Re: [openssl-users] Validation error on generated csr

2013-03-18 Thread Tim Tassonis
Hi Erwann What you have to do it hash your data, prepare an X509_SIG object, set its algor to SHA1 (with NULL parameters), and fill the digest part with your hash result. Then transform it into DER, and sign it with CKM_RSA_PKCS mechanism. Thanks a lot for the explanation. However, I can't

Re: [openssl-users] Validation error on generated csr

2013-03-18 Thread Dr. Stephen Henson
On Mon, Mar 18, 2013, Tim Tassonis wrote: Hi Erwann What you have to do it hash your data, prepare an X509_SIG object, set its algor to SHA1 (with NULL parameters), and fill the digest part with your hash result. Then transform it into DER, and sign it with CKM_RSA_PKCS mechanism.

Re: [openssl-users] Validation error on generated csr

2013-03-18 Thread Tim Tassonis
Hi Stephen Thanks a lot, that did the trick, the verify now returns ok. Kind regards Tim On 03/18/2013 02:26 PM, Dr. Stephen Henson wrote: On Mon, Mar 18, 2013, Tim Tassonis wrote: Hi Erwann What you have to do it hash your data, prepare an X509_SIG object, set its algor to SHA1 (with

Validation error on generated csr

2013-03-15 Thread Tim Tassonis
Hi I am trying to generate a csr in a c program by having the signing part done by pkcs11 calls, and while I get no errors, the resulting csr fails upon validation: $ openssl req -verify -in wltx.csr verify failure 2948:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too

Re: Validation error on generated csr

2013-03-15 Thread Dr. Stephen Henson
On Fri, Mar 15, 2013, Tim Tassonis wrote: Hi I am trying to generate a csr in a c program by having the signing part done by pkcs11 calls, and while I get no errors, the resulting csr fails upon validation: Analysing that CSR the actual signature isn't in the correct form: it just

Re: Validation error on generated csr

2013-03-15 Thread Tim Tassonis
Hi Steve Thanks a lot for your reply. Just another quick question. Do you know by chance an openssl function that would convert the raw sha1 into a digestinfo structure? Kind regards Tim On 03/15/2013 02:36 PM, Dr. Stephen Henson wrote: On Fri, Mar 15, 2013, Tim Tassonis wrote: Hi I

Re: [openssl-users] Validation error on generated csr

2013-03-15 Thread Erwann Abalea
Bonjour, Le 15/03/2013 14:07, Tim Tassonis a écrit : Hi I am trying to generate a csr in a c program by having the signing part done by pkcs11 calls, and while I get no errors, the resulting csr fails upon validation: $ openssl req -verify -in wltx.csr verify failure

Re: Validation error on generated csr

2013-03-15 Thread Arne Ansper
On Fri, 15 Mar 2013, Dr. Stephen Henson wrote: Analysing that CSR the actual signature isn't in the correct form: it just contains the raw SHA1 digest instead of the required DigestInfo structure. You can check that using rsautl in a manner similar to that for certificates mentioned in the