pubkey format
openssl x509 -in sample.pem -pubkey -noout What is the format of the pubkey ? How can i convert or transform this key to ssh-rsa format? I am talking about the ssh keys that are available in authorized_keys file. Or Does openssl has any tools to manage the pubkey ? like dismantle and assemble again. thanks dhiva __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #1693] Compiling OpenSSL with mingw-w64
There is no assembly support for pe64. Well, Win64 ABI is fully supported by OpenSSL x86_64 assembler modules. There is no support for GNU assembler under Win64, but masm (rather known as ml64) and nasm are fully supported (though there are requirements for least supported versions, for nasm it's 2.03). So no assembly is available. If assembler was to be added to mingw64, I'd rather deploy nasm. It would be easiest. Just for public reference. It turned to be impossible to deploy nasm-generated modules with mingw64 as is. This is because mingw64 apparently adheres to Win32-like symbol decoration, and as result mingw64 object modules are symbol incompatible and can't be linked with objects targeting Microsoft C. For example, C function named foo would be denoted by symbol _foo by mingw64, but foo - by MSC, corresponding dll import would be denoted by __imp__foo by mingw64, but __imp_foo - by MSC. As something had to be done I've chosen to add native support for mingw64 to x86_64-xlate.pl [as opposite to adapting nasm code generator for mingw64]. Case is being dismissed. A. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #1753] snapshot 20081003 broke mingw build
Please merge. last from this ticket(1753): - openssl-000-msys-symlink.patch - openssl-001-SNAP-20081003-mingw.patch Merged with minor modification in domd (http://cvs.openssl.org/chngview?cn=17706). a. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Can I create cryptoprovider based on openssl ?
Excuse me I mean another thing. For example in Linux you are using OpenOffice, and you want sign(Digital Sign) some document created in OpenOffice, when you signing OpenOffice use some algorithm (may be RSA or DSA), so where it take these algorithms, if it takes from OS, I mean may be from kernel, than I can create my own algorithm and adjust it to kernel. After that every Utilities which of use these algorithms can use my algorithm. Are you catch it ? Rustam !!!
Re: Can I create cryptoprovider based on openssl ?
On December 19, 2008 01:50:46 pm Rustam Rakhimov wrote: Excuse me I mean another thing. For example in Linux you are using OpenOffice, and you want sign(Digital Sign) some document created in OpenOffice, when you signing OpenOffice use some algorithm (may be RSA or DSA), so where it take these algorithms, if it takes from OS, I mean may be from kernel, than I can create my own algorithm and adjust it to kernel. After that every Utilities which of use these algorithms can use my algorithm. Are you catch it ? Ok - if you are asking if there is a generic crypto layer in Linux - the answer is no. Today, there is a mix of applications that use their own crypto (eg: parts of KDE, Java, others), applications that use OpenSSL (Apache, Postfix, OpenLDAP, etc.), application that use GNUTLS, applications that use NSS - Netscape Security Services (Evolution, OpenOffice (I think), Mozilla), GPGSM (other parts of KDE), and the Kernel (several of the IPSec implementations). So, depending on what you want to do, there are a plethora of places that you would have to add your own algorithm if you were so inclined. There are a couple of projects that have as goals to centralize some of this functionality (for instance, we've written Pathfinder, which is equally usable for RFC5280 PDVal by applications using NSS and OpenSSL with goals to add Java support), but in general, if you are adding primitives, then you've got A LOT of places to go and add that support to). Have fun. -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Can I create cryptoprovider based on openssl ?
On 2008.12.19 at 14:03:46 -0500, Patrick Patterson wrote: Ok - if you are asking if there is a generic crypto layer in Linux - the answer is no. Today, there is a mix of applications that use their own crypto (eg: parts of KDE, Java, others), applications that use OpenSSL (Apache, Postfix, OpenLDAP, etc.), application that use GNUTLS, applications that use NSS - Netscape Security Services (Evolution, OpenOffice (I think), Mozilla), GPGSM (other parts of KDE), and the Kernel (several of the IPSec implementations). Things are even more complicated. Most of application software out there can be compile-time (or even runtime) configured to use different crypto libraries. Typically, there is a choice between OpenSSL and gcrypt/GNU TLS GPGSM is based on libgcrypt, so it uses same implementation of algorithms as GNU TLS. OpenOffice uses libxmlsec to sign documents, and this library can be compiled with any of three libraries mentioned, as well as MS CryptoProvider (on Windows platform) Most distributions of OpenOffice for Linux, however use NSS for crypto, because libnss contain own ready to use certificate and private key store (one which Firefox and Thunderbird use), and OpenSSL doesn't. Kernel support for cryptography, AFAIC doesn't include public key cryptography. There is no need for it. You need some userspace tool to perform connection initiation and certificate verification. And this tool is typically compiled with OpenSSL or NSS. And only fast simmetric ciphers and digests/macs need to be inside kernel for good fast IPSEC implementation. add Java support), but in general, if you are adding primitives, then you've got A LOT of places to go and add that support to). Realy there is even more work, because most application authors think that there is quite limited set of algorithms. Often some RSA specific routines, such as SSL_use_RSAPrivateKey_file are used in application code, where algorithm independent SSL_use_PrivateKey_file would do. Some other authors hardcode list of ciphersuites which do not include newly added ciphersuites implicitely. For example, couple of years ago I've to submit patches to PostgreSQL database to be able to use GOST ciphersuites with it. Fortunately, they included these patches in 8.3 release. So, if application uses a cryptographic library which supports needed algorithm (which is now a case with OpenSSL and Russian standard GOST algorithms), it doesn't mean, that you can just throw in correct keys and certificates and everything should work. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Can I create cryptoprovider based on openssl ?
Rustam Rakhimov wrote: Excuse me I mean another thing. For example in Linux you are using OpenOffice, and you want sign(Digital Sign) some document created in OpenOffice, when you signing OpenOffice use some algorithm (may be RSA or DSA), so where it take these algorithms, if it takes from OS, I mean may be from kernel, than I can create my own algorithm and adjust it to kernel. After that every Utilities which of use these algorithms can use my algorithm. Are you catch it ? You are at too low a level. You need a PKI... http://wiki.services.openoffice.org/wiki/How_to_use_digital_Signatures Rustam !!! -- Douglas E. Engert deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: pubkey format
Hi, You can download simple utility to transform PKCS#1 RSA public key to opnessh public key format from here: http://www.parssign.com/openssh_pk_linux.tar.gz It is free to use and linked statically on Linux (must works on most distributions) Regards, Shahin Khorasani Dhiva wrote: openssl x509 -in sample.pem -pubkey -noout What is the format of the pubkey ? How can i convert or transform this key to ssh-rsa format? I am talking about the ssh keys that are available in authorized_keys file. Or Does openssl has any tools to manage the pubkey ? like dismantle and assemble again. thanks dhiva __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org