From my blog, at
https://www.ibm.com/developerworks/mydeveloperworks/blogs/soma/entry/a_pki_in_a_web_page10
I'm making available my small set of web pages and Perl script that
implement a self-service PKI built around OpenSSL. The Perl script and
config are under 250 lines and the couple of
Isn't SSL/TLS part of javax.security? At any rate, this is not a good
place for Java questions...
The IBM keyman program (google search...) seems to have better support for
some standard formats than the standard keytool does.
/r$
--
STSM, Senior Security Architect
SOA Appliances
Does anybody know how hard it is to make OpenSSL play nice with
Window's CryptoAPI?
We exchange signed and/or encrypt content with MS-based applications all
the time. As long as you stick to standard formats (SSL, PKCS#7, XML
Encryption, etc) it's not a big deal. I vaguely recall that we
I am using keytool command to generate the certificates, currently i
am using RSA algorithm.
We are planning to change this to AES
You can't do that. (Well, actually, you can, but it means that anyone who
can verify the certificate can also generate their own counterfeit that is
impossible
The other alternative is that you're not very good at reading it. :)
/r$
--
SOA Appliances
Application Integration Middleware
__
OpenSSL Project http://www.openssl.org
User Support
There are many funny licensing clauses that appear nonsensical to the
layman but are perfectly logical. The SSLeay and OpenSSL license is
an extremely sloppy and poorly defined document because the people
who wrote it were under the misguided assumption that good legal
documentation is
My inclination is to believe a vendor when they say things like it's XXX
version n, with all known vulnerability fixes thru version n+m
Vendors often do this kind of thing, for the same reason you don't want to
upgrade RHEL installations.
/r$
--
SOA Appliances
Application Integration
Can a certificate repository freely convert between PEM and DER formats?
Yes, they are simple transcriptions, so something else is going on.
/r$
--
SOA Appliances
Application Integration Middleware
__
OpenSSL
You'd also need to identify that second CA. Verifying that internal
(second) signature would be tricky since you'd have to remove the
extension (tweak the DER length fields, etc) before hashing. And then
there's all the complexity of checking for revocation from the second CA.
(Which,
PKCS12 is a data format. It's usually password-protected, and is designed
to bundle together a private key with one or more certificates. Openssl
includes tools (programs and API's) to parse and generate PKCS12.
Once you've extracted the cert, you can parse it, and add an extension. To
sign
ensures me that the data is safely stored, as the certificate, and
therefore
also my additional data, can only be opened when the password is known.
If this is all you want to do, a cryptographic beginner such as yourself
will probably find it easier to use something like the GNU Privacy
The SSL records include a message digest (MAC) of the application data
within the record. If you remove the application data, the SSL record is
no longer valid.
If you think about it, this is obvious. SSL guarantees the integrity of
the application data. If someone modifies or removes the
[EMAIL PROTECTED],CN=Test CN,OU=Test Unit, O=Very very very
long+O=Organization name,C=LT
Are you sure that the schema allows for multiple values for the O RDN? I
know multiple OU RDN's are allowed; you might look at the config docs to
see how that's set up.
/r$
--
SOA Appliances
Ok, what I meant is I will be removing the SSL record along with the app
data!!
So this should be fine right?
Then SSL will notice that records have been removed. Since records can
contain application data, and SSL guarantees the integrity of the
application bytestream, *ANY* attempt by an
There is no pre-existing way to write out all the SSL state so that
another process can reconstruct it.
I would do it this way; when a connection comes in, spawn stunnel to
handle the SSL with a pipe() back to the dispatcher. Use raw read on the
pipe; when it's time to spawn a client, hand
SSL is designed for private reliable bytestream between two parties.
Without looking at the spec, I can't say for certain, but I would be
*very* surprised if you can slice out any part of the SSL traffic and
not have generate an error.
Read the SSL/TLS spec.
/r$
--
SOA Appliances
So in a crux, what can I do to ensure that openssl does not read app
data
pkts
at all..
Nothing. You have no guarantee how many bytes the kernel's read() will
hand back up to you.
You will have to severely hack on your kernel and networking
implementation to make this happen.
You might
select() has a limit on how big the descriptors can be, otherwise it
crashes.
/r$
--
SOA Appliances
Application Integration Middleware
__
OpenSSL Project http://www.openssl.org
User
You may look at poll() and epoll() as alternative event wake mechanisms
for IO with large numbers of fds in the working set.
Yes. Either rebuild your entire system and fix this value:
/usr/include/bits/typesizes.h:#define __FD_SETSIZE1024
or use poll.
You'll probably find
Thus, if
you are selling to an entity that requires FIPS, all OpenSSL (and
other encryption) libraries must be put into FIPS mode, or FIPS is not
satisfied and thus the application is not FIPS compliant.
As of Wednesday, June 21, the FIPS certification for OpenSSL has been
withdrawn; see
bob got one private key and a public key, both keys can encrypt any
data but only the private key (that is kept secret ) can decrypt the
data , right ?
No.
What can be encrypted with one key can only be decrypted with the other.
This is a one-to-one concept; the public and private key come
Same thing, no guarantee about what an actual future operation will
do. By
would not block, they mean a hypothetical operation taking place at
the
time the indication is given to you.
No. That's stupid. It's useless. By 'would not block' they mean 'if
nobody else messes with the
David,
Please post a link to a manpage or other documentation that justifies your
description of select.
Your stat analogy is incomplete; stat returns the true file size, in the
absence of other external factors, such as another process (or thread)
doing something. Select makes the same
I'm attaching a shar file file of the scripts I've used a couple of
times.
It would help to acdtually do the attachment...
/r$
--
SOA Appliances
Application Integration Middleware
scripts.shar
Description: Binary data
- Am I correct that the only way to do this is to put the various
values into openssl.cfg? Or is there a way to pass them on the
command line?
You can use the ENV:: construct to read them from the environment.
- If I have to use the config file, is there any way to specify
Can this be done with out having to make a new private
key? Or am I just barking up the wrong tree?
Absolutely not.
It's like saying, can I make a two-digit number into a three-digit number.
(You could add leading zero's, but that misses the whole point.)
/r$
--
SOA Appliances
in this server i fork to use a independent exec. directly after the
exec in the child i call exit(0), but then the SSL connection which
is an exact copy of the parent gets also deinitialized. in this case
even my server crashes because the TCP port is not available then.
Call _exit, not
You must generate new private key (longer) for CA
and self certify. Next you should publish your new
CA certificate.
As a transition aide, you might want to have your old root also sign the
new CA key.
/r$
--
SOA Appliances
Application Integration Middleware
Look at the end of section 4.1.1 for the details of target cert
identifier
/r$
--
SOA Appliances
Application Integration Middleware
__
OpenSSL Project http://www.openssl.org
User Support
1. Why OCSP_cert_to_id requires two certificates? Basically it should
require only the certificate to be checked to construct an OCSP
request, right?
Perhaps you should read the OCSP RFC.
/r$
--
SOA Appliances
Application Integration Middleware
but seems like that i am to stupid to write my own server...
can someone give me an example?
Have you looked at apps/s_server.c ?
--
SOA Appliances
Application Integration Middleware
__
OpenSSL Project
Did you look in the apps sub-directory? In particular, the code for
s_client.
/r$
--
SOA Appliances
Application Integration Middleware
__
OpenSSL Project http://www.openssl.org
User
Wow a 512 bit key! Really unwise.
Ture.
You did not mention the
X509v3 Subject Alternative Name:
DNS:helpdesk.cis.uab.edu
When this is present the CN is ignored.
Really? That seems like a bug. There's a reason why it's called
subjectAlternativeName, and not
Here we go: RFC 2818 section 3.1:
You rock.
/r$
--
SOA Appliances
Application Integration Middleware
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
What will prevent somebody from stealing my cert and
going around pretending to be me?
Okay, if you're Susan, this this blob: xx
Without your *private* key, they cannot do that. Therefore, they cannot
pretend to be you. If they did, it be like accepting a passport or
driver's license
What will prevent somebody from stealing my cert and
going around pretending to be me?
Okay, if you're Susan, this this blob: xx
Sign. The challenge is sign this blob
Without your *private* key, they cannot do that. Therefore, they cannot
pretend to be you. If they did,
I didn't want to get involved in a licensing discussion here, but there
are some factual errors about early history that should be corrected.
The original 'advertising clause' was from the UCal Regents, not FreeBSD
organization et al. They were worried about their name being used
First of all I assume that we are talking about FIPS 140-2 [or 3 but
that's not mandatory anywhere yet].
Mandatory? 140-3 isn't even issued yet. :)
/r$
--
SOA Appliances
Application Integration Middleware
__
It seems to me that the question is this: can an application use two
FIPS-certified toolkits at the same time? For example, a FIPS certified
device for doing private key operations, and FIPS software for doing
symmetric key operations. The answer is yes. (There will be issues and
I'm fairly sure the BITSTRING datatype for signatures was chosen by the
PKCS working group, which at the time was a mostly self-selected group of
experts organized by RSA. It certainly wasn't chosen by IETF. The X509v3
extension format was chosen by the X.509 group of ITU/ISO.
Hindsight's
One of our customers is using a certificate from globalsign.
They use three root certificate's in the chain.
A definition of root certificate is that nobody in the chain comes after
it. So you don't mean three root certificates, but perhaps three
intermediates or two intermediates and a
The part about the PRNG is in question? How did people pre-OpenSSL FIPs
get
validated when they used OpenSSL? Did they have to modify the OpenSSL
code
and add their own PRNG that would pass?
Are there any FIPS certified apps that use openssl?
If there are any, the short answer is that yes,
You are mistaken. OpenSSL does not use BSafe.
/r$
--
SOA Appliance Group
IBM Application Integration Middleware
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
If you want to know how if MySQL can use OpenSSL, it probably makes more
sense to ask MySQL folks.
/r$
--
SOA Appliance Group
IBM Application Integration Middleware
__
OpenSSL Project
let's see... you're talking about the authorityKeyIdentifier? I
thought that that went up 2 steps up the tree and then gave a serial
number of cert issued by that CA.
No, it identifies the key that is signing the actual cert (or CRL). A CA's
subject key identifier (SKI) gets populated as the
sockaddr* peername = NULL;
int namelen;
getpeername(buffer, peername, namelen);
Just like namelen, you have to allocate space:
sockaddr peername
namelen = sizeof peername;;
getpeername(buffer, perrname, namelen);
--
SOA Appliance Group
IBM
Because the software has to build on so many platforms, config,
Configure, do_nasm, do_masm, and so on have to copy files into the
build directory as appropriate, and modify the makefile as
appropriate.
No, that's just the way it's done. There is actually no requirement that
a build/port
The high medium and low are arbitrary terms, and date back to then the US
had stricter export controls on cryptography.
Ignore them.
/r$
--
SOA Appliance Group
IBM Application Integration Middleware
__
OpenSSL
The openssl ciphers command shows the text format of the cipher suites
supported Allow you users to choose from (a subset of) that list, and
set the env var or config param appropriately. Like PATH, it's a
colon-separated list in order of priority.
/r$
--
SOA Appliance Group
IBM
The docs are outdated. AES is strong.
--
SOA Appliance Group
IBM Application Integration Middleware
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
It is more likely that you are wrong, and that Apache is not wrong, even
in windows.
Can you do telnet {yourhost} 443 and see if you get a connection?
Review your Apache configuration files -- did you set up a duplicate
server on port 443?
/r$
--
SOA Appliance Group
IBM Application
if i protect the RSA private key with a password:
is this function part of the RSA algorithm?
No. The RSA algorithm only case about (i.e., uses) the key itself.
how validate the private key if the password is correct?
Most key-wrapping mechanisms have some (minimal) error checking
How can I encrypt a large file (like 100mb) with a public key so
that no one other than who has the private key be able to decrypt it?
Encrypt it using a strong symmetric key (such as AES) and use RSA to
encrypt *that* key.
This is the way everyone does it.
/r$
--
SOA Appliance
Now i've desided to write a new application instead of using an
existing protocol.But I'm a fresh men here, so not very clear with
what should i do first,would you please give me some advices about this
?
If you don't know what you are doing, re-use an existing protocol. If you
insist on
Can anybody throw some light in this issue? In particular, how can
one draw a meaningful SSL performance comparison accross
implementations?
Figure out what your typical load is like and benchmark that. For
example, 10,000 different clients connecting twice a day, and doing a
couple-dozen
55 matches
Mail list logo