I'm trying to programmatically verify that a certificate from a sub-CA
is signed by a specific root CA. I get an error of 7
(X509_V_ERR_CERT_SIGNATURE_FAILURE) from X509_verify_cert. If I verify
with the openssl command line tool using 'openssl verify -CAfile
root.pem cert.pem', it returns OK. Here
On Tue, Feb 09, 2010, Becky H wrote:
> Hello -
>
> Two openssl functions require *key_id as an argument. What is this?
>
> EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
> UI_METHOD *ui_method, void *callback_data);
>
> EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const
I may have found the answer to this question here-->
http://www.etokenonlinux.org/et/FAQ
pkcs11-tool --module /usr/lib/libeTPkcs11.so --slot 0 -O --login
In the ouput search for a private key object and its ID.
Private Key Object; RSA
label: eTCAPI private key
ID:
394539453733
ambika cp wrote:
> I have an application encryting the data using RSA algorithm.
> I am using the encrypted data and want to decrypt the data to get plaintext.
> For this I am calling a RSA_private_decrypt() open ssl call in my C file.
> The publickey size is 2048bytes. The ciphertext passed from
Hello -
Two openssl functions require *key_id as an argument. What is this?
EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
UI_METHOD *ui_method, void *callback_data);
EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
UI_METHOD *ui_method, void *callbac
On Mon, Feb 08, 2010, Dmitry Ivanov wrote:
> Hi there!
>
> I downloaded a snapshot of openssl (20100208) and successfully
> compiled it with the following options:
>
> ./config --prefix=/usr/local/ --openssldir=/usr/local/openssl/ shared
>
> and then installed it.
>
> Since I'm interested in t
On 09/02/10 11:02 AM, Steffen DETTMER wrote:
> * Patrick Patterson wrote on Sun, Feb 07, 2010 at 10:14 -0500:
>>> A quick question here. Should the Certificate Signing Request message be
>>> protected when requesting for Certificate from CA?
>
> I think, if you want to certify that a public match
Hi,
I'm developing a security product and in the process of selecting the crypto
library.
Can anyone please answer the following queries.
1. Does openssl crypto library supports scatter/gather I/O. The requirement
is to pass bsdnet mbuf cluster to the openssl crypto library for
encryption/decryptio
* Patrick Patterson wrote on Sun, Feb 07, 2010 at 10:14 -0500:
> > A quick question here. Should the Certificate Signing Request message be
> > protected when requesting for Certificate from CA?
I think, if you want to certify that a public matches subject
description, of course you should authen