Re: HELP!!!! mod_tsa:could not load X.509 certificate
Hi, Getting the same error (on ts_rsp_sign.c:206) with the file I send means that you are not using the right files : I have explicitely tested the OpenSSL function referenced in ts_rsp_sign.c and it is working with no error. You have to check your configuration in order to point to the right key file. In my tests, I only used OpenSSL code, no mod_tsa or Apache, because I was targeting the OpenSSL error you described. I used the latest version 1.0.0d but I thinks this has nothing to do with your problem since it is certainly caused by a configuration issue. Concerning cnf file, I just modified the usr_cert section in the default one in order to add extendedKeyUsage = critical,timeStamping and set keyUsage to nonRepudiation, digitalSignature. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/23/2011 3:32 PM, Yessica De Ascencao wrote: Hello! Thanks for your help and monitoring. Yes, I get the same error, I also throws the same when tested with the files you sent me. I think there must be something I missed or did wrong in the installation. Which version did you use for this package: openssl mod_tsa Apache mod_ssl mysql ts-patch_ Another thing, to generate the certificate for the extension tsa with Time Stamping, which. cnf did you use? The openssl.cnf or one created for you? Very grateful! Thanks 2011/2/22 Mounir IDRASSI mounir.idra...@idrix.net mailto:mounir.idra...@idrix.net Hi, Are you sure you have the same error description (lib(47):func(131):reason(117):ts_rsp_sign.c:206:)? I have tested here with a certificate containing Digital Signature, Non Repudiation key usage and OpenSSL doesn't complain. I'm attaching the timestamp certificate (with its key and its CA certificate) that I used. Can you see if it is working for you? Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/22/2011 3:11 PM, Yessica De Ascencao wrote: Hi Mounir IDRASSI! I generated the certificate with ONLY Digital Signature, Non Repudiation but I still have the same problem. Thanks! Certificate: Data: Version: 3 (0x2) Serial Number: d8:e6:a3:f6:22:c7:a4:0c Signature Algorithm: sha1WithRSAEncryption Issuer: C=ve, ST=distrito capital, O=suscerte, OU=acraiz, CN=ac/emailAddress=a...@suscerte.gob.ve mailto:a...@suscerte.gob.ve mailto:a...@suscerte.gob.ve mailto:a...@suscerte.gob.ve Validity Not Before: Feb 22 14:08:20 2011 GMT Not After : Feb 22 14:08:20 2012 GMT Subject: C=ve, ST=distritocapital, L=caracas, O=tss, OU=suscerte, CN=tsscompany/emailAddress=t...@company.com mailto:t...@company.com mailto:t...@company.com mailto:t...@company.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:bd:6e:12:e5:72:37:f2:74:e4:95:f7:43:f2:c7: 00:7d:53:cb:2d:a9:49:68:4d:04:b7:40:8d:b7:cd: 56:23:89:8a:e1:78:d6:a8:bd:a3:ef:16:62:d6:37: 6d:25:ce:eb:9d:30:8a:5e:be:6a:68:6f:bf:cd:f7: 6b:cd:85:f8:c6:62:f3:ea:8e:32:79:2a:d2:38:40: b9:d7:88:c9:18:5c:63:98:69:ea:b6:95:83:a2:ac: 1b:b4:17:9a:e7:ea:66:bc:c3:e6:c8:e6:47:94:9b: 36:3c:3b:e0:59:9e:85:90:a6:8f:ad:8a:0a:0b:9e: 51:de:ef:93:73:e5:6b:a9:f2:49:ec:c0:46:57:71: 27:fd:85:47:09:f7:90:f7:bb:c5:3a:83:0a:3c:cc: f2:88:2f:69:5c:80:e2:7f:9e:28:d3:19:09:62:fb: 2b:61:a4:f8:4c:64:d6:72:cb:41:a9:68:69:38:8b: 3f:03:04:83:26:e0:9a:ce:be:1f:05:f0:6d:99:2c: 87:16:97:e2:7f:8b:2f:b1:eb:19:2f:10:45:00:2c: 8e:dd:f5:80:de:cf:c7:17:a0:cc:cf:0d:f3:48:19: 7f:5b:b0:dd:51:a8:80:e0:65:eb:79:ef:ea:fc:d8: 6d:a5:2d:e3:06:b0:83:83:14:7f:61:f9:dc:ea:a7: 7a:4b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: FA:0C:6E:6E:88:58:51:F4:DF:F1:E3:CC:DD:9D:71:8C:CD:95:68:17 X509v3 Authority Key Identifier: keyid:76:B9:CB:3B:5D:C8:B6:AB:02:74:86:D3:1C:C7:42:58:B1:AE:7E:76
Re: RSA_private_decrypt without e and d
On Thu, Feb 24, 2011 at 08:15:47AM +0100, Mounir IDRASSI wrote: Your analysis is not true because the original poster says he has dmp1, dmq1 and iqmp, not only p and q. Yes, naturally if the OP has d (or equivalently d mod (p-1) and (q-1), which are presumed co-prime), he can recover e if he chooses, or just use d (for efficiency its projections onto Z/Z_{p-1} and Z/Z_{q-1}) to decrypt the messages. I assumed that d and e were truly unavailable, should have read the OP's message more carefully. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: RSA_private_decrypt without e and d
Thanks Mounir and Marek, I will try to recover these parameters. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI Sent: Thursday, February 24, 2011 2:27 AM To: openssl-users@openssl.org Subject: Re: RSA_private_decrypt without e and d Hi Shaheed, The OpenSSL error you are getting means that OpenSSL decrypted the ciphered text but couldn't find the PKCS1 padding byte. This means that the wrong CRT parameters were supplied. Usually this comes from the fact that the parameters p and q (and the corresponding dmp1, dmq1) must be swapped : p instead of q and q instead of p (same thing for dmp1 and dmq1). In order to check this, you can use a tool I have written and that enables you to recover e and d from these 5 parameters. You can get it from sourceForge using the following link : http://rsaconverter.sourceforge.net/ . Thanks to it, you can check that these 5 parameters give you the correct d and e. In your case, I'm sure you'll get the wrong d and e. Swap the parameters and see if you get the correct d this time. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/24/2011 4:03 AM, Shaheed Bacchus (sbacchus) wrote: Just to be clear, below is not the actual code, but what I would **like** to be able to do (or something close). *From:*owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] *On Behalf Of *Shaheed Bacchus (sbacchus) *Sent:* Wednesday, February 23, 2011 9:47 PM *To:* openssl-users@openssl.org *Subject:* RSA_private_decrypt without e and d Hi, I have a situation where I have a message that has been encrypted via RSA_public_encrypt. On the receiving end I have the n, p, q, dmp1, dmq1, and iqmp components (I know it might sound odd that I don't have the e and d components but that is the case). I'm trying to do something like: If (!(new_key = RSA_new())) return -1; new_key-n = BN_bin2bn(n_data, n_data_len, NULL); new_key-p = BN_bin2bn(p_data, p_data_len, NULL); new_key-q = BN_bin2bn(q_data, q_data_len, NULL); new_key-dmp1 = BN_bin2bn(dmp1_data, dmp1_data_len, NULL); new_key-dmq1 = BN_bin2bn(dmq1_data, dmq1_data_len, NULL); new_key-iqmp = BN_bin2bn(iqmp_data, iqmp1_data_len, NULL); resultDecrypt = RSA_private_decrypt(encrypted_size, encrypted, decrypted, new_key, RSA_PKCS1_PADDING); This decrypt fails with error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02 Supplying the correct e and d component causes it work properly, but I will not have those under normal circumstances. Is there any way to do this without d and e? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: RSA_private_decrypt without e and d
Hello, Remember, you do not need to recover this parameters to decrypt message. Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 02/24/2011 05:19:30 PM: Shaheed Bacchus (sbacchus) sbacc...@cisco.com Sent by: owner-openssl-us...@openssl.org 02/24/2011 05:21 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject RE: RSA_private_decrypt without e and d Thanks Mounir and Marek, I will try to recover these parameters. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI Sent: Thursday, February 24, 2011 2:27 AM To: openssl-users@openssl.org Subject: Re: RSA_private_decrypt without e and d Hi Shaheed, The OpenSSL error you are getting means that OpenSSL decrypted the ciphered text but couldn't find the PKCS1 padding byte. This means that the wrong CRT parameters were supplied. Usually this comes from the fact that the parameters p and q (and the corresponding dmp1, dmq1) must be swapped : p instead of q and q instead of p (same thing for dmp1 and dmq1). In order to check this, you can use a tool I have written and that enables you to recover e and d from these 5 parameters. You can get it from sourceForge using the following link : http://rsaconverter.sourceforge.net/ . Thanks to it, you can check that these 5 parameters give you the correct d and e. In your case, I'm sure you'll get the wrong d and e. Swap the parameters and see if you get the correct d this time. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/24/2011 4:03 AM, Shaheed Bacchus (sbacchus) wrote: Just to be clear, below is not the actual code, but what I would **like** to be able to do (or something close). *From:*owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] *On Behalf Of *Shaheed Bacchus (sbacchus) *Sent:* Wednesday, February 23, 2011 9:47 PM *To:* openssl-users@openssl.org *Subject:* RSA_private_decrypt without e and d Hi, I have a situation where I have a message that has been encrypted via RSA_public_encrypt. On the receiving end I have the n, p, q, dmp1, dmq1, and iqmp components (I know it might sound odd that I don't have the e and d components but that is the case). I'm trying to do something like: If (!(new_key = RSA_new())) return -1; new_key-n = BN_bin2bn(n_data, n_data_len, NULL); new_key-p = BN_bin2bn(p_data, p_data_len, NULL); new_key-q = BN_bin2bn(q_data, q_data_len, NULL); new_key-dmp1 = BN_bin2bn(dmp1_data, dmp1_data_len, NULL); new_key-dmq1 = BN_bin2bn(dmq1_data, dmq1_data_len, NULL); new_key-iqmp = BN_bin2bn(iqmp_data, iqmp1_data_len, NULL); resultDecrypt = RSA_private_decrypt(encrypted_size, encrypted, decrypted, new_key, RSA_PKCS1_PADDING); This decrypt fails with error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02 Supplying the correct e and d component causes it work properly, but I will not have those under normal circumstances. Is there any way to do this without d and e? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: HELP!!!! mod_tsa:could not load X.509 certificate
Hello! Thank you very much for your help. I managed to install it, load the server and connect to the database, the problem was the version of apache. Compiled httpd-2.0.59 version. Now I want to try the service for time stamping. I generate a query with the following command: . /openssl ts-reply-queryfile request.tsq-signer / root / tssCRT.pem-inkey / root / tssKey.pem-out-token_out responde.tsr And I get the following file: 04 ^ B ^ A ^ A0! 0 ^ F ^ E + ^ N ^ C ^ B ^ Z ^ E ^ @ ^ D ^ T ¾ A-,,, ÿ ® (^ Gau @] ^ Db * x ^ B ^ Most Holy ¬ V @ $ c) ^ A ^ Aÿ ~ In format text is: Version: 1 Hash Algorithm: sha1 Message data: - be ab 2c 2c 2c 2d 41 ff-ae July 28 fc 40 5d c3 04 .. A-,,,..(...@]. 0010 to 62 the 2nd 3e 78 b * x Policy OID: unspecified Nonce: 0x5B1374C33082CD80 Certificate required: yes Extensions: Now when I generate the certificate stamp, I do it with this command: ./openssl ts-reply-queryfile request.tsq-signer / root / tssCRT.pem-inkey / root / tssKey.pem-out-token_out responde.tsr But I said it was wrong, and not what is the problem. Have generated a certificate from this type? Know something about it? Thank you very much again. Have been very helpful. Greetings! 2011/2/24 Mounir IDRASSI mounir.idra...@idrix.net Hi, Getting the same error (on ts_rsp_sign.c:206) with the file I send means that you are not using the right files : I have explicitely tested the OpenSSL function referenced in ts_rsp_sign.c and it is working with no error. You have to check your configuration in order to point to the right key file. In my tests, I only used OpenSSL code, no mod_tsa or Apache, because I was targeting the OpenSSL error you described. I used the latest version 1.0.0d but I thinks this has nothing to do with your problem since it is certainly caused by a configuration issue. Concerning cnf file, I just modified the usr_cert section in the default one in order to add extendedKeyUsage = critical,timeStamping and set keyUsage to nonRepudiation, digitalSignature. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/23/2011 3:32 PM, Yessica De Ascencao wrote: Hello! Thanks for your help and monitoring. Yes, I get the same error, I also throws the same when tested with the files you sent me. I think there must be something I missed or did wrong in the installation. Which version did you use for this package: openssl mod_tsa Apache mod_ssl mysql ts-patch_ Another thing, to generate the certificate for the extension tsa with Time Stamping, which. cnf did you use? The openssl.cnf or one created for you? Very grateful! Thanks 2011/2/22 Mounir IDRASSI mounir.idra...@idrix.net mailto: mounir.idra...@idrix.net Hi, Are you sure you have the same error description (lib(47):func(131):reason(117):ts_rsp_sign.c:206:)? I have tested here with a certificate containing Digital Signature, Non Repudiation key usage and OpenSSL doesn't complain. I'm attaching the timestamp certificate (with its key and its CA certificate) that I used. Can you see if it is working for you? Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/22/2011 3:11 PM, Yessica De Ascencao wrote: Hi Mounir IDRASSI! I generated the certificate with ONLY Digital Signature, Non Repudiation but I still have the same problem. Thanks! Certificate: Data: Version: 3 (0x2) Serial Number: d8:e6:a3:f6:22:c7:a4:0c Signature Algorithm: sha1WithRSAEncryption Issuer: C=ve, ST=distrito capital, O=suscerte, OU=acraiz, CN=ac/emailAddress=a...@suscerte.gob.ve mailto:a...@suscerte.gob.ve mailto:a...@suscerte.gob.ve mailto:a...@suscerte.gob.ve Validity Not Before: Feb 22 14:08:20 2011 GMT Not After : Feb 22 14:08:20 2012 GMT Subject: C=ve, ST=distritocapital, L=caracas, O=tss, OU=suscerte, CN=tsscompany/emailAddress=t...@company.com mailto:t...@company.com mailto:t...@company.com mailto:t...@company.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:bd:6e:12:e5:72:37:f2:74:e4:95:f7:43:f2:c7: 00:7d:53:cb:2d:a9:49:68:4d:04:b7:40:8d:b7:cd: 56:23:89:8a:e1:78:d6:a8:bd:a3:ef:16:62:d6:37: 6d:25:ce:eb:9d:30:8a:5e:be:6a:68:6f:bf:cd:f7: 6b:cd:85:f8:c6:62:f3:ea:8e:32:79:2a:d2:38:40: b9:d7:88:c9:18:5c:63:98:69:ea:b6:95:83:a2:ac: 1b:b4:17:9a:e7:ea:66:bc:c3:e6:c8:e6:47:94:9b: 36:3c:3b:e0:59:9e:85:90:a6:8f:ad:8a:0a:0b:9e:
ts -reply
Hi people! I installed the service for time stamping with opentsa, now I want to try the service for time stamping. I generate a query with the following command: . /openssl ts-reply-queryfile request.tsq-signer / root / tssCRT.pem-inkey / root / tssKey.pem-out-token_out responde.tsr And I get the following file: 04 ^ B ^ A ^ A0! 0 ^ F ^ E + ^ N ^ C ^ B ^ Z ^ E ^ @ ^ D ^ T ¾ A-,,, ÿ ® (^ Gau @] ^ Db * x ^ B ^ Most Holy ¬ V @ $ c) ^ A ^ Aÿ ~ In format text is: Version: 1 Hash Algorithm: sha1 Message data: - be ab 2c 2c 2c 2d 41 ff-ae July 28 fc 40 5d c3 04 .. A-,,,..(...@]. 0010 to 62 the 2nd 3e 78 b * x Policy OID: unspecified Nonce: 0x5B1374C33082CD80 Certificate required: yes Extensions: Now when I generate the certificate stamp, I do it with this command: ./openssl ts-reply-queryfile request.tsq-signer / root / tssCRT.pem-inkey / root / tssKey.pem-out-token_out responde.tsr But I said it was wrong, and not what is the problem. Have generated a certificate from this type? Know something about it? Thank you very much again. Have been
RE: RSA_private_decrypt without e and d
Hi Marek, My understanding was that while it's mathematically possible, from an OpenSSL API perspective there is no way to do it. Did I misunderstand? -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of marek.marc...@malkom.pl Sent: Thursday, February 24, 2011 11:23 AM To: openssl-users@openssl.org Cc: openssl-users@openssl.org; owner-openssl-us...@openssl.org Subject: RE: RSA_private_decrypt without e and d Hello, Remember, you do not need to recover this parameters to decrypt message. Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 02/24/2011 05:19:30 PM: Shaheed Bacchus (sbacchus) sbacc...@cisco.com Sent by: owner-openssl-us...@openssl.org 02/24/2011 05:21 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject RE: RSA_private_decrypt without e and d Thanks Mounir and Marek, I will try to recover these parameters. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI Sent: Thursday, February 24, 2011 2:27 AM To: openssl-users@openssl.org Subject: Re: RSA_private_decrypt without e and d Hi Shaheed, The OpenSSL error you are getting means that OpenSSL decrypted the ciphered text but couldn't find the PKCS1 padding byte. This means that the wrong CRT parameters were supplied. Usually this comes from the fact that the parameters p and q (and the corresponding dmp1, dmq1) must be swapped : p instead of q and q instead of p (same thing for dmp1 and dmq1). In order to check this, you can use a tool I have written and that enables you to recover e and d from these 5 parameters. You can get it from sourceForge using the following link : http://rsaconverter.sourceforge.net/ . Thanks to it, you can check that these 5 parameters give you the correct d and e. In your case, I'm sure you'll get the wrong d and e. Swap the parameters and see if you get the correct d this time. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/24/2011 4:03 AM, Shaheed Bacchus (sbacchus) wrote: Just to be clear, below is not the actual code, but what I would **like** to be able to do (or something close). *From:*owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] *On Behalf Of *Shaheed Bacchus (sbacchus) *Sent:* Wednesday, February 23, 2011 9:47 PM *To:* openssl-users@openssl.org *Subject:* RSA_private_decrypt without e and d Hi, I have a situation where I have a message that has been encrypted via RSA_public_encrypt. On the receiving end I have the n, p, q, dmp1, dmq1, and iqmp components (I know it might sound odd that I don't have the e and d components but that is the case). I'm trying to do something like: If (!(new_key = RSA_new())) return -1; new_key-n = BN_bin2bn(n_data, n_data_len, NULL); new_key-p = BN_bin2bn(p_data, p_data_len, NULL); new_key-q = BN_bin2bn(q_data, q_data_len, NULL); new_key-dmp1 = BN_bin2bn(dmp1_data, dmp1_data_len, NULL); new_key-dmq1 = BN_bin2bn(dmq1_data, dmq1_data_len, NULL); new_key-iqmp = BN_bin2bn(iqmp_data, iqmp1_data_len, NULL); resultDecrypt = RSA_private_decrypt(encrypted_size, encrypted, decrypted, new_key, RSA_PKCS1_PADDING); This decrypt fails with error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02 Supplying the correct e and d component causes it work properly, but I will not have those under normal circumstances. Is there any way to do this without d and e? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org