[openssl.org #1553] mscrypto engine for 0.9.8

[Roumen Petrov via RT]

Please find attached file openssl-mscrypto-20070625.tar.gz with 
openssl engine that can use keys from windows key-store. The engine can 
work with external keys too.

Source is for openssl version 0.9.8 and  mingw build require openssl 
source with mingw patch for 0.9.8 from request #1552 ( see OpenSSL 
Request Tracer ).

Directory engines/ contain source code and in test/ are batch files 
for test cases, environment and sample openssl config files for engine 
(openssl.cnf is for 0.9.7). Engine can be used in 0.9.7 but 
mscrypto_err.* should be recreated with corresponding util/mkerr.pl . 
Engine support only rsa key/certificates. You don't need to mark the 
private key as exportable when import PKCS#12(pfx) file. Engine can use 
certificates/keys stored on smart cards.

Tests require private key, corresponding public key and certificate that 
match private key. Every test case
is operation with engine and opposite  operation without. Character a 
in test case is for with-without engine, b is for without-with. 
Test case 1x is for rsautl encrypt-decrypt, 2x - rsautl 
sign-verify, 3x1 -  dgst sign-verify with keys/certs form files and in 
3x2 (dgst sign-verify) engine will use certificate from key-store. For 
test cases 3{a,b}2  certificate with matching private key should be 
loaded into key-store.
In test cases 2{a,b} rsautl sign-verify should fail. This look like 
problem with implementation in used crypto provider.

File env.bat set paths to openssl program and configuration, engine, key 
files, certificate canonical name, etc. To run test you should set 
TEST in do_test.bat and to run it.

Extension of openssl configuration file is cnf and by default is always 
hidden.


Instruction for mingw build environment:

Build command:
$ make -f Makefile.mscrypto OPENSSLSRC=path_to_openssl_source
Make sure that openssl is build and installed.

To install:
$ make -f Makefile.mscrypto install {INSTALLTOP=...} {INSTALL_PREFIX=..}
, where INSTALLTOP and INSTALL_PREFIX are optional.


Roumen




openssl-mscrypto-20070625.tar.gz
Description: application/gzip

Re: [openssl.org #1553] mscrypto engine for 0.9.8

[Alon Bar-Lev]

Hello,

This is nice, although I don't see any real use case for this engine,
as you require the user to manually export information from CryptoAPI
store into files before the engine could be used.

I think OpenSSL engine (generic) should allow to expose certificate
store, this will allow engines such as this one or PKCS#11 to expose
the complete object list and references.

There is not much point in holding certificates in files while they
exists in CryptoAPI or smartcard... And there is no point not to allow
a program to enumerate available certificates an engine can provide.

There is also an issue of resources prompt (passphrase, token) and a
small issue of object serialization in engine interface.

Am am afraid that as long as OpenSSL engine interface will remain so
low-level developers will look into alternate solution.

Best Regards,
Alon Bar-Lev.

On 6/29/07, Roumen Petrov via RT [EMAIL PROTECTED] wrote:

Please find attached file openssl-mscrypto-20070625.tar.gz with
openssl engine that can use keys from windows key-store. The engine can
work with external keys too.

Source is for openssl version 0.9.8 and  mingw build require openssl
source with mingw patch for 0.9.8 from request #1552 ( see OpenSSL
Request Tracer ).

Directory engines/ contain source code and in test/ are batch files
for test cases, environment and sample openssl config files for engine
(openssl.cnf is for 0.9.7). Engine can be used in 0.9.7 but
mscrypto_err.* should be recreated with corresponding util/mkerr.pl .
Engine support only rsa key/certificates. You don't need to mark the
private key as exportable when import PKCS#12(pfx) file. Engine can use
certificates/keys stored on smart cards.

Tests require private key, corresponding public key and certificate that
match private key. Every test case
is operation with engine and opposite  operation without. Character a
in test case is for with-without engine, b is for without-with.
Test case 1x is for rsautl encrypt-decrypt, 2x - rsautl
sign-verify, 3x1 -  dgst sign-verify with keys/certs form files and in
3x2 (dgst sign-verify) engine will use certificate from key-store. For
test cases 3{a,b}2  certificate with matching private key should be
loaded into key-store.
In test cases 2{a,b} rsautl sign-verify should fail. This look like
problem with implementation in used crypto provider.

File env.bat set paths to openssl program and configuration, engine, key
files, certificate canonical name, etc. To run test you should set
TEST in do_test.bat and to run it.

Extension of openssl configuration file is cnf and by default is always
hidden.


Instruction for mingw build environment:

Build command:
$ make -f Makefile.mscrypto OPENSSLSRC=path_to_openssl_source
Make sure that openssl is build and installed.

To install:
$ make -f Makefile.mscrypto install {INSTALLTOP=...} {INSTALL_PREFIX=..}
, where INSTALLTOP and INSTALL_PREFIX are optional.


Roumen





__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Bilinear pairings

[Diego de Freitas Aranha]

Hi,

I am a PHD student in UNICAMP, Brazil. 

During my Msc, I developed an implementation of bilinear pairings over 
elliptic curves using OpenSSL. In particular, an implementation of the Tate 
pairing over curves defined on prime fields.

I am writing to ask you guys if the OpenSSL team has any interest on merging 
this implementation in the main tree, considering that bilinear pairings are 
a novel cryptographic primitive and that a lot of new applications such as 
Identity-Based Cryptography and Certicateless Cryptography could be developed 
using exclusively the OpenSSL library.

Thanks for the attention and for the great work.
--
Diego Aranha
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]