Thanks for the quick response. I am currently working with smart cards and am
using the engine provided by openSC to access the private key in the smart
card. Long story short I have the EVP_PKEY object with me. Can I use this to
sign a certificate or some file which can be used for SSL client
On Wed, 22 Jul 2015 09:17:43 + (UTC)
Anirudh Raghunath anirudhraghun...@rocketmail.com wrote:
Hello,
I have used rsault -sign option to sign a text file which gives me a
binary file. I would like to convert this to X509 so that I can use
it in a ssl handshake. I understand the command:
Thank you for the extremely elaborate answer. Now I understand the big picture.
I want to attach a file from the server side which can be collected in the
client program(the test) and I want to sign it and send it back. I have the ssl
server client connection ready through socket and ssl code.
Bonjour,
An X.509 certificate is:
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING }
What you produced with « openssl rsautl -sign » is the content of the «
signatureValue »
Hello,
I have used rsault -sign option to sign a text file which gives me a binary
file. I would like to convert this to X509 so that I can use it in a ssl
handshake. I understand the command:
openssl x509 -inform format -in certfile -out cert.pem
is used. I want to know what the parameters
(top posting for consistency)
Look at the functions named X509_sign(), X509_CRL_sign() and
X509_REQ_to_X509(), those should get you started.
On 22/07/2015 11:57, Anirudh Raghunath wrote:
Thanks for the quick response. I am currently working with smart cards
and am using the engine provided
Long response short, yes, you can.
Prepare and fill in your X509 object, perform the signature with your EVP_PKEY
private key, format the resulting signature into a BIT STRING, place this BIT
STRING into your previous X509 object, complete it with the AlgorithmIdentifier
you choose when signing
