CLOCKS_PER_SEC;
couttime for encryption start startEncryption msec
end time endEncryption msecendl;
cout encryption start time msecs1msecendl;
the time at start and end time
time for encryption start 487 msec end time 487 msec
this made the processing time is 0 msec
functions for encryption and decryption
int
Server::AuthenticationEncryption(unsigned char plaintext[], int ptextsize,
unsigned char aad[], int aadlen, unsigned char key[],int keysize,
unsigned char iv[],int ivsize, unsigned char ciphertext[], unsigned
char tag[])
{
int len;
int ciphertext_len;
EVP_CIPHER_CTX *ctx;
ctx = EVP_CIPHER_CTX_new();
//Initialize the encryption operation
if (1 == EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
{
coutsuccess inttializeendl;
}
else
{
coutsomething wrongendl;
}
//Set IV length should be more than 12 byte or 96 bit normally 16
if (1 == EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivsize,
NULL))
{
coutsuccess adding ivendl;
}
else
{
coutsomething wrongendl;
}
//Initialize key and IV
if (1 == EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
{
coutsuccess initialize key and iv endl;
}
else
{
coutsomething wrongendl;
}
//add AAD data
if (1 == EVP_EncryptUpdate(ctx, NULL, len, aad, aadlen))
{
coutsuccess adding AADendl;
}
else
{
coutsomething wrongendl;
}
//encrypt the message
if (1 == EVP_EncryptUpdate(ctx, ciphertext, len, plaintext,
ptextsize))
{
coutsuccess encryptionendl;
ciphertext_len = len;
}
else
{
coutsomething wrongendl;
}
[openssl-users] GCM
dear all
i'm trying to use AES-GCM model for encryption i use a sample code for that
and my problem is
ret = EVP_DecryptFinal_ex(ctx, plaintext + len, len);
ret all the time is 0 this means that
the plaintext is not trustworthy.
encryption function
int
Server::AuthenticationEncryption(unsigned char plaintext[], int ptextsize,
unsigned char aad[], int aadlen, unsigned char key[],int keysize,
unsigned char iv[],int ivsize, unsigned char ciphertext[], unsigned
char tag[])
{
int len;
int ciphertext_len;
EVP_CIPHER_CTX *ctx;
ctx = EVP_CIPHER_CTX_new();
//Initialize the encryption operation
if (1 == EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
{
coutsuccess inttializeendl;
}
else
{
coutsomething wrongendl;
}
//Set IV length should be more than 12 byte or 96 bit normally 16
if (1 == EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivsize,
NULL))
{
coutsuccess adding ivendl;
}
else
{
coutsomething wrongendl;
}
//Initialize key and IV
if (1 == EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
{
coutsuccess initialize key and iv endl;
}
else
{
coutsomething wrongendl;
}
//add AAD data
if (1 == EVP_EncryptUpdate(ctx, NULL, len, aad, aadlen))
{
coutsuccess adding AADendl;
}
else
{
coutsomething wrongendl;
}
//encrypt the message
if (1 == EVP_EncryptUpdate(ctx, ciphertext, len, plaintext,
ptextsize))
{
coutsuccess encryptionendl;
ciphertext_len = len;
}
else
{
coutsomething wrongendl;
}
//finalize the encryption
if (1 == EVP_EncryptFinal_ex(ctx, ciphertext + len, len))
{
coutsuccess final encryptionendl;
ciphertext_len += len;
coutcipher length is ciphertext_lenendl;
}
else
{
coutsomething wrongendl;
}
//get the tag
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag);
return ciphertext_len;
}
decryption function
int
Server::AuthenticationDecryption(unsigned char ciphertext[], int ctextsize,
unsigned char aad[], int aadlen, unsigned char tag[],
unsigned char key[], int keysize, unsigned char iv[], int ivsize,
unsigned char plaintext[])
{
int len;
int plaintext_len;
EVP_CIPHER_CTX *ctx;
ctx = EVP_CIPHER_CTX_new();
//Initialize the encryption operation
if (1 == EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
{
coutsuccess initializeendl;
}
else
{
coutsomething wrongendl;
}
//Set IV length should be more than 12 byte or 96 bit normally 16
if (1 == EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivsize, NULL))
{
coutsuccess adding ivendl;
}
else
{
coutsomething wrongendl;
}
//Initialize key and IV
if (1 == EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
{
coutsuccess adding key and ivendl;
}
else
{
coutsomething wrongendl;
}
//add AAD data
if (1 == EVP_DecryptUpdate(ctx, NULL, len, aad, aadlen))
{
coutsuccess adding AADendl;
}
else
{
coutsomething wrongendl;
}
//Decrypt the message
if (1 == EVP_DecryptUpdate(ctx, plaintext, len , ciphertext,
ctextsize))
{
coutsuccess decryptionendl;
plaintext_len = len;
}
else
{
coutsomething wrongendl;
}
//add the tag
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag))
{
coutsuccess adding tagendl;
}
else
{
coutsomething wrongendl;
}
//finalize the Decryption
int ret = 1;
ret = EVP_DecryptFinal_ex(ctx, plaintext + len, len);
cout ret value is retendl;
if (ret 0)
{
coutsuccess final decryptionendl;
plaintext_len += len;
coutpalin text is plaintext_lenendl;
return plaintext_len;
}
else
{
coutdecrypt failendl;
return -1;
}
return ret;
}
and in main () i use that
unsigned char plaintext[120] =
{'f','a','3','1','3','2','2','5','f','8','8','4','0','6','e','5','a','5','5','9','0','9','c','5','a','f','f','5','2','6','9','a','8','6','a','7','a','9','5','3','1','5','3','4','f','7','d','a','2','e','4','c','3','0','3','d','8','a','3','1','8','a','7','2','1','c','3','c','0','c','9','5','9','5','6','8','0','9','5','3','2','f','c','f','0','e','2','4','4','9','a','6','b','5','2','5','b','1','6','a','e','d','f','5','a','a','0','d','e','6','5','7','b','a','6','3','7','b','3','9'};
unsigned char key [32] =
{'f','e','f','f','e',9,9,2,8,6,6,5,7,3,1,'c',6,'d',6,'a',8,'f',9,4,6,7,3,0,8,3,0,8};
unsigned char aad[40] =
sign problem
dear all
i have a problem with c++ code for sign some data here is the code
BIO *sgerr = NULL;
const char szPath[MAX_FILE_NAME_SIZE] = sgerr.pem;
sgerr = BIO_new_file(szPath,wb);
couti'm in sign digestendl;
//create private key
EVP_PKEY *priv_key = NULL;
priv_key = EVP_PKEY_new();
if (1 == EVP_PKEY_set1_RSA(priv_key,m_caKeyPairs))
{
coutSuccessful key private createdendl;
}
else
{
coutprivate key is badendl;
}
EVP_MD_CTX *mdctx = NULL;
mdctx = EVP_MD_CTX_create();
size_t *signlen = NULL;
//Initialize the DigestSign operation
if (1 == EVP_DigestSignInit(mdctx, NULL, EVP_sha1(), NULL, priv_key))
{
coutinitialize correctendl;
}
else
{
coutsomething wrongendl;
}
//update with the message
if (1 == EVP_DigestSignUpdate(mdctx, m_digestData,(DATA_SIZE +
RSA_KEY_SIZE)))
{
coutdigest created successfullyendl;
coutdigest is endl;
for (int i = 0; i DIGEST_SIZE; i++)
{
printf(0x%.2x , m_digest[i]);
}
coutendl;
}
else
{
coutsomething wrongendl;
}
//Finalise the DigestSign operation determine the sign length
if (1 == EVP_DigestSignFinal(mdctx, NULL, signlen))
{
coutsign length is (*signlen)endl;
}
else
{
coutsomething wrongendl;
}
if (1 == EVP_DigestSignFinal(mdctx, m_signedDigest, signlen))
{
coutsign successfully createdendl;
}
else
{
coutsomething wrongendl;
}
the output of this code in terminal during debugging
i'm in sign digest
Successful key private created
initialize correct
digest created successfully
digest is
0x99 0x2d 0x5c 0x5b 0x2f 0x7a 0x85 0x98 0x7c 0x69 0xca 0x33 0x17 0xab 0x87
0x7c 0x79 0x73 0xd7 0x4a
until i arrive to this point
if (1 == EVP_DigestSignFinal(mdctx, NULL, signlen))
i got this error
No source available for EVP_PKEY_sign() at 0xb7ede098
even this function just return the length of the sign
note i'm using eclipse kepler and i don't know what i did wrong
--
Warmest regards and best wishes for a good health,*urs sincerely *
*mero*
sign problem
dear all i made an application a client server the client send a
certificate request and server reply with the certificate and it creates a
encrypted shared key and some data and sign the digest of the shared key
and data
my problem is
1- in SignDigest() in EVP_DigestSignFinal(mdctx, NULL, signlen); function
return an error No source available for EVP_PKEY_sign() at 0xb7ede098
i don't know the reason for this error it should return the length of the
sign only
then i reserve a location in memory with this size
please help me
--
Warmest regards and best wishes for a good health,*urs sincerely *
*mero*
//
// Name: certificate.cpp
// Author : Amir
// Version :
// Copyright : Your copyright notice
// Description : Hello World in C++, Ansi-style
//
#include iostream
#include server.h
#include client.h
using namespace std;
int main()
{
clock_t start, end;
double msecs;
start = clock();
Client clientest;
Server servertest;
X509 *cert;
cert = servertest.CreateCertificate(clientest.MakeSignedCertReq());
clientest.SetCert(cert);
clientest.CertConverter();
X509 *test;
test = clientest.GetCert();
servertest.CheckCert(cert);
int serial = 0;
serial = clientest.ExtractCertSerial();
coutclient serial is serialendl;
servertest.SetSharedKey();
servertest.EncryptSharedKey(cert);
unsigned char enckey[RSA_KEY_SIZE];
servertest.GetEncryptedKey(enckey,RSA_KEY_SIZE);
clientest.DecryptSharedKey(enckey);
servertest.SetData(DATA_SIZE);
servertest.SetDigestData();
servertest.CreateDigest();
servertest.SignDigest();
end = clock();
msecs = ((double) (end - start)) * 1000 / CLOCKS_PER_SEC;
couttime is msecsmsecendl;
return 0;
}
/*
* client.cc
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
#include client.h
Client :: Client()
{
m_myCertReq = X509_REQ_new();
m_myCert = X509_new();
m_name = X509_NAME_new();
m_rsa_keyPair = RSA_new();
m_puk = EVP_PKEY_new();
GenerateRSAKeyPair();
}
Client :: ~Client()
{
X509_REQ_free(m_myCertReq);
X509_free(m_myCert);
RSA_free(m_rsa_keyPair);
}
void
Client :: GenerateRSAKeyPair ( )
{
m_rsa_keyPair = RSA_generate_key((8*RSA_KEY_SIZE),RSA_F4,NULL,NULL);
BIO *pubout = NULL;
const char szPath[MAX_FILE_NAME_SIZE] = clrsa.pem;
pubout = BIO_new_file(szPath,wb);
PEM_write_bio_RSAPublicKey (pubout , m_rsa_keyPair);
BIO_free(pubout);
}
void
Client::SetPublicKey()
{
EVP_PKEY_assign_RSA(m_puk,m_rsa_keyPair);
BIO *out = NULL;
const char szPath[MAX_FILE_NAME_SIZE] = cpuky.pem;
out = BIO_new_file(szPath,wb);
PEM_write_bio_PUBKEY(out,m_puk);
}
X509_REQ*
Client::MakeSignedCertReq()
{
//adds all digest algorithms to the table
OpenSSL_add_all_digests();
SetPublicKey();
//include the public key in the req
X509_REQ_set_pubkey(m_myCertReq,m_puk);
//set the subject name of the request
m_name=X509_REQ_get_subject_name(m_myCertReq);
//set the request
X509_NAME_add_entry_by_txt(m_name,C,MBSTRING_ASC, (const unsigned char *)UK, -1, -1, 0);
X509_NAME_add_entry_by_txt(m_name,CN,MBSTRING_ASC, (const unsigned char *)OpenSSL Group, -1, -1, 0);
//sign the req
X509_REQ_sign(m_myCertReq,m_puk,EVP_sha1());
BIO *out = NULL;
const char szPath[MAX_FILE_NAME_SIZE] = req.pem;
out = BIO_new_file(szPath,wb);
PEM_write_bio_X509_REQ(out,m_myCertReq);
BIO_free(out);
return m_myCertReq;
}
void
Client::SetCert(X509 *cert)
{
m_myCert = cert;
BIO *out = NULL;
const char szPath[MAX_FILE_NAME_SIZE] = clcrt.pem;
out = BIO_new_file(szPath,wb);
PEM_write_bio_X509 (out , cert);
}
int
Client::CertConverter()
{
int len = i2d_X509(m_myCert, NULL);
unsigned char *buf, *p;
buf = (unsigned char *)OPENSSL_malloc(len);
p = buf;
i2d_X509(m_myCert, p);
unsigned char certarray[len];
for (int i = 0 ; ilen ; i++)
{
certarray[i] = *(p-len+i);
}
coutcert len is lenendl;
cout converted client cert isendl;
for (int j = 0 ; jlen ; j++)
{
printf(0x%.2x , certarray[j]);
}
coutendl;
X509 *certtest;
unsigned char *buf1;
buf1 = certarray;
const unsigned char *p1 = buf1;
p1 = buf1;
certtest = d2i_X509(NULL, p1, CERT_SIZE);
FILE * fcert;
fcert = fopen(certarray.pem, wb);
PEM_write_X509(
fcert,//write the certificate to the file we've opened
certtest //our certificate
);
return 0;
}
X509*
Client::GetCert()
{
return m_myCert;
}
int
Client::ExtractCertSerial()
{
int serial = 0;
unsigned char **out = NULL;
ASN1_INTEGER *asn1_serial = NULL;
asn1_serial = X509_get_serialNumber(m_myCert);
serial = i2d_ASN1_INTEGER(asn1_serial, out);
return (serial);
}
void
Client::DecryptSharedKey(unsigned char encryptedkey[])
{
int padding =
Re: sign problem
sorry sir what do you mean by your question On Wed, Nov 19, 2014 at 9:02 AM, Niraj Sorathiya nirajsorathiya...@gmail.com wrote: Hello Everyone, Where we are executing these client.cc,server.cc,client.h,server.h,certificate.cpp files ? As i want to make my own Digital Certificate using my own algorithm i was not understanding where to execute these files. Thankyou. Regards, Niraj. On Wed, Nov 19, 2014 at 12:12 AM, Scott Neugroschl scot...@xypro.com wrote: That looks like a debugger message, not an actual error from the code. *From:* owner-openssl-us...@openssl.org [mailto: owner-openssl-us...@openssl.org] *On Behalf Of *Amir Reda *Sent:* Tuesday, November 18, 2014 10:29 AM *To:* openssl-users@openssl.org *Subject:* sign problem dear all i made an application a client server the client send a certificate request and server reply with the certificate and it creates a encrypted shared key and some data and sign the digest of the shared key and data my problem is 1- in SignDigest() in EVP_DigestSignFinal(mdctx, NULL, signlen); function return an error No source available for EVP_PKEY_sign() at 0xb7ede098 i don't know the reason for this error it should return the length of the sign only then i reserve a location in memory with this size please help me -- Warmest regards and best wishes for a good health,*urs sincerely * *mero* -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
RSA sign
dear all
i have a client server client application the server should created an
encrypted shared key and some data and make digest of both of them (data
and encrypted shared key) as an input to SHA1 then the server should sign
the output of the hash with function SignDigest() which include function
RSA_sign to sign the digest
my problem is
1- the code give an error No source available for RSA_sign() at
0xb7ea85e5
2- i have tried to know what is the error so i added
error = ERR_get_error();
but i got nothing can you tell me what i did wrong
thanks allot for your reply
--
Warmest regards and best wishes for a good health,*urs sincerely *
*mero*
//
// Name: certificate.cpp
// Author : Amir
// Version :
// Copyright : Your copyright notice
// Description : Hello World in C++, Ansi-style
//
#include iostream
#include server.h
#include client.h
using namespace std;
int main()
{
clock_t start, end;
double msecs;
start = clock();
Client clientest;
Server servertest;
X509 *cert;
cert = servertest.CreateCertificate(clientest.MakeSignedCertReq());
clientest.SetCert(cert);
clientest.CertConverter();
X509 *test;
test = clientest.GetCert();
servertest.CheckCert(cert);
int serial = 0;
serial = clientest.ExtractCertSerial();
coutclient serial is serialendl;
servertest.SetSharedKey();
servertest.EncryptSharedKey(cert);
unsigned char enckey[RSA_KEY_SIZE];
servertest.GetEncryptedKey(enckey,RSA_KEY_SIZE);
clientest.DecryptSharedKey(enckey);
servertest.SetData(DATA_SIZE);
servertest.SetDigestData();
servertest.CreateDigest();
servertest.SignDigest();
end = clock();
msecs = ((double) (end - start)) * 1000 / CLOCKS_PER_SEC;
couttime is msecsmsecendl;
return 0;
}
/*
* client.cc
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
#include client.h
Client :: Client()
{
m_myCertReq = X509_REQ_new();
m_myCert = X509_new();
m_name = X509_NAME_new();
m_rsa_keyPair = RSA_new();
m_puk = EVP_PKEY_new();
GenerateRSAKeyPair();
}
Client :: ~Client()
{
X509_REQ_free(m_myCertReq);
X509_free(m_myCert);
RSA_free(m_rsa_keyPair);
}
void
Client :: GenerateRSAKeyPair ( )
{
m_rsa_keyPair = RSA_generate_key((8*RSA_KEY_SIZE),RSA_F4,NULL,NULL);
BIO *pubout = NULL;
const char szPath[MAX_FILE_NAME_SIZE] = clrsa.pem;
pubout = BIO_new_file(szPath,wb);
PEM_write_bio_RSAPublicKey (pubout , m_rsa_keyPair);
BIO_free(pubout);
}
void
Client::SetPublicKey()
{
EVP_PKEY_assign_RSA(m_puk,m_rsa_keyPair);
BIO *out = NULL;
const char szPath[MAX_FILE_NAME_SIZE] = cpuky.pem;
out = BIO_new_file(szPath,wb);
PEM_write_bio_PUBKEY(out,m_puk);
}
X509_REQ*
Client::MakeSignedCertReq()
{
//adds all digest algorithms to the table
OpenSSL_add_all_digests();
SetPublicKey();
//include the public key in the req
X509_REQ_set_pubkey(m_myCertReq,m_puk);
//set the subject name of the request
m_name=X509_REQ_get_subject_name(m_myCertReq);
//set the request
X509_NAME_add_entry_by_txt(m_name,C,MBSTRING_ASC, (const unsigned char *)UK, -1, -1, 0);
X509_NAME_add_entry_by_txt(m_name,CN,MBSTRING_ASC, (const unsigned char *)OpenSSL Group, -1, -1, 0);
//sign the req
X509_REQ_sign(m_myCertReq,m_puk,EVP_sha1());
BIO *out = NULL;
const char szPath[MAX_FILE_NAME_SIZE] = req.pem;
out = BIO_new_file(szPath,wb);
PEM_write_bio_X509_REQ(out,m_myCertReq);
BIO_free(out);
return m_myCertReq;
}
void
Client::SetCert(X509 *cert)
{
m_myCert = cert;
BIO *out = NULL;
const char szPath[MAX_FILE_NAME_SIZE] = clcrt.pem;
out = BIO_new_file(szPath,wb);
PEM_write_bio_X509 (out , cert);
}
int
Client::CertConverter()
{
int len = i2d_X509(m_myCert, NULL);
unsigned char *buf, *p;
buf = (unsigned char *)OPENSSL_malloc(len);
p = buf;
i2d_X509(m_myCert, p);
unsigned char certarray[len];
for (int i = 0 ; ilen ; i++)
{
certarray[i] = *(p-len+i);
}
coutcert len is lenendl;
cout converted client cert isendl;
for (int j = 0 ; jlen ; j++)
{
printf(0x%.2x , certarray[j]);
}
coutendl;
X509 *certtest;
unsigned char *buf1;
buf1 = certarray;
const unsigned char *p1 = buf1;
p1 = buf1;
certtest = d2i_X509(NULL, p1, CERT_SIZE);
FILE * fcert;
fcert = fopen(certarray.pem, wb);
PEM_write_X509(
fcert,//write the certificate to the file we've opened
certtest //our certificate
);
return 0;
}
X509*
Client::GetCert()
{
return m_myCert;
}
int
Client::ExtractCertSerial()
{
int serial = 0;
unsigned char **out = NULL;
ASN1_INTEGER *asn1_serial = NULL;
asn1_serial = X509_get_serialNumber(m_myCert);
serial = i2d_ASN1_INTEGER(asn1_serial, out);
return (serial);
}
void
Client::DecryptSharedKey(unsigned char
sign issue
dear all
i'm a Msc student that uses NS3 simulator to do some researches. my target
for right now is to make a sample code for a client and a server then add
it to the simulator
as a brief
1-the client send a certificate request and the server send the certificate
to the client
2- the client create a shared key and encrypt it using function
RSA_public_encrypt and create some data and sign the data and encrypted
shared key and send (client certificate and the data and the encrypted
shared key and the sign (of both encrypted shared key and the data)) to the
server side
3- the server will verify the certificate and decrypt the encrypted shared
key using its private key. and verify the sign using the public key
extracted from the client certificate
i have created the certificate and its working well and verified and the
encrypted shared key is done
my problem is
1- how to sign both the data and encrypted shared key with the private key
of the client even i have only RSA structure
2- the encrypted shared key should be encrypted by the public key of the
server which can be extracted from the server certificate but the method it
self RSA_public_encrypt got RSA structure as an argument
3-how can i verify the sign
do i need to make all of the data and encrypted shared key to digest then
sign it even i don't separated private and public key i have only RSA
structure and how to do that
thanks allot for help
--
Warmest regards and best wishes for a good health,*urs sincerely *
*mero*
//
// Name: certificate.cpp
// Author : Amir
// Version :
// Copyright : Your copyright notice
// Description : Hello World in C++, Ansi-style
//
#include iostream
#include server.h
#include client.h
using namespace std;
int main()
{
clock_t start, end;
double msecs;
start = clock();
Client clientest;
Server servertest;
X509 *cert;
cert = servertest.CreateCertificate(clientest.MakeSignedCertReq());
clientest.SetCert(cert);
clientest.CertConverter();
X509 *test;
test = clientest.GetCert();
servertest.CheckCert(cert);
int serial = 0;
serial = clientest.ExtractCertSerial();
coutclient serial is serialendl;
clientest.SetSharedKey();
clientest.EncryptSharedKey();
clientest.SetData(DATA_SIZE);
clientest.SignData();
clientest.SetDigestData(DATA_SIZE,RSA_KEY_SIZE);
X509 *certtest = NULL;
unsigned char data[DATA_SIZE];
unsigned char signeddata[RSA_KEY_SIZE];
servertest.client-GetData(certtest,data,DATA_SIZE,signeddata,RSA_KEY_SIZE);
//int serverserial = 0;
//serverserial = servertest.ExtractCertSerial();
//coutserver serial is serverserialendl;
end = clock();
msecs = ((double) (end - start)) * 1000 / CLOCKS_PER_SEC;
couttime is msecsmsecendl;
return 0;
}
/*
* client.cc
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
#include client.h
Client :: Client()
{
m_myCertReq = X509_REQ_new();
m_myCert = X509_new();
m_name = X509_NAME_new();
m_rsa_keyPair = RSA_new();
m_puk = EVP_PKEY_new();
GenerateRSAKeyPair();
}
Client :: ~Client()
{
X509_REQ_free(m_myCertReq);
X509_free(m_myCert);
RSA_free(m_rsa_keyPair);
}
void
Client :: GenerateRSAKeyPair ( )
{
m_rsa_keyPair = RSA_generate_key((8*RSA_KEY_SIZE),RSA_F4,NULL,NULL);
BIO *pubout = NULL;
const char szPath[MAX_FILE_NAME_SIZE] = clrsa.pem;
pubout = BIO_new_file(szPath,wb);
PEM_write_bio_RSAPublicKey (pubout , m_rsa_keyPair);
BIO_free(pubout);
}
void
Client::SetPublicKey()
{
EVP_PKEY_assign_RSA(m_puk,m_rsa_keyPair);
BIO *out = NULL;
const char szPath[MAX_FILE_NAME_SIZE] = cpuky.pem;
out = BIO_new_file(szPath,wb);
PEM_write_bio_PUBKEY(out,m_puk);
}
X509_REQ*
Client::MakeSignedCertReq()
{
//adds all digest algorithms to the table
OpenSSL_add_all_digests();
SetPublicKey();
//include the public key in the req
X509_REQ_set_pubkey(m_myCertReq,m_puk);
//set the subject name of the request
m_name=X509_REQ_get_subject_name(m_myCertReq);
//set the request
X509_NAME_add_entry_by_txt(m_name,C,MBSTRING_ASC, (const unsigned char *)UK, -1, -1, 0);
X509_NAME_add_entry_by_txt(m_name,CN,MBSTRING_ASC, (const unsigned char *)OpenSSL Group, -1, -1, 0);
//sign the req
X509_REQ_sign(m_myCertReq,m_puk,EVP_sha1());
BIO *out = NULL;
const char szPath[MAX_FILE_NAME_SIZE] = req.pem;
out = BIO_new_file(szPath,wb);
PEM_write_bio_X509_REQ(out,m_myCertReq);
BIO_free(out);
return m_myCertReq;
}
void
Client::SetCert(X509 *cert)
{
m_myCert = cert;
BIO *out = NULL;
const char szPath[MAX_FILE_NAME_SIZE] = clcrt.pem;
out = BIO_new_file(szPath,wb);
PEM_write_bio_X509 (out , cert);
}
int
Client::CertConverter()
{
int len = i2d_X509(m_myCert, NULL);
unsigned char *buf, *p;
buf =
sign and encryption issue
dear all i'm trying to use method RSA_private_encrypt () to sign some data (time stamp and random no) and send both data and sign and client certificate to server side. my problem is in server side to verify the time stamp and check its validity i use method RSA_public_decrypt () this function has RSA * as an argument to decrypt the data but i have only the public key which ill extract from the certificate that i receive from the client side. any help please and thanks allot -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
sign data and verify it
dear all
i made a code to sign some data then verify it part of this data should be
encrypted using rsa then sign it my problems is
1- i generate rsa key pairs and try to print it in a pem file but when i
open the file it was empty
2- when i use function RSA_public_encrypt () to encrypt some data it does
nothing because i print the data using cout before encryption then print
it after encryption it was the same
3- the sign function RSA_sign () has a problem
No source available for RSA_sign() at 0xb7e525e5
i have attached the code may be this help to solve my problem and know what
i did wrong
thx allot for help
--
Warmest regards and best wishes for a good health,*urs sincerely *
*mero*
//
// Name: rsa_sign.cpp
// Author : Amir
// Version :
// Copyright : Your copyright notice
// Description : Hello World in C++, Ansi-style
//
#include iostream
#include sign.h
using namespace std;
int main()
{
Sign test;
test.SetANData(16);
test.SetGSData(16,256);
test.EncryptSharedKey();
test.DecryptSharedKey();
test.SignData();
test.VerifyData();
return 0;
}
/*
* sign.cc
*
* Created on: Nov 1, 2014
* Author: amir
*/
#include sign.h
Sign::Sign()
{
SetSharedKey();
GenerateRSAPairs();
}
Sign::~Sign()
{
RSA_free(m_rsa_pair);
}
void
Sign::SetANData(int size)
{
coutandata is endl;
for (int i = 0 ; isize ; i++)
{
m_anData[i]=i;
coutm_anData[i];
}
coutendl;
}
void
Sign::SetGSData(int size, int sharedkeysize)
{
coutgsdata is endl;
int totalsize = size +sharedkeysize;
for (int i = 0 ; isize ; i++)
{
m_gsData[i]=i;
coutm_gsData[i];
}
for (int j = size ; jtotalsize ; j++)
{
m_gsData[j]= m_sharedKey[j];
coutm_gsData[j];
}
coutendl;
}
void
Sign::SetSharedKey()
{
coutshared key is endl;
for (int i = 0; i256 ; i++)
{
m_sharedKey[i] = i;
coutm_sharedKey[i];
}
coutendl;
}
void
Sign::GenerateRSAPairs()
{
m_rsa_pair = RSA_generate_key(2048,RSA_F4,NULL,NULL);
BIO *pubout = NULL;
const char szPath[10] = rsa.pem;
pubout = BIO_new_file(szPath,wb);
PEM_write_bio_RSAPublicKey (pubout , m_rsa_pair);
}
void
Sign::EncryptSharedKey()
{
int padding = RSA_PKCS1_PADDING;
RSA_public_encrypt(256,m_sharedKey,m_encryptedSharedKey,m_rsa_pair,padding);
coutencrypted shared key is endl;
for (int i = 0 ; i2048 ; i++)
{
coutm_encryptedSharedKey[i];
}
coutendl;
}
void
Sign::DecryptSharedKey()
{
int padding = RSA_PKCS1_PADDING;
RSA_private_decrypt(2048,m_encryptedSharedKey,m_sharedKey,m_rsa_pair,padding);
cout shared key is endl;
for (int i = 0 ; i2048 ; i++)
{
coutm_sharedKey[i];
}
coutendl;
}
void
Sign::SignData()
{
couti'm hereendl;
unsigned int *siglen = NULL;
RSA_sign(NID_sha1, m_anData, 16, m_ANsignedData, siglen, m_rsa_pair);
coutsign length is *siglenendl;
}
bool
Sign::VerifyData()
{
int status = 0;
status = RSA_verify(NID_sha1, m_anData, AN_Data_Size, m_ANsignedData, 256,m_rsa_pair);
if (status == 1)
{
return true;
coutverification is okendl;
}
else
{
return false;
coutverification failendl;
}
return false;
}
/*
* sign.h
*
* Created on: Nov 1, 2014
* Author: amir
*/
#ifndef SIGN_H_
#define SIGN_H_
#include iostream
#include openssl/rsa.h
#include openssl/pem.h
#include openssl/x509.h
#include openssl/conf.h
#include stdlib.h
#include stdio.h
using namespace std;
#define Shared_Key_Size 256
#define AN_Data_Size16
#define GS_Data_Size16
class Sign
{
public:
Sign();
~Sign();
void SetANData(int size);
void SetGSData(int size,int sharedkeysize);
void SetSharedKey();
void GenerateRSAPairs ();
void EncryptSharedKey();
void DecryptSharedKey();
void SignData();
bool VerifyData();
private:
unsigned char m_sharedKey[Shared_Key_Size];
unsigned char m_anData[AN_Data_Size];
unsigned char m_gsData[GS_Data_Size];
unsigned char m_encryptedSharedKey[2048];
unsigned char m_ANsignedData[256];
RSA *m_rsa_pair;
};
#endif /* SIGN_H_ */
Re: sign data and verify it
dear sir i already installed ssl lib i use this command amir@amir-Master:~$ sudo apt-get install libssl-dev [sudo] password for amir: Reading package lists... Done Building dependency tree Reading state information... Done libssl-dev is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. amir@amir-Master:~$ as you can see it is already installed are there any solution On Fri, Oct 31, 2014 at 4:14 PM, Jeffrey Walton noloa...@gmail.com wrote: On Fri, Oct 31, 2014 at 6:57 AM, Amir Reda amirale...@gmail.com wrote: dear all i made a code for sign some data and verify it i am using eclipse as IDE and ubuntu 13.10 i have linked eclipse with ssl lib and crypto++ which i use in this code i got an error Invoking: Cross G++ Linker g++ -L/usr/include/openssl -L/usr/include/cryptopp -L/usr/include/crypto++ -L/usr/include -o sign ./src/sign.o -lssl -lcryptopp -lcrypto++ /usr/bin/ld: ./src/sign.o: undefined reference to symbol 'RSA_sign@@OPENSSL_1.0.0' /lib/i386-linux-gnu/libcrypto.so.1.0.0: error adding symbols: DSO missing from command line collect2: ld returned 1 exit status Be sure you have the dev package installed for Ubuntu. I think that's 'sudo apt-get install libssl-dev'.(See https://packages.debian.org/search?keywords=libssl-dev). Add '-lss -lcrypto'. They are the OpenSSL libraries. Add them in the order shown. '-lcryptopp -lcrypto++' are Wei Dai's Crypto++ libraries. Are you sure you need them? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
sign data and verify it
dear all i made a code for sign some data and verify it i am using eclipse
as IDE and ubuntu 13.10 i have linked eclipse with ssl lib and crypto++
which i use in this code i got an error
Invoking: Cross G++ Linker
g++ -L/usr/include/openssl -L/usr/include/cryptopp -L/usr/include/crypto++
-L/usr/include -o sign ./src/sign.o -lssl -lcryptopp -lcrypto++
/usr/bin/ld: ./src/sign.o: undefined reference to symbol 'RSA_sign@
@OPENSSL_1.0.0'
/lib/i386-linux-gnu/libcrypto.so.1.0.0: error adding symbols: DSO missing
from command line
collect2: ld returned 1 exit status
what can i do i need real help
--
Warmest regards and best wishes for a good health,*urs sincerely *
*mero*
/*
* sign.cc
*
* Created on: Oct 30, 2014
* Author: amir
*/
#include sign.h
Sign::Sign()
{
m_rsa_keyPairs = RSA_new();
GenerateRSAPairs();
SetSharedKey();
}
Sign::~Sign()
{
RSA_free(m_rsa_keyPairs);
}
void
Sign::SetANData(int size)
{
coutandata is endl;
for (int i = 0 ; isize ; i++)
{
m_ANdata[i]=i;
coutm_ANdata[i];
}
}
void
Sign::SetGSData(int size,int sharedsize)
{
coutgsdata is endl;
sharedsize = CryptoPP::AES::DEFAULT_KEYLENGTH;
int totalsize = size +sharedsize;
for (int i = 0 ; isize ; i++)
{
m_GSdata[i]=i;
coutm_GSdata[i];
}
for (int j = size ; jtotalsize ; j++)
{
m_GSdata[j]=m_sharedKey[j];
coutm_GSdata[j];
}
}
void
Sign::SetSharedKey()
{
CryptoPP::AutoSeededRandomPool prng;
prng.GenerateBlock( m_sharedKey, CryptoPP::AES::DEFAULT_KEYLENGTH);
}
void
Sign::EncryptSharedKey()
{
int padding = RSA_PKCS1_PADDING;
RSA_public_encrypt(CryptoPP::AES::DEFAULT_KEYLENGTH,m_sharedKey,m_encryptedSharedKey,m_rsa_keyPairs,padding);
}
void
Sign::DecryptSharedKey()
{
int padding = RSA_PKCS1_PADDING;
RSA_private_decrypt(RSA_size(m_rsa_keyPairs),m_encryptedSharedKey,m_sharedKey,m_rsa_keyPairs,padding);
}
void
Sign::SignData(unsigned char *signeddata , const unsigned char *datatobesigned , unsigned int m_len , unsigned int *siglen)
{
RSA_sign(NID_sha1, datatobesigned, m_len, signeddata, siglen, m_rsa_keyPairs);
coutsign length is siglenendl;
}
bool
Sign::VerifySign(const unsigned char *signeddata , const unsigned char *datatobesigned , unsigned int m_len , unsigned int siglen)
{
int status = 0;
status = RSA_verify(NID_sha1, datatobesigned, m_len, signeddata, siglen,m_rsa_keyPairs);
if (status == 1)
{
return true;
coutverification is okendl;
}
else
{
return false;
coutverification failendl;
}
return false;
}
void
Sign::GenerateRSAPairs()
{
m_rsa_keyPairs = RSA_generate_key(2048,RSA_F4,NULL,NULL);
}
//
// Name: sign.cpp
// Author : Amir
// Version :
// Copyright : Your copyright notice
// Description : Hello World in C++, Ansi-style
//
#include iostream
#include sign.h
using namespace std;
int main()
{
Sign test;
test.SetANData(16);
test.SetGSData(16,CryptoPP::AES::DEFAULT_KEYLENGTH);
test.SignData(m_ANdata,m_ANsignData,16,256);
test.VerifySign(m_ANdata,m_ANsignData,16,256);
return 0;
}
/*
* sign.h
*
* Created on: Oct 30, 2014
* Author: amir
*/
#ifndef SIGN_H_
#define SIGN_H_
#include iostream
#include openssl/rsa.h
#include openssl/pem.h
#include openssl/conf.h
#include cryptopp/config.h
#include cryptopp/aes.h
#include cryptopp/osrng.h
#include cryptopp/hex.h
#include cryptopp/cryptlib.h
#include cryptopp/filters.h
#include stdlib.h
#include stdio.h
using namespace std;
class Sign
{
public:
Sign();
~Sign();
void SetANData(int size);
void SetGSData(int size,int sharedsize);
void SetSharedKey();
void GenerateRSAPairs();
void EncryptSharedKey();
void DecryptSharedKey();
void SignData(unsigned char *signeddata , const unsigned char *datatobesigned , unsigned int m_len , unsigned int *siglen);
bool VerifySign(const unsigned char *signeddata , const unsigned char *datatobesigned , unsigned int m_len , unsigned int siglen);
private:
RSA*m_rsa_keyPairs;
bytem_sharedKey[CryptoPP::AES::DEFAULT_KEYLENGTH];
unsigned char m_ANdata[16];
unsigned char m_GSdata[CryptoPP::AES::DEFAULT_KEYLENGTH + 16];
unsigned char m_ANsignData [256];
unsigned char m_GSsignData [256];
unsigned char m_encryptedSharedKey [2048];
};
#endif /* SIGN_H_ */
certificate
dear all
i have made a client server. the server acts as CA the client sends a
certificate request and the CA reply with a certificate
my problem is i got an error with memory issue .also in order to
troubleshoot this program i have put the CA self signed certificate in a
file and also the certificate of the client in a pem file also i change the
client certificate into an int and this make something unreadable
thx allot for help
--
Warmest regards and best wishes for a good health,*urs sincerely *
*mero*
//
// Name: certificate.cpp
// Author : Amir
// Version :
// Copyright : Your copyright notice
// Description : Hello World in C++, Ansi-style
//
#include iostream
#include server.h
#include client.h
using namespace std;
int main()
{
clock_t start, end;
double msecs;
start = clock();
Client clientest;
Server servertest;
X509 *cert;
cert = servertest.CreateCertificate(clientest.MakeSignedCertReq(1,20,90));
clientest.SetCert(cert);
clientest.CertConverter();
end = clock();
msecs = ((double) (end - start)) * 1000 / CLOCKS_PER_SEC;
couttime is msecsmsecendl;
return 0;
}
/*
* client.cc
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
#include client.h
Client :: Client()
{
m_myCertReq = X509_REQ_new();
m_myCert = X509_new();
m_name = X509_NAME_new();
m_rsa_keyPair = RSA_new();
m_puk = EVP_PKEY_new();
GenerateRSAKeyPair();
SetPublicKey();
}
Client :: ~Client()
{
X509_REQ_free(m_myCertReq);
X509_free(m_myCert);
X509_NAME_free(m_name);
RSA_free(m_rsa_keyPair);
EVP_PKEY_free(m_puk);
}
void
Client :: GenerateRSAKeyPair ( )
{
m_rsa_keyPair = RSA_generate_key(2048,RSA_F4,NULL,NULL);
}
void
Client::SetPublicKey()
{
EVP_PKEY_assign_RSA(m_puk,m_rsa_keyPair);
}
X509_REQ*
Client::MakeSignedCertReq(int bits, int serial, int days)
{
SetPublicKey();
//include the public key in the req
X509_REQ_set_pubkey(m_myCertReq,m_puk);
//set the subject name of the request
m_name=X509_REQ_get_subject_name(m_myCertReq);
//set the request
X509_NAME_add_entry_by_txt(m_name,C,MBSTRING_ASC, (const unsigned char *)UK, -1, -1, 0);
X509_NAME_add_entry_by_txt(m_name,CN,MBSTRING_ASC, (const unsigned char *)OpenSSL Group, -1, -1, 0);
//sign the req
X509_REQ_sign(m_myCertReq,m_puk,EVP_sha1());
return m_myCertReq;
}
void
Client::SetCert(X509 *cert)
{
cout writing certificate\n;
BIO *out = NULL;
const char szPath[10] = x509.pem;
out = BIO_new_file(szPath,wb);
m_myCert = cert;
int len;
unsigned char *buf, *p;
len = i2d_X509(cert, NULL);
cout cert length = len endl;
buf = (unsigned char *)OPENSSL_malloc(len);
p = buf;
i2d_X509(cert, p);
cout cert=;
for(int i=0; ilen; i++)
cout buf[i];
cout endl;
if(!PEM_write_bio_X509 (out , cert))
cout error writing certificate\n;
}
int
Client::CertConverter()
{
int len = i2d_X509(m_myCert, NULL);
unsigned char *buf, *p;
buf = (unsigned char *)OPENSSL_malloc(len);
p = buf;
i2d_X509(m_myCert, p);
unsigned char certarray[len];
for (int i = 0 ; ilen ; i++)
{
certarray[i] = *(p-len+i);
}
cout client cert is;
for (int j = 0 ; jlen ; j++)
{
cout certarray[j]endl;
}
return 0;
}
/*
* client.h
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
#ifndef CLIENT_H_
#define CLIENT_H_
#include stdlib.h
#include stdio.h
#include openssl/rsa.h
#include openssl/conf.h
#include openssl/x509.h
#include openssl/pem.h
#include server.h
class Client
{
public:
Client();
~Client();
void GenerateRSAKeyPair ();
void SetPublicKey ();
X509_REQ *MakeSignedCertReq(int bits, int serial, int days);
void SetCert (X509 *cert);
int CertConverter ();
private:
X509_REQ *m_myCertReq;
X509 *m_myCert;
X509_NAME *m_name;
RSA*m_rsa_keyPair;
EVP_PKEY *m_puk;
};
#endif /* CLIENT_H_ */
#include server.h
Server::Server()
{
m_myCert = X509_new();
m_caKeyPairs = RSA_new();
m_pukey = EVP_PKEY_new();
m_issuerName = X509_NAME_new();
GenerateMyKeyPairs();
CreateMyCertificate();
//SetPublicKey();
}
Server::~Server()
{
X509_free(m_myCert);
RSA_free(m_caKeyPairs);
X509_NAME_free(m_issuerName);
}
X509*
Server::CreateCertificate(X509_REQ* req)
{
couthello i beganendl;
X509 *m_req_reply;
m_req_reply = X509_new();
{int len = i2d_X509(m_req_reply, NULL);
cout cert length = len endl;}
X509_NAME *subject = NULL;
EVP_PKEY *pkey = NULL;
X509_NAME *issuerSubject = X509_get_subject_name(m_myCert);
X509_set_issuer_name(m_req_reply, issuerSubject);
//xn_req = X509_REQ_get_subject_name(req);
X509_set_subject_name(m_req_reply, subject);
cout cert subject name: X509_get_subject_name(m_req_reply) endl;
certificates
dear all
hope all are well. i have made a client server code the server is the
certificate authority and the client send a certificate request the server
got the request and reply with a certificate i have tried to put the
certificate in a file in a pem format in order to make sure the certificate
has been created but nothing created. and there are no compilation error
please just try the code i can't see anything wrong with it please help
2- if i want to send the generated certificate to another client and make a
verification code for that how can i made something like that i have
searched in crypto
https://www.openssl.org/docs/crypto/x509.html#
but i couldn't find any function to do that
thx allot for help
--
Warmest regards and best wishes for a good health,*urs sincerely *
*mero*
/*
* server.h
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
#ifndef SERVER_H_
#define SERVER_H_
#include stdlib.h
#include iostream
#include stdio.h
#include openssl/asn1.h
#include openssl/ssl.h
#include openssl/rsa.h
#include openssl/conf.h
#include openssl/x509.h
#include client.h
using namespace std;
class Server
{
public:
Server();
~Server();
X509 *CreateCertificate (X509_REQ *req);
void CreateMyCertificate();
void GenerateMyKeyPairs ( );
void SetPublicKey ();
private:
X509 *m_myCert;
RSA*m_caKeyPairs;
EVP_PKEY *m_pukey;
//Client *m_client;
};
#endif /* SERVER_H_ */
//
// Name: certificate.cpp
// Author : Amir
// Version :
// Copyright : Your copyright notice
// Description : Hello World in C++, Ansi-style
//
#include iostream
#include server.h
#include client.h
using namespace std;
int main()
{
Client clientest;
Server servertest;
X509 *cert;
cert = servertest.CreateCertificate(clientest.MakeSignedCertReq(1,20,90));
clientest.SetCert(cert);
return 0;
}
/*
* client.cc
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
#include client.h
Client :: Client()
{
m_myCertReq = X509_REQ_new();
m_myCert = X509_new();
m_name = X509_NAME_new();
m_rsa_keyPair = RSA_new();
m_puk = EVP_PKEY_new();
GenerateRSAKeyPair();
SetPublicKey();
}
Client :: ~Client()
{
X509_REQ_free(m_myCertReq);
X509_free(m_myCert);
X509_NAME_free(m_name);
RSA_free(m_rsa_keyPair);
EVP_PKEY_free(m_puk);
}
void
Client :: GenerateRSAKeyPair ( )
{
m_rsa_keyPair = RSA_generate_key(2048,RSA_F4,NULL,NULL);
}
void
Client::SetPublicKey()
{
EVP_PKEY_assign_RSA(m_puk,m_rsa_keyPair);
}
X509_REQ*
Client::MakeSignedCertReq(int bits, int serial, int days)
{
X509_REQ_set_pubkey(m_myCertReq,m_puk);
m_name=X509_REQ_get_subject_name(m_myCertReq);
//X509_NAME_add_entry_by_txt(name,C,MBSTRING_ASC, UK, -1, -1, 0);
//X509_NAME_add_entry_by_txt(name,CN,MBSTRING_ASC, OpenSSL Group, -1, -1, 0);
X509_REQ_sign(m_myCertReq,m_puk,EVP_md5());
return m_myCertReq;
}
void
Client::SetCert(X509 *cert)
{
FILE *out = NULL;
m_myCert = cert;
PEM_write_X509 (out , m_myCert);
}
/*
* client.h
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
#ifndef CLIENT_H_
#define CLIENT_H_
#include stdlib.h
#include stdio.h
#include openssl/rsa.h
#include openssl/conf.h
#include openssl/x509.h
#include openssl/pem.h
#include server.h
class Client
{
public:
Client();
~Client();
void GenerateRSAKeyPair ();
void SetPublicKey ();
X509_REQ *MakeSignedCertReq(int bits, int serial, int days);
void SetCert (X509 *cert);
private:
X509_REQ *m_myCertReq;
X509 *m_myCert;
X509_NAME *m_name;
RSA*m_rsa_keyPair;
EVP_PKEY *m_puk;
};
#endif /* CLIENT_H_ */
#include server.h
Server::Server()
{
m_myCert = X509_new();
m_caKeyPairs = RSA_new();
m_pukey = EVP_PKEY_new();
GenerateMyKeyPairs();
CreateMyCertificate();
//SetPublicKey();
}
Server::~Server()
{
X509_free(m_myCert);
RSA_free(m_caKeyPairs);
}
X509*
Server::CreateCertificate(X509_REQ* req)
{
couthello i began;
X509 *m_req_reply;
m_req_reply = X509_new();
X509_NAME *subject = NULL;
EVP_PKEY *pkey = NULL;
X509_NAME *issuerSubject = X509_get_subject_name(m_myCert);
X509_set_issuer_name(m_req_reply, issuerSubject);
//xn_req = X509_REQ_get_subject_name(req);
X509_set_subject_name(m_req_reply, subject);
pkey = X509_REQ_get_pubkey(req);
//rv = X509_set_pubkey(reqreply, pkey);
X509_gmtime_adj(X509_get_notBefore(m_req_reply), 0);
X509_gmtime_adj(X509_get_notAfter(m_req_reply), 36400);
X509_sign(m_req_reply, pkey, EVP_md5());
return m_req_reply;
}
void
Server::CreateMyCertificate()
{
EVP_PKEY_assign_RSA(m_pukey, m_caKeyPairs);
ASN1_INTEGER_set(X509_get_serialNumber(m_myCert), 1);
X509 problem
dear all
i have problem in my code it is a client send a certificate request to
server which reply by the X509 certificate my problem is i have put in the
client side a function called
void
Client::SetCert(X509_REQ *req)
that set the certificate for the client also write it in a pem file so i
can make sure it has been created
i run the project but nothing created and no syntax error
i attached the code please i need help thx
i don't know what to do
Warmest regards and best wishes for a good health,*urs sincerely *
*mero*
//
// Name: certificate.cpp
// Author : Amir
// Version :
// Copyright : Your copyright notice
// Description : Hello World in C++, Ansi-style
//
#include iostream
#include server.h
#include client.h
using namespace std;
int main()
{
Client clientest;
Server servertest;
clientest.SetCert(clientest.MakeSignedCertReq(1,2,90));
return 0;
}
/*
* client.cc
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
#include client.h
Client :: Client()
{
m_myCertReq = X509_REQ_new();
m_myCert = X509_new();
m_name = X509_NAME_new();
m_rsa_keyPair = RSA_new();
m_puk = EVP_PKEY_new();
GenerateRSAKeyPair();
SetPublicKey();
}
Client :: ~Client()
{
X509_REQ_free(m_myCertReq);
X509_free(m_myCert);
X509_NAME_free(m_name);
RSA_free(m_rsa_keyPair);
EVP_PKEY_free(m_puk);
}
void
Client :: GenerateRSAKeyPair ( )
{
m_rsa_keyPair = RSA_generate_key(2048,RSA_F4,NULL,NULL);
}
void
Client::SetPublicKey()
{
EVP_PKEY_assign_RSA(m_puk,m_rsa_keyPair);
}
X509_REQ*
Client::MakeSignedCertReq(int bits, int serial, int days)
{
X509_REQ_set_pubkey(m_myCertReq,m_puk);
m_name=X509_REQ_get_subject_name(m_myCertReq);
//X509_NAME_add_entry_by_txt(name,C,MBSTRING_ASC, UK, -1, -1, 0);
//X509_NAME_add_entry_by_txt(name,CN,MBSTRING_ASC, OpenSSL Group, -1, -1, 0);
X509_REQ_sign(m_myCertReq,m_puk,EVP_md5());
return m_myCertReq;
}
void
Client::SetCert(X509_REQ *req)
{
FILE *mycert;
m_myCert = m_ca-CreateCertificate(m_myCertReq);
PEM_write_X509(mycert, m_myCert);
}
/*
* client.h
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
#ifndef CLIENT_H_
#define CLIENT_H_
#include stdlib.h
#include stdio.h
#include openssl/rsa.h
#include openssl/conf.h
#include openssl/x509.h
#include server.h
class Client
{
public:
Client();
~Client();
void GenerateRSAKeyPair ();
void SetPublicKey ();
X509_REQ *MakeSignedCertReq(int bits, int serial, int days);
void SetCert (X509_REQ *req);
private:
X509_REQ *m_myCertReq;
X509 *m_myCert;
X509_NAME *m_name;
RSA*m_rsa_keyPair;
EVP_PKEY *m_puk;
Server *m_ca;
};
#endif /* CLIENT_H_ */
#include server.h
Server::Server()
{
m_myCert = X509_new();
m_caKeyPairs = RSA_new();
m_pukey = EVP_PKEY_new();
GenerateMyKeyPairs();
CreateMyCertificate();
//SetPublicKey();
}
Server::~Server()
{
X509_free(m_myCert);
RSA_free(m_caKeyPairs);
}
X509*
Server::CreateCertificate(X509_REQ* req)
{
X509 *m_req_reply;
m_req_reply = X509_new();
X509_NAME *subject = NULL;
EVP_PKEY *pkey = NULL;
X509_NAME *issuerSubject = X509_get_subject_name(m_myCert);
X509_set_issuer_name(m_req_reply, issuerSubject);
//xn_req = X509_REQ_get_subject_name(req);
X509_set_subject_name(m_req_reply, subject);
pkey = X509_REQ_get_pubkey(req);
//rv = X509_set_pubkey(reqreply, pkey);
X509_gmtime_adj(X509_get_notBefore(m_req_reply), 0);
X509_gmtime_adj(X509_get_notAfter(m_req_reply), 36400);
X509_sign(m_req_reply, pkey, EVP_md5());
return m_req_reply;
}
void
Server::CreateMyCertificate()
{
EVP_PKEY_assign_RSA(m_pukey, m_caKeyPairs);
ASN1_INTEGER_set(X509_get_serialNumber(m_myCert), 1);
X509_gmtime_adj(X509_get_notBefore(m_myCert), 0);
X509_gmtime_adj(X509_get_notAfter(m_myCert), 31536000L);
X509_set_pubkey(m_myCert, m_pukey);
X509_NAME * name;
name = X509_get_subject_name(m_myCert);
X509_set_issuer_name(m_myCert, name);
X509_sign(m_myCert, m_pukey, EVP_md5());
}
void
Server::GenerateMyKeyPairs()
{
m_caKeyPairs = RSA_generate_key(2048,RSA_F4 , NULL , NULL);
}
void
Server::SetPublicKey()
{
EVP_PKEY_assign_RSA(m_pukey,m_caKeyPairs);
}
/*
* server.cc
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
/*
* server.h
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
#ifndef SERVER_H_
#define SERVER_H_
#include stdlib.h
#include stdio.h
#include openssl/asn1.h
#include openssl/ssl.h
#include openssl/rsa.h
#include openssl/conf.h
#include openssl/x509.h
class Server
{
public:
Server();
~Server();
X509 *CreateCertificate (X509_REQ *req);
void CreateMyCertificate();
void GenerateMyKeyPairs ( );
void SetPublicKey ();
Re: X509 problem
no sir it is defined i have a pointer from the server as an attribute in the client side if it isn't defined it will give a syntax error and i don't have a syntax error thx for reply On Wed, Sep 24, 2014 at 2:44 PM, nicolas@free.fr wrote: it seems that function CreateCertificate is not defined in client.cc Regards - Mail original - De: Amir Reda amirale...@gmail.com À: openssl-users@openssl.org Envoyé: Mercredi 24 Septembre 2014 13:37:13 Objet: X509 problem dear all i have problem in my code it is a client send a certificate request to server which reply by the X509 certificate my problem is i have put in the client side a function called void Client::SetCert(X509_REQ *req) that set the certificate for the client also write it in a pem file so i can make sure it has been created i run the project but nothing created and no syntax error i attached the code please i need help thx i don't know what to do Warmest regards and best wishes for a good health , urs sincerely mero __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
Re: compilation error
/amirale32/workspace/certificate/Debug/../src/server.cc:48: undefined reference to `X509_get_subject_name' /home/amirale32/workspace/certificate/Debug/../src/server.cc:49: undefined reference to `X509_set_issuer_name' /home/amirale32/workspace/certificate/Debug/../src/server.cc:50: undefined reference to `EVP_md5' /home/amirale32/workspace/certificate/Debug/../src/server.cc:50: undefined reference to `X509_sign' ./src/server.o: In function `Server::GenerateMyKeyPairs()': /home/amirale32/workspace/certificate/Debug/../src/server.cc:56: undefined reference to `RSA_generate_key' ./src/server.o: In function `Server::SetPublicKey()': /home/amirale32/workspace/certificate/Debug/../src/server.cc:62: undefined reference to `EVP_PKEY_assign' collect2: error: ld returned 1 exit status make: *** [certificate] Error 1 Note i have followed the steps for that links http://amgadmadkour.blogspot.com/2011/09/compiling-open-ssl-programs-in-eclipse.html http://askubuntu.com/questions/211038/cant-find-openssl http://stackoverflow.com/questions/7860657/undefined-reference-to-eclipse-c but i failed please hellpp On Thu, Sep 18, 2014 at 11:46 PM, Scott Neugroschl scot...@xypro.com wrote: It’s -lssl, not -lopenssl. *From:* owner-openssl-us...@openssl.org [mailto: owner-openssl-us...@openssl.org] *On Behalf Of *Amir Reda *Sent:* Thursday, September 18, 2014 1:33 PM *To:* openssl-users@openssl.org *Subject:* compilation error /usr/bin/ld: cannot find -lopenssl this is the error when i have tried to compile the code i attached below i install the openssl lib in ubuntu 12.10 i use eclipse and add at the linker setting openssl usr/include/openssl i don't know how to solve this problem please help -- Warmest regards and best wishes for a good health,*urs sincerely * *mero* -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
Re: compilation error
thx allot for reply i have looked at the directory usr/lib i found the folder ssl but i couldn't find the folder of crypto so what can i do On Fri, Sep 19, 2014 at 7:46 PM, Jeffrey Walton noloa...@gmail.com wrote: On Fri, Sep 19, 2014 at 3:33 AM, Amir Reda amirale...@gmail.com wrote: thx allot for quick reply i have modified the library name to ssl but i have the same problem with the linker error is Building file: ../src/certificate.cpp Invoking: Cross G++ Compiler g++ -O0 -g3 -Wall -c -fmessage-length=0 -MMD -MP -MFsrc/certificate.d -MTsrc/certificate.d -o src/certificate.o ../src/certificate.cpp Finished building: ../src/certificate.cpp Building file: ../src/client.cc Invoking: Cross G++ Compiler g++ -O0 -g3 -Wall -c -fmessage-length=0 -MMD -MP -MFsrc/client.d -MTsrc/client.d -o src/client.o ../src/client.cc Finished building: ../src/client.cc Building target: certificate Invoking: Cross G++ Linker g++ -L/usr/include/openssl -o certificate ./src/certificate.o ./src/client.o ./src/server.o -lssl ./src/client.o: In function `Client::Client()': /home/amirale32/workspace/certificate/Debug/../src/client.cc:12: undefined reference to `X509_REQ_new' ... I believe that should be: g++ -L/usr/lib '-L' is for library paths, not include paths. Additionally, you need to include both libraries in your linker invocation. So it should be: g++ *.o -o myprogr.exe -L/usr/lib -lssl -lcrypto 'ld' is a single pass linker, so the order of '-lss -lcrypto' matters. See the ld(1) man page for details. http://linux.die.net/man/1/ld. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
compilation error
/usr/bin/ld: cannot find -lopenssl
this is the error when i have tried to compile the code i attached below i
install the openssl lib in ubuntu 12.10 i use eclipse and add at the linker
setting openssl usr/include/openssl
i don't know how to solve this problem please help
--
Warmest regards and best wishes for a good health,*urs sincerely *
*mero*
//
// Name: certificate.cpp
// Author : Amir
// Version :
// Copyright : Your copyright notice
// Description : Hello World in C++, Ansi-style
//
#include iostream
#include server.h
#include client.h
using namespace std;
int main()
{
Client clientest;
Server servertest;
clientest.SetCert(clientest.MakeSignedCertReq(1,2,90));
return 0;
}
/*
* client.cc
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
#include client.h
Client :: Client()
{
m_myCertReq = X509_REQ_new();
m_myCert = X509_new();
m_name = X509_NAME_new();
m_rsa_keyPair = RSA_new();
m_puk = EVP_PKEY_new();
GenerateRSAKeyPair();
SetPublicKey();
}
Client :: ~Client()
{
X509_REQ_free(m_myCertReq);
X509_free(m_myCert);
X509_NAME_free(m_name);
RSA_free(m_rsa_keyPair);
EVP_PKEY_free(m_puk);
}
void
Client :: GenerateRSAKeyPair ( )
{
m_rsa_keyPair = RSA_generate_key(2048,RSA_F4,NULL,NULL);
}
void
Client::SetPublicKey()
{
EVP_PKEY_assign_RSA(m_puk,m_rsa_keyPair);
}
X509_REQ*
Client::MakeSignedCertReq(int bits, int serial, int days)
{
X509_REQ_set_pubkey(m_myCertReq,m_puk);
m_name=X509_REQ_get_subject_name(m_myCertReq);
//X509_NAME_add_entry_by_txt(name,C,MBSTRING_ASC, UK, -1, -1, 0);
//X509_NAME_add_entry_by_txt(name,CN,MBSTRING_ASC, OpenSSL Group, -1, -1, 0);
X509_REQ_sign(m_myCertReq,m_puk,EVP_md5());
return m_myCertReq;
}
void
Client::SetCert(X509_REQ *req)
{
m_myCert = m_ca-CreateCertificate(m_myCertReq);
}
/*
* client.h
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
#ifndef CLIENT_H_
#define CLIENT_H_
#include stdlib.h
#include stdio.h
#include openssl/rsa.h
#include openssl/conf.h
#include openssl/x509.h
#include server.h
class Client
{
public:
Client();
~Client();
void GenerateRSAKeyPair ();
void SetPublicKey ();
X509_REQ *MakeSignedCertReq(int bits, int serial, int days);
void SetCert (X509_REQ *req);
private:
X509_REQ *m_myCertReq;
X509 *m_myCert;
X509_NAME *m_name;
RSA*m_rsa_keyPair;
EVP_PKEY *m_puk;
Server *m_ca;
};
#endif /* CLIENT_H_ */
#include server.h
Server::Server()
{
m_myCert = X509_new();
m_caKeyPairs = RSA_new();
m_pukey = EVP_PKEY_new();
GenerateMyKeyPairs();
CreateMyCertificate();
SetPublicKey();
}
Server::~Server()
{
X509_free(m_myCert);
RSA_free(m_caKeyPairs);
EVP_PKEY_free(m_pukey);
}
X509*
Server::CreateCertificate(X509_REQ* req)
{
X509 *m_req_reply;
m_req_reply = X509_new();
X509_NAME *subject = NULL;
EVP_PKEY *pkey = NULL;
X509_NAME *issuerSubject = X509_get_subject_name(m_myCert);
X509_set_issuer_name(m_req_reply, issuerSubject);
//xn_req = X509_REQ_get_subject_name(req);
X509_set_subject_name(m_req_reply, subject);
pkey = X509_REQ_get_pubkey(req);
//rv = X509_set_pubkey(reqreply, pkey);
X509_gmtime_adj(X509_get_notBefore(m_req_reply), 0);
X509_gmtime_adj(X509_get_notAfter(m_req_reply), 36400);
X509_sign(m_req_reply, pkey, EVP_md5());
return m_req_reply;
}
void
Server::CreateMyCertificate()
{
EVP_PKEY_assign_RSA(m_pukey, m_caKeyPairs);
ASN1_INTEGER_set(X509_get_serialNumber(m_myCert), 1);
X509_gmtime_adj(X509_get_notBefore(m_myCert), 0);
X509_gmtime_adj(X509_get_notAfter(m_myCert), 31536000L);
X509_set_pubkey(m_myCert, m_pukey);
X509_NAME * name;
name = X509_get_subject_name(m_myCert);
X509_set_issuer_name(m_myCert, name);
X509_sign(m_myCert, m_pukey, EVP_md5());
}
void
Server::GenerateMyKeyPairs()
{
m_caKeyPairs = RSA_generate_key(2048,RSA_F4 , NULL , NULL);
}
void
Server::SetPublicKey()
{
EVP_PKEY_assign_RSA(m_pukey,m_caKeyPairs);
}
/*
* server.cc
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
/*
* server.h
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
#ifndef SERVER_H_
#define SERVER_H_
#include stdlib.h
#include stdio.h
#include openssl/asn1.h
#include openssl/ssl.h
#include openssl/rsa.h
#include openssl/conf.h
#include openssl/x509.h
class Server
{
public:
Server();
~Server();
X509 *CreateCertificate (X509_REQ *req);
void CreateMyCertificate();
void GenerateMyKeyPairs ( );
void SetPublicKey ();
private:
X509 *m_myCert;
RSA*m_caKeyPairs;
EVP_PKEY *m_pukey;
};
#endif /* SERVER_H_ */
certificate error
dear all
i have made a client server code the client sends a X509 request and the
server reply the X509 certificate but i have 2 questions
1- did i fill all the attributes of the X509 certificate in this code or not
2- when i compile this code using eclipse i got allot of errors but all are
the same
/home/amirale32/workspace/certificate/Debug/../src/client.cc:34: undefined
reference to `RSA_generate_key'
./src/client.o: In function `Client::SetPublicKey()':
i have attached the code
thx allot for help
--
Warmest regards and best wishes for a good health,*urs sincerely *
*mero*
//
// Name: certificate.cpp
// Author : Amir
// Version :
// Copyright : Your copyright notice
// Description : Hello World in C++, Ansi-style
//
#include iostream
#include server.h
#include client.h
using namespace std;
int main()
{
Client clientest;
Server servertest;
clientest.SetCert(clientest.MakeSignedCertReq(1,2,90));
return 0;
}
/*
* client.cc
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
#include client.h
Client :: Client()
{
m_myCertReq = X509_REQ_new();
m_myCert = X509_new();
m_name = X509_NAME_new();
m_rsa_keyPair = RSA_new();
m_puk = EVP_PKEY_new();
GenerateRSAKeyPair();
SetPublicKey();
}
Client :: ~Client()
{
X509_REQ_free(m_myCertReq);
X509_free(m_myCert);
X509_NAME_free(m_name);
RSA_free(m_rsa_keyPair);
EVP_PKEY_free(m_puk);
}
void
Client :: GenerateRSAKeyPair ( )
{
m_rsa_keyPair = RSA_generate_key(2048,RSA_F4,NULL,NULL);
}
void
Client::SetPublicKey()
{
EVP_PKEY_assign_RSA(m_puk,m_rsa_keyPair);
}
X509_REQ*
Client::MakeSignedCertReq(int bits, int serial, int days)
{
X509_REQ_set_pubkey(m_myCertReq,m_puk);
m_name=X509_REQ_get_subject_name(m_myCertReq);
//X509_NAME_add_entry_by_txt(name,C,MBSTRING_ASC, UK, -1, -1, 0);
//X509_NAME_add_entry_by_txt(name,CN,MBSTRING_ASC, OpenSSL Group, -1, -1, 0);
X509_REQ_sign(m_myCertReq,m_puk,EVP_md5());
return m_myCertReq;
}
void
Client::SetCert(X509_REQ *req)
{
m_myCert = m_ca-CreateCertificate(m_myCertReq);
}
/*
* client.h
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
#ifndef CLIENT_H_
#define CLIENT_H_
#include openssl/rsa.h
#include openssl/conf.h
#include openssl/x509.h
#include server.h
class Client
{
public:
Client();
~Client();
void GenerateRSAKeyPair ();
void SetPublicKey ();
X509_REQ *MakeSignedCertReq(int bits, int serial, int days);
void SetCert (X509_REQ *req);
private:
X509_REQ *m_myCertReq;
X509 *m_myCert;
X509_NAME *m_name;
RSA*m_rsa_keyPair;
EVP_PKEY *m_puk;
Server *m_ca;
};
#endif /* CLIENT_H_ */
#include server.h
Server::Server()
{
m_myCert = X509_new();
m_caKeyPairs = RSA_new();
m_pukey = EVP_PKEY_new();
GenerateMyKeyPairs();
CreateMyCertificate();
SetPublicKey();
}
Server::~Server()
{
X509_free(m_myCert);
RSA_free(m_caKeyPairs);
EVP_PKEY_free(m_pukey);
}
X509*
Server::CreateCertificate(X509_REQ* req)
{
X509 *m_req_reply;
m_req_reply = X509_new();
X509_NAME *subject = NULL;
EVP_PKEY *pkey = NULL;
X509_NAME *issuerSubject = X509_get_subject_name(m_myCert);
X509_set_issuer_name(m_req_reply, issuerSubject);
//xn_req = X509_REQ_get_subject_name(req);
X509_set_subject_name(m_req_reply, subject);
pkey = X509_REQ_get_pubkey(req);
//rv = X509_set_pubkey(reqreply, pkey);
X509_gmtime_adj(X509_get_notBefore(m_req_reply), 0);
X509_gmtime_adj(X509_get_notAfter(m_req_reply), 36400);
X509_sign(m_req_reply, pkey, EVP_md5());
return m_req_reply;
}
void
Server::CreateMyCertificate()
{
EVP_PKEY_assign_RSA(m_pukey, m_caKeyPairs);
ASN1_INTEGER_set(X509_get_serialNumber(m_myCert), 1);
X509_gmtime_adj(X509_get_notBefore(m_myCert), 0);
X509_gmtime_adj(X509_get_notAfter(m_myCert), 31536000L);
X509_set_pubkey(m_myCert, m_pukey);
X509_NAME * name;
name = X509_get_subject_name(m_myCert);
X509_set_issuer_name(m_myCert, name);
X509_sign(m_myCert, m_pukey, EVP_md5());
}
void
Server::GenerateMyKeyPairs()
{
m_caKeyPairs = RSA_generate_key(2048,RSA_F4 , NULL , NULL);
}
void
Server::SetPublicKey()
{
EVP_PKEY_assign_RSA(m_pukey,m_caKeyPairs);
}
/*
* server.cc
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
/*
* server.h
*
* Created on: Sep 17, 2014
* Author: amirale32
*/
#ifndef SERVER_H_
#define SERVER_H_
#include openssl/asn1.h
#include openssl/ssl.h
#include openssl/rsa.h
#include openssl/conf.h
#include openssl/x509.h
class Server
{
public:
Server();
~Server();
X509 *CreateCertificate (X509_REQ *req);
void CreateMyCertificate();
void GenerateMyKeyPairs ( );
void SetPublicKey ();
private:
X509 *m_myCert;
RSA
certificate
dear all
i have just made a code to make a certificate request from a node and my
certificate authority reply with the certificate
the node has attributes as below
X509_REQ *x;
EVP_PKEY *prk;
EVP_PKEY *puk;
X509m_myCert;
//RSA structure contain both private and public key
RSA*rsa_keyPair;
X509_NAME *name;
the function which made the certificate request is
X509_REQ*
AeroRoutingProtocol :: MakeSignedCertReq (int bits, int serial, int days)
{
X509_REQ_set_pubkey(x,puk);
name=X509_REQ_get_subject_name(x);
// it gives errors i don't knoe why
//X509_NAME_add_entry_by_txt(name,C,MBSTRING_ASC, UK, -1, -1, 0);
//X509_NAME_add_entry_by_txt(name,CN,MBSTRING_ASC, OpenSSL Group,
-1, -1, 0);
X509_REQ_sign(x,puk,EVP_md5());
return x;
}
the certificate authority receive this request and reply by the certificate
the function that make certificate as below
X509*
CertificateAuthority :: CreateCertificate (X509 *issuer, X509_REQ *req,
RSA *key )
{
X509 *cert = NULL;
int rv;
X509_NAME *xn_req = NULL, *subject = NULL;
EVP_PKEY *pkey = NULL;
//create the certificate
X509 * x509;
x509 = X509_new();
X509_NAME *issuerSubject = X509_get_subject_name(issuer);
X509_set_issuer_name(cert, issuerSubject);
xn_req = X509_REQ_get_subject_name(req);
X509_set_subject_name(cert, subject);
pkey = X509_REQ_get_pubkey(req);
rv = X509_set_pubkey(cert, pkey);
X509_gmtime_adj(X509_get_notBefore(cert), 0);
X509_gmtime_adj(X509_get_notAfter(cert), 36400);
signCertificateWithKey(cert, key);
return cert;
}
when i compile i got this error
../src/aerorp/model/certificate-authority.cc: In member function ‘X509*
ns3::AeroRP::CertificateAuthority::CreateCertificate(X509*, X509_REQ*,
RSA*)’:
../src/aerorp/model/certificate-authority.cc:58:37: error:
‘signCertificateWithKey’ was not declared in this scope
thanks allot for help
--
Warmest regards and best wishes for a good health,*urs sincerely *
*mero*
generate key errors
dear all
i'm trying to generate rsa keypair to be used in a class that has an
attribute
RSA*rsa_keyPair;
and i use function
RSA
AeroRoutingProtocol :: GenerateRSAKeyPair ( )
{
rsa_keyPair = RSA_generate_key(2084,RSA_F4,NULL,NULL);
return rsa_keyPair;
}
when i try to compile this code i got this error
In member function ‘RSA
ns3::AeroRP::AeroRoutingProtocol::GenerateRSAKeyPair()’:
../src/aerorp/model/aerorp-routing-protocol.cc:1322:13: error: could not
convert
‘((ns3::AeroRP::AeroRoutingProtocol*)this)-ns3::AeroRP::AeroRoutingProtocol::rsa_keyPair’
from ‘RSA* {aka rsa_st*}’ to ‘RSA {aka rsa_st}’
../src/aerorp/model/aerorp-routing-protocol.cc:1323:3: error: control
reaches end of non-void function [-Werror=return-type]
cc1plus: all warnings being treated as errors
i need help please
--
Warmest regards and best wishes for a good health,*urs sincerely *
*mero*
create certificate
dear all
i'm trying to make my certificate authority which will create certificate
when receive certificate signing request i write this code
1- i create the CSR and sign it which created in the node itself
2- i send the CSR to CA to create a certificate for the node which send
previous CSR
code for CSR
* X509_REQ
* AeroRoutingProtocol :: MakeSignedCertReq (int bits, int serial, int days)
* {
* X509_REQ_set_pubkey(x,puk);
* name=X509_REQ_get_subject_name(x);
* X509_NAME_add_entry_by_txt(name,C,MBSTRING_ASC, UK, -1, -1, 0);
* X509_NAME_add_entry_by_txt(name,CN,MBSTRING_ASC, OpenSSL Group,
-1, -1, 0);
* X509_REQ_sign(x,puk,EVP_md5());
* return x;
* }
X509 CreateCertificate (X509 *issuer, X509_REQ *req, RSA *key);
X509
CertificateAuthority::CreateCertificate (X509 *issuer, X509_REQ *req, RSA
*key )
{
X509 *cert = NULL;
int rv;
X509_NAME *xn_req = NULL, *subject = NULL;
EVP_PKEY *pkey = NULL;
//create the certificate
X509 * x509;
x509 = X509_new();
X509_NAME *issuerSubject = X509_get_subject_name(issuer);
X509_set_issuer_name(cert, issuerSubject);
xn_req = X509_REQ_get_subject_name(req);
X509_set_subject_name(cert, subject);
pkey = X509_REQ_get_pubkey(req);
rv = X509_set_pubkey(cert, pkey);
X509_gmtime_adj(X509_get_notBefore(cert), 0);
X509_gmtime_adj(X509_get_notAfter(cert), 36400);
signCertificateWithKey(cert, key);
return cert;
}
is that correct or i miss something
--
Warmest regards and best wishes for a good health,*urs sincerely *
*mero*
certificate issue
Dear all i need help if i have a certificate in X509 structure how can i convert it into unsigned int format this is too important for me thanks for your help -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
Certificate
Dear all I need your help for those points 1- i want create 102 certificate from a certificate authority that i made ((101 node and 1 CA) 2- change the certificate that i have created into unsigned int in order to fit the simulator that i work with as a header type i use NS3 simulator please i need help -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
Re: Certificate
thanks allot sir for reply. i have attached my code for certificate authority i'm working with network simulator NS3 to simulate an AdHoc network what i want do is a certificate authority that provide me with 1- create a certificate for all the nodes in the network should be 101 node and a certificate for the certificate authority itself 2- change the certificate into unsigned int in order to fit the simulator packet structure 3- certificate authority should provide each node with the private key which will be stored to be used later i need help to construct this please and thanks allot for helping me On Tue, Aug 26, 2014 at 2:26 PM, Mauricio Tavares raubvo...@gmail.com wrote: On Aug 26, 2014 2:45 AM, Amir Reda amirale...@gmail.com wrote: Dear all I need your help for those points 1- i want create 102 certificate from a certificate authority that i made ((101 node and 1 CA) 2- change the certificate that i have created into unsigned int in order to fit the simulator that i work with as a header type i use NS3 simulator please i need help What is the problem exactly? Post the cert creation script you wrote and the errors you are getting. -- Warmest regards and best wishes for a good health,urs sincerely mero -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
Re: Certificate
thanks allot sir for reply. i have attached my code for certificate
authority i'm working with network simulator NS3 to simulate an AdHoc
network
what i want do is a certificate authority that provide me with
1- create a certificate for all the nodes in the network should be 101
node and a certificate for the certificate authority itself
2- change the certificate into unsigned int in order to fit the simulator
packet structure
3- certificate authority should provide each node with the private key
which will be stored to be used later
i need help to construct this please and thanks allot for helping me
On Tue, Aug 26, 2014 at 2:26 PM, Mauricio Tavares raubvo...@gmail.com
wrote:
On Aug 26, 2014 2:45 AM, Amir Reda amirale...@gmail.com wrote:
Dear all
I need your help for those points
1- i want create 102 certificate from a certificate authority that i
made ((101 node and 1 CA)
2- change the certificate that i have created into unsigned int in order
to fit the simulator that i work with as a header type i use NS3 simulator
please i need help
What is the problem exactly? Post the cert creation script you wrote
and the errors you are getting.
--
Warmest regards and best wishes for a good health,urs sincerely
mero
--
Warmest regards and best wishes for a good health,*urs sincerely *
*mero*
/* -*- Mode: C++; c-file-style: gnu; indent-tabs-mode:nill; -*- */
/*
* Copyright (c) 2012 Amir Reda
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation;
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*Based on AeroRP
*Authors: Dr/ Sherif Khatab s.khat...@fci-cu.edu.eg
* Eng/ Amir mohamed Reda amirale...@gmail.com
*/
#ifndef AeroRPCA_H
#define AeroRPCA_H
#include iostream
#include ns3/header.h
#include ns3/ipv4-address.h
#include ns3/nstime.h
#include ns3/enum.h
#include ns3/simulator.h
#include map
namespace ns3 {
namespace AeroRP {
class CertificateAuthority
{
public:
X509 CreateCertificate (uint32_t sn , X509_NAME name , RSA pubKey );
void SetMyPrivateKey ();
RSA GetMyPrivateKey ();
void SetMyPublicKey (RSA caPrivateKey);
RSA GetMyPublicKey ();
RSA GeneratePrivateKey (int bits, unsigned long exp, void (*cb)(int, int, void), void *cb_arg );
private:
//std::mapIpv4Address,std::pair IssuerTableEntry , Time m_issuerTable;
//std::mapIpv4Address,std::pair Certificate , Time m_certificate;
RSA m_caPublicKey;
RSA m_caPrivatekey;
};
}
}
/* -*- Mode: C++; c-file-style: gnu; indent-tabs-mode:nill; -*- */
/*
* Copyright (c) 2012 Amir Reda
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation;
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*Based on AeroRP
*Authors: Dr/ Sherif Khatab s.khat...@fci-cu.edu.eg
* Eng/ Amir mohamed Reda amirale...@gmail.com
*/
namespace ns3 {
namespace AeroRP {
X509
CertificateAuthority::CreateCertificate (uint32_t sn , X509_NAME name , RSA pubKey )
{
//create the certificate
X509 * x509;
x509 = X509_new();
//add some x509 properties to the certificate
ASN1_INTEGER_set(X509_get_serialNumber(x509), sn);
//adds the specified number of seconds to the current time
X509_gmtime_adj(X509_get_notBefore(x509), 0);
//ets the certificate's notAfter property to 365 days from now
X509_gmtime_adj(X509_get_notAfter(x509), 31536000L);
//set the key
X509_set_pubkey(x509, pubKey);
//set name
X509_set_issuer_name(x509, name);
X509_sign(x509, m_caPrivatekey, EVP_sha1());
}
void
CertificateAuthority :: SetMyPrivateKey (int bits, unsigned long exp, void (*cb)(int, int, void), void *cb_arg )
{
// all the variables isn't changed i need to make them variables
//create private key
//EVP_PKEY * pkey;
//pkey = EVP_PKEY_new();
//generate rsa key
m_caPrivatekey = GeneratePrivateKey(
bits//2048,/* number of bits for the key - 2048
