Re: Is it possible to grab CA certificate?
When I go to SSL site I see this message in fx: You have asked Firefox to connect securely to news.ycombinator.com, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. What Should I Do? If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue. news.ycombinator.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer) And then I go to Add exception - View - Details tab - Certificate hierarchy but there is only news.ycombinator.com present. When I export it and try to import it into fx I get: This is not a certificate authority certificate, so it can't be imported into the certificate authority list. So I think this is not CA certificate but a server certificate. And about recurring errors on the same site: I have a number of server exceptions in Servers list under my company custom CA certificate in Advanced - View Certificates - Servers. All of them are marked Permanent. Nevertheless, the error page I described above appears from time to time even on sites that I have previously added to a trusted list. It's extremely annoying and I don't know why this happens. I use Firefox 21. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RSA encryption and Decryption code in C language
Hello, I am implementing the DES algorithm between my client and server systems for encryption. The DES key is transmitted in encrypted form between Client and Server using RSA encryption and decryption. My idea of implementing the above task is creating RSA key (RSA_generate_key) and using the public key for encryption and private key for decryption. I have looked for sample codes to do this in C language but found nothing. So if anyone has any code snippets for this task please post them here. It would be very helpful. The code for RSA encryption and Decryption between client and server(client and server are on different machines). Thanks and Regards, Yamini. -- View this message in context: http://openssl.6102.n7.nabble.com/RSA-encryption-and-Decryption-code-in-C-language-tp45588.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RSA encryption and Decryption code in C language
Hi Yamini, I would suggest looking at the 'EVP Envelope' API : https://www.openssl.org/docs/crypto/EVP_SealInit.html Le 17/06/2013 19:26, yamini a écrit : Hello, I am implementing the DES algorithm between my client and server systems for encryption. The DES key is transmitted in encrypted form between Client and Server using RSA encryption and decryption. My idea of implementing the above task is creating RSA key (RSA_generate_key) and using the public key for encryption and private key for decryption. I have looked for sample codes to do this in C language but found nothing. So if anyone has any code snippets for this task please post them here. It would be very helpful. The code for RSA encryption and Decryption between client and server(client and server are on different machines). Thanks and Regards, Yamini. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RSA encryption and Decryption code in C language
On 18 June 2013 09:43, Michel msa...@paybox.com wrote: Hi Yamini, I would suggest looking at the 'EVP Envelope' API : https://www.openssl.org/docs/crypto/EVP_SealInit.html Also see: http://wiki.openssl.org/index.php/EVP_Asymmetric_Encryption_and_Decryption_of_an_Envelope Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: RSA encryption and Decryption code in C language
Hi, I'm implementing a software very similar to yours. This is a small function that I used to generate private and public key: #include openssl/pem.h int main() { char * file_pem = key_priv; char * file_pem_pub = key_pub; FILE * fp; int bits = 1024; unsigned long exp = RSA_F4; RSA * rsa; rsa = RSA_generate_key(bits,exp,NULL,NULL); fp = fopen(file_pem,w); unsigned char* kstr =; //Password, change it ,it's just an example PEM_write_RSAPrivateKey(fp,rsa,EVP_des_ede3_cbc(),kstr,strlen(kstr),NULL,NULL); close(fp); fp = fopen(file_pem_pub,w); PEM_write_RSAPublicKey(fp,rsa); close(fp); RSA_free(rsa); } This function is called by client, it is self explicative: RSA * create_and_set_context() { RSA * rsa = RSA_new(); FILE * fp = fopen(key_pub,r); if( fp == NULL) return NULL; RSA * rs = PEM_read_RSAPublicKey(fp, rsa, NULL,NULL); return rs; } This is function called by client to encrypt symmetric key to send to Server. /* Key is the simmetryc key, to is a buffer */ int encrypt_simmetric_key(unsigned char *key, unsigned char *to, int size, RSA * rsa) { return RSA_public_encrypt(size, key, to, rsa, RSA_PKCS1_PADDING ); } *** Now, server side: RSA * create_and_set_context() { OpenSSL_add_all_algorithms(); RSA * rsa = RSA_new(); FILE * fp = fopen(key_priv,r); unsigned char* kstr =XX; if( fp == NULL) return NULL; RSA * rs = PEM_read_RSAPrivateKey(fp, rsa, NULL,kstr); return rs; } Then, supposed that buf is the buffer where is stored the symmetric key just received with a socket by Server: unsigned char* getSimKey(char * buf, RSA* rsa) { unsigned char* to = malloc(RSA_size(rsa)); // RSA_size(rsa) is the modulus if( to == NULL) return NULL; int k = RSA_private_decrypt(RSA_size(rsa), (unsigned char*)buf, to, rsa, RSA_PKCS1_PADDING); if( k == -1) return NULL; printf(K: %d\n,k); int i = 0; for(; i k; i++) printbyte(to[i]); return to; } That's all. Sorry for my bad english, I hope my code will help. Bye Enrico
Re: Is it possible to grab CA certificate?
If the only certificate that is shown is the server certificate, the server is not providing the certificate chain, only the server certificate. This way, you wont be able to get the CA certificate from the SSL connection. Maybe your network admins want to fix that too. What is strange is that exceptions are not working as expected. Is there any chance that the certificate is changing from time to time? I really think you will need to discuss what is happening with the server admins. On Tue, Jun 18, 2013 at 3:07 AM, A A wemp...@gmail.com wrote: When I go to SSL site I see this message in fx: You have asked Firefox to connect securely to news.ycombinator.com, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. What Should I Do? If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue. news.ycombinator.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer) And then I go to Add exception - View - Details tab - Certificate hierarchy but there is only news.ycombinator.com present. When I export it and try to import it into fx I get: This is not a certificate authority certificate, so it can't be imported into the certificate authority list. So I think this is not CA certificate but a server certificate. And about recurring errors on the same site: I have a number of server exceptions in Servers list under my company custom CA certificate in Advanced - View Certificates - Servers. All of them are marked Permanent. Nevertheless, the error page I described above appears from time to time even on sites that I have previously added to a trusted list. It's extremely annoying and I don't know why this happens. I use Firefox 21. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- -- Cristian Thiago Moecke
RE: Is it possible to grab CA certificate?
Sorry for top-post - webmail :( In TLS, the server should not send the root certificate - it sends the chain up to, but not including, the root certificate. From (sorry) http://technet.microsoft.com/en-us/library/cc783349(v=ws.10).aspx Server Certificate Message The server sends its certificate to the client. The server certificate contains the server’s public key. The client uses this key to authenticate the server and to encrypt the Premaster Secret. The Server Certificate message includes: The server’s certificate list. The first certificate in the list is the server’s X.509v3 certificate that contains the server’s public key. Other validating certificates. All other validating certificates, up to but not including the root certificate from the CA, signed by the CA. Carl From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on behalf of Cristian Thiago Moecke [cont...@cristiantm.com.br] Sent: 18 June 2013 11:43 To: openssl-users@openssl.org Subject: Re: Is it possible to grab CA certificate? If the only certificate that is shown is the server certificate, the server is not providing the certificate chain, only the server certificate. This way, you wont be able to get the CA certificate from the SSL connection. Maybe your network admins want to fix that too. What is strange is that exceptions are not working as expected. Is there any chance that the certificate is changing from time to time? I really think you will need to discuss what is happening with the server admins. On Tue, Jun 18, 2013 at 3:07 AM, A A wemp...@gmail.com wrote: When I go to SSL site I see this message in fx: You have asked Firefox to connect securely to news.ycombinator.com, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. What Should I Do? If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue. news.ycombinator.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer) And then I go to Add exception - View - Details tab - Certificate hierarchy but there is only news.ycombinator.com present. When I export it and try to import it into fx I get: This is not a certificate authority certificate, so it can't be imported into the certificate authority list. So I think this is not CA certificate but a server certificate. And about recurring errors on the same site: I have a number of server exceptions in Servers list under my company custom CA certificate in Advanced - View Certificates - Servers. All of them are marked Permanent. Nevertheless, the error page I described above appears from time to time even on sites that I have previously added to a trusted list. It's extremely annoying and I don't know why this happens. I use Firefox 21. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- -- Cristian Thiago Moecke __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Is it possible to grab CA certificate?
Hi I would suggest you to garb some documentation of openssl commands. Thats enough for your problem. Well, you can get certificate get imported to your firefox using following commands. 1) openssl s_client -connect www.google.co.in:443 -showcerts here copy text between last -BEGIN CERTIFICATE- -END CERTIFICATE- save it to file say cert.ansi 2) openssl asn1parse -in cert.ansi -out cert.der here you will get FX importable certificate cert.der as mentioned earlier if server (MAN in Middle) is forcing TLS1.1/ use can add check (-ssl3) in first command. 3) import cert.der to your fx in trusted root authorities - Thanks, Saurabh Pandya On Tue, Jun 18, 2013 at 4:39 PM, Carl Young carlyo...@keycomm.co.uk wrote: Sorry for top-post - webmail :( In TLS, the server should not send the root certificate - it sends the chain up to, but not including, the root certificate. From (sorry) http://technet.microsoft.com/en-us/library/cc783349(v=ws.10).aspx Server Certificate Message The server sends its certificate to the client. The server certificate contains the server’s public key. The client uses this key to authenticate the server and to encrypt the Premaster Secret. The Server Certificate message includes: The server’s certificate list. The first certificate in the list is the server’s X.509v3 certificate that contains the server’s public key. Other validating certificates. All other validating certificates, up to but not including the root certificate from the CA, signed by the CA. Carl From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on behalf of Cristian Thiago Moecke [cont...@cristiantm.com.br] Sent: 18 June 2013 11:43 To: openssl-users@openssl.org Subject: Re: Is it possible to grab CA certificate? If the only certificate that is shown is the server certificate, the server is not providing the certificate chain, only the server certificate. This way, you wont be able to get the CA certificate from the SSL connection. Maybe your network admins want to fix that too. What is strange is that exceptions are not working as expected. Is there any chance that the certificate is changing from time to time? I really think you will need to discuss what is happening with the server admins. On Tue, Jun 18, 2013 at 3:07 AM, A A wemp...@gmail.com wrote: When I go to SSL site I see this message in fx: You have asked Firefox to connect securely to news.ycombinator.com, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. What Should I Do? If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue. news.ycombinator.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer) And then I go to Add exception - View - Details tab - Certificate hierarchy but there is only news.ycombinator.com present. When I export it and try to import it into fx I get: This is not a certificate authority certificate, so it can't be imported into the certificate authority list. So I think this is not CA certificate but a server certificate. And about recurring errors on the same site: I have a number of server exceptions in Servers list under my company custom CA certificate in Advanced - View Certificates - Servers. All of them are marked Permanent. Nevertheless, the error page I described above appears from time to time even on sites that I have previously added to a trusted list. It's extremely annoying and I don't know why this happens. I use Firefox 21. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- -- Cristian Thiago Moecke __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Diffie Hellman problem
Hi everyone, I'm using a Diffie Hellman Agreemant on one app. I've been able to generate the DH without any problems, but now I should send the DH information to the server. We've an example of the same process written in Java, what this app generates to send to the client is: SEQUENCE { SEQUENCE { OBJECTIDENTIFIER 1.2.840.113549.1.3.1 SEQUENCE { INTEGER 0x00c90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68 INTEGER 0x02 (2 decimal) } } BITSTRING 0x0282010100b9c13521bc982e69de3e139d2521f32187ca932fdb579344c37cf2a8effb1c589ac27446656c911aefb84c961be5c389cabae7012b9edbec439ce5b57df4ad427e8baaa334c18c8bbf0fc3b19b197d484ae174f3fb538183368cdb11ecc228fc3fbb0029ff9aa0c06ccebbba47c1d1208410e9506cc08ae3bdc71924e95ae74994268822637ad628af95cf8b09cba0e070c7a8126921f6a700792ef45d844b8812f4d67f19bbc809ad33ac1ea59f4e3a9542e26b3a5f1738de6b9f8092c5a323747a716f39a17f879b87981c00944c8e5fb8f1e4d5ace6c81c182f80711bc55865c8562688b7084ae42f706fb80081f9e97982ef0242df221b202cee9b9ffcaf : 0 unused bit(s)} From my c++ app I try to get the same information using PEM_write_bio_DHparams. I get almost the same but without the BITSTRING and the OBJECTIDENTIFIER. SEQUENCE { INTEGER 0x00c90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68 INTEGER 0x02 (2 decimal)} Any clue about where's the problem? I've seen that Java version generates a X.509 certificate to send the data, maybe I should generate a X509 certificate from the DH on my c++ version? Best regards Aleix Ventayol | Mobile Jazz C. Nàpols, 187, 9º, 08013 Barcelona http://mobilejazz.cathttp://www.google.com/url?q=http%3A%2F%2Fmobilejazz.cat%2Fsa=Dsntz=1usg=AFrqEzfgZdKlXETCdfdRKpZ-ieYGYbSPXA
Re: Diffie Hellman problem
On Tue, Jun 18, 2013, Aleix Ventayol wrote: Hi everyone, I'm using a Diffie Hellman Agreemant on one app. I've been able to generate the DH without any problems, but now I should send the DH information to the server. We've an example of the same process written in Java, what this app generates to send to the client is: SEQUENCE { SEQUENCE { OBJECTIDENTIFIER 1.2.840.113549.1.3.1 SEQUENCE { INTEGER 0x00c90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68 INTEGER 0x02 (2 decimal) } } BITSTRING 0x0282010100b9c13521bc982e69de3e139d2521f32187ca932fdb579344c37cf2a8effb1c589ac27446656c911aefb84c961be5c389cabae7012b9edbec439ce5b57df4ad427e8baaa334c18c8bbf0fc3b19b197d484ae174f3fb538183368cdb11ecc228fc3fbb0029ff9aa0c06ccebbba47c1d1208410e9506cc08ae3bdc71924e95ae74994268822637ad628af95cf8b09cba0e070c7a8126921f6a700792ef45d844b8812f4d67f19bbc809ad33ac1ea59f4e3a9542e26b3a5f1738de6b9f8092c5a323747a716f39a17f879b87981c00944c8e5fb8f1e4d5ace6c81c182f80711bc55865c8562688b7084ae42f706fb80081f9e97982ef0242df221b202cee9b9ffcaf : 0 unused bit(s)} From my c++ app I try to get the same information using PEM_write_bio_DHparams. I get almost the same but without the BITSTRING and the OBJECTIDENTIFIER. SEQUENCE { INTEGER 0x00c90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68 INTEGER 0x02 (2 decimal)} Any clue about where's the problem? I've seen that Java version generates a X.509 certificate to send the data, maybe I should generate a X509 certificate from the DH on my c++ version? The DH_* functions don't support encoding of public and private keys, PEM_write_bio_DHparams just writes DH parameters instead. If you use the higher level EVP_PKEY API and something like i2d_PUBKEY it should produce that format. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl 1.0.1e Signature verification problems
On 14 Jun 2013, at 6:09 AM, anand rao wrote: I am using openssl 1.0.1e to create a CA and generate certificates. I am facing an issue while generating the device certificates. After creating the ca certificate using below command # openssl req -x509 -new -newkey rsa:1024 -keyout private/cakey.pem -days 3650 -out cacert.pem when we try to display the contents the signature algorithm is shown as itu-t instead of sha1WithRSAEncryption #openssl x509 -in cacert.pem -noout -text Certificate: [...] Signature Algorithm: itu-t That certainly looks wrong to me. What do you get if you run openssl asn1parse -i -in cacert.pem ? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [Encrypting_Decrypting with DES]
On 6/17/2013 5:11 PM, Matt Caswell wrote: On 17 June 2013 15:17, Jakob Bohm jb-open...@wisemo.com wrote: IV's should always be random - you should not reuse an IV. Using the the last block of cipher-text from a previous message as the IV gives a predictable IV which is insecure in CBC mode for certain classes of attack. You are making the mistake of extrapolating from SSL/TLS specifics here. Using a predictable IV is not an SSL/TLS specific problem. No but many of the public about CBC and IV selection it appear to be falsely extrapolated from limited information and then blindly regurgitated. Fundamentally, every CBC block except the first will use what you call a predictable IV, namely the previous ciphertext block. To make any sense security arguments about this need to be very clear about what is and is not vulnerable. Summarily telling anyone using CBC to never chain on from one message to the next and/or to switch to inherently less secure modes such as CTR just to avoid an attack that has so many other countermeasures is very bad advise, especially when done in a public forum, which is why I could not allow your bad arguments to stand unopposed. Your argument, is that there are certain situations where you can chain an IV across messages without it being predictable. I agree (further comment below)... The general rule for CBC and chaining the IV across messages is much simpler and thus easier to avoid than in the specific context of implementing SSL/TLS: 1. Never reuse an IV (it is OK if one random IV is the same as another by chance, just not by choice). If you use a (chained) IV for something and need to send it again, make the retransmission unchanged (otherwise they see two different messages with the same IV). 2. IF someone else can (even indirectly) change some of the plaintext passed to CBC, make sure their last chance to do so occurs before you send the first byte of the block before the block whose plaintext they can affect. Accepted. Although I'm not sure that's a simpler rule! It is safer in my view in the general case to advise against chaining across messages...doing otherwise is probably best left to expert users (such as yourself :-) ). For example, if using DES (8 byte block), if plaintext bytes 19 and 20 comes from something that others can influence, make sure they cannot do so after you send byte 8, because bytes 8 to 15 are the IV of bytes 16 to 23. It so happens, that the combination of SSLv3 and HTTP failed that second rule by default, and various workarounds were added to randomize the IV of each SSL record, one of those workarounds was to pick and send a random IV with each record if the TLS version was 1.1 or higher. If you MUST use CBC then you will need to send an IV every time - and yes this could result in bad performance if you are sending a lot of these. Hence my recommendation that you consider an alternative mode - CTR (or perhaps GCM if you require authenticated encryption). CTR does not have a restriction on predictable IVs. CTR has a different and much more well known problem. CTR essentially turns DES/AES/etc. into a stream cipher with all the well-known problems and attacks that apply to those. Nobody bothers to write about that because they think it is so obvious. Agreed. CTR is a good mode if you use it right and understand its limitations. If you abuse it you are in for a lot of trouble. But then that is probably true of crypto generally. I would also strongly advise that anyone using CTR (or CBC for that matter) properly consider integrity issues. I have not seen any attacks on the CBC IV problem that were at all preventable by integrity checks. I have seen and used techniques that prevent the issue in a way which is entangled with integrity checks, but the prevention is not due to the integrity protection itself. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RSA encryption and Decryption code in C language
Hello Michel, Thanks for the link. I have the following code. int main() { RSA *key; unsigned char input_ptext[] = 58FD6F1C310FC9D0194FB8B0E99070A6CBA3473BFE69F953E60E99070A6CBA3473BFE69F953E0E99070A6CBA3473BFE69F953E0E99070A6CBAE; unsigned char ctext[256]; unsigned char ptext[256]; int n,i; ERR_clear_error(); key = RSA_generate_key(1024,65537,NULL,NULL); printf(the size of input_text is %ld\n, sizeof(input_ptext)); if (!key) return 0; n = RSA_size(key); n = RSA_public_encrypt(sizeof(input_ptext) - 1,input_ptext,ctext,key,RSA_PKCS1_PADDING); if (n 0) return 0; n = RSA_private_decrypt(n,ctext,ptext,key,RSA_PKCS1_PADDING); if (n 0) return 0; RSA_free(key); printf(the decrypted text is %s\n,ptext); if (memcmp(input_ptext,ptext,sizeof(input_ptext) - 1)) return 0; printf(Finished\n); printf(the decrypted text is %s\n,ptext); return 1; } But the problem is, I have to encrypt it at clients side and decrypt it at servers side. In the above program I generated the key at clients side. But How do I transport the public key to the other party for it to generate the private key? If I send the key using TCP/IP channel, that makes the system vulnerable, which is not desirable. So how do I transport the keys between client and the server. Thanks and Regards, Yamini. On Tue, Jun 18, 2013 at 1:43 AM, Michel msa...@paybox.com wrote: Hi Yamini, I would suggest looking at the 'EVP Envelope' API : https://www.openssl.org/docs/**crypto/EVP_SealInit.htmlhttps://www.openssl.org/docs/crypto/EVP_SealInit.html Le 17/06/2013 19:26, yamini a écrit : Hello, I am implementing the DES algorithm between my client and server systems for encryption. The DES key is transmitted in encrypted form between Client and Server using RSA encryption and decryption. My idea of implementing the above task is creating RSA key (RSA_generate_key) and using the public key for encryption and private key for decryption. I have looked for sample codes to do this in C language but found nothing. So if anyone has any code snippets for this task please post them here. It would be very helpful. The code for RSA encryption and Decryption between client and server(client and server are on different machines). Thanks and Regards, Yamini.
Re: RSA encryption and Decryption code in C language
You cannot generate a private key from a public key. Typically, the receiver generates the key pair and sends the public key to the sender. The sender encrypts with the public key. The receiver decrypts with the private key. A typical format for sending a public key across a channel is an X.509 certificate. On 6/18/2013 1:36 PM, Hemayamini Kurra wrote: But the problem is, I have to encrypt it at clients side and decrypt it at servers side. In the above program I generated the key at clients side. But How do I transport the public key to the other party for it to generate the private key? If I send the key using TCP/IP channel, that makes the system vulnerable, which is not desirable. So how do I transport the keys between client and the server. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
test
test This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio Inc. makes no warranty that this email is error or virus free. Thank you.
TLS: cannot open certdb
Greetings, I'm trying to get LDAP to work with TLS but when I used the ldapsearch command to verify TLS is working, this error is showstopping me. The error is: TLS: cannot open certdb '/etc/openldap/cacerts', error -8018:Unknown PKCS #11 error. !!Here's how this surfaced!! I just created a CA using a openssl.cnf and the openssl command. Here's my openssl.cnf: [ ca ] default_ca = mypersonalca [ mypersonalca ] # # WARNING: if you change that, change the default_keyfile in the [req] section below too # Where everything is kept dir = ./mypersonalca # Where the issued certs are kept certs = $dir/certs # Where the issued crl are kept crl_dir = $dir/crl # database index file database = $dir/index.txt # default place for new certs new_certs_dir = $dir/certs # # The CA certificate certificate = $dir/certs/ca.pem # The current serial number serial = $dir/serial # The current CRL crl = $dir/crl/crl.pem # WARNING: if you change that, change the default_keyfile in the [req] section below too # The private key private_key = $dir/private/ca.key # private random number file RANDFILE = $dir/private/.rand # The extentions to add to the cert x509_extensions = usr_cert # how long to certify for default_days = 365 # how long before next CRL default_crl_days= 30 # which md to use; people in comments indicated to use sha1 here default_md = sha1 # keep passed DN ordering preserve = no # Section names policy = mypolicy x509_extensions = certificate_extensions [ mypolicy ] # Use the supplied information commonName = supplied stateOrProvinceName = supplied countryName = supplied emailAddress = supplied organizationName = supplied organizationalUnitName = optional [ certificate_extensions ] # The signed certificate cannot be used as CA basicConstraints = CA:false [ req ] # same as private_key default_keyfile = ./mypersonalca/private/ca.key # Which hash to use default_md = sha1 # No prompts prompt = no # This is for CA subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer string_mask = utf8only basicConstraints = CA:true distinguished_name = root_ca_distinguished_name x509_extensions = root_ca_extensions [ root_ca_distinguished_name ] # EDIT THOSE commonName = My Personal CA stateOrProvinceName = California countryName = US emailAddress = ce...@example.com organizationName = My Personal Certification Authority [ root_ca_extensions ] basicConstraints = CA:true Here's the command that I used to create the CA. OPENSSL=ca.cnf openssl req -x509 -nodes -days 3650 \ -newkey rsa:2048 -out mypersonalca/certs/ca.pem \ -outform PEM -keyout ./mypersonalca/private/ca.key Here's the command that created the certificates. openssl req -newkey rsa:1024 -nodes -sha1 \ -keyout cert.key -keyform PEM -out cert.req -outform PEM Here's the command that signed the certificate. OPENSSL_CONF=ca.cnf openssl ca -batch -notext -in cert.req -out cert.pem But when I did ' ldapsearch -d -1 -x -LLL -ZZ' to verify that TLS is working, I got: [root@fl1-lsh99apa007 ~]# ldapsearch -d -1 -x -LLL -ZZ ldap_create ldap_extended_operation_s ldap_extended_operation ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP fl1-lsh99apa007.securesites.com:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 10.227.2.122:389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x10c8b00 ptr=0x10c8b00 end=0x10c8b1f len=31 : 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0w...1.3.6.1 0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037 ber_scanf fmt ({) ber: ber_dump: buf=0x10c8b00 ptr=0x10c8b05 end=0x10c8b1f len=26 : 77 18 80 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e w...1.3.6.1.4.1. 0010: 31 34 36 36 2e 32 30 30 33 37 1466.20037 ber_flush2: 31 bytes to sd 3 : 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0w...1.3.6.1 0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037 ldap_write: want=31, written=31 : 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0w...1.3.6.1 0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037 ldap_result ld 0x10bf150 msgid 1 wait4msg ld 0x10bf150 msgid 1 (infinite timeout) wait4msg continue ld 0x10bf150 msgid 1 all 1 ** ld 0x10bf150 Connections: * host: fl1-lsh99apa007.securesites.com port: 389 (default) refcnt: 2 status: Connected last used: Tue Jun 18 15:19:12 2013 ** ld 0x10bf150 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x10bf150 request count 1 (abandoned 0) ** ld 0x10bf150 Response Queue: Empty ld 0x10bf150 response count 0
RE: Is it possible to grab CA certificate?
From: owner-openssl-us...@openssl.org On Behalf Of Carl Young Sent: Tuesday, 18 June, 2013 07:10 Sorry for top-post - webmail :( In TLS, the server should not send the root certificate - it sends the chain up to, but not including, the root certificate. From (sorry) http://technet.microsoft.com/en-us/library/cc783349(v=ws.10).aspx snip should not is a little strong. It doesn't NEED to -- the relier (here client) must never trust a root sent in the handshake -- but it does no harm other than wasting a little wire time. For client authentication when used the same is true the other direction. RFC5246 says the root MAY be omitted. From: owner-openssl-us...@openssl.org on behalf of Cristian Thiago Moecke [cont...@cristiantm.com.br] Sent: 18 June 2013 11:43 If the only certificate that is shown is the server certificate, the server is not providing the certificate chain, only the server certificate. This way, you wont be able to get the CA certificate from the SSL connection. Maybe your network admins want to fix that too. If it's for his own company's servers, perhaps. If it's for ycombinator, probably not but see below. What is strange is that exceptions are not working as expected. Is there any chance that the certificate is changing from time to time? I agree that is strange. See below. On Tue, Jun 18, 2013 at 3:07 AM, A A wemp...@gmail.com wrote: When I go to SSL site I see this message in fx: You have asked Firefox to connect securely to news.ycombinator.com, but we can't confirm that your connection is secure. snip (Error code: sec_error_unknown_issuer) And then I go to Add exception - View - Details tab - Certificate hierarchy but there is only news.ycombinator.com present. When I export it and try to import it into fx I get: This is not a certificate authority certificate, so it can't be imported into the certificate authority list. So I think this is not CA certificate but a server certificate. You're almost certainly right. If the cert Subject names the site and the Issuer names some CA, like the one I see just below, then it isn't a CA cert (and definitely not a root). But when *I* connect to news.ycombinator.com:443 with s_client I get a chain of 3, compressed for posting: 0 s:.../O=Y Combinator LLC/CN=news.ycombinator.com i:/C=US/O=Entrust, Inc./.../CN=Entrust Certification Authority - L1C 1 s:(same) i:/O=Entrust.net/.../CN=Entrust.net Certification Authority (2048) 2 s:(same) i:/C=US/.../CN=Entrust.net Secure Server Certification Authority No root for that chain is sent, but my Firefox (now 21) for that site finds a shortcut root (in BuiltinTokenObject) instead of #2. This is most likely because Secure Server Certification Authority is 1024 bits, and when transitioning to 2048 they provided a bridge to the old root for reliers who don't have the new root but prefer the new root for proper 2048 security. #1 and #0 are both 2048. (The root for Certification Authority (2048) has notbefore in 1999, but I'm not convinced it was actually issued then.) Could you maybe be routed to a different machine? I got 184.172.10.74 . And about recurring errors on the same site: I have a number of server exceptions in Servers list under my company custom CA certificate in Advanced - View Certificates - Servers. All of them are marked Permanent. Nevertheless, the error page I described above appears from time to time even on sites that I have previously added to a trusted list. It's extremely annoying and I don't know why this happens. I use Firefox 21. I agree with the previous responder: this is strange, unless the cert changed, and for that to happen often would be pretty odd. One possibility: could it be that (some of) the company servers are not single machines but farms or load-sharing or load-balancing systems, which have multiple physical machines that *should* all be using the same key-and-certificate but maybe aren't? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Is it possible to grab CA certificate?
On Tue, Jun 18, 2013 at 04:50:06PM -0400, Dave Thompson wrote: From: owner-openssl-us...@openssl.org On Behalf Of Carl Young Sent: Tuesday, 18 June, 2013 07:10 Sorry for top-post - webmail :( In TLS, the server should not send the root certificate - it sends the chain up to, but not including, the root certificate. From (sorry) http://technet.microsoft.com/en-us/library/cc783349(v=ws.10).aspx snip should not is a little strong. It doesn't NEED to -- the relier (here client) must never trust a root sent in the handshake -- but it does no harm other than wasting a little wire time. For client authentication when used the same is true the other direction. RFC5246 says the root MAY be omitted. In fact with RFC 6698 DANE and digest matching type TLSA RRs with certificate usage 2, the server SHOULD (in most cases MUST, but the DANE WG won't let me say the obvious quite so strongly) send the root CA, because otherwise the client will likely have no means to compute the trust-anchor digest to compare with the TLSA record. With usage 2 trust-anchors, the client cannot generally be presumed to have prior access to trusted roots, so the server needs to send these. http://tools.ietf.org/html/draft-dukhovni-dane-ops-00#section-4.2 -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Diffie Hellman problem
I've tried it using the following code: EVP_PKEY * pp = EVP_PKEY_new(); EVP_PKEY_set1_DH(pp, dh); char *buff; BUF_MEM *bptr; int write_rc = 0; BIO *bmem = BIO_new(BIO_s_mem()); write_rc = PEM_write_bio_PUBKEY(bmem, pp); But I'm not getting anything in pp and write_rc is 0. How should I use the EVP_PKEY? Aleix Ventayol | Mobile Jazz C. Nàpols, 187, 9º, 08013 Barcelona http://mobilejazz.cathttp://www.google.com/url?q=http%3A%2F%2Fmobilejazz.cat%2Fsa=Dsntz=1usg=AFrqEzfgZdKlXETCdfdRKpZ-ieYGYbSPXA On Tue, Jun 18, 2013 at 7:39 PM, Dr. Stephen Henson st...@openssl.orgwrote: On Tue, Jun 18, 2013, Aleix Ventayol wrote: Hi everyone, I'm using a Diffie Hellman Agreemant on one app. I've been able to generate the DH without any problems, but now I should send the DH information to the server. We've an example of the same process written in Java, what this app generates to send to the client is: SEQUENCE { SEQUENCE { OBJECTIDENTIFIER 1.2.840.113549.1.3.1 SEQUENCE { INTEGER 0x00c90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68 INTEGER 0x02 (2 decimal) } } BITSTRING 0x0282010100b9c13521bc982e69de3e139d2521f32187ca932fdb579344c37cf2a8effb1c589ac27446656c911aefb84c961be5c389cabae7012b9edbec439ce5b57df4ad427e8baaa334c18c8bbf0fc3b19b197d484ae174f3fb538183368cdb11ecc228fc3fbb0029ff9aa0c06ccebbba47c1d1208410e9506cc08ae3bdc71924e95ae74994268822637ad628af95cf8b09cba0e070c7a8126921f6a700792ef45d844b8812f4d67f19bbc809ad33ac1ea59f4e3a9542e26b3a5f1738de6b9f8092c5a323747a716f39a17f879b87981c00944c8e5fb8f1e4d5ace6c81c182f80711bc55865c8562688b7084ae42f706fb80081f9e97982ef0242df221b202cee9b9ffcaf : 0 unused bit(s)} From my c++ app I try to get the same information using PEM_write_bio_DHparams. I get almost the same but without the BITSTRING and the OBJECTIDENTIFIER. SEQUENCE { INTEGER 0x00c90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68 INTEGER 0x02 (2 decimal)} Any clue about where's the problem? I've seen that Java version generates a X.509 certificate to send the data, maybe I should generate a X509 certificate from the DH on my c++ version? The DH_* functions don't support encoding of public and private keys, PEM_write_bio_DHparams just writes DH parameters instead. If you use the higher level EVP_PKEY API and something like i2d_PUBKEY it should produce that format. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [Encrypting_Decrypting with DES]
On 18 June 2013 19:22, Jakob Bohm jb-open...@wisemo.com wrote: Fundamentally, every CBC block except the first will use what you call a predictable IV, namely the previous ciphertext block. To make any sense security arguments about this need to be very clear about what is and is not vulnerable. Your clarification on when an IV becomes predictable is a useful build on the discussion Summarily telling anyone using CBC to never chain on from one message to the next and/or to switch to inherently less secure modes such as CTR just to avoid an attack that has so many other countermeasures is very bad advise, especially when done in a public forum, which is why I could not allow your bad arguments to stand unopposed. I don't accept that CTR is inherently less secure than CBC. Both have their strengths and weaknesses, and arguments can be made either way. Agreed. CTR is a good mode if you use it right and understand its limitations. If you abuse it you are in for a lot of trouble. But then that is probably true of crypto generally. I would also strongly advise that anyone using CTR (or CBC for that matter) properly consider integrity issues. I have not seen any attacks on the CBC IV problem that were at all preventable by integrity checks. I have seen and used techniques that prevent the issue in a way which is entangled with integrity checks, but the prevention is not due to the integrity protection itself. I was not intending to imply that my statement around integrity solves the CBC IV problem. Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Run TLS only through memory buffers?
Hi, I am wondering if it is possible to do TLS only through memory buffers. I have an application where I'd like to add encryption and authentication to the communication layer. During a TLS handshake the application could send and receive memory buffers. But I do not have access to the socket. (So transport medium could be something different than TCP/IP and I can't influence that) After the session is initilized the app passes memory buffers to my code, TLS encryption/decryption is applied and the result should the passed back to the app. So I'd like to know if the TLS stack can also be used/configured, so that the message from the network could be placed in a BIO_s_mem() and ends up before sending over a network in a BIO_s_mem()? Especially if this is also possible for the handshake? Are there any unrequested messages in a TLS session (like change of session key) for what I would need a callback in the app to send this over the transport medium? So the picture is the following: App (client) --(buf0)-- my library that does TLS --(buf1)-- App (client) --(buf1)-- transport medium -- App (server) --(buf1)-- my library that does TLS --(buf2)-- App (server) Here buf2 == buf0 and buf1 is the encrypted content. I hope you got the problem that I'd like to solve. Thanks and best regards, #micha -- main(i,c)/* /\ ASCII Ribbon | Die Mathematik ist die Königin */{for(scanf (%d,c)/* \ / Campaign | der Wissenschaften und die */;1(c/=i );printf(/* X against | Zahlentheorie ist die Königin */%d\n,i) )for(i=1;/* / \ HTML e-mail | der Mathematik - C. F. Gauß*/c%++i;);} /* To err is human; to really fuck things up requires the root password */ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Diffie Hellman problem
From: owner-openssl-us...@openssl.org On Behalf Of Aleix Ventayol Sent: Tuesday, 18 June, 2013 17:33 I've tried it using the following code: EVP_PKEY * pp = EVP_PKEY_new(); EVP_PKEY_set1_DH(pp, dh); char *buff; BUF_MEM *bptr; int write_rc = 0; BIO *bmem = BIO_new(BIO_s_mem()); write_rc = PEM_write_bio_PUBKEY(bmem, pp); But I'm not getting anything in pp and write_rc is 0. Works for me, using file-BIO instead (easier to test). Are you sure dh contains a valid key? What's in the error queue? Easiest way is ERR_print_errors_fp(stderr) . snip __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: cannot open certdb
From: owner-openssl-us...@openssl.org On Behalf Of Rodney Simioni Sent: Tuesday, 18 June, 2013 15:52 I'm trying to get LDAP to work with TLS but when I used the ldapsearch command to verify TLS is working, this error is showstopping me. TLS: cannot open certdb '/etc/openldap/cacerts', error -8018:Unknown PKCS #11 error. I just created a CA using a openssl.cnf and the openssl command. Here's my openssl.cnf: snip Here's the command that I used to create the CA. OPENSSL=ca.cnf openssl req -x509 -nodes -days 3650 \ -newkey rsa:2048 -out mypersonalca/certs/ca.pem \ -outform PEM -keyout ./mypersonalca/private/ca.key That uses ca.cnf not openssl.cnf. But the config file settings, even if different, probably don't matter to this problem. Here's the command that created the certificates. openssl req -newkey rsa:1024 -nodes -sha1 \ -keyout cert.key -keyform PEM -out cert.req -outform PEM Here's the command that signed the certificate. OPENSSL_CONF=ca.cnf openssl ca -batch -notext -in cert.req -out cert.pem Nit: that created a Certficate Signing Request aka CSR, and then created and signed a cert from the CSR. A CSR is NOT a cert, or even a cert-TBS (cert_info), although it is related. But when I did ' ldapsearch -d -1 -x -LLL -ZZ' to verify that TLS is working, I got: snip lots TLS: certdb config: configDir='/etc/openldap/cacerts' tokenDescription='ldap(0)' certPrefix='' keyPrefix='' flags=readOnly TLS: cannot open certdb '/etc/openldap/cacerts', error -8018:Unknown PKCS #11 error. TLS: skipping 'ca.pem' - filename does not have expected format (certificate hash with numeric suffix) openssl verification (aka trust) logic can use CA certs from a file (concatenated) often referred to as CAFile or a directory (with hashnames) often called CApath or CAdir. 'certdb' suggests either. 'cacerts' without suffix suggests the latter. But in neither case is PKCS#11 involved at all. What actually is, or is in, /etc/openldap/cacerts ? Is it a directory and is ca.pem a file you put there? openssl will ignore 'extra' files in a CApath, but maybe openldap doesn't. If so, the error message is slightly off; the hashname openssl wants is a hash of the *subject* plus a numeric suffix, not a hash of the cert. But that could just be a typo. If that file belongs there try naming it with the value from commandline x509 -subject_hash (or -hash) followed by dot zero. I also have this in my ldif file: olcTLSCACertificateFile: /home/rsimioni/mypersonalca/certs/ca.pem olcTLSCertificateFile: /home/rsimioni/cert.pem olcTLSCertificateKeyFile: /home/rsimioni/cert.key olcTLSVerifyClient: allow http://linux.die.net/man/5/slapd-config describes both olcTLSCACertificateFile and olcTLSCACertificatePath with meanings that match openssl's, plus an alternate(?) meaning for MozillaNSS presumably not applicable to you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Diffie Hellman problem
From: owner-openssl-us...@openssl.org On Behalf Of Dr. Stephen Henson Sent: Tuesday, 18 June, 2013 13:40 To add some more: On Tue, Jun 18, 2013, Aleix Ventayol wrote: Hi everyone, I'm using a Diffie Hellman Agreemant on one app. I've been able to generate the DH without any problems, but now I should send the DH information to the server. We've an example of the same process written in Java, what this app generates to send to the client is: Your app sends to the server but the same process in Java sends to the client? Is the Java process actually the server? For the DH algorithm the two parties are symmetric, but when embedded in a protocol who sends what and when to whom can matter. SEQUENCE { SEQUENCE { OBJECTIDENTIFIER 1.2.840.113549.1.3.1 SEQUENCE { snip: INTEGER p and g } } BITSTRING snip: DER of INTEGER y That format is the SubjectPublicKeyInfo format defined by X.509 and included in an X.509 cert, and also used locally by openssl. It supports multiple algorithms so it has an OID to identify the algorithm, conditionally parameters which for DH are integers p and g, and wrapped in a bitstring the actual key value which for DH is y. From my c++ app I try to get the same information using PEM_write_bio_DHparams. I get almost the same but without the BITSTRING and the OBJECTIDENTIFIER. snip I've seen that Java version generates a X.509 certificate to send the data, maybe I should generate a X509 certificate from the DH on my c++ version? The DH_* functions don't support encoding of public and private keys, PEM_write_bio_DHparams just writes DH parameters instead. Exactly. write__DHparams writes the parameters part of the PubKeyInfo. If you use the higher level EVP_PKEY API and something like i2d_PUBKEY it should produce that format. If you need just the key value (in pretty-standard form) yes. If the Java version is producing a cert is because the peer(?) *wants* a cert, then you may need to produce a cert also. If your peer is the process ... in Java, or any Java process you can work on, Java/JCE code can handle a DH public key in PubKeyInfo format as well as cert, but using different routines: (DHPublicKey extends PublicKey).getEncoded() on output and KeyFactory.getInstance(DH).generatePublic (X509EncodedKeySpec created from the data) on input. Of course if it is using the other cert fields for anything, or relying on CA issuance of the cert as a trust check, then you need the cert. If you do need to create a cert yourself, look at the Java example and/or any specs you have to see what you need for the issuer name and signing key -- normally tied together by an issuer cert -- and what you need or can use for subject, validity, version, and extensions (if any, only if version 3 but that is common today). Generally each of these is pretty straightforward but together they can be a bit of work. Alternatively if the Java example is getting the cert from a CA (maybe an internal e.g. company one) you may need to do the same by instead creating a CSR and submitting that to the CA. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Diffie Hellman problem
I wrote Tuesday, 18 June, 2013 22:29: snip if [DH peer] is using the other cert fields for anything, or relying on CA issuance of the cert as a trust check, then you need the cert. If you do need to create a cert yourself, snip Alternatively if the Java example is getting the cert from a CA (maybe an internal e.g. company one) you may need to do the same by instead creating a CSR and submitting that to the CA. Sorry, that was habit. You can't do a (PKCS) CSR for DH, since you can't sign to prove possession. Thus you may be unable to use a cert to propagate trust. You can use it to carry related data, or to apply available tools. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org