How to compute all attributes of RSA private key from modulus and private exponent?
Hello Ihave got one question: Does exist some way how to compute all attributes of private key from modulus and private exponent? I think as public exponent, prime1, prime2, exp1, exp2... Thanks -- View this message in context: http://www.nabble.com/How-to-compute-all-attributes-of-RSA-private-key-from-modulus-and-private-exponent--tp19063579p19063579.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
PKCS8 private key in openss;
Hello I have such problem. I generated private key(RSA1024) through openssl and now I want to load it via BC in java or through Crypto ++. But It seems that here is some incompatibility. I don't know to parse PKCS8 format from openssl through JAVA and vice-versa. What format is used in openssl. Because for example I see public exponent 10001 in openssl private key but not in JAVA PKCS8 file. I have onemore question: Does exist some way how to reconstruct public key from private key inthis standard or nor ? Where is problem? Thanks -- View this message in context: http://www.nabble.com/PKCS8-private-key-in-openss--tf4897741.html#a14027434 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Compatibility between Java crypto and open ssl
Hello I have some question about compatibility between java crypto and openssl library. This is my case: 1.I created DESede key and stored it to file: {code} SecretKey key = KeyGenerator.getInstance(TripleDES).generateKey(); File f = new File(c:\\key.dat); DataOutputStream dos =new DataOutputStream(new FileOutputStream(f)); dos.write(key.getEncoded()); dos.close(); {code} 2.I encrypt some file c:\\normal.dat through: {code} ecipher.init(Cipher.ENCRYPT_MODE, key); byte[] enc = ecipher.doFinal(normalData);//normalData- loaded file File f2 = new File(c:\\enc.dat); DataOutputStream dos2 =new DataOutputStream(new FileOutputStream(f2)); dos2.write(enc); dos2.close(); {code} 3.I encrypted normal data file in openssl through: openssl.exe enc -des3 -in c:\normal.dat -out c:\enc2.dat -pass file:c:\key.dat -nosalt I tried other algoritm too as(des-ede,des-ede3..) but I got not equal files as enc.dat and enc2.dat. I used same key in both cases. Does exist some compatibility between encryption algorithms in java and openssl or not? I'm interested especially in tripledes. These functionality(encryption,decryption) will be used by any applications developmented in C++, JAVA and VB. I need some compatibilited des3 algorithm. Can somebody help me ? Thanks -- View this message in context: http://www.nabble.com/Compatibility-between-Java-crypto-and-open-ssl-tf4611666.html#a13169808 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
What meams first byte '04' in EC public key?
Hello everybody I created EC keypair via JAVA with secp160r2 template. When I looked at text form of public key, I saw there this: 04666d59b1fb53c1c998c12c71731d3a36a37cd995cadeee96c156c8d7c7852b39b5fefd1fa3ce18c7 I know that last 40 bytes present x and y number of ec point but I don't know what means first byte 04. It's some compresion or what ? Does exist some rule for generating of this byte or it's constant value ?. In Java I created public key that menas I know ec point(x and y) and now I need to construct this array of 41 bytes Can somebody help me ? Thanks -- View this message in context: http://www.nabble.com/What-meams-first-byte-%2704%27-in-EC-public-key--tf4532762.html#a12935481 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
EC public key info
Hello everybody I have some questions. I create ec key pair with secp160r2 curve and I need to achieve information from public key in der format as: EC Public Key: pub: 04:66:6d:59:b1:fb:53:c1:c9:98:c1:2c:71:73:1d: 3a:36:a3:7c:d9:95:ca:de:ee:96:c1:56:c8:d7:c7: 85:2b:39:b5:fe:fd:1f:a3:ce:18:c7 ASN1 OID: secp160r2 What is the meaning of the section pub. It si modulus or not ? If true how can I construct this section. I read that public key has more parameters as curve,ECPoint and another. How can I separate section ASN1 OID: secp160r2 ? Thanks -- View this message in context: http://www.nabble.com/EC-public-key-info-tf4248133.html#a12089620 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
not exact key size
Hello I have question. I tried generate public key via openssl (RSA,1024) and I always got 162B large file. Now I want to generate public key via JAVA Cryptography library. I'm repeatedly generating public. For example I created RSA keys with 1024 bit length, but sometimes I got 162B large file and another time 161B large file with public key . I read in some document that the large of RSA public key with 1024bit modulus must be 162 B. Can somebody explain me what is wrong. Thanks -- View this message in context: http://www.nabble.com/not-exact-key-size-tf4241505.html#a12069039 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: DES3 encryption
Hello everybody, My question is: I want to use triple DEC encryption method in my application. But I don't know which library can I use. My application is developed in VB6 a I need to encrypt and decrypt password for login to this application. I'm looking at function: void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, long length, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec, int enc) but I dont understand this what are ks1,ks2 and ks2. Can somebody help me to explain how to proceed to encrypt/decrypt my password with some key ? I need to achieve the result as by command line: openssl enc -des3 -in pass.dec -out pass.enc -pass pass: Thanks __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/DES3-encryption-tf3656082.html#a10407707 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: DES3 encryption
Hello I have question: Does somebody know how can I derive ks1,ks2 and ks3 shedules from password entered by command line: openssl enc -des3 -in pass.dec -out pass.enc -pass file:password.txt What's name is of cryptography library what openssl works with? Thanks -- View this message in context: http://www.nabble.com/DES3-encryption-tf3656082.html#a10412977 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Verification problem
Hello everybody Is possible to set up openssl application for verify command in order to checking all relevant CRLs in verification chain ? Because I find that the CRL checking is exercised only at the lowest level, that means 0 depth in verification level. Thanks -- View this message in context: http://www.nabble.com/Verification-problem-tf3714215.html#a10389714 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Generate same private key
Hello everybody My question: Is possible to generate or recovery the same private key from my own ini keys(for example some seeds files) via openssl. I think of recovery of missed private key. I will have some initialization keys(e.g 3 rand-files for generator) and through the use of them I will be able to generate equal private key. I tried it via command: but I got alway different results(private keys). Thanks -- View this message in context: http://www.nabble.com/Generate-same-private-key-tf3702184.html#a10352906 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Extract certigicate from pem file
Hello How can i extract some certificate from pem file. This file contains a number of certificates concatenaded together in pem format. Is possible extract only one certificate and save to new file? Does exists some option in openssl Thanks -- View this message in context: http://www.nabble.com/Extract-certigicate-from-pem-file-tf3702348.html#a10353391 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
How put issuerUniqueID into certificate?
Hello My question is: How can I put issuerUniqueId and subjectUniqueID into the certificate? It is extension or not ? Thanks -- View this message in context: http://www.nabble.com/How-put-issuerUniqueID-into-certificate--tf3702370.html#a10353456 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How put issuerUniqueID into certificate?
Hello I don't know but in the certificate structure I see this: issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version MUST be v2 or v3 subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version MUST be v2 or v3 but when i'm looking at my generated certificate i don't see any optional attributes of type :BIT STRING Regards Metalpalo -- View this message in context: http://www.nabble.com/How-put-issuerUniqueID-into-certificate--tf3702370.html#a10353651 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
How to extract public key from Certificate
Hello everybody, I have question, how can I extract public key from certificate file. It is possible via openssl. I found out only way of extracting from private key file but no from certificate. extracting from private key file: openssl rsa -in privatekey.pem -out publickey.pem -pubout Can somebody help me to resovle this problem Tahnks -- View this message in context: http://www.nabble.com/How-to-extract-public-key-from-Certificate-tf3701970.html#a10352332 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: missing zone in date
Hello And how to achieve that the GMT zone was correct. Because in the case of using parameter -enddate 491231235959+ or -enddate 491231235959+0100 the result is same Dec 31 23:59:59 2049 without GMT(word GMT is missed). In the case of using -days 365 the result: Apr 30 13:50:59 2008 GMT (word GMT is displayed in text format) Thanks -- View this message in context: http://www.nabble.com/missing-zone-in-date-tf3668193.html#a10252097 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
DES3 encryption
Hello everybody I need to use des3 encryption for my data but not via openssl but in my application in Visual C++. Can you tell, which library of openssl is used for des3 encryption and which function is used. I want to direct call some function in my application Thanks -- View this message in context: http://www.nabble.com/DES3-encryption-tf3656082.html#a10214343 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Length of public key
Hello everybody I have question I created the private key via openssl with length 2048b = 256B , but when I'm looking for the public key, I see that the length of public key is 256+1 bytes. Modulus (2048 bit): 00:b1:51:7f:e0:13:c2:e7:ca:44:50:54:ec:01:26: a1:8c:3c:bb:d1:70:bc:a6:0f:e3:4a:ae:f1:7e:75: 80:25:11:8e:78:4b:cd:5f:ac:55:17:4b:15:98:84: df:1d:de:b7:96:5d:cd:6b:c2:fd:71:92:80:6e:bb: 9b:89:46:ac:7f:c1:f2:64:63:20:da:fe:d9:bc:3e: ed:05:7d:1c:9e:52:1f:3f:21:07:a2:f1:62:f8:bb: ee:58:b6:66:2f:42:c9:ac:5c:31:06:20:69:da:61: c8:c6:14:ec:06:60:1e:c4:c7:f0:5f:8b:15:45:18: a9:f6:c4:cc:22:20:0b:c5:e7:21:10:c6:2a:fb:a3: 94:35:87:45:31:15:25:5f:b4:36:a2:0a:bd:01:c8: 0a:ff:83:31:76:4b:da:2e:1b:dc:94:0a:cf:38:27: c2:3f:d8:6e:09:9d:2c:0d:fe:90:18:de:74:dc:76: b6:62:96:e1:b4:33:86:e6:0b:22:8a:3b:44:92:39: 08:19:1a:1f:c0:da:c3:9a:30:98:0e:21:ee:e9:5b: 25:67:22:6c:d1:8a:73:33:b2:50:e1:22:91:89:7e: 5d:33:ba:05:fc:e6:7b:05:93:ed:b6:20:3e:04:76: 7c:32:64:45:37:b8:ee:29:84:41:d3:6b:af:25:40: 3b:e3 Can somebody explain to me ? Thanks -- View this message in context: http://www.nabble.com/Length-of-public-key-tf3650229.html#a10196140 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Extract extension from certificate
Hello everbody I have two questions. First: I created certificate with extension a I need to extract these extension(for example) from certificate. Does exist something similar as extracting of the serial number by command: openssl.exe x509 -in %CERT_SUB_HE% -serial -noout . Second: I need to create own extensions for storing some data(for example ID of other CA workstation) for own purpose. Where I find the list of registered OID extesions or does exist something such as. Thanks -- View this message in context: http://www.nabble.com/Extract-extension-from-certificate-tf3639055.html#a10162263 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
NO crl checking in whole chain
Hello everybody I have such a problem. I created following certificate for ROOT CA, then for subordinary CA and at the end certificate too for end entity. Then I concated CAs certificate and relevant CRLs(empty for this time) into one files CertsAndCrls.pem and i tried verify end-entity certificate(testcert.crt) in subordinary CA with result O:OK. - its OK for verification Im using command openssl verify -CAFile CertsAndCrls.pem -crl_check testcert.crt When I revoke end-entity certificate by subordinary and regenerate the CAFile the result is :error 23 at 0 depth certificate revoked, what I expect. But when I revoke subordinary CA by Root Ca and I again verify end entity,the result is O:ok but I expect some error as error 23 at 1 depth certificate revoked. I don't know whether the OPENSSL performs the CRL checking in whole chain. Can somebody help me mail [EMAIL PROTECTED] Thanks But when I want to revoked the certificate Next I concated These certificate and crls intoone file for verification via openssl. Now I want to verify end entity cetificate b -- View this message in context: http://www.nabble.com/NO-crl-checking-in-whole-chain-tf3607000.html#a10077334 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: NO crl checking in whole chain
Does exist some option in configuration file for switch to CRL checking in whole chain? I need to achieve that for all certificate in chain the own CRLs will be checked. I din't find this option. Thanks -- View this message in context: http://www.nabble.com/NO-crl-checking-in-whole-chain-tf3607000.html#a10091548 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]