Re: [openssl-users] Re: create certificate request programmatically using OpenSSL API

2012-07-30 Thread Jeffrey Walton 
On Mon, Jul 30, 2012 at 5:15 AM, Erwann Abalea
 wrote:
> GOST is not a block cipher, it's the acronym for "GOsudarstvennyi STandard",
> which means "State Standard". It's not dedicated to cryptography.
My apologies. I thought you were referring to the GOST block cipher.
(I've never used it, but knew its been part of Crypto++ for some time:
http://www.cryptopp.com/docs/ref/class_g_o_s_t.html).

Jeff

> Le 28/07/2012 21:31, Jeffrey Walton a écrit :
>
> On Fri, Jul 27, 2012 at 9:00 AM, Abyss Lingvo  wrote:
>
> Hi all!
>
> The last problem is how to create GOST key pair for certificate.
> It is clear how to create RSA keys.
> Sample is here : http://www.openssl.org/docs/crypto/EVP_PKEY_keygen.html
>
>  #include 
>  #include 
>  EVP_PKEY_CTX *ctx;
>  EVP_PKEY *pkey = NULL;
>  ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
>  if (!ctx)
> /* Error occurred */
>  if (EVP_PKEY_keygen_init(ctx) <= 0)
> /* Error */
>  if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
> /* Error */
>  /* Generate key */
>  if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
>   /* Error */
>
> Unfortunately there is no EVP_PKEY_GOST constant and I can't create EVP_PKEY
> containing GOST key pair.
>
> Does anybody know how to create GOST key pair?
>
> GOST is a block cipher. It uses a symmetric key, not public/private keys.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: create certificate request programmatically using OpenSSL API

2012-07-30 Thread Abyss Lingvo 
Hi Jeff

There are two GOST algorithms. 
GOST
28147-89 is for symmetric block cyphering and GOST R 34.10-2001 for asymmetric
cyphering and digital signing. 
OpenSSL support both algorithms.

I mean GOST
R 34.10-2001 here.

 
Best Regards

Re: [openssl-users] Re: create certificate request programmatically using OpenSSL API

2012-07-30 Thread Erwann Abalea 
GOST is not a block cipher, it's the acronym for "GOsudarstvennyi 
STandard", which means "State Standard". It's not dedicated to cryptography.


Speaking of GOST standard is redundant, but clearer for non russian 
locutors.


There's a block cipher (poorly) defined as a GOST standard, referenced 
"GOST 28147-89". Attempts to be adopted as an ISO standard have failed. 
The S-Box to use is not defined in the standard, whence 2 compliant 
implementations can be non interoperable.


There's also a hash algorithm defined as a GOST standard, referenced 
"GOST R 34.11-94" or "GOST 34.311-95", using GOST 28147-89 inside. "GOST 
R 34.11-94" in itself is also useless because of the lack of S-Box 
standard. The RFC 4357 defines 2 S-Boxes.


And finally there's a digital signature defined as a GOST standard, 
referenced "GOST R 34.10-94" and superseded by "GOST R 34.10-2001" 
(RFC5832), consider it similar to ECDSA. It uses "GOST R 34.11-94" to 
hash data (just as {EC}DSA uses SHA{1,2*}).


--
Erwann ABALEA

Le 28/07/2012 21:31, Jeffrey Walton a écrit :

On Fri, Jul 27, 2012 at 9:00 AM, Abyss Lingvo  wrote:

Hi all!

The last problem is how to create GOST key pair for certificate.
It is clear how to create RSA keys.
Sample is here : http://www.openssl.org/docs/crypto/EVP_PKEY_keygen.html

  #include 
  #include 
  EVP_PKEY_CTX *ctx;
  EVP_PKEY *pkey = NULL;
  ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
  if (!ctx)
 /* Error occurred */
  if (EVP_PKEY_keygen_init(ctx) <= 0)
 /* Error */
  if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
 /* Error */
  /* Generate key */
  if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
   /* Error */

Unfortunately there is no EVP_PKEY_GOST constant and I can't create EVP_PKEY
containing GOST key pair.

Does anybody know how to create GOST key pair?

GOST is a block cipher. It uses a symmetric key, not public/private keys.

Jeff
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: create certificate request programmatically using OpenSSL API

2012-07-28 Thread Jeffrey Walton 
On Fri, Jul 27, 2012 at 9:00 AM, Abyss Lingvo  wrote:
> Hi all!
>
> The last problem is how to create GOST key pair for certificate.
> It is clear how to create RSA keys.
> Sample is here : http://www.openssl.org/docs/crypto/EVP_PKEY_keygen.html
>
>  #include 
>  #include 
>  EVP_PKEY_CTX *ctx;
>  EVP_PKEY *pkey = NULL;
>  ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
>  if (!ctx)
> /* Error occurred */
>  if (EVP_PKEY_keygen_init(ctx) <= 0)
> /* Error */
>  if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
> /* Error */
>  /* Generate key */
>  if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
>   /* Error */
>
> Unfortunately there is no EVP_PKEY_GOST constant and I can't create EVP_PKEY
> containing GOST key pair.
>
> Does anybody know how to create GOST key pair?
GOST is a block cipher. It uses a symmetric key, not public/private keys.

Jeff
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: create certificate request programmatically using OpenSSL API

2012-07-27 Thread Abyss Lingvo 
Hi all! 


The
last problem is how to create GOST key pair for certificate.
It is
clear how to create RSA keys.
Sample
is here : http://www.openssl.org/docs/crypto/EVP_PKEY_keygen.html
 
 #include 
 #include 
 EVP_PKEY_CTX *ctx;
 EVP_PKEY *pkey = NULL;
 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
 if (!ctx)
    /* Error occurred */
 if (EVP_PKEY_keygen_init(ctx) <= 0)
    /* Error */
 if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx,
2048) <= 0)
    /* Error */
 /* Generate key */
 if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
      /* Error */
 
Unfortunately
there is no EVP_PKEY_GOST constant and I can't create EVP_PKEY containing GOST
key pair.
 
Does
anybody know how to create GOST key pair? 
 
Best Regards

Re: create certificate request programmatically using OpenSSL API

2012-07-22 Thread Ozweepay 

I wrote this a while ago, but I think it was trivially modified from
something I found online.  I added a few comments, which perhaps is 
helpful__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: create certificate request programmatically using OpenSSL API

2012-07-20 Thread Dr. Stephen Henson 
On Fri, Jul 20, 2012, Abyss Lingvo wrote:

> Hi all! 
> 
> 
> How to
> create certificate request programmatically via OpenSSL API?
> 
> This is the solution for command line utility: 
> 
> openssl genrsa -out server_key.pem -passout pass:$passwd -des3 1024
> 
> 
> openssl req -new -key server_key.pem  -passin pass:$passwd \
> -passout pass:$passwd -out server_req.pem -days 1095 \
> -subj 
> /C=US/ST=City/L=City/O=company/OU=SSLServers/CN=localhost/emailAddress=sslser...@company.com
> 
> 
> How to do the same but using OpenSSL API? 

A simple example is demos/x509/mkreq.c

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: create certificate request programmatically using OpenSSL API

2012-07-20 Thread Peter Sylvester 

You can take the code in apps/req.c and extract the pieces you need.



On 07/20/2012 10:17 AM, Abyss Lingvo wrote:

Hi all!

How to create certificate request programmatically via OpenSSL API?

This is the solution for command line utility:
openssl genrsa -out server_key.pem -passout pass:$passwd -des3 1024

openssl req -new -key server_key.pem -passin pass:$passwd \
-passout pass:$passwd -out server_req.pem -days 1095 \
-subj 
/C=US/ST=City/L=City/O=company/OU=SSLServers/CN=localhost/emailAddress=sslser...@company.com


How to do the same but using OpenSSL API?
Best Regards
xidex