Re: top 10 mistakes when using libopenssl?
- Original Message - From: Kyle Hamilton aerow...@gmail.com To: openssl-...@openssl.org; openssl-users openssl-users@openssl.org Sent: Thursday, October 11, 2012 3:08 AM Subject: Re: top 10 mistakes when using libopenssl? Suggestions from my experience: -Failing to verify the certificate after calling SSL_accept() -Failing to verify minimum cipher strength for the application -Failing to understand that the NULL suites give nothing and only take extra bytes eNULL suites provides authentication, they are not useless (as long as there is no requirement for secrecy). They can be used to ensure that data in transit does not get tampered with. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: client server management of client SSL certificates
On 2012.07.29. 8:52, Sanford Staab wrote: Good questions and similar to what is on my mind. Please let me know if you get any good answers to these questions. * There is SPKAC, which generates rsa key pairs in browser (firefox, chrome, opera)(ie not supported) and sends certificate request to server. Some CA uses that (comodo free email CA). * __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: client server management of client SSL certificates
On 2012.07.29. 17:49, Ted Byers wrote: Thanks Are you talking about an object available in the browser object and accessible via JavaScript, or a JavaScript file I'd include in my web page? Can you provide an URL to a resource where I can learn more about it? It is a html form element. It is not related to javascript (I tried to use it with javascript, but did not succeed). https://en.wikipedia.org/wiki/spkac http://www.w3schools.com/html5/tag_keygen.asp Sample form, which generates SPKAC request: form action=something.php method=post Key params: keygen name=reqdata challenge=something / input type=submit //form At other end, POST variable reqdata will contain SPKAC request, private key will remain in browser. In firefox and chrome this presents dropdown choice between 1024 and 2048 bit rsa (normal and high), in opera, this presents a longer dropdown list ranging from ~1000 to 3000 or 4000 bit rsa. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [Beginner] generating DSA keypair in .der format
C:\OpenSSL-Win32\binopenssl genrsa -out privkey.pem 2048 This generates a RSA key, it has nothing to do with DSA. C:\OpenSSL-Win32\binopenssl dsaparam -out dsaparam.pem 2048 This generated DSA parameters. C:\OpenSSL-Win32\binopenssl gendsa -out privkey.pem dsaparam.pem This generates DSA key and overwrites previously generated RSA private key. C:\OpenSSL-Win32\binopenssl x509 -in dsaparam.pem -inform PEM -out dsaparam.der -outform DER This did not seem to work, plus you tried to convert DSA parameters, not key (key is in file privkey.pem) For converting between PEM and DER could use pkey (in openssl 1.x) (tested in openssl 1.0.0.d) try: openssl pkey -in privkey.pem -outform der -out privkey.der __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verification error, weird cert chain for portfolio.iguw.tuwien.ac.at
You did not specify a CA to verify against. (using -CAfile or -CApath and -verify) That server is not sending its intermediate certificate. Verifying against chain of root and intemediate succeeded for me (openssl 1.0.0d on windows xp sp3) - Original Message - From: Florian Pritz bluew...@xinu.at To: openssl-users@openssl.org Sent: Thursday, March 15, 2012 3:11 PM Subject: Verification error, weird cert chain for portfolio.iguw.tuwien.ac.at When using lynx to access https://portfolio.iguw.tuwien.ac.at I got an ssl cert validation error. Since it worked fine in firefox/chromium I tried to use openssl directly and got the following, but I fail to understand what it means although I see that the chain looks strange (0-1 i:TERENA is replaced by s:COMODO) After a bit of googling I believe it's a problem on the server side, but my knowledge of SSL/X.509 is very limited so if you have any pointers, I'd be happy to hear them. $ openssl s_client -connect portfolio.iguw.tuwien.ac.at:443 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to make ca signaturer when I use dh or rc4 etc.
What exactly are you trying to do?None of ciphersuites specified in second list, meets the requiremencts specified in first list.(Only second ciphersuite uses ECDSA Au, it also is the only one, not using any variant of DES or RC4)There exists ECDHE-ECDSA ciphersuites usring RC4, but these are not in this list.When generating a key, you tried to generate a RSA key, ECDSA requires ECDSA (or ECC?) key.Generally, key exchange method and authentication method, are independent of simetric cipher method.genrsa -out keyRC4-40.pemgenerated a RSA key of default size (512 bits), it cannot be used with ECDSAnaming it "RC4-40" has no influence on choice of simetric cipherrsa -in keyRC4-40.pem -rc4-40 -out RC4-40.pemthis was supposed to encrypt that RSA key using RC4-40 algorithm and supplied passphrase(there is no rc4-40 in list of available key encryption algorithms, but it seems to work)req -new -x509 -key RC4-40.pem -out carc4-40.crttried to generate a self signed (RSA) certificateI repeated these steps and everything worked as expected.Did you supply correct passphrase at req (when requested)?Without passphrase it cannot load private key.(512 bit RSA keys are insecure)Choice of ciphersuite depends on server and client configuration, justcertificate with RSA key will work with RSA, DH-RSA and ECDH-RSA ciphersuites;certificate with ECDSA key will work with ECDHE ciphersuites. Citējot 櫻井英明 hideaki.s...@gmail.com: Hello I try to make ca signature about following case. 1. Kx=DH, ECDH 2. Au=ECDSA 3. Enc=DES(56),3DES(168),RC4(40), rc4(128) For example I would like to know following cipher zuite. EDH-RSA-DES-CBC3-SHA ECDHE-ECDSA-AES256-SHA RC4-MD5 EXP-DES-CBS-SHA But I can not find the way. For example, I tried following to make rc4 ca signature but I got errors. OpenSSL genrsa -out keyRC4-40.pem Loading 'screen' into random state - done Generating RSA private key, 512 bit long modulus . . e is 65537 (0x10001) OpenSSL rsa -in keyRC4-40.pem -rc4-40 -out RC4-40.pem writing RSA key Enter PEM pass phrase: Verifying - Enter PEM pass phrase: OpenSSL req -new -x509 -key RC4-40.pem -out carc4-40.crt Enter pass phrase for RC4-40.pem: unable to load Private Key 4204:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:.\crypto\asn1\asn1_lib.c:150: 4204:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:.\crypto\asn1\tasn_dec.c:1306: 4204:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:381:Type=RSA 4204:error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib:.\crypto\rsa\rsa_ameth.c:115: 4204:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:.\crypto\asn1\asn1_lib.c:150: 4204:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:.\crypto\asn1\tasn_dec.c:1306: 4204:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:381:Type=PKCS8_PRIV_KEY_INFO 4204:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:.\crypto\pem\pem_pkey.c:132: error in req Would you teach me the correct process ? Thanks __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to make ca signaturer when I use dh or rc4 etc.
Generally ANY CA signature works with ANY ciphersuite. They are not related at all.You mean:Make a CA, which can sign a certificate, which can be used with these all ciphersuites?In that case any signature method can be used. (ECDSA and RSA ciphersuites will not work with one certificate, but CA should be ok). This should work with any ciphersuite. In this case you will have to make a self signed (root) certificate for CA. It can use any type of public key (either RSA or ECC).Or, making a certificate, which can be used with these specified ciphersuites?In that case, any signature method can be used (it depends on type of CA key), type of signature on certificate should not affect selection of ciphersuites, useable with that certificate (these only are affected by type of certificates public key).Or something else? Citējot 櫻井英明 hideaki.s...@gmail.com: Hello Sorry for confuse you. My exactly purpose are to make ca signatures about following ciphersuites. EDH-RSA-DES-CBC3-SHA ECDHE-ECDSA-AES256-SHA RC4-MD5 EXP-DES-CBS-SHA I think my question were confused because I did not understand what command to use. Please do not care what command that I used. Would you please teach me what command need to use and how to use ? Thanks __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to make ca signaturer when I use dh or rc4 etc.
ECDSA keys can be made by:openssl ecparam -genkey -name "name_of_curve" -out eckey.pemwhere "name_of_curve" is name of named curve, list of available curves is at:openssl ecparam -list_curvesThat genkey will generate private key. (probably it is possible to generate new curves, but I don not know how).That kay can be used to sign data using ECDSA.If necessary, delf signed certificate could be made by:openssl req -x509 -new -key eckey.pem -out eccert.crtIt will ask questions about what to put in certificate (country, organization, common name, etc), that depends on your openssl.cnf file.ECDH requires ECDH parameters, there usually are defaults. That is a part of server configuration. ECDH parameters basically consists of one selected named curve (from the same set as when generating ECDSA key). ECDH is used only if TLS handshake has selected a ECDH ciphersuite.DH requires DH parametrs, there usually are defaults. That is a part of server configuration. DH parameters can be generated by:openssl gendh -out dh.pem "size"where size is "size" of parameters (2048 is considered secure), large sizes takes more time to generate. That file can be specified in server configuration. DH is used only if TLS handshake has selected a DH ciphersuite.Of these ciphersuites,RC4-MD5 andEXP-DES-CBS-SHA uses RSA key exchange and does not use (and cannot use) DH or ECDH, and also cannot use certificate with ECDSA key (such as generated above).EDH-RSA-DES-CBC3-SHA uses DH key exchange and RSA certificate (it will not work with ECDSA certificate)ECDHE-ECDSA-AES256-SHA uses ECDH key exchange and will use ECDSA certificate, it will not use DH. Citējot 櫻井英明 hideaki.s...@gmail.com: Hello Thanks for good advice. I would like to know which command that I need to use to make ECDSA key. or how to make Ans I would like to know which command that I need to use dh. I'm so sorry but would you show me the process about following? EDH-RSA-DES-CBC3-SHA ECDHE-ECDSA-AES256-SHA RC4-MD5 EXP-DES-CBS-SHAThanks 2011/8/30 yyy y...@inbox.lvGenerally ANY CA signature works with ANY ciphersuite. They are not related at all. You mean: Make a CA, which can sign a certificate, which can be used with these all ciphersuites? In that case any signature method can be used. (ECDSA and RSA ciphersuites will not work with one certificate, but CA should be ok). This should work with any ciphersuite. In this case you will have to make a self signed (root) certificate for CA. It can use any type of public key (either RSA or ECC). Or, making a certificate, which can be used with these specified ciphersuites? In that case, any signature method can be used (it depends on type of CA key), type of signature on certificate should not affect selection of ciphersuites, useable with that certificate (these only are affected by type of certificates public key). Or something else? Citējot 櫻井英明 hideaki.s...@gmail.com:Hello Sorry for confuse you. My exactly purpose are to make ca signatures about following ciphersuites. EDH-RSA-DES-CBC3-SHA ECDHE-ECDSA-AES256-SHA RC4-MD5 EXP-DES-CBS-SHA I think my question were confused because I did not understand what command to use. Please do not care what command that I used. Would you please teach me what command need to use and how to use ? Thanks __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org -- Tavs bezmaksas pasts Inbox.lv __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: combined certificate
p12 files can contain multiple certificates (full chain). It seems to install full chain,however i had root cert already installed, for this chain.I do not know, how to add a der (or pem) file to existing p12 file.Probably it wold be easier to make a new p12 filefrom all necessary der (or pem) files.For certificate management i have used xca(xca.sourceforge.net)(it is a GUI for openssl certificate management tools)(it does not handle ecdsa with anything else than sha1, though). Citējot Travis Dimmig tdim...@impulse.com: Perhaps I am asking the wrong question. Files types aside, can one create a single file that can be used to install a full chain of trust on a windows machine? Travis From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Travis Dimmig Sent: Friday, August 12, 2011 3:08 PM To: openssl-users@openssl.org Subject: combined certificate Can a .der file be combined with a .p12 file to install the full chain of trust with one file? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to set nsCertType=SERVER for a server certificate?
In that openssl.cnf file add section section [server] (actually that name probably does not matter)and in it add a linensCertType=serverand when signing a request, add to command line -extensions server(at least that appears, what easyrsa script was doing)Easyrsa script also added a comment and from some other section made that cert an end entity (incapable of being a CA), but these soes not seems to be critical. Citējot Gaglia san...@paranoici.org: Hi, I'm setting up an OpenVPN client-server using OpenSSL 1.0.0 for cert generation. How do I set the nsCertType attribute to "server" in the server cert? I mean, without using automated scripts like easy-rsa. This is what I'm doing: openssl genrsa -out serverkey.pem 4096 cd .. openssl req -new -keyserverkey.pem -config $MYCONFDIR/openssl.cnf -subj '/CN=myservername' -days 36500 -sha512 -out req.pem openssl ca -config $MYCONFDIR/openssl.cnf -policy policy_anything -out servercert.pem -md sha512 -cert cacert.pem -keyfile private/cakey.pem -infiles req.pem __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: howto be my own CA for my new certificates
Everything seems to be fine, only for new installations it is recomended to use at least 2048 bit keyand, at least some time ago, openssl used to default to MD5 for certificate signatures,check, if it is not the case. Citējot Tomas Macek ma...@fortech.cz>: We have some web servers and I want to create self signed certificates for them. What do I want: - I want to create my own certification authority keys and certificate, that will be imported to all web browsers of our employees - I want to create certificates, that will be signed by my own certification authority (previous step) and include them to the apache/httpd configuration. I don't want our employees to be warned that the certificate is not trusted (I cannot buy a REAL trusted certificate) Reading FAQ here http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29, reading CA.pl from openssl-perl and discussions on inet for 2 days gave me these steps, that I already performed: 1) creating my own CA: openssl genrsa -des3 -out ca.key 1024 openssl rsa -in ca.key -out ca.key.unsecure mv ca.key.unsecure ca.key openssl req -new -x509 -days 365 -key ca.key -out ca.crt 2) creating my own server key and certification request: openssl genrsa -des3 -out server.key 1024 openssl rsa -in server.key -out server.key.unsecure mv server.key.unsecure server.key openssl req -new -key server.key -out server.csr 3) signing the request by my own CA (see step 1): openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAserial ca.srl > server.crt 4) I have imported the ca.crt into the web browser 5) the server.key and server.crt were included to the apache/httpd configuration After these steps the web page looks secured and no warning appears when I enter the page. Question: --- Do you see any bad thing about these steps or can you please recommend me any further step in order to make things properly? Best regards Tomas __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Tavs bezmaksas pasts Inbox.lv __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: testing null encryption
I also tried the same, and although wireshark labeled these data as "encrypted application data", the text next to hex data in bottom window contained unencrypted data. There were something added in the end, though. (negotiated ciphersuite were NULL-SHA). 2) Getting back to the client server programs supplied along with the openssl package. When eNULL was configured as mentioned above, ran the wireshark packet capture utility. typed " hello world" at the server and the "hello world" was reflected in the client. Was expecting "hello world" to be seen in clear text because NULL encryption is used. But in wireshark i could not see anything in clear text .. Atleast i could not see "hello world" in the application data section of wireshark. Rightly application data was after the client hello exchange messages sent by the ssl protocol. wondering why clear text message was not seen does any form of encoding is used by the client server.?? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: support for 2048-bit keys
Somewhere I have read that RSA key size limit is 32k or so. Largest key I have attempted to generate was 24k, largest key successfully generated and used was 16k. Are the these RSA keys or DH parameters? In any case 2048bit (2k) sized keys are supported almost by anything. Hello, I am working on a product where we are upgrading from openssl-0.9.8.d to version 1.0.0, and we want to transition from using 1024 bit keys to 2048. I am coming up to speed with SSL in general. My question is: was key length of 2048 already supported on openssl-0.9.8.d? I did read about it in HOWTO, but I just want to make sure. Thanks, Dirce __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re[2]: ECDH parameters
Thanks for info! So, EC crypto uses standard curves, and temp ECDH parameters consists of choice of one of these curves. After rereading s_server documentation, noticed -named_curve option and it seems to be equivalent to -dhparam option for DH. That explains everything so far. nistp256 is the same as secp256k1? s_server documentation (output of s_server -?) says that nistp256 is the default, but such exact name is not present in output of ecparam -list_curves. 2011/7/1 yyy y...@inbox.lv: Hello! s_server (and probably other TLS servers), requires ECDH parameters, if using ECDH ciphersuites. (probably similarily as for DH parameters with DH ciphersuites). It seems, that these are supposed to be generated using: ecparam -name 'name_of_named_curve', but this always generates the same output (it seems to be somehow encoded name of that curve). Generating a curve (ie, 'domain parameters') can be tricky business due to point counting. In practice, one uses a standard curve observed by ANSI, IETF, IEEE, NIST, etc. For example, http://tools.ietf.org/html/rfc5349. If you want a custom curve, I recommend a tool such as Marcel Martin's Elliptic Curve Builder (ECB). A private key (and public) are selected once domain parameters have been chosen. The private key is 'x' or 'd' (a multiplier), which results in a public key 'Q' (a point). The relationship is Q = x*G, where G is the base point. DH parameters contained randomly changing data. ECDH, for key exchange, only needs specified curve and nothing else? During key establishment, ephemeral keys (throw away public and private keys) will be used. If you want to generate a private key, try: $ openssl ecparam -name secp256k1 -genkey -param_enc explicit -outform DER -out ec-openssl.der To get the public key: $ openssl ecparam -param_enc explicit -name secp256k1 -genkey -outform PEM -out ec-openssl.pem $ openssl ec -param_enc explicit -inform PEM -in ec-openssl.pem -pubout -outform DER -out ec-openssl.der Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
ECDH parameters
Hello! s_server (and probably other TLS servers), requires ECDH parameters, if using ECDH ciphersuites. (probably similarily as for DH parameters with DH ciphersuites). It seems, that these are supposed to be generated using: ecparam -name 'name_of_named_curve', but this always generates the same output (it seems to be somehow encoded name of that curve). Is this intended behavior? DH parameters contained randomly changing data. ECDH, for key exchange, only needs specified curve and nothing else? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
