Re: openssl 1.0.1e Signature verification problems
Hi Steve, I have compiled openssl with -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS options. My kernel is OCF enabled. Below is the output of the command openssl asn1parse -genstr OID:sha1WithRSAEncryption # openssl asn1parse -genstr OID:sha1WithRSAEncryption 0:d=0 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption Thanks, Anand - Original Message - From: Dr. Stephen Henson st...@openssl.org To: openssl-users@openssl.org Cc: Sent: Thursday, June 20, 2013 4:52 PM Subject: Re: openssl 1.0.1e Signature verification problems On Thu, Jun 20, 2013, anand rao wrote: The output of command openssl asn1parse -i -in cacert.pem is 0:d=0 hl=4 l= 872 cons: SEQUENCE 4:d=1 hl=4 l= 729 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 9 prim: INTEGER :D46F3D4EDCA8F780 24:d=2 hl=2 l= 5 cons: SEQUENCE 26:d=3 hl=2 l= 1 prim: OBJECT :itu-t 29:d=3 hl=2 l= 0 prim: NULL That looks rather broken. Is this an unmodified version of OpenSSL? What happens if you do: openssl asn1parse -genstr OID:sha1WithRSAEncryption Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl 1.0.1e Signature verification problems
prim: OBJECT :itu-t 742:d=2 hl=2 l= 0 prim: NULL 744:d=1 hl=3 l= 129 prim: BIT STRING Thanks, Anand - Original Message - From: Wim Lewis w...@omnigroup.com To: openssl-users@openssl.org Cc: Sent: Tuesday, June 18, 2013 11:33 PM Subject: Re: openssl 1.0.1e Signature verification problems On 14 Jun 2013, at 6:09 AM, anand rao wrote: I am using openssl 1.0.1e to create a CA and generate certificates. I am facing an issue while generating the device certificates. After creating the ca certificate using below command # openssl req -x509 -new -newkey rsa:1024 -keyout private/cakey.pem -days 3650 -out cacert.pem when we try to display the contents the signature algorithm is shown as itu-t instead of sha1WithRSAEncryption #openssl x509 -in cacert.pem -noout -text Certificate: [...] Signature Algorithm: itu-t That certainly looks wrong to me. What do you get if you run openssl asn1parse -i -in cacert.pem ? __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
openssl 1.0.1e Signature verification problems
Hi, I am using openssl 1.0.1e to create a CA and generate certificates. I am facing an issue while generating the device certificates. After creating the ca certificate using below command # openssl req -x509 -new -newkey rsa:1024 -keyout private/cakey.pem -days 3650 -out cacert.pem when we try to display the contents the signature algorithm is shown as itu-t instead of sha1WithRSAEncryption #openssl x509 -in cacert.pem -noout -text Certificate: Data: Version: 3 (0x2) Serial Number: 96:15:a3:26:59:5f:46:1d Signature Algorithm: itu-t Issuer: C=US, ST=LA, L=CA, O=Internet Widgits Pty Ltd, OU=crop, CN=GWCA/subjectAltName=DNS:www.evmweb.com Validity Not Before: Jun 14 12:08:24 2013 GMT Not After : Jun 12 12:08:24 2023 GMT Subject: C=US, ST=LA, L=CA, O=Internet Widgits Pty Ltd, OU=crop, CN=GWCA/subjectAltName=DNS:www.evmweb.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:c1:73:b4:37:ed:d1:1f:fb:bf:63:b0:8a:91:82: a8:f0:83:4d:5a:32:9b:5d:bc:23:06:3f:d4:fc:77: cf:83:0f:ab:ac:35:46:98:02:e5:a3:cc:89:30:34: 05:3f:80:ad:33:ae:dc:7e:57:60:e2:02:d6:c9:6b: b8:76:f7:56:e6:0f:44:c4:71:3a:cf:e1:59:8e:b4: 4b:6a:4a:de:59:25:4d:58:74:f0:82:27:0e:35:34: 72:86:9e:7c:a3:c8:cb:ba:55:8f:d5:8f:2f:cd:a0: 1f:e8:89:7c:74:0e:92:a0:de:72:d1:33:96:41:42: bc:44:d0:20:29:cf:7b:2c:a7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: C3:92:EF:07:DE:25:21:48:F4:51:2B:38:C8:DE:56:D0:14:8E:CD:0A X509v3 Authority Key Identifier: keyid:C3:92:EF:07:DE:25:21:48:F4:51:2B:38:C8:DE:56:D0:14:8E:CD:0A DirName:/C=US/ST=LA/L=CA/O=Internet Widgits Pty Ltd/OU=crop/CN=GWCA/subjectAltName=DNS:www.evmweb.com serial:96:15:A3:26:59:5F:46:1D X509v3 Basic Constraints: CA:TRUE Signature Algorithm: itu-t a0:0e:98:f2:46:4e:0e:b5:d9:ff:f2:e5:57:24:d2:81:66:2e: 4a:2b:3c:f6:02:48:4a:37:d8:4d:d9:70:b2:01:43:f4:71:fc: 92:27:a9:d0:0b:9f:1a:c2:b7:54:3e:67:f3:0e:71:76:15:c0: c2:0f:b7:3a:13:de:93:4e:42:27:f9:5a:bb:d9:9e:e8:19:55: 88:7e:4b:d6:3a:b7:2d:46:3f:79:13:f4:c7:da:59:37:95:ef: 15:47:91:2a:32:4d:0d:ba:6f:a6:13:c3:57:87:ac:70:53:98: 41:11:8d:ee:af:3d:46:d1:48:bb:f7:de:5d:00:a4:f1:59:c2: 0c:56 when we try to sign a device certificate I am getting below error. # openssl ca -policy policy_anything -out certs/evm1gwcert.pem -infiles evm1gwCSR.pem Using configuration from /etc/ssl/openssl.cnf Enter pass phrase for /etc/ssl/private/cakey.pem: Check that the request matches the signature Signature verification problems.. This was not observed in previous versions. When I tried to change default_md to sha1 in openssl.cnf it doesn't had any effect. Please suggest if we need to configure anything in particular in openssl.cnf or is it a bug. Thanks, Anand __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
error 7 at 0 depth lookup:certificate signature failure
Hi, I was testing OpenSSL 0.9.6a on a Solaris 8 test machine. Everything went fine but when i tried to self-sign the CSR, i get the following error. error 7 at 0 depth lookup:certificate signature failure Could you kindly help us with this ? Thanks in anticipation anand rao begin:vcard n:Rao;P. Anand tel;fax:+91 80 2296172 tel;work:+91 80 2296236 Extn : 1075 x-mozilla-html:TRUE org:Oracle Solution Services India;Technical Solutions Practice - Technical Architecture version:2.1 email;internet:[EMAIL PROTECTED] title:Senior Consultant adr;quoted-printable:;;3/4, II FLoor, Maruthi Towers,=0D=0AHosur Road,=0D=0AMadiwala;Bangalore;Karnataka;560068;India fn:P. Anand Rao end:vcard
