Re: RSA signed ECDSA certificate still uses ECDSA for authentication
>> and then the same ECDSA key verified by the CA to sign a hash over the >> transcript of the handshake itself Which part of the TLS handshake you are talking about? Are you talking about the three messages from the client to server messages that are - ClientKeyExchange, ChangeCipherSpec, ClientFinished? In my understanding, ClientKeyExchange, ChangeCipherSpec are not encrypted and the last one ClientFinished is encrypted but using the keys derived from ECDHE key exchange algorithm. Is that not right? On Fri, Aug 26, 2022 at 11:02 AM Nicola Tuveri wrote: > > I'll give it a try. > > The Certification Authority (CA) that released the certificate has an RSA > key. That was used to generate the signature in the cert, that tells users > that the CA verified the Certificate Subject identity and that they hold the > secret key associated with the Subject's Public Key. > > The Certificate Subject (facebook.com) has an ECDSA key, and proved to the CA > that they own the secret key matching the Subject's Public Key indicated in > the certificate. > > During the TLS handshake, facebook.com uses ECDHE for key exchange, and then > the same ECDSA key verified by the CA to sign a hash over the transcript of > the handshake itself, this (plus an extra bit of symmetric authentication not > directly relevant for this discussion) proves to the client that the server > they are talking with holds the ECDSA secret key associated with the > Subject's Public Key of the Certificate: if they trust the CA (or the chain > of trust up to the CA that signed the Certificate) they transitively know > that the server is indeed facebook.com (or someone that gained control of > their secret ECDSA key). > > Therefore ECDHE provides key exchange and ECDSA authentication for the > handshake, while RSA guarantees the authenticity of the Certificate. > > > Best regards, > > Nicola Tuveri > > On Fri, Aug 26, 2022, 20:49 radiatejava wrote: >> >> I am a bit confused when an RSA signed ECDSA certificate is being used in >> TLS. >> For example, if you run the test for facebook.com, you will see that >> the certificate has ECDSA key but signed with Signature Algorithm: >> sha256WithRSAEncryption. >> >> $ openssl s_client -connect www.facebook.com:443 >> >> The ciphersuite used here is ECDHE-ECDSA-AES128-GCM-SHA256. So it >> means it used ECDSA key for server authentication. >> >> But I do not understand how did it use ECDSA key for authentication as >> the cert is RSA signed and key exchange is ECDHE, meaning ECDSA key of >> the certificate is not used for encryption keys. Can someone explain >> this to me?
RSA signed ECDSA certificate still uses ECDSA for authentication
I am a bit confused when an RSA signed ECDSA certificate is being used in TLS. For example, if you run the test for facebook.com, you will see that the certificate has ECDSA key but signed with Signature Algorithm: sha256WithRSAEncryption. $ openssl s_client -connect www.facebook.com:443 The ciphersuite used here is ECDHE-ECDSA-AES128-GCM-SHA256. So it means it used ECDSA key for server authentication. But I do not understand how did it use ECDSA key for authentication as the cert is RSA signed and key exchange is ECDHE, meaning ECDSA key of the certificate is not used for encryption keys. Can someone explain this to me?
Re: Unable to load self-signed certificate
Actually the error is: 533:error:02001002:system library:fopen:No such file or directory:bss_file.c:175:fopen('/opt/ssl-v1.02u/ssl/cert.pem','r') 533:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:182: 533:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:254: 533:error:0B065068:x509 certificate routines:BY_FILE_CTRL:loading defaults:by_file.c:112: as we are having 2 different versions of ssl on the system. Is there anything we need to do if we have 2 different versions? I am building my app pointing libs and includes to /opt/ssl-v1.02u Thanks On Wed, Jul 27, 2022 at 8:14 AM radiatejava wrote: > > Hello experts > I used to load a self-signed cert using a program like below: > > X509_STORE_set_verify_cb_func(lCertCtx, UserCert_cb_check_cert); > lLookup = X509_STORE_add_lookup(lCertCtx, X509_LOOKUP_file()); > error = X509_LOOKUP_load_file(lLookup, NULL, X509_FILETYPE_DEFAULT); > > It was all working great till I was on openssl 1.0.2k. > We have shifted to openssl 1.0.2u and now the call > X509_LOOKUP_load_file(..) for self-siged cert is not working. Somehow > it seems to be looking for a default CA certificate. This is the error > I get: > > 533:error:02001002:system library:fopen:No such file or > directory:bss_file.c:175:fopen('/usr/lib/ssl/cert.pem','r') > 533:error:2006D080:BIO routines:BIO_new_file:no such > file:bss_file.c:182: 533:error:0B084002:x509 certificate > routines:X509_load_cert_crl_file:system lib:by_file.c:254: > 533:error:0B065068:x509 certificate routines:BY_FILE_CTRL:loading > defaults:by_file.c:112: > > I do not have any /usr/lib/ssl/cert.pem file on my system. I am on ubuntu > 20.04. > > Appreciate your help! > -Satish
Unable to load self-signed certificate
Hello experts I used to load a self-signed cert using a program like below: X509_STORE_set_verify_cb_func(lCertCtx, UserCert_cb_check_cert); lLookup = X509_STORE_add_lookup(lCertCtx, X509_LOOKUP_file()); error = X509_LOOKUP_load_file(lLookup, NULL, X509_FILETYPE_DEFAULT); It was all working great till I was on openssl 1.0.2k. We have shifted to openssl 1.0.2u and now the call X509_LOOKUP_load_file(..) for self-siged cert is not working. Somehow it seems to be looking for a default CA certificate. This is the error I get: 533:error:02001002:system library:fopen:No such file or directory:bss_file.c:175:fopen('/usr/lib/ssl/cert.pem','r') 533:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:182: 533:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:254: 533:error:0B065068:x509 certificate routines:BY_FILE_CTRL:loading defaults:by_file.c:112: I do not have any /usr/lib/ssl/cert.pem file on my system. I am on ubuntu 20.04. Appreciate your help! -Satish
[openssl-users] openssl get certificate from SSL_CTX
I want to get the client certificate and the CA certificates that I set to SSL_CTX. Is there any sample code to do this ? I have not been successful so far. I set the certificate and CA certs this way. char* cacertFile = "cacert.crt"; char* certFile = "client.crt"; char* keyFile = "client.key"; if (!SSL_CTX_load_verify_locations(ctx, cacertFile, NULL)) { std::cout << "cannot load cacerts" << std::endl; } else { std::cout << "cacert loaded" << std::endl; } if (!SSL_CTX_use_certificate_file(ctx, certFile, SSL_FILETYPE_PEM)) { std::cout << "cannot load certfile" << std::endl; } else { std::cout << "certfile loaded" << std::endl; } if (!SSL_CTX_use_PrivateKey_file(ctx, keyFile, SSL_FILETYPE_PEM)) { std::cout << "cannot load private key" << std::endl; } else { std::cout << "private key loaded" << std::endl; } Later I want to see what is the client cert and CA certs. I am looking for any example code to do this. Thanks. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Openssl req command - extensions and reqexts
I have some doubts on understanding the difference between extensions and reqexts args used in the req command. I have this openssl.cnf file. Using this I want to generate a certificate for client (extended key usage=clientAuth) and one for server(extended key usage = serverAuth). However, when I run a command like this, it does not seem to be considering the [client_ext] section but only what is under req_extensions. Can someone explain ? openssl req -new -newkey rsa:1024 -keyout clientcomp.key -nodes -out clientcomp.csr -extensions client_ext -config ./openssl.cnf //cat openssl.cnf [v3_ca] basicConstraints = critical,CA:true keyUsage = digitalSignature, cRLSign, keyCertSign [ client_ext ] basicConstraints = CA:false keyUsage = critical,digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment nsCertType = client extendedKeyUsage = clientAuth nsComment = OpenSSL-generated client authentication certificate subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always, issuer:always [req] distinguished_name = req_distinguished_name req_extensions = v3_req [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) localityName= Locality Name (eg, city) 0.organizationName = Organization Name (eg, company) organizationalUnitName = Organizational Unit Name (eg, section) commonName = Common Name (eg, YOUR name) commonName_max = 64 [ v3_req ] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = critical,digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment extendedKeyUsage = serverAuth __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Certificate extensions
I have some doubts on how to use certificate extensions. I have this openssl.cnf file: //cat openssl.cnf [v3_ca] basicConstraints = critical,CA:true keyUsage = digitalSignature, cRLSign, keyCertSign [ client_ext ] basicConstraints = CA:false keyUsage = critical,digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment nsCertType = client extendedKeyUsage = clientAuth nsComment = OpenSSL-generated client authentication certificate subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always, issuer:always [req] distinguished_name = req_distinguished_name req_extensions = v3_req [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) localityName= Locality Name (eg, city) 0.organizationName = Organization Name (eg, company) organizationalUnitName = Organizational Unit Name (eg, section) commonName = Common Name (eg, YOUR name) commonName_max = 64 [ v3_req ] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = critical,digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment extendedKeyUsage = serverAuth Using this I want to generate a certificate for client (extendedkeyusage=clientAuth) and one for server(extended key usage = serverAuth). However, when I run a command like this, it does not seem to be considering the [client_ext] section but only what is under req_extensions. Can someone explain ? openssl req -new -newkey rsa:1024 -keyout clientcomp.key -nodes -out clientcomp.csr -extensions client_ext -config ./openssl.cnf __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org