Problems with RSA public key

2004-12-01 Thread Darío Mariani 
Hello:
  I found that the resultin file from PEM_write_RSAPublicKey()
function is diferent to the output of openssl x509 -in cert.pem -noout
-pubkey (generated with the same key pair). Is there any way to
extract the public key from a certificate in the same format as what
PEM_write_RSAPublicKey() creates?
  Thanks,
Darío
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Signing with S/MIME

2001-02-28 Thread Darío Mariani 

Hello:
  I'm trying to sign a file with "openssl smime" but I would like that
the output to be only the signature, or as the smime man page in the
"-content filename" option says: [a] PKCS#7 structure is using the
detached signature form where the content is not included.
  How do I do it?
  Thanks,
Daro
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Digital Signature Implementation

2000-11-01 Thread Darío Mariani 

Oops, I forgot to send the attachments.


#include "firma.hh"

#include openssl/rand.h
#include openssl/rsa.h
#include openssl/evp.h
#include openssl/blowfish.h

#include iostream
#include cstdio

const int KEY_SIZE = 1024;

Bytes_sha Sha1 (string contr);
Bytes_sha Blow (Bytes_sha data, Bytes_sha key);


void Firma::Generar (string contr, Bytes_sha pub, Bytes_sha priv) {
  RSA *rsa;
  RAND_load_file ("/dev/urandom", 2048);
  unsigned char buf[KEY_SIZE * 10];
  unsigned char* iter;
  int key_len;
  rsa = RSA_generate_key (KEY_SIZE, RSA_F4, 0, 0);  // Generacion de claves
  // Extraccion de clave publica
  pub.reset (new Bytes);
  iter = buf;
  key_len  = i2d_RSAPublicKey  (rsa, iter);
  for (int i = 0; i  key_len; i++) pub-push_back (buf[i]);
  // Extraccion de clave privada y encripcion con blowfish
  iter = buf;
  key_len = i2d_RSAPrivateKey (rsa, iter);
  Bytes_sha tmp (new Bytes);
  for (int i = 0; i  key_len; i++) tmp-push_back (buf[i]);
  Bytes_sha key = Sha1 (contr);
  priv = Blow (tmp, key);
  RSA_free(rsa);
}

Bytes_sha Firma::Firmar (string texto, const Bytes_sha priv, string contr) {
  Bytes_sha retr (new Bytes (priv-size()));
  Bytes_sha key = Sha1 (contr);
  Bytes_sha priv_un = Blow (priv, key);   // Contr. priv. sin encriptar
  Bytes_sha cipher = Sha1 (texto);// Hash del texto
  unsigned char* tmp = priv_un-begin();
  RSA* rsa = d2i_RSAPrivateKey (0, tmp, priv_un-size());
  int ret_len = RSA_private_encrypt (cipher-size(), cipher-begin(), retr-begin(), 
rsa,
RSA_PKCS1_PADDING);
  retr-resize (ret_len);
  return retr;
}

bool Firma::Chequear (string texto, const Bytes_sha firma, const Bytes_sha pub) {
  Bytes_sha cipher = Sha1 (texto);// Hash del texto
  unsigned char* tmp = pub-begin();
  RSA* rsa = d2i_RSAPublicKey (0, tmp, pub-size());
  Bytes res (cipher-size());
  RSA_public_decrypt (firma-size(), firma-begin(), res.begin(), rsa, 
RSA_PKCS1_PADDING);
  if (*cipher == res) return true;
  return false;
}

void Dump (unsigned char* data, unsigned size, string id) {
  cout  id  " "  size  ":\t";
  for (unsigned i = 0; i  size /* i  40*/; i++) printf ("%02x", data[i]);
  cout  endl;
}

// ***  AUXILIARES  ***  //

Bytes_sha Sha1 (string contr) {
  EVP_MD* evp = EVP_sha1();
  EVP_MD_CTX* ctx = new EVP_MD_CTX;
  unsigned char hash[EVP_MAX_MD_SIZE];
  unsigned hash_size;
  EVP_DigestInit (ctx, evp);
  EVP_DigestUpdate (ctx, contr.c_str(), contr.size());
  EVP_DigestFinal (ctx, hash, hash_size);
  Bytes_sha retr (new Bytes);
  for (unsigned i = 0; i  hash_size; i++) retr-push_back (hash[i]);
  return retr;
}

Bytes_sha Blow (Bytes_sha data, Bytes_sha key) {
  Bytes_sha retr (new Bytes);
  BF_KEY* bf_key = new BF_KEY;
  BF_set_key (bf_key, key-size(), key-begin());
  retr-resize (data-size(), 0);
  Bytes ivec (8);  // 8 Bytes con 0
  int num = 0;
  BF_ofb64_encrypt (data-begin(), retr-begin(), data-size(), bf_key, ivec.begin(), 
num);
  return retr;
}

#if 0

// Obtenido de $ACE_ROOT/ace/SSL/SSL_Context.*

  ::CRYPTO_set_locking_callback (ACE_SSL_locking_callback);
  
ACE_SSL_locking_callback (int mode, int type, const char*, int) {
  if (mode  CRYPTO_LOCK)
ACE_OS::mutex_lock ((ACE_SSL_Context::lock_[type]));
  else
ACE_OS::mutex_unlock ((ACE_SSL_Context::lock_[type]));
}
  
#endif


#ifndef Firma_hh
#define Firma_hh

#include string
#include vector
#include boost/smart_ptr.hpp


typedef vectorunsigned charBytes;
typedef boost::shared_ptrBytes Bytes_sha;

namespace Firma {

  void  Generar  (string contr, Bytes_sha pub, Bytes_sha priv);
  Bytes_sha Firmar   (string texto, const Bytes_sha priv, string contr);
  bool  Chequear (string texto, const Bytes_sha firma, const Bytes_sha pub);

};

void Dump (unsigned char* data, unsigned size, string id);

#endif  // Firma_hh



#include "firma.hh"
#include ctime

int main (int argc, char** argv) {
  Bytes_sha pub, priv, firma;
  string contr = "El padre angulo";
  string texto = "Prueba de texto que se va a firmar.";
  Firma::Generar (contr, pub, priv);
  Dump (pub-begin(), pub-size(), "pub:  ");
  cout  endl;
  Dump (priv-begin(), priv-size(), "priv: ");
  firma = Firma::Firmar (texto, priv, contr);
  if (Firma::Chequear (texto, firma, pub)) cout  "OK"  endl;
else cout  "Falla"  endl;
  cout  endl;
  cout  endl;
}

Avoiding man in the middle attacks

2000-10-26 Thread Darío Mariani 

Hello:
  I'm still learning SSL. I still do no understand how does or if
SSL/TSL prevents from a "man in the middle" attack. If the certificates
are good, no problem. But, how does a client, or what must I do for a
client to check the validity of a certificate, even a signed one from a
trusted CA?
  My problem is this: I'm developing a client-server application (not
web based), the clients will be in computers with Win9x, and for
simplicity, the users won't know to wich server they are connecting to
(they do not need to). I could have the server certificate and the
server address in files in the client computer, but as Win9x security
does not exist, nothing prevents someone from replacing these file for
another server.
  I would apreciate any coments, thanks.

Darío
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: DSA/RSA key usage in C++ program

2000-09-12 Thread Darío Mariani 

Dimitry London wrote:
 
 Hello,
 
 I need to verify a digital signature in a C++ program using a public
 RSA/DSA key. I have browsed crypto(3) manual pages, and can't find an
 easy way for reading a public key from an external file and converting
 it into RSA (or DSA) structure. Can anyone make a recommendation?
 
 Thanks very much,
 Dimitry London.

  I'm fighting on the same problem. Check demos/eay/loadrsa.c, this is
where I started. If you reach to something please tell me.

Darío
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Extracting data from a DSA structure

2000-08-28 Thread Darío Mariani 

Hello:
  I'm new to OpenSSL, I've started playing with the functions in the
Crypto library and the DSA signature functions. My question is how do
you extract the private and public keys from a DSA structure?.
  Thanks,

Darío
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]