Re: Storing keys and certs on USB tokens using openssl(1)

2004-08-03 Thread Ralf Hornik Mailings 
 Keys at least:  there's an openssl engine for opensc aKeys at least:
 there's
 an openssl engine for opensc and one for pkcs11 libraries at
 www.opensc.org

Yes, I know, but I don't find any pointer to this engines. Even, there is
no pkcs11 or opensc word in the complete openssl-source!

Do I have to include the hw_* files from opensc manually? What engine id
will it be? Has anyone done this in practice?

Thanks for any help!


Ralf


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Storing keys and certs on USB tokens using openssl(1)

2004-08-03 Thread Ralf Hornik Mailings 
 Yes, I know, but I don't find any pointer to this engines. Even, there is
 no pkcs11 or opensc word in the complete openssl-source!

 Do I have to include the hw_* files from opensc manually? What engine id
 will it be? Has anyone done this in practice?

Found the solution myself! :-)

http://www.opensc.org/files/doc/opensc.html#opensc.using.openssl



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Storing keys and certs on USB tokens using openssl(1)

2004-08-03 Thread Nils Larsch 
Ralf Hornik Mailings wrote:
Yes, I know, but I don't find any pointer to this engines. Even, there is
no pkcs11 or opensc word in the complete openssl-source!
Do I have to include the hw_* files from opensc manually? What engine id
will it be? Has anyone done this in practice?

Found the solution myself! :-)
http://www.opensc.org/files/doc/opensc.html#opensc.using.openssl
btw: what kind of usb token do you have ?
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: How to convert a buffer to an intern structure???

2004-08-03 Thread Juan Segarra 
You can use a memory bio and then the appropiate PEM I/O function.
Something like:

BIO *bioMem;
char *keyBuffer;
X509 *cert;

/* Read de buffer (bla,bla,bla) :-) */

/* And now... */

bioMem =3D BIO_new_mem_buf(keyBuffer, keyBufferLen);
cert =3D PEM_read_bio_X509(bioMem,NULL,NULL,NULL);


---
Juan Segarra
http://spisa.act.uji.es/~juan
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: What binary data format is used by openssl enc?

2004-08-03 Thread Dr. Stephen Henson 
On Mon, Aug 02, 2004, Alicia da Conceicao wrote:

 Hi Steve:
 
  Its not ASN1 because the OpenSSL ASN1 code isn't fully streaming and to do so
  would be a massive undertaking which has so far not attracted any interest.
  The data following the salt is the raw encrypted data using standard block
  padding. This isn't conformant with any public standard.
 
 Thank you for clearing things up for me regarding openssl enc encoding
 format.  :-) 
 
 But now that you mentioned it, I would have to say that it would be more
 than a massive undertaking to use DER encoding for openssl enc streaming,
 it would be impossible, since DER encoding always puts an object's length
 before an object's contents.  You would first need to dump the entire
 stream contents into a temporary location before you can obtain and DER
 encode the stream length, and to do so would not qualify as streaming
 since nothing comes out until everything is put in.
 

It is of course possible if a file is streamed because its length is then
available.

I said ASN1 not DER. It is perfectly feasible to use BER for streaming
ASN1, in fact I've some prototype code that can encode such a stream for
S/MIME use. The decode side is harder to handle and the only solution I've
found that isn't horrendously complex involves various evil hacks which I'm
not happy with.

That however is partial streaming which handles some structures as a special
case. Full streaming which would allow any ASN1 structure to be streamed is
much harder and probably not worth it.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Storing keys and certs on USB tokens using openssl(1)

2004-08-03 Thread Ralf Hornik Mailings 
 http://www.opensc.org/files/doc/opensc.html#opensc.using.openssl

 btw: what kind of usb token do you have ?

Aladdin eToken pro 32k.

Opensc now recognices my USB token. When I try to load the engine I get:

mtag03:/home/rho/et2k/opensc-0.8.1 # openssl
OpenSSL engine dynamic -pre
SO_PATH:/usr/local/opensc/lib/opensc/engine_pkcs11.so -pre ID:pkcs11 -pre
LIST_ADD:1 -pre LOAD
(dynamic) Dynamic engine loading support
[Success]: SO_PATH:/usr/local/opensc/lib/opensc/engine_pkcs11.so
[Success]: ID:pkcs11
[Success]: LIST_ADD:1
[Failure]: LOAD
9868:error:260B606D:engine routines:DYNAMIC_LOAD:init failed:eng_dyn.c:433:
OpenSSL

Same happens on engine_opensc
I compiled openssl with

./config shared

This problem seems to be discussed former:

http://www.mail-archive.com/[EMAIL PROTECTED]/msg17610.html

But I think its all dynamicly linked.
Any help would be appreciated

Ralf

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RSA encryption - to encrypt a c structure ??

2004-08-03 Thread Jayashree Kanchana 
Hi,

I am hoping that someone might have come across this problem and will be
able to help me.

I am trying to use openssl to encrypt a c structure instead of just a
string, is there any function in openssl that I could use?

I have a RSA key structure that is already created and I am able to
encrypt and decrypt just a string using RSA_public_encrypt command and this RSA
key pair .

Thanks in advance,
Jayashree

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE : RSA encryption - to encrypt a c structure ??

2004-08-03 Thread Marc Gaudichet 
Maybe you could cast the contents of your structure to a string, encrypt this string 
and then cast the string back to your structure type.

Marc.

 -Message d'origine-
 De : Jayashree Kanchana [mailto:[EMAIL PROTECTED] 
 Envoyé : mardi 3 août 2004 16:00
 À : [EMAIL PROTECTED]
 Objet : RSA encryption - to encrypt a c structure ??
 
 
 Hi,
 
 I am hoping that someone might have come across this problem 
 and will be able to help me.
 
 I am trying to use openssl to encrypt a c structure instead 
 of just a string, is there any function in openssl that I could use?
 
 I have a RSA key structure that is already created and I am 
 able to encrypt and decrypt just a string using 
 RSA_public_encrypt command and this RSA key pair .
 
 Thanks in advance,
 Jayashree
 
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: RSA encryption - to encrypt a c structure ??

2004-08-03 Thread Steven Bade 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jayashree Kanchana wrote:
| Hi,
|
| I am hoping that someone might have come across this problem and will be
| able to help me.
|
| I am trying to use openssl to encrypt a c structure instead of just a
| string, is there any function in openssl that I could use?
|
| I have a RSA key structure that is already created and I am able to
| encrypt and decrypt just a string using RSA_public_encrypt command
and this RSA
| key pair .
|
| Thanks in advance,
| Jayashree
|
| __
| OpenSSL Project http://www.openssl.org
| User Support Mailing List[EMAIL PROTECTED]
| Automated List Manager   [EMAIL PROTECTED]
have you tried casting the address of your structure to a (char *)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBD5tKBKHgXq2RAKcRAmhjAJ41NBDtTLWAuehqGXbUuBt3uK+3ZQCggLj0
CJu/aTNbyRB4DX+HVDu2dtY=
=pbav
-END PGP SIGNATURE-
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: RE : RSA encryption - to encrypt a c structure ??

2004-08-03 Thread Jayashree Kanchana 

Hi Marc,

I am sorry, I am not sure how I can type cast the structure to string,
should I do (char *) ?
Once I encrypt I am not sure if the encrypted string has the
same structure as the original structure.

Can you please show me the synatx to type cast a structure to string.

Thanks,
Jayashree



On Tue, 3 Aug 2004, Marc Gaudichet wrote:

 Maybe you could cast the contents of your structure to a string, encrypt this string 
 and then cast the string back to your structure type.

 Marc.

  -Message d'origine-
  De : Jayashree Kanchana [mailto:[EMAIL PROTECTED]
  Envoyé : mardi 3 août 2004 16:00
  À : [EMAIL PROTECTED]
  Objet : RSA encryption - to encrypt a c structure ??
 
 
  Hi,
 
  I am hoping that someone might have come across this problem
  and will be able to help me.
 
  I am trying to use openssl to encrypt a c structure instead
  of just a string, is there any function in openssl that I could use?
 
  I have a RSA key structure that is already created and I am
  able to encrypt and decrypt just a string using
  RSA_public_encrypt command and this RSA key pair .
 
  Thanks in advance,
  Jayashree
 
  __
  OpenSSL Project http://www.openssl.org
  User Support Mailing List[EMAIL PROTECTED]
  Automated List Manager   [EMAIL PROTECTED]
 
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: RE : RSA encryption - to encrypt a c structure ??

2004-08-03 Thread Charles B Cranston 
One danger with casting a structure as a string is that zero bytes
(which can happen due to slack bits in the structure) might be
interpreted as an end-of-string that would prematurely terminate
the data.
If you're going to process binary data, look for an API where you
specify both a pointer and a length.  Or else encode the binary
data in printable format (such as base 64 or hexadecimal) and then
pass THAT string to an API that takes a C string.
And, technically, you CANNOT cast a structure as a string.
What is being talked about is casting a (pointer to a structure) as
a (pointer to a string).
Casting does not actually change the data, only the way in which
it is treated by the program.
Jayashree Kanchana wrote:
Hi Marc,
I am sorry, I am not sure how I can type cast the structure to string,
should I do (char *) ?
Once I encrypt I am not sure if the encrypted string has the
same structure as the original structure.
Can you please show me the synatx to type cast a structure to string.
Thanks,
Jayashree

On Tue, 3 Aug 2004, Marc Gaudichet wrote:

Maybe you could cast the contents of your structure to a string, encrypt this string 
and then cast the string back to your structure type.
Marc.

-Message d'origine-
De : Jayashree Kanchana [mailto:[EMAIL PROTECTED]
Envoy? : mardi 3 ao?t 2004 16:00
? : [EMAIL PROTECTED]
Objet : RSA encryption - to encrypt a c structure ??
Hi,
I am hoping that someone might have come across this problem
and will be able to help me.
I am trying to use openssl to encrypt a c structure instead
of just a string, is there any function in openssl that I could use?
I have a RSA key structure that is already created and I am
able to encrypt and decrypt just a string using
RSA_public_encrypt command and this RSA key pair .
Thanks in advance,
Jayashree
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
--
Charles B (Ben) Cranston
mailto: [EMAIL PROTECTED]
http://www.wam.umd.edu/~zben
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE : RE : RSA encryption - to encrypt a c structure ??

2004-08-03 Thread Marc Gaudichet 
I think that your code should look like the following (not tested) :

struct MyStruct 
{
int iMyInt;
float fMyFloat;
char szMyString[5];
long lMyLong 
}

int main ()
{
struct MyStruct sStruct;
unsigned char szEncrypted[...];
RSA Rsa;
int iResult;

/* Do some initializations here 
...
*/

/* Encryption */
iResult = RSA_public_encrypt (sizeof (struct MyStruct), (unsigned char 
*)sStruct, szEncrypted, Rsa, RSA_PKCS1_PADDING);


/* Decryption */
iResult = RSA_public_decrypt (sizeof (szEncrypted), szEncrypted, (unsigned 
char *)sStruct, Rsa, RSA_PKCS1_PADDING);
}

I hope this helps.

Marc.


 -Message d'origine-
 De : Jayashree Kanchana [mailto:[EMAIL PROTECTED] 
 Envoyé : mardi 3 août 2004 16:43
 À : [EMAIL PROTECTED]
 Objet : Re: RE : RSA encryption - to encrypt a c structure ??
 
 
 
 Hi Marc,
 
 I am sorry, I am not sure how I can type cast the structure 
 to string, should I do (char *) ? Once I encrypt I am not 
 sure if the encrypted string has the same structure as the 
 original structure.
 
 Can you please show me the synatx to type cast a structure to string.
 
 Thanks,
 Jayashree
 
 
 
 On Tue, 3 Aug 2004, Marc Gaudichet wrote:
 
  Maybe you could cast the contents of your structure to a string, 
  encrypt this string and then cast the string back to your structure 
  type.
 
  Marc.
 
   -Message d'origine-
   De : Jayashree Kanchana [mailto:[EMAIL PROTECTED] 
 Envoyé : mardi 
   3 août 2004 16:00 À : [EMAIL PROTECTED]
   Objet : RSA encryption - to encrypt a c structure ??
  
  
   Hi,
  
   I am hoping that someone might have come across this problem and 
   will be able to help me.
  
   I am trying to use openssl to encrypt a c structure instead of 
   just a string, is there any function in openssl that I 
 could use?
  
   I have a RSA key structure that is already created and I 
 am able to 
   encrypt and decrypt just a string using 
 RSA_public_encrypt command 
   and this RSA key pair .
  
   Thanks in advance,
   Jayashree
  
   
 __
   OpenSSL Project 
 http://www.openssl.org
   User Support Mailing List  
   [EMAIL PROTECTED]
   Automated List Manager   
 [EMAIL PROTECTED]
  
  
 __
  OpenSSL Project 
 http://www.openssl.org
  User Support Mailing List
 [EMAIL PROTECTED]
  Automated List Manager   
 [EMAIL PROTECTED]
 
 
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: RE : RSA encryption - to encrypt a c structure ??

2004-08-03 Thread Michael Sierchio 
Charles B Cranston wrote:
Casting does not actually change the data, only the way in which
it is treated by the program.
Casting changes the way data are treated by the compiler.
There is no string type in C, the semantics of nul-terminated
strings are created in the behavior of certain functions.
Converting a structure to DER is one way of serializing,
which is the operative word in this exercise.  Got ASN.1?
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: RSA encryption - to encrypt a c structure ??

2004-08-03 Thread Jayashree Kanchana 
Hi,

My structure has 3 unsigned char arrays and I will have to move this
encrypted data to other machines too.
Following is the structure:

typedef struct myStruct {
unsigned char id[4];
unsigned char type;
unsigned char Data[128]; } ;

Can you please let me know how do I serialize that is unambiguous?

 I tried,

struct myStruct* mypointer;
 mypointer =  a pointer to your struct
 RSA_public_encrypt( sizeof *mypointer, mypointer,...)

But I get warning that I am passing incompatible format. I believe I can
send only unsigned char * to RSA_public_encrypt.

Thanks,
Jayashree


On Tue, 3 Aug 2004, Rich Salz wrote:

  I am trying to use openssl to encrypt a c structure instead of just a
  string, is there any function in openssl that I could use?

 No.  You will have to do some work.  The amount of work you will have
 to do depends on the details of the data and where you are using it.
 For example, Are you moving the data from one machine to another
 machine, possibly of a different type?  You will have to serialize.
 Does your structure have any pointers in it?  You will have to
 serialize.

 If you *do not* have to serialize, than you can probably do something
 very simple:
 struct mystruct* mypointer;
 mypointer =  a pointer to your struct
 RSA_public_encrypt(, mypointer, sizeof *mypointer, ...)

 If you *do* have to serialize, than you will have to do something like
 sprintf your structure into a temporary buffer, and encrypt that.
 Then, later on, you decrypt the buffer, and reverse the serialization.
 This means you need to define a serialization format that is unambiguous.
 How you do that depends on the details of your data.

 Hope this helps.
 /r$
 --
 Rich Salz  Chief Security Architect
 DataPower Technology   http://www.datapower.com
 XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
 XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]