Re: [openssl-users] Getting certificates from smartcards
Shoot, I need that functionality. Can I perhaps use the X509 *load_cert(BIO *err, const char *file, int format, const char *pass, ENGINE *e, const char *cert_descrip) function then? If yes, then can someone elaborate on how to use this function? Thanks. On Tuesday, 21 July 2015 10:56 PM, Anirudh Raghunath anirudhraghun...@rocketmail.com wrote: Shoot, I need that functionality. Can I perhaps use the X509 *load_cert(BIO *err, const char *file, int format, const char *pass, ENGINE *e, const char *cert_descrip) function then? If yes, then can someone elaborate on how to use this function? Thanks On Tuesday, 21 July 2015 8:19 PM, Victor Wagner vi...@wagner.pp.ru wrote: On Tue, 21 Jul 2015 13:58:21 + (UTC) Anirudh Raghunath anirudhraghun...@rocketmail.com wrote: Ah okay, that clears up quite a lot of doubts. But the certificate I want to load is a self signed certificate which has a private key attached to it. I used the XCA application to export the certificate-private key pair as a p12 file to the smart card. What should I do to get the certificate in this case? Thanks. It doesn't matter how you've installed certificate into smart card. Once it, and its corresponding private key is installed on the card, you can access them separately, using PKCS#11 API (and command-line pkcs11-tool utility). So, you can extract just certificate from certificate-private key pair and put it into the file (but typically you cannot extract private key. You can only use PKCS11 API or OpenSSL ENGINE API on top of it to perform cryptographic operations with this private key. This is what smartcards are for). If you have opensc pkcs11 engine, you also should have pkcs11-tool from opensc project. Use pkcs11-tool --module your pkcs11 module --list-objects to find out which certificate-private key pairs are available on your card (you probably already know ID of your key pair, because you've used ENGINE_load_private_key, and it requires key id as argument). Then use pkcs11-tool --module your pkcs11 module --write-object id --type cert --output-file filename.der to extract certificate from card. You can then convert it to pem format using openssl x509 -in filename.der -inform DER -out filename.pem or can just use function SSL_CTX_use_certificate_file passing SSL_FILETYPE_ASN1 as its argument. Personally I consider it ugly that one need to extract certificate from token before it can be used in openssl-based applications for any purpose except SSL-client authentication. Function int ENGINE_load_certificate(ENGINE *e, const char *key id, UI_METHOD *ui_method, void *callback_data) is clearly missing from API. Existence of such function would allow to use smartcards and other hardware tokens to be used 1. In the server applications 2. In the non-SSL (i.e. CMS signing) applications 3. For secondary protocols like OCSP or timestamping authority. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Converting Bin format to X509 format
Thanks for the quick response. I am currently working with smart cards and am using the engine provided by openSC to access the private key in the smart card. Long story short I have the EVP_PKEY object with me. Can I use this to sign a certificate or some file which can be used for SSL client verification. Merci On Wednesday, 22 July 2015 11:52 AM, Erwann Abalea erwann.aba...@opentrust.com wrote: Bonjour, An X.509 certificate is: Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING } What you produced with « openssl rsautl -sign » is the content of the « signatureValue » element (not its BIT STRING structure, only the inner content).What is missing is all the rest, and it can’t be produced by the sole « openssl x509 … » command. Please refine your question. Cordialement,Erwann Abalea Le 22 juil. 2015 à 11:17, Anirudh Raghunath anirudhraghun...@rocketmail.com a écrit : Hello, I have used rsault -sign option to sign a text file which gives me a binary file. I would like to convert this to X509 so that I can use it in a ssl handshake. I understand the command: openssl x509 -inform format -in certfile -out cert.pem is used. I want to know what the parameters would be for a binary input file. Thanks in advance. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Converting Bin format to X509 format
On Wed, 22 Jul 2015 09:17:43 + (UTC) Anirudh Raghunath anirudhraghun...@rocketmail.com wrote: Hello, I have used rsault -sign option to sign a text file which gives me a binary file. I would like to convert this to X509 so that I can use it in a ssl handshake. I understand the command: openssl x509 -inform format -in certfile -out cert.pem is used. I want to know what the parameters would be for a binary input file. Thanks in advance. Unfortunately signed text file and certificate are quite different things. Of course, certificate is signed electronic document. But it is document of special binary format, which contains public key and information about owner of corresponding private key. And typically, it is not signed by you, it is signed by Certificate Authority (known to server). When you use certificate (and corresponding private key) during SSL handshake, it means than server sends you something, you sign this something using your private key and send signature to server along with certificate. Server verifies signature under data, which it remembers it have been sent to you, using public key contained in the certificate, and says Ok, this guy really owns private key corresponding to public key in this certificate. It also verifies signature under certificate using known beforehand and trusted CA certificates, to make sure that public key stored in the certificate really belongs to person mentioned in the certificate subject field. So, if you sign some text file using your certificate, this signature cannot be used in the SSL handshake any way. Because you've signed some text file, not a challenge send by server during SSL handshake. This signature proves that you, owner of private key, have had access to this text file (provided your private key is not compromised), but there is no way to use this signature to prove that your are one, who established connection with server. To prove so, you have to sign something send to your from server, not some data, known beforehand. Really, option -sign of this utility may produce some signed document format such as PKCS#7 or CMS, which contains signer's certificate. For same purpose which I've described above. If someone wants to verify if you've signed this file, one should have your certificate, with public key and your name in it. Simplest way to ensure this is to attach certificate to the signed message. Then recipient of message can validate certificate, extracted from message with known and trusted CA and then use it to verify signature under message. If you want use such a curved way to extract certificate from card, it is possbile, provided that your rsautl produces standard signed message format, i.e PKCS#7 may be openssl pkcs7 -inform der -in signedfile.bin -print_certs would do the trick and write certificate of one who signed the file into filename.pem But this is not called convert signed file to X509 format, it is called extract X509 certificate from signed file. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Converting Bin format to X509 format
Thank you for the extremely elaborate answer. Now I understand the big picture. I want to attach a file from the server side which can be collected in the client program(the test) and I want to sign it and send it back. I have the ssl server client connection ready through socket and ssl code. I want to know if there is a function to load the random file to the SSL_CTX object the way we do with certificates. Thanks anyways for taking the time to answer my trivial doubts :). On Wednesday, 22 July 2015 12:12 PM, Victor Wagner vi...@wagner.pp.ru wrote: On Wed, 22 Jul 2015 09:17:43 + (UTC) Anirudh Raghunath anirudhraghun...@rocketmail.com wrote: Hello, I have used rsault -sign option to sign a text file which gives me a binary file. I would like to convert this to X509 so that I can use it in a ssl handshake. I understand the command: openssl x509 -inform format -in certfile -out cert.pem is used. I want to know what the parameters would be for a binary input file. Thanks in advance. Unfortunately signed text file and certificate are quite different things. Of course, certificate is signed electronic document. But it is document of special binary format, which contains public key and information about owner of corresponding private key. And typically, it is not signed by you, it is signed by Certificate Authority (known to server). When you use certificate (and corresponding private key) during SSL handshake, it means than server sends you something, you sign this something using your private key and send signature to server along with certificate. Server verifies signature under data, which it remembers it have been sent to you, using public key contained in the certificate, and says Ok, this guy really owns private key corresponding to public key in this certificate. It also verifies signature under certificate using known beforehand and trusted CA certificates, to make sure that public key stored in the certificate really belongs to person mentioned in the certificate subject field. So, if you sign some text file using your certificate, this signature cannot be used in the SSL handshake any way. Because you've signed some text file, not a challenge send by server during SSL handshake. This signature proves that you, owner of private key, have had access to this text file (provided your private key is not compromised), but there is no way to use this signature to prove that your are one, who established connection with server. To prove so, you have to sign something send to your from server, not some data, known beforehand. Really, option -sign of this utility may produce some signed document format such as PKCS#7 or CMS, which contains signer's certificate. For same purpose which I've described above. If someone wants to verify if you've signed this file, one should have your certificate, with public key and your name in it. Simplest way to ensure this is to attach certificate to the signed message. Then recipient of message can validate certificate, extracted from message with known and trusted CA and then use it to verify signature under message. If you want use such a curved way to extract certificate from card, it is possbile, provided that your rsautl produces standard signed message format, i.e PKCS#7 may be openssl pkcs7 -inform der -in signedfile.bin -print_certs would do the trick and write certificate of one who signed the file into filename.pem But this is not called convert signed file to X509 format, it is called extract X509 certificate from signed file. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Sending files in SSL communication
What you want is application-specific, not part of the TLS protocol. So you have to use SSL_read/SSL_write and pull the data out as needed. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Warnings Compiling openssl 1.0.2d
On Wed, Jul 22, 2015 at 6:40 AM, Jakob Bohm jb-open...@wisemo.com wrote: On 22/07/2015 01:21, Jeffrey Walton wrote: For the stragglers, I don't think its a stretch to ask C99 in 2015. Visual Studio is often used on Windows, and it is not C99. Oh my, I was not aware it was still struggling for C99 :) I guess Microsoft is still putting their energies into the one-size, tablet interface known as Windows 8, fits all, even on desktops without a touchscreen. On the good side, MSVC does not need to be 100% compliant. It just needs to support initialization at time of declaration. That particular feature works. Isn't that a C89 (or maybe even KR) feature? I thought that was C99. I think Ben Laurie even corrected me with some OpenSSL sample code because I initialized a variable without using -std=c99. There is another problem though: Blindly initializing every variable with dummy values (because the correct value comes from one or more if() branches), only achieves two things, both bad: - It hides correct warnings in case one of those if() branches forgets to set the variable, before it is read. - It potentially confuses less-than-halting-problem- solving optimizers to needlessly generate code that allocates and initializes the variable because they cannot detect (within their compile time resource limits) that the dummy value is (hopefully) never used. The second problem is almost guaranteed to happen on any compiler/option combination that would otherwise falsely warn about the variable being maybe- uninitialized. This is because most compilers generate that warning as a side effect of the optimizer trying to figure out if the garbage or dummy value will be used by the code. What, exactly is the problem? The program is in a known state. As far as I know, that's the best state to be in. And that's why managed languages like Java and .Net are so popular. When a variable is declared, it gets placed in a known state immediately. It relieves the programmer of remembering pesky details like, remember to initialize your variables to a known state. Jeff ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Sending files in SSL communication
But is there a way to send text files through SSL_write()? No. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Size of OpenSSL ECDSA/DSA Implementation
On 21/07/2015 22:07, Michaela Schoenbauer wrote: Hi, I'm currently working on my Master thesis, and the topic is about ECDSA implementations and DSA implementations in the context of small embedded systems. I'd like to try out OpenSSL but I'm not sure if I can configure it to be small enough for the embedded devices I use. For my purpose a custom built of the library should exclude all SSL/TLS functionality and only include (a) ECDSA support and (b) DSA support in another built. Does anyone know how small I can make the OpenSSL library? May the results be smaller than 10KB or which results can I expect? If anyone already tried something similar or has some answers/hints I would be thankful. Unfortunately, since the introduction (many years ago) of the EVP interface abstraction, it has gotten a lot harder to link libcrypto (the non-SSL part of OpenSSL) with just a few algorithms and little else. Best chance is to: 1. Use OpenSSL 1.0.2, not the future 1.1.0 which has removed some of what you need for this. 2. Build OpenSSL as static libraries, not as shared libraries/DLLs. 3. Use the raw ecdsa/dsa functions from ecdsa.h/dsa.h 4. Write your test program to only do the signing OR verification, not the key generation or other functions. 5. Write your test program to operate directly on the internal structures so you don't need the code space for the i2d/d2i conversion functions. 6. Use linker diagnostics and/or object dumper programs to see which functions and source files get linked into your embedded binary. 7. Look at the actual implementation code in the OpenSSL source code to see if there is even more that can be trimmed out, e.g. by splitting some source files that contain multiple functions so one file contains the functions you use, and another file ther other. 8. Look at the actual ecdsa/dsa implementation code to see if it invokes the RNG for each signature or uses a cryptographic formula to deterministically generate a message/key dependent adversary unknowable per-signature key. This makes a big size difference because the RNG itself needs so much non-dsa code. 9. For ecdsa, look at the implementation code to see if it branches into different implementations depending on the curve used for the public/private key pair. If so, create a special version supporting only the curve you use for your test. With all this, you might be able to get a code size a lot smaller than what you would get by just following the official guides on how to do the same operation with supported high level functions. But I am not at all sure if you can still get as low as you need. A completely different approach is to just cut and paste snippets from the OpenSSL ecdsa/dsa code and hand optimize it for minimum size. As another datapoint for your investigation, the ECDSA-like signature scheme recently promoted by D.J.Bernstein apparently hand optimized assembler code, yet I seem to recall it being larger than 10Kio code. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Sending files in SSL communication
Hello all, I have a ssl server client connection set up which I have written in C using sockets and openssl. I understand that I can attach a certificate of the server and send it to the client by attaching it to the SSL_CTX object. I used the SSL_CTX_use_certificate_file to do so. Now I can retrieve that certificate by using SSL_get_peer_certificate function on the client side. I also want to send a test( say a text file) from the server to the client for the client to sign it and send it back. What function do I use to do so? Is it similar to the way we attach certificates to the SSL_CTX? And how do I retrieve it on the client side?Thanks in advance.___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Sending files in SSL communication
But there is a way in which the server sends a test( for example a random number) and the client signs it with his private key right? On Wednesday, 22 July 2015 1:30 PM, Anirudh Raghunath anirudhraghun...@rocketmail.com wrote: But is there a way to send text files through SSL_write()? If so, can you please give a small example? Thanks. On Wednesday, 22 July 2015 1:27 PM, Salz, Rich rs...@akamai.com wrote: What you want is application-specific, not part of the TLS protocol. So you have to use SSL_read/SSL_write and pull the data out as needed. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Converting Bin format to X509 format
Bonjour, An X.509 certificate is: Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING } What you produced with « openssl rsautl -sign » is the content of the « signatureValue » element (not its BIT STRING structure, only the inner content). What is missing is all the rest, and it can’t be produced by the sole « openssl x509 … » command. Please refine your question. Cordialement, Erwann Abalea Le 22 juil. 2015 à 11:17, Anirudh Raghunath anirudhraghun...@rocketmail.com a écrit : Hello, I have used rsault -sign option to sign a text file which gives me a binary file. I would like to convert this to X509 so that I can use it in a ssl handshake. I understand the command: openssl x509 -inform format -in certfile -out cert.pem is used. I want to know what the parameters would be for a binary input file. Thanks in advance. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Regarding the security of the keys
Hi, I my opinion the only way to securely handle your keys is the usage of some kind of Hardware Security Module, e.g. www.smartcard-hsm.com www.yubico.com These lightweight HSMs provide a PKCS#11 interface which can be integrated using the PKCS#11 engine of OpenSSL. In addition the SmartCard-HSM supports key replication to build some kind of load-balancing cluster where all HSMs share the same key. Depending on the load of the server these small HSMs might be suitable. Otherwise you should spent some money for a complete and full HSM solution. Regards, Frank Am 21.07.2015 um 09:53 schrieb Mike Mohr: Securing a system against this kind of attack can be done in several ways, depending on the level of assurance you desire. You might start out with Tripwire: https://en.wikipedia.org/wiki/Open_Source_Tripwire http://www.tripwire.org/ You could also implement mandatory access control and ACLs using either grsecurity or SELinux: http://grsecurity.net/ http://www.cs.virginia.edu/~jcg8f/SELinux%20grsecurity%20paper.pdf https://en.wikipedia.org/wiki/Security-Enhanced_Linux Personally I prefer grsecurity, but it is not supported in mainline by any major distribution that I am aware of. You'll have to patch, build, and and support your own kernel image in order to use it. SELinux is supported out of the box on CentOS 6 and 7, so it would probably be a good place to start. If your concern is solely in the realm of protecting your RSA keys, you might consider some HSM product from e.g. Yubico: https://www.yubico.com/ https://en.wikipedia.org/wiki/Hardware_security_module These tiny USB keys store the RSA keys on a secure element which is physically tamper-resistant. The key material never leaves the hardware token. However, you'd probably have to write a custom provider for OpenSSL, and the throughput would probably only be sufficient for a very small amount of traffic. If you need something that can handle a higher load, you might consider purchasing one of Cavium's cards: http://www.cavium.com/overview.html However, they are 10 gigabit passthrough devices and will unwrap / re-wrap the SSL session in hardware. They are not cheap. Good luck! On Mon, Jul 20, 2015 at 11:46 PM, James james.arivazha...@gmail.com mailto:james.arivazha...@gmail.com wrote: Hi there, I have a concern regarding the private keys we use in the https (say apache) server. The https server links with openssl.so file, and uses the APIs provided by it. If some one build their own openssl and add few lines to print the keys during encrypt and decrypt and put in the library in the LD_LIBRARY_PATH, may result in compromising the security of the keys. Does any of you faced this problem and if you could share the solution it would be helpful. regards, James Arivazhagan Ponnusamy ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Thater Schwier Consulting GbR Frank Thater M.Sc. in Applied IT Security, Dipl.-Wirt.-Inf. Schülerweg 38 32429 Minden, Germany Phone +49 160 6316655 http://www.tscons.de Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Sending files in SSL communication
But is there a way to send text files through SSL_write()? If so, can you please give a small example? Thanks. On Wednesday, 22 July 2015 1:27 PM, Salz, Rich rs...@akamai.com wrote: What you want is application-specific, not part of the TLS protocol. So you have to use SSL_read/SSL_write and pull the data out as needed. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Converting Bin format to X509 format
Hello, I have used rsault -sign option to sign a text file which gives me a binary file. I would like to convert this to X509 so that I can use it in a ssl handshake. I understand the command: openssl x509 -inform format -in certfile -out cert.pem is used. I want to know what the parameters would be for a binary input file. Thanks in advance. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Converting Bin format to X509 format
(top posting for consistency) Look at the functions named X509_sign(), X509_CRL_sign() and X509_REQ_to_X509(), those should get you started. On 22/07/2015 11:57, Anirudh Raghunath wrote: Thanks for the quick response. I am currently working with smart cards and am using the engine provided by openSC to access the private key in the smart card. Long story short I have the EVP_PKEY object with me. Can I use this to sign a certificate or some file which can be used for SSL client verification. On Wednesday, 22 July 2015 11:52 AM, Erwann Abalea erwann.aba...@opentrust.com wrote: Bonjour, An X.509 certificate is: Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING } What you produced with « openssl rsautl -sign » is the content of the « signatureValue » element (not its BIT STRING structure, only the inner content). What is missing is all the rest, and it can’t be produced by the sole « openssl x509 … » command. Please refine your question. Le 22 juil. 2015 à 11:17, Anirudh Raghunath anirudhraghun...@rocketmail.com mailto:anirudhraghun...@rocketmail.com a écrit : Hello, I have used rsault -sign option to sign a text file which gives me a binary file. I would like to convert this to X509 so that I can use it in a ssl handshake. I understand the command: openssl x509 -inform format -in certfile -out cert.pem is used. I want to know what the parameters would be for a binary input file. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Converting Bin format to X509 format
Long response short, yes, you can. Prepare and fill in your X509 object, perform the signature with your EVP_PKEY private key, format the resulting signature into a BIT STRING, place this BIT STRING into your previous X509 object, complete it with the AlgorithmIdentifier you choose when signing (it should already have been set in the TBSCertificate structure, just copy it from there). The resulting X.509 certificate can be used for anything and is not limited for a SSL client verification usage. In the previous paragraph, I assume your smart card contains the CA private key, and you want to sign certificates (either subCA or subscriber, it doesn’t matter). That’s how I understood your question. If you want to do all this using only openssl CLI, that’s doable with a specially crafted config file declaring your engine and its parameters. Cordialement, Erwann Abalea Le 22 juil. 2015 à 11:57, Anirudh Raghunath anirudhraghun...@rocketmail.com a écrit : Thanks for the quick response. I am currently working with smart cards and am using the engine provided by openSC to access the private key in the smart card. Long story short I have the EVP_PKEY object with me. Can I use this to sign a certificate or some file which can be used for SSL client verification. Merci On Wednesday, 22 July 2015 11:52 AM, Erwann Abalea erwann.aba...@opentrust.com wrote: Bonjour, An X.509 certificate is: Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING } What you produced with « openssl rsautl -sign » is the content of the « signatureValue » element (not its BIT STRING structure, only the inner content). What is missing is all the rest, and it can’t be produced by the sole « openssl x509 … » command. Please refine your question. Cordialement, Erwann Abalea Le 22 juil. 2015 à 11:17, Anirudh Raghunath anirudhraghun...@rocketmail.com mailto:anirudhraghun...@rocketmail.com a écrit : Hello, I have used rsault -sign option to sign a text file which gives me a binary file. I would like to convert this to X509 so that I can use it in a ssl handshake. I understand the command: openssl x509 -inform format -in certfile -out cert.pem is used. I want to know what the parameters would be for a binary input file. Thanks in advance. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Warnings Compiling openssl 1.0.2d
On 22/07/2015 01:27, Jeffrey Walton wrote: Like I said, its learning to play well with your tools :) Well I think what your saying is that we should play well with other people's tools! My tools (and presumably the rest of the dev team's as well) don't report this warning. Ah, OK. So its being reported in GCC 5.1 via -Wmaybe-unitialized (I suspect). That may point to an issue in OpenSSL's engineering process. There may be a gap because no one is running, say Fedora 22 or Debian 8 (I think Debian 8 provides GCC 5.1). F.Y.I. Debian 8 (Jessie) uses GCC 4.9.2 Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Warnings Compiling openssl 1.0.2d
On 22/07/2015 01:21, Jeffrey Walton wrote: For the stragglers, I don't think its a stretch to ask C99 in 2015. Visual Studio is often used on Windows, and it is not C99. Oh my, I was not aware it was still struggling for C99 :) I guess Microsoft is still putting their energies into the one-size, tablet interface known as Windows 8, fits all, even on desktops without a touchscreen. On the good side, MSVC does not need to be 100% compliant. It just needs to support initialization at time of declaration. That particular feature works. Isn't that a C89 (or maybe even KR) feature? There is another problem though: Blindly initializing every variable with dummy values (because the correct value comes from one or more if() branches), only achieves two things, both bad: - It hides correct warnings in case one of those if() branches forgets to set the variable, before it is read. - It potentially confuses less-than-halting-problem- solving optimizers to needlessly generate code that allocates and initializes the variable because they cannot detect (within their compile time resource limits) that the dummy value is (hopefully) never used. The second problem is almost guaranteed to happen on any compiler/option combination that would otherwise falsely warn about the variable being maybe- uninitialized. This is because most compilers generate that warning as a side effect of the optimizer trying to figure out if the garbage or dummy value will be used by the code. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Sending files in SSL communication
But there is a way in which the server sends a test( for example a random number) and the client signs it with his private key right? It's called mutual (or client-side) authentication and is part of the TLS protocol. The client must have an X.509-style certificate. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Warnings Compiling openssl 1.0.2d
On 22/07/2015 13:14, Jeffrey Walton wrote: On Wed, Jul 22, 2015 at 6:40 AM, Jakob Bohm jb-open...@wisemo.com wrote: On 22/07/2015 01:21, Jeffrey Walton wrote: For the stragglers, I don't think its a stretch to ask C99 in 2015. Visual Studio is often used on Windows, and it is not C99. Oh my, I was not aware it was still struggling for C99 :) I guess Microsoft is still putting their energies into the one-size, tablet interface known as Windows 8, fits all, even on desktops without a touchscreen. On the good side, MSVC does not need to be 100% compliant. It just needs to support initialization at time of declaration. That particular feature works. Isn't that a C89 (or maybe even KR) feature? I thought that was C99. I think Ben Laurie even corrected me with some OpenSSL sample code because I initialized a variable without using -std=c99. There is a C99 feature backported from C++: Allow declarations after/between statements, thus allowing unconditional initialization formulas to be used even if code is needed before them. E.g. int foo61(void) { int a = 1; int b = 5; do { a *= b; } while (--b); int c = a / 2; // C99/C++ only return c + 1; } There is another problem though: Blindly initializing every variable with dummy values (because the correct value comes from one or more if() branches), only achieves two things, both bad: - It hides correct warnings in case one of those if() branches forgets to set the variable, before it is read. - It potentially confuses less-than-halting-problem- solving optimizers to needlessly generate code that allocates and initializes the variable because they cannot detect (within their compile time resource limits) that the dummy value is (hopefully) never used. The second problem is almost guaranteed to happen on any compiler/option combination that would otherwise falsely warn about the variable being maybe- uninitialized. This is because most compilers generate that warning as a side effect of the optimizer trying to figure out if the garbage or dummy value will be used by the code. What, exactly is the problem? The program is in a known state. As far as I know, that's the best state to be in. In the first case, the program is in a wrong state, and no tool will tell you about it. Silently producing a wrong result is quite unpleasant. In the second case we have inefficient code. And if the compiler *can* detect the situation correctly, and the code *is* correct without the extra initialization, the compiler is likely to emit a warning that variable is assigned a value which is never used. So if the goal is to avoid warnings, you can't win anyway. If as in the case under discussion, the value is set and used only under a (common) condition, one may consider a structural change so the condition is checked only once, then move the variable inside that conditional block. On pipelined processors, this may even result in faster code, though it will be larger, this however depends on a closer analysis of the particular code. And that's why managed languages like Java and .Net are so popular. When a variable is declared, it gets placed in a known state immediately. It relieves the programmer of remembering pesky details like, remember to initialize your variables to a known state. But it also makes it harder to auto-detect bugs where a variable is left in that default state when it should have been in a different state. In fact for languages without implicit initialization, there are often debug tools that can set the variables to a known impossible value and report if those values are ever used. Typical choices include 0xBAADF00D (where 32 bit pointers are restricted to the range 0x1000 to 0x7fff) etc. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] BEAST and SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
On 22/07/2015 14:12, jonetsu wrote: Hello, Our Nessus version 6.4.1 is detecting a BEAST vulnerability against OpenSSL 1.0.1e. The source code defines SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS as 0x0800L and several tests are made for this value in the code. The CHANGES mentions though that this had some side effects, the option now being part of SSL_OP_ALL. It would look like, from the scan, that the fragments are not enabled by default, could it be ? Yep, for some silly reason, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS was/is included in the default value SSL_OP_ALL. This is in the same header as SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS. The proper solution, as just about everybody knows by now would have been to insert 1-byte fragments (known as the 1/n-1 solution) which some other SSL/TLS implementations do. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Regarding the security of the keys
On Tue, Jul 21, 2015 at 9:46 PM, Salz, Rich rs...@akamai.com wrote: Actually that isn't quite right. A properly configured and tuned RBAC policy, when combined with PaX, can very effectively limit all userspace activity (including root access!). How do you know that the module is installed and actually doing things? How do you know what kernel is actually booted? Of course you're right. One might also consider attack vectors from an unsecured BMC or the IME - they probably have undetectable DMA access to the host, after all. But that isn't the point ... steps can and should be taken to lock down the host operating system. It helps if you can also use a hardware security module to protect your key material. How do you know that the operations that YOU request are actually the ones being performed? How do you know that the operating system isn't making additional requests of its own? You have to trust root. No two ways about it. The first question has no bearing on the second statement. With or without grsecurity/selinux, you have no way to guarantee that the kernel is operating the way you expect it to at any given time. I suppose it boils down to the threat model. However, limiting root's power is a good idea, and grsecurity provides an excellent framework in which to do so. Caveat emptor. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Extended key usage keyAgreement bit in certificate
The following commit changed the behavior of checking the extended key usage bits in a server certificate when using X509_PURPOSE_SSL_SERVER: http://marc.info/?l=openssl-cvsm=132759007026375w=2 This commit was put into 1.0.2 on April 6, 2012. Therefore, 1.0.1 and 1.0.2 behave differently in this regard. When using 1.0.2, the server certificate needs to include the keyAgreement bit. Otherwise the client will reject the server certificate when checking the purpose (X509_PURPOSE_SSL_SERVER). Does this behavior in 1.0.2 comply with RFC 5246? Reading section 7.4.2 on pages 47/48, the server certificate should include the keyAgreement bit when using DH key exchange cipher suites. The wording on page 48 is: DH_DSS Diffie-Hellman public key; the keyAgreement bit DH_RSA MUST be set if the key usage extension is present. Given there's no other mention of using the keyAgreement bit in RFC 5246, does this imply the keyAgreement bit doesn't need to be set when not using a DH cipher suite? Given the commit noted above will always check the keyAgreement bit, and the logic in v3_purp.c is unaware of the negotiated cipher suite, would this be considered a bug? If not, would it be appropriate to back-port this commit to 1.0.1 so that we would have consistent behavior between 1.0.1 and 1.0.2? ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] BEAST and SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
Hello, Our Nessus version 6.4.1 is detecting a BEAST vulnerability against OpenSSL 1.0.1e. The source code defines SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS as 0x0800L and several tests are made for this value in the code. The CHANGES mentions though that this had some side effects, the option now being part of SSL_OP_ALL. It would look like, from the scan, that the fragments are not enabled by default, could it be ? Thanks. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users