PKCS12_parse
Hello, I am maintaining a piece of code that calls PKCS12_parse. It worked with an older version of openssl (0.9.8m), but it is not working with version 1.0.0 Here are some clips: X509 *cert = NULL; BIO*in = NULL; STACK_OF(X509) *ca_certs = NULL; PKCS12 *p12 = NULL; EVP_PKEY *pkey = NULL; charpass[PEM_BUFSIZE]; strcpy(pass, exportpw.c_str()); // I verified that the password is correct p12 = d2i_PKCS12_bio(in, NULL); if (!(PKCS12_parse(p12, pass, pkey, cert, ca_certs))) I created the pkcs12 file with: openssl req -new -x509 -days 365 -keyout new.pem -out new.pem openssl pkcs12 -export -in new.pem -out new.p12 -name My certificate I read in two places in the net that this code was fixed for version 1 and above. Does anyone have any information on this? Thank you, Dirce __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PKCS12_parse
I made some progress. The call to PKCS12_parse succeeded, but the pkey returned was NULL. Please see below where I indicated how I created this .p12 file. I wonder why the PKCS12_parse command can't read its private key. I keep suspecting on permissions, but they seem ok - this app is running as cgi. Any suggestions are appreciated. Dirce Hello, I am maintaining a piece of code that calls PKCS12_parse. It worked with an older version of openssl (0.9.8m), but it is not working with version 1.0.0 Here are some clips: X509 *cert = NULL; BIO*in = NULL; STACK_OF(X509) *ca_certs = NULL; PKCS12 *p12 = NULL; EVP_PKEY *pkey = NULL; charpass[PEM_BUFSIZE]; strcpy(pass, exportpw.c_str()); // I verified that the password is correct p12 = d2i_PKCS12_bio(in, NULL); if (!(PKCS12_parse(p12, pass, pkey, cert, ca_certs))) I created the pkcs12 file with: openssl req -new -x509 -days 365 -keyout new.pem -out new.pem openssl pkcs12 -export -in new.pem -out new.p12 -name My certificate I read in two places in the net that this code was fixed for version 1 and above. Does anyone have any information on this? Thank you, Dirce __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PKCS12_parse
Sorry, but this is just getting more interesting: it seems that the call fails when I type the right password (within the app, not in my sample). It is when I typed the wrong password that the call succeeded, but returned the empty key... Will keep investigating... Dirce I made some progress. The call to PKCS12_parse succeeded, but the pkey returned was NULL. Please see below where I indicated how I created this .p12 file. I wonder why the PKCS12_parse command can't read its private key. I keep suspecting on permissions, but they seem ok - this app is running as cgi. Any suggestions are appreciated. Dirce Hello, I am maintaining a piece of code that calls PKCS12_parse. It worked with an older version of openssl (0.9.8m), but it is not working with version 1.0.0 Here are some clips: X509 *cert = NULL; BIO*in = NULL; STACK_OF(X509) *ca_certs = NULL; PKCS12 *p12 = NULL; EVP_PKEY *pkey = NULL; charpass[PEM_BUFSIZE]; strcpy(pass, exportpw.c_str()); // I verified that the password is correct p12 = d2i_PKCS12_bio(in, NULL); if (!(PKCS12_parse(p12, pass, pkey, cert, ca_certs))) I created the pkcs12 file with: openssl req -new -x509 -days 365 -keyout new.pem -out new.pem openssl pkcs12 -export -in new.pem -out new.p12 -name My certificate I read in two places in the net that this code was fixed for version 1 and above. Does anyone have any information on this? Thank you, Dirce __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: support for 2048-bit keys
It is for RSA keys. Thanks, Dirce Somewhere I have read that RSA key size limit is 32k or so. Largest key I have attempted to generate was 24k, largest key successfully generated and used was 16k. Are the these RSA keys or DH parameters? In any case 2048bit (2k) sized keys are supported almost by anything. Hello, I am working on a product where we are upgrading from openssl-0.9.8.d to version 1.0.0, and we want to transition from using 1024 bit keys to 2048. I am coming up to speed with SSL in general. My question is: was key length of 2048 already supported on openssl-0.9.8.d? I did read about it in HOWTO, but I just want to make sure. Thanks, Dirce __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
support for 2048-bit keys
Hello, I am working on a product where we are upgrading from openssl-0.9.8.d to version 1.0.0, and we want to transition from using 1024 bit keys to 2048. I am coming up to speed with SSL in general. My question is: was key length of 2048 already supported on openssl-0.9.8.d? I did read about it in HOWTO, but I just want to make sure. Thanks, Dirce __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org