Re: [openssl-users] PEM_write_bio_RSAPrivateKey assure Randomness of PK
I thought the new openSSL did the pool hence why I started this post as I wanted to assure that use of the function is correct for key generation effect; then next step to figure out some entropy. thanks a whole bunch -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] PEM_write_bio_RSAPrivateKey assure Randomness of PK
Oh I am using openssl-1.0.2o just for development But I certainly will take a recommendation of version. Thats always appreciated. -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] PEM_write_bio_RSAPrivateKey assure Randomness of PK
Well what I was alluding to is this the correct use of the RAND_add function to seed the Key generation. Its a bit confusing certainly. I will use more than the UUID of the device but you have to have the device in hand to know that and know it came from a device. I certainly will use better than time and UUID, just need to know calling this seed of the rand function is the right thing to do to effect the Key generation? Then second all I need to do is solve the random seeding to be less than a toy input for entropy, this is just an example that I must use RAND_add So my correct usage of RAND_add validate? and second I will find a good input for it. Just let me know, thanks for taking the quick time to address this. Thanks -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] PEM_write_bio_RSAPrivateKey assure Randomness of PK
SO if I add this RAND usage below, em I seeding to assure a different RSA key pair each time run of creating a RSA pair. I would certainly replace the time with the UUID of the device to be unique to the device. You would have to acquire the device to know the seeding. Hey keep the Time one too. void init_openssl(void){ if (initialized!=0) return; initialized= 1; ERR_load_BIO_strings(); ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); unsigned long Time=(unsigned long)time(NULL); RAND_add(,sizeof(Time),0); //better than nothing for a starting point } -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] how to seed PRNG
Ya me too did you ever get the info on this? -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] PEM_write_bio_RSAPrivateKey assure Randomness of PK
My question is: I have this handy function to create a Private and Public key But what is the magic I put around it to make sure it is random not the same Private and Public key when I run this program each time? I am using openSSL on OSX and Android. I am not familiar with the random API seeding though I can pick the UUID of the device or whatever. * I am sure there is some standard call unless of course the Initialization of openSSL does the random seed nicely?* Thanks in advance. === /** * Compile for testmipluginSecurity.c * Self Testing * cc -o main -DTEST -Wno-deprecated-declarations main.c -lcrypto * Origin: r redpath * Project: wouldn't you like to know / #include #include #include #include #include #include #include #include #include #include #include #include /** #ifndef OPENSSL_NO_ENGINE #include #endif **/ void init_openssl(void){ ERR_load_BIO_strings(); ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); } / * Create Public and Private Key and return the PEMs as string data * origin: redpath PEM_write_bio_PUBKEY (Traditional PEM format). Notice BEGIN PUBLIC KEY PEM_write_bio_RSAPublicKey (PKCS PEM format). Notice BEGIN RSA PUBLIC KEY PEM_write_bio_PrivateKey (PEM). Notice BEGIN PRIVATE KEY PEM_write_bio_PKCS8PrivateKey (PEM). Notice BEGIN PRIVATE KEY PEM_write_bio_RSAPrivateKey (PEM). Notice BEGIN RSA PRIVATE KEY */ void createRSAkeyPair(char **private, char **public){ EVP_PKEY* evp= EVP_PKEY_new(); RSA *rsa= RSA_generate_key(2048,RSA_F4,NULL,NULL); intkeylen; char *pem_key; EVP_PKEY_assign_RSA(evp,rsa); BIO *bio = BIO_new(BIO_s_mem()); PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, NULL); keylen = BIO_pending(bio); pem_key = calloc(keylen+1, 1); /* Null-terminate */ BIO_read(bio, pem_key, keylen); *private = pem_key; BIO_free(bio); bio = BIO_new(BIO_s_mem()); //PEM_write_bio_RSAPublicKey(bio,rsa); // (PKCS PEM format). PEM_write_bio_PUBKEY(bio, evp); //(Traditional PEM format). keylen = BIO_pending(bio); pem_key = calloc(keylen+1, 1); /* Null-terminate */ BIO_read(bio, pem_key, keylen); *public = pem_key; BIO_free(bio); EVP_PKEY_free(evp); } #if defined TEST int main(int argc, char **argv){ unsigned char key[16]; unsigned char iv[16]; char *private, *public; X509 *x; char *pem; size_t g_length; init_openssl(); createRSAkeyPair(, ); printf("%s",private); printf("\n\n"); printf("%s",public); } #endif -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
RE: Adding a custom extension to a CSR
Sample abstract code, you should see this extension in your x509 when you use the openssl x509 -in mycsr -text You have to register an OID, I just picked one at random. os =ASN1_OCTET_STRING_new(); nid = OBJ_create(1.3.18.0.2.10.8, myalias, myaliasname); ASN1_OCTET_STRING_set(os, ABC test, 8); ret = X509_EXTENSION_create_by_NID( NULL, nid, 0, os ); X509_add_ext(x,ret,-1) hope this helps. -- View this message in context: http://openssl.6102.n7.nabble.com/Adding-a-custom-extension-to-a-CSR-tp47446p47514.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
openssl ca -revoke why need CA parm
I would like to know why the openssl CA command to revoke a cert (myfiletorevoke) needs the CA cert other than the cert I want to revoke. openssl ca -revoke myfiletorevoke -keyfile cakey -cert cacert -passin pass:CApass -config myconfig I noticed that the command does not modify the cert I want to revoke anyway, well at least the date stays the same and the -text shown is the same. -- View this message in context: http://openssl.6102.n7.nabble.com/openssl-ca-revoke-why-need-CA-parm-tp47060.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Concerning the ECDSA_sig size
I am glad someone is asking this question. I sign the same data with same private key and sometimes the signature is 63 and sometimes it is 64 but overall the verification works for each anyhow. -- View this message in context: http://openssl.6102.n7.nabble.com/Concerning-the-ECDSA-sig-size-tp46553p46559.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Is it Possible to revoke cert by Serial
Is it possible to revoke a cert by serial number? I see all revoke commands you must have the cert? I searched the form and this question is not answered. -- View this message in context: http://openssl.6102.n7.nabble.com/Is-it-Possible-to-revoke-cert-by-Serial-tp46381.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Is it Possible to revoke cert by Serial
Well what I was going to do is simply use the serial number for finding the file int the newscerts directory for the pem and issue the CA command with PEM. Since the backup of the signed certs is in the newcerts directory. I guess that would be appropriate. -- View this message in context: http://openssl.6102.n7.nabble.com/Is-it-Possible-to-revoke-cert-by-Serial-tp46381p46383.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Config file subjectAltName and This certificate is not valid (host name mismatch)
Thanks, decided to use one config file since I don't want to sync two different files and from the command line for certs I specify the Subj information and works fine creating a child of the CA with different CN. Got everything I needed for the host I was interesting in testing with. Subject: C=US, ST=North Carolina, O=IBM Corporation, CN=192.168.2.16 X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: OCSP Signing Netscape Cert Type: SSL Client, SSL Server -- View this message in context: http://openssl.6102.n7.nabble.com/Config-file-subjectAltName-and-This-certificate-is-not-valid-host-name-mismatch-tp46290p46372.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OCSPsigning added sets SSL client : No and SSL server: No
[ v3_req ] nsCertType = server,client basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = OCSPSigning I am trying to create SSL cert signed by the CA and want OCSPsigning extended key usage and it turns off SSL server and SSL client and of course Mozilla has an issue even though I have the nsCertType set. I have tried all sorts of things to sign the car openssl ca -out certout -in csr -batch -config myconfig -extensions v3_req -- View this message in context: http://openssl.6102.n7.nabble.com/OCSPsigning-added-sets-SSL-client-No-and-SSL-server-No-tp46313.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OCSPsigning added sets SSL client : No and SSL server: No
I sign the cert with a CA ca -out ibmCMSsslcert.pem -in ibmCMSssl.csr -config ibmcms.cnf -batch -cert ibmCAcert.pem -extensions v3_req The config has this *[ v3_req ]* basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment *extendedKeyUsage = OCSPSigning* nsCertType = server,client subjectAltName = @alt_names [alt_names] DNS.1 = *.ibm.com DNS.2 = 192.168.2.* IP.1 = 192.168.2.16 IP.2 = 127.0.0.1 *And the result is this for -text output of the cert* X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: OCSP Signing Netscape Cert Type: SSL Client, SSL Server X509v3 Subject Alternative Name: DNS:*.ibm.com, DNS:192.168.2.*, IP Address:192.168.2.16, IP Address:127.0.0.1 *But the -purpose says for the cert * Certificate purposes: SSL client : No SSL client CA : No SSL server : No SSL server CA : No Netscape SSL server : No Netscape SSL server CA : No *The server uses the SSL cert and Mozilla is fine with it. but why is the -purpose wrong now when I add the extendedKeyUsage = OCSPSigning* *removing this option in the extension produces a correct -purpose* Certificate purposes: SSL client : Yes SSL client CA : No SSL server : Yes SSL server CA : No Netscape SSL server : Yes Netscape SSL server CA : No The OCSP has an issue with it anyway 140735319386556:error:2706A067:OCSP routines:OCSP_CHECK_DELEGATED:missing ocspsigning usage:ocsp_vfy.c:354: 140735319386556:error:27069070:OCSP routines:OCSP_basic_verify:root ca not trusted:ocsp_vfy.c:152: -- View this message in context: http://openssl.6102.n7.nabble.com/OCSPsigning-added-sets-SSL-client-No-and-SSL-server-No-tp46313p46315.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Config file subjectAltName and This certificate is not valid (host name mismatch)
I have searched the forums for multiple hostnames and commonName. I cannot get created Certs that are signed by the CA to have a commonName supplied in the config instead of the command line. I also want them to have subjectAltName fields too. I have tried the Policy *match* and basically get errors for it to create certs. I am sure there is some tweak here and enclosed the config file. *I assume this would fix the * This certificate is not valid (host name mismatch) *Create the CA* openssl req -new -x509 -days 3650 -extensions v3_ca -keyout certprivkey.pem -out myCAcert.pem -config myconfig -batch -passout pass:CApassword *Make a cert and sign it with the CA for SSL usage.* openssl req -new -nodes -out my.csr -days 731 -keyout mykey.pem -batch -extensions v3_OCSP -config myconfig openssl ca -out *mycert.pem *-in my.csr -passin pass:CApassword -batch -extensions v3_OCSP -cert myCAcert.pem -config myconfig *I use the command * openssl x509 -in *mycert.pem* -text *To see the subject field which only shows* Subject: C=US, ST=North Carolina, O=IBM Corporation *and* X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: OCSP Signing *My sandbox Config file is below * HOME= . RANDFILE = $ENV::HOME/.rnd # Extra OBJECT IDENTIFIER info: #oid_file= $ENV::HOME/.oid oid_section= new_oids [ new_oids ] # We can add new OIDs in here for use by 'ca' and 'req'. # Add a simple OID like this: # testoid1=1.2.3.4 # Or use config file substitution like this: # testoid2=${testoid1}.5.6 [ ca ] default_ca= CA_default# The default ca section [ CA_default ] unique_subject = no #ibm added dir= /Library/Tomcat/ibmCA# Root where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir= $dir/crl # Where the issued crl are kept database = $dir/CRLindex.txt # Manifest database index file for CRL. new_certs_dir = $dir/newcerts # default place for new certs. certificate= $dir/ibmCAcert.pem # The CA certificate serial = $dir/serial # The current serial number crl= $dir/ibmCRL.pem # The current CRL private_key= $dir/private/ibmCAkey.pem # The CA private key RANDFILE = $dir/private/.rand # private random number file x509_extensions = usr_cert# The extentions to add to the cert # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs # so this is commented out by default to leave a V1 CRL. # crl_extensions = crl_ext default_days= 720 # how long to certify for default_crl_days= 720 # how long before next CRL default_md = sha1 # which md to use. preserve= no # keep passed DN ordering # A few difference way of specifying how similar the request should look # For type CA, the listed attributes must be the same, and the optional # and supplied fields are just that :-) policy = policy_match # For the CA policy *[ policy_match ]* countryName= match stateOrProvinceName= match organizationName = match organizationalUnitName = optional commonName = optional emailAddress = optional # For the 'anything' policy # At this point in time, you must list all acceptable 'object' # types. *[ policy_anything ]* countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = optional emailAddress = optional [ req ] default_bits= 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca# The extentions to add to the self signed cert *req_extensions = v3_req # The extensions to add to a certificate request * # Passwords for private keys if not present they will be prompted for # input_password = secret # output_password = secret # This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix: PrintableString, BMPString. # utf8only: only UTF8Strings. # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). # MASK: a literal mask value. # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings # so use this option with caution! string_mask = nombstr [ req_distinguished_name ] countryName
Re: OPENSSL Config file, OCSP_CHECK_DELEGATED:missing ocspsigning usage
I had thought that may have been the issue and it was thanks. The ca signing needed the option to copy. -- View this message in context: http://openssl.6102.n7.nabble.com/OPENSSL-Config-file-OCSP-CHECK-DELEGATED-missing-ocspsigning-usage-tp46275p46284.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Config file subjectAltName and This certificate is not valid (host name mismatch)
*If I specify the subject fields in the command line instead of the config file* openssl req -new -nodes -out my.csr -days 731 -keyout mykey.pem -batch -extensions v3_OCSP -config myconfig -subj /C=US/ST=North Carolina/L=RTP/O=IBM Corporation/CN=192.168.2.16 *I can get these fields in the Cert. Somehow I want to use the config file for creating certs that will be signed by the CA.* Certificate: Data: Version: 3 (0x2) Serial Number: 4096 (0x1000) Signature Algorithm: sha1WithRSAEncryption *Issuer: C=US, ST=North Carolina, O=IBM Corporation *Validity Not Before: Aug 22 16:57:44 2013 GMT Not After : Aug 12 16:57:44 2015 GMT *Subject: C=US, ST=North Carolina, O=IBM Corporation, CN=192.168.2.16 *Subject Public Key Info: *The issuer is correct our CA and the fake Subject material is correct. Or is this not possible form the config file?* -- View this message in context: http://openssl.6102.n7.nabble.com/Config-file-subjectAltName-and-This-certificate-is-not-valid-host-name-mismatch-tp46290p46299.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OPENSSL Config file, OCSP_CHECK_DELEGATED:missing ocspsigning usage
*openssl Configuration question:* I am using these command to create a CA signed cert. opensslreq-new-nodes-out my.csr -days 730 -keyout mykey.pem -batch*-extensions * v3_OCSP-config configname.cnf openssl ca -out *mycert.pem* -in my.csr -passin pass:password -config configname.cnf -batch -cert CAcert.pem *Then I use an OCSP to verify them of which those certs were created the same way and the CA is given to the OCSP.* openssl ocsp -CAfile CAcert.pem -issuer CAcert.pem -cert *mycert.pem* -url http://127.0.0.1:2560 -resp_text *Result* Response Verify Failure 140735319386556:error:2706A067:OCSP routines:OCSP_CHECK_DELEGATED:missing ocspsigning usage:ocsp_vfy.c:354: 140735319386556:error:27069070:OCSP routines:OCSP_basic_verify:root ca not trusted:ocsp_vfy.c:152: mycerm: good This Update: Aug 21 22:18:53 2013 GMT Next Update: Aug 21 22:23:53 2013 GMT *If I use the -noverify option* openssl ocsp -CAfile CAcert.pem -issuer CAcert.pem -cert mycert.pem -url http://127.0.0.1:2560 -resp_text *-*noverify *Result* mycert.pem: good This Update: Aug 21 22:18:28 2013 GMT Next Update: Aug 21 22:23:28 2013 GMT *My answer is good with no error when using the -noverify* *My config has this in it* *[ CA_default ]* unique_subject = no *[ v3_req ]* basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment *[ v3_OCSP ]* basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = OCSPSigning *I am sure there is something I am missing in the config or the command line creating the certs, I am using the -extensions option* -- View this message in context: http://openssl.6102.n7.nabble.com/OPENSSL-Config-file-OCSP-CHECK-DELEGATED-missing-ocspsigning-usage-tp46275.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: SSL certificate and CA signed and -purpose
What I meant by DSA (not to spell it out Digital Signature Algorithms) is that most of my work is using certs for signing data not creating an SSL cert and signing with a CA. Thanks a bunch for answering my question to 1) verify that the cert is signed by the CA I use this command openssl verify -CAfile $cacert rsapub.crt.pem 2) and this cert example is good for Apache SSL with the -purpose option shown that was used openssl x509 -in cerrtname.pem -noout -purpose (the -notext is a slip in the command shown geez) Certificate purposes: *SSL client : Yes* SSL client CA : No *SSL server : Yes* SSL server CA : No Netscape SSL server : Yes Netscape SSL server CA : No -- View this message in context: http://openssl.6102.n7.nabble.com/SSL-certificate-and-CA-signed-and-purpose-tp46222p46236.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
SSL certificate and CA signed and -purpose
I only deal with DSA processes so this is new to me and I have created a CA and want to create an SSL cert for a server (signed by the CA) and I am trying to understand the -purpose output for the result. Below is a simple test case of commands. mkdir demoCA mkdir demoCA/newcerts mkdir demoCA/private cd demoCA touch index.txt echo 1000 serial cd .. *//create CA* openssl req -new -x509 -days 3650 -extensions v3_ca -keyout ./demoCA/private/cakey.pem -out ./demoCA/cacert.pem -config myconfig.cnf -batch -passout pass:password *//Now create an SSL certificate* openssl genrsa -out myrsa.pem 2048 openssl req -new -out rsapub.csr -days 731 -keyout myrsa.key -batch -extensions v3_OCSP -config myconfig.cnf -passout pass:password openssl ca -out *rsapub.crt.pem* -in rsapub.csr -passin pass:password -config myconfig.cnf -batch -cert ./demoCA/cacert.pem * //Check purpose* openssl x509 -text -in *rsapub.crt.pem* -notext -purpose Certificate purposes: *SSL client : Yes* SSL client CA : No *SSL server : Yes* SSL server CA : No Netscape SSL server : Yes Netscape SSL server CA : No S/MIME signing : Yes S/MIME signing CA : No S/MIME encryption : Yes S/MIME encryption CA : No CRL signing : Yes CRL signing CA : No Any Purpose : Yes Any Purpose CA : Yes OCSP helper : Yes OCSP helper CA : No Time Stamp signing : No Time Stamp signing CA : No 1) So is this correct to be used by a Server for SSL cert giving the rsapub.crt.pem and the myrsa.key to the Apache server for configuration. I don't understand these fields SSL server CA:no and SSL client CA:no 2) Also what command can I use to see if it is signed by the CA. 3) I am also surprised I cannot give the config file for this command but must specify the bit default to use? Maybe I am missing something. I think using my config I am sure all options I want are always used. openssl genrsa -out myrsa.pem 2048 -- View this message in context: http://openssl.6102.n7.nabble.com/SSL-certificate-and-CA-signed-and-purpose-tp46222.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Best Practices CA manage
Thanks and as for the last question number (5) I meant I simply replace the SSL cert and assume there will be a challenge to accept the new certificate by a browser? I revoke the old one SSL cert. -- View this message in context: http://openssl.6102.n7.nabble.com/Best-Practices-CA-manage-tp46134p46142.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Best Practices CA manage
I have a best practices question on CA management for signing. I have created CA signing cert and issue all other certs using this CA to sign them. 1) I noticed that many CA examples set a term of 3650 days, is this commmon practice 2) If I decide to revoke the CA and create a new CA what is the practice for all the certs on this CA do I revoke them and reissue new when needed. 3) Currenlty the public CRL is signed by the CA what do I do about this for the new CA. 4) For OCSP how does this work out for the new CA, I think the OCSP can take more than one CA to know about, but what abut the OCSP signing cert do I create a a new one there with the new CA? 5) I have an SSL cert on the current CA do I create a new one with the new CA and simply replace the the old one. -- View this message in context: http://openssl.6102.n7.nabble.com/Best-Practices-CA-manage-tp46134.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Using CA signing for a cert and Organization Name setting
Thank you Stefan That worked perfect changing the policy optional to supplied in the # For the CA policy [ policy_match ] organizationName= supplied -- View this message in context: http://openssl.6102.n7.nabble.com/Using-CA-signing-for-a-cert-and-Organization-Name-setting-tp46056p46064.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Using PKCS#1 instead of PKCS#8
Well my first thought is PKCS12. And I found this link for PKCS12 maybe this might help. http://danielpocock.com/strongswan-debian-rhel-fedora-with-android-client -- View this message in context: http://openssl.6102.n7.nabble.com/Using-PKCS-1-instead-of-PKCS-8-tp46071p46072.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Using CA signing for a cert and Organization Name setting
I have only used self signed certs so trying to create a CA signed so patience as a newbie; and maybe my understanding the of CA signing is wrong. I want this CA signed cert to have a different Organization name. I create a signing key* cacert.pem* and a private key *cakey.pem *for ten years. using* myconfig.cnf*. *openssl req -new -out sign.csr -keyout sign.key -batch -passout pass:password -config myconfig.cnf -newkey rsa:2048 openssl req -new -x509 -days 3650 -extensions v3_ca -keyout ./demoCA/private/cakey.pem -out ./demoCA/cacert.pem -config myconfig.cnf -batch -passout pass:password* The myconfig.cnf has some dummy information such as Redpath Corporation [ *req_distinguished_name *] countryName = Country Name (2 letter code) countryName_default = AU countryName_min= 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default= Some-State localityName = Locality Name (eg, city) 0.organizationName = Organization Name (eg, company) 0.organizationName_default =* Redpath Corporation* organizationalUnitName = Organizational Unit Name (eg, section) commonName = Common Name (eg, YOUR name) */My CA signing is ready to be used./* *I then want to create a cert which is signed by this CA signing for an SSL certificate let say for some company called Other Corporation.* Using *myother.cnf *a different configure file. I use a different config file [ *req_distinguished_name* ] countryName = Country Name (2 letter code) countryName_default = AU countryName_min= 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default= Some-State localityName = Locality Name (eg, city) 0.organizationName = Organization Name (eg, company) 0.organizationName_default = *Other Corporation* organizationalUnitName = Organizational Unit Name (eg, section) commonName = Common Name (eg, YOUR name) The openssl commands ARE *openssl genrsa -out myrsa.pem 2048 openssl req -new -out rsapub.csr -days 731 -keyout myrsa.key -batch -extensions v3_OCSP -config myother.cnf -passin pass:password openssl ca -out rsapub.crt.x509 -in rsapub.csr -passin pass:password -config myother.cnf -batch -cert ./demoCA/cacert.pem * and I get this error *openssl ca -out rsapub.crt.x509 -in rsapub.csr -passin pass:password -config myother.cnf -batch -cert ./demoCA/cacert.pem * Using configuration from myother.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'AU' stateOrProvinceName :PRINTABLE:'Some-State' organizationName :PRINTABLE:'Other Corporation' The organizationName field needed to be the same in the *CA certificate (Redpath Corporation) and the request (Other Corporation)* I have no issues using the same config file with same organization name. Maybe my understanding the CA signing is wrong. -- View this message in context: http://openssl.6102.n7.nabble.com/Using-CA-signing-for-a-cert-and-Organization-Name-setting-tp46056.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OCSP responder www.openca.org
Thanks saw that Ruby one also was not sure of it either and it was in Ruby but will look at that much deeper. And I also saw the EJBCA and all the orphans I had to take in to have it work was too much for me. Geez its just a responder come on. -- View this message in context: http://openssl.6102.n7.nabble.com/OCSP-responder-www-openca-org-tp45981p45989.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OSCP server does not update status
I am using OpenSSL version OpenSSL 1.0.1e 11 Feb 2013 and the ocsp works fine. openssl ocsp -index ./demoCA/index.txt -port 8082 -rsigner authocspsign.crt -rkey ocspsign.key -CA ./demoCA/cacert.pem -text and I issue a request and get a response nicely. But then I am using char *url= http://127.0.0.1:8082;; for testing. -- View this message in context: http://openssl.6102.n7.nabble.com/OSCP-server-does-not-update-status-tp45877p45992.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OCSP and self signed
I agree with this Once again, I would like to advocate that the openssl verification code should allow a self-signed certificate to revoke itself, using the same mechanisms as for revoking anything else. I was wondering how the root cert gets revoked. Anyway thanks for posting that request. -- View this message in context: http://openssl.6102.n7.nabble.com/OCSP-and-self-signed-tp45918p45996.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OCSP responder www.openca.org
I came across http://www.openca.org for a open source OCSP responder. Anyone know anything about this, It seems abandoned? I would like a standalone OCSP responder to keep things simple and a well documented way to provide a CRL list for the OCSP responder to work with. The source code seems to use OpenSSL as a base which is quite nice as I am a great advocate of OpenSSL. -- View this message in context: http://openssl.6102.n7.nabble.com/OCSP-responder-www-openca-org-tp45981.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OCSP and self signed
I was wondering about self signed certs. If I run the test OCSP it needs to know the CA cert but there is no CA cert. So can a OCSP responder work for self signed certs. -- View this message in context: http://openssl.6102.n7.nabble.com/OCSP-and-self-signed-tp45918.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl ca -revoke
Very nice tutorial http://pki-tutorial.readthedocs.org/en/latest/ So the issue is that there is no real Certificate Management Trust system available handling concurrency issues for a Database that works seamless with revocation commands and OCSP responder. For example, using an OCSP responder that is in the know for changes in the list of certs status when commands are issued for revocation and when new certs are issued. OpenSSL is great to issue real-world PKIs and use the API for cryptographic functions. I am a happy user there. But you have to find something for a secure Key store as well as something to track status that an OCSP can be in the know, manage expiration in this keystone, reissue certs and revocate certs for this key store and all in the know by an OCSP. Is this true? I was looking at www.OpenCA.org as they have an OCSP which can integrate to a DB. JKS can be used to secure store keys, but of course I need something to manage expiration of keys auto-magically. -- View this message in context: http://openssl.6102.n7.nabble.com/openssl-ca-revoke-tp45896p45900.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
openssl ca -revoke
The command openssl ca -revoke ./demoCA/newcerts/1008.pem -config myconfig.cnf -passin pass:password seems to just update a database, the 1008.pem is not touched. Can someone tell me what this command really does for revocation. Also why keep a list of revoked certs, just delete them and if not found for an OCSP request then say anything but good. -- View this message in context: http://openssl.6102.n7.nabble.com/openssl-ca-revoke-tp45896.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OSCP request
*To recap I cleaned all the directories to assure nothing is wrong in them.* *I still get a unknown response.* These commands were run from a directory and produced the following output to setup the OpenSSL OCSP Server *rm -R demoCA mkdir demoCA mkdir demoCA/newcerts mkdir demoCA/private cd demoCA touch index.txt echo 1000 serial cd ..* *openssl req -new -nodes -out ocspsign.csr -keyout ocspsign.key -batch -extensions v3_OCSP -config myconfig.cnf* Generating a 1024 bit RSA private key ++ ++ writing new private key to 'ocspsign.key' *openssl req -new -x509 -days 3650 -extensions v3_ca -keyout ./demoCA/private/cakey.pem -out ./demoCA/cacert.pem -config myconfig.cnf -batch -passout pass:password *Generating a 1024 bit RSA private key ...++ ...++ writing new private key to './demoCA/private/cakey.pem' * openssl ca -in ocspsign.csr -out authocspsign.crt -batch -extensions v3_OCSP -config myconfig.cnf -passin pass:password *Using configuration from myconfig.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'AU' stateOrProvinceName :PRINTABLE:'Some-State' organizationName :PRINTABLE:'Redpath Corporation' Certificate is to be certified until Jul 17 13:01:31 2014 GMT (365 days) Write out database with 1 new entries Data Base Updated *cat demoCA/index.txt *V 140718112921Z 1000unknown /C=AU/ST=Some-State/O=Redpath Corporation *ls demoCA/newcerts *1000.pem *cp demoCA/newcerts/1000.pem . * *openssl ocsp -index ./demoCA/index.txt -port 8082 -rsigner authocspsign.crt -rkey ocspsign.key -CA ./demoCA/cacert.pem -text * Waiting for OCSP client connections... *I noticed there is no option to provide a config file to start the server?I use a config file for all my openssl commands* Then run the OCSP request program from same directory the OCSP server is running since I have 1000.pem copied there. *./OCSPrequest * TEST started using url http://127.0.0.1:8082 Using signing cert 1000.pem call verify now success spc_create_x509store Verify result is -12 *The output of the server is* OCSP Request Data: Version: 1 (0x0) Requestor List: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: *D56D19422F523984CFB9477E7D39A8176AE3811C* Issuer Key Hash: D3AD03E8FDA8102D0BB95DC221A37FE58595 Serial Number: *1000* Request Extensions: OCSP Nonce: 0410399CE9BDA5DD039B381C75092B7E3137 OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: C = AU, ST = Some-State, O = Redpath Corporation Produced At: Jul 18 11:30:30 2013 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: *D56D19422F523984CFB9477E7D39A8176AE3811C* Issuer Key Hash: D3AD03E8FDA8102D0BB95DC221A37FE58595 Serial Number: *1000* Cert Status: *unknown* This Update: Jul 18 11:30:30 2013 GMT Response Extensions: OCSP Nonce: 0410399CE9BDA5DD039B381C75092B7E3137 Signature Algorithm: sha1WithRSAEncryption 81:1a:46:32:d2:31:c6:c7:ec:02:b8:02:a7:84:4b:6d:8b:0c: 18:1a:c9:b3:aa:22:7f:43:6d:96:a7:09:0c:97:45:e2:5e:f1: 23:86:10:24:5b:b4:48:7e:57:5b:87:9f:b7:88:72:f9:35:4b: 83:f8:57:40:56:04:f0:40:eb:1b:ae:c7:c2:d7:16:d9:f8:ee: d7:9b:79:70:7c:29:e2:f1:6e:13:9b:df:10:09:f9:99:85:6f: cb:b3:89:58:99:89:b3:77:07:f3:52:51:63:d2:fc:60:d4:f0: 3b:d4:ba:21:11:f3:c3:41:16:c7:a0:33:b1:b4:f6:30:c9:3a: 1d:77 Certificate: Data: Version: 3 (0x2) Serial Number: 4096 (0x1000) Signature Algorithm: md5WithRSAEncryption Issuer: C=AU, ST=Some-State, O=Redpath Corporation Validity Not Before: Jul 18 11:29:21 2013 GMT Not After : Jul 18 11:29:21 2014 GMT Subject: C=AU, ST=Some-State, O=Redpath Corporation Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:b4:02:c6:2c:c9:82:b0:c0:1c:6e:d2:b8:1d:18: 7a:6d:41:5d:5b:94:5b:aa:50:ad:49:c1:49:64:d4: 6b:8e:db:34:74:88:e0:e6:78:65:3c:2f:62:d1:c0: 7b:a1:19:c6:2e:79:99:99:32:77:09:71:fd:d8:e9: 44:12:09:36:88:44:22:e3:7b:18:27:5b:cd:44:7f: a2:e4:ef:18:fc:71:fb:1f:9b:df:34:57:08:66:4e: 5d:02:91:ec:14:29:9f:8d:4f:3e:3e:eb:38:38:ac: 85:bc:20:fa:9e:33:bb:0a:6c:79:c4:b1:45:81:64: bc:6f:1e:40:4a:58:75:bc:87 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage
Re: OSCP request
Yes this does work good openssl ocsp -issuer ./demoCA/cacert.pem -serial 0x1000 -text -url http://127.0.0.1:8082 and returns the good though there is a verify failure. Response Verify Failure 140735283018172:error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error:ocsp_vfy.c:126:Verify error:unable to get local issuer certificate *0x1000: good* *I was looking at the OCSP Request Name Hash* OCSP Request Data: Version: 1 (0x0) Requestor List: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash:* D56D19422F523984CFB9477E7D39A8176AE3811C* Issuer Key Hash: B635A8057B0598DB0D9F2A638D35A93F22A2CCD2 Serial Number: 1000 Request Extensions: OCSP Nonce: 0410CEEB26E6D775149E60C138F4F6D2FB14 *compared to the command * openssl ocsp -issuer ./demoCA/cacert.pem -serial 0x1000 -text *And they were the same but the HASH KEY is not I see* OCSP Request Data: Version: 1 (0x0) Requestor List: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: *D56D19422F523984CFB9477E7D39A8176AE3811C* Issuer Key Hash: 8298F2E699A9E615F3925B560B97BD0D673957D9 Serial Number: 1000 Request Extensions: OCSP Nonce: 04102955DD7E36BF62D91248E67CE0C0B172 *So your saying that the program has a bug for creating the OCSP request? But wouldn't you think if the Name Hash is the same the Key hash would be also? * -- View this message in context: http://openssl.6102.n7.nabble.com/OSCP-request-tp45835p45870.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OSCP request
*I found the issue and fixed it but that leads to a question of security* The error is here. The x509 that I want to check I also provide as the issuer since it was issued by the same issuer. x == is the X509 loaded req-url = url; req-cert = x; req-issuer = x; but instead I change this and get a Good code back as a response. Using root issuer. req-url = url; req-cert = x; req-issuer = issuerRoot; === The x509 I want to check is 1000.pem and the issuer file I use is cacert.pem. But is having the cacert.pem available for the program secure? The root certificate I created puts the private away and we use cacert.pem. *Create CA signing key* openssl req -new -x509 -days 3650 -extensions v3_ca -keyout ./demoCA/private/cakey.pem -out ./demoCA/cacert.pem -config myconfig.cnf -batch -passout pass:password *Just want to make sure there are no mistakes here.* -- View this message in context: http://openssl.6102.n7.nabble.com/OSCP-request-tp45835p45874.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OSCP server does not update status
I am testing some simple scenarios for the OSCP server. I have to stop and start the Server to know I revoked a cert. Here is my scenario. *I start the OSCP server* ocsp -index ./demoCA/index.txt -port 8082 -rsigner authocspsign.crt -rkey ocspsign.key -CA ./demoCA/cacert.pem -text *I check a cert* openssl ocsp -issuer ./demoCA/cacert.pem -serial 0x1009 -text -url http://127.0.0.1:8082 -CAfile cacert.pem *and its GOOD* *Then from a terminal I revoke a certificate* openssl ca -revoke ./demoCA/newcerts/1009.pem Using configuration from /usr/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/cakey.pem: Revoking Certificate 1009. Data Base Updated *I check it again* openssl ocsp -issuer ./demoCA/cacert.pem -serial 0x1009 -text -url http://127.0.0.1:8082 -CAfile cacert.pem Response verify OK 0x1009: good This Update: Jul 18 16:13:02 2013 GMT *Not correct, it is revoked I looked at the index.txt. I stop and start the OSCP server again* *I check again* openssl ocsp -issuer ./demoCA/cacert.pem -serial 0x1009 -text -url http://127.0.0.1:8082 -CAfile cacert.pem Response verify OK 0x1009: revoked This Update: Jul 18 16:13:34 2013 GMT Revocation Time: Jul 18 16:12:18 2013 GMT *And results are expected REVOKED.* *So what is the best practice to get the OSCP server to update?* -- View this message in context: http://openssl.6102.n7.nabble.com/OSCP-server-does-not-update-status-tp45877.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OSCP server does not update status
Far enough thats good to know. Will use for testing only the OCSP request construction and return information parsing. -- View this message in context: http://openssl.6102.n7.nabble.com/OSCP-server-does-not-update-status-tp45877p45880.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OSCP server does not update status
Is there a standard to revoke a cert with a request to an OCSP. I know to check status for an OCSP request works nicely using the OpenSSL API and is standard RFC6960. I would think not for security issues. Or is it simply a particular to what OSCP server product you decided to use and allow admins to administer the revocation of certs. -- View this message in context: http://openssl.6102.n7.nabble.com/OSCP-server-does-not-update-status-tp45877p45881.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Re: OSCP request
*Thanks for the quick answer*, actually command line is good as it would be done in a child process using a secure vault for password creation that no admin knows anyway or makes up. No human is involved is always the best solution. Can't trust those humans. thanks. I enclosed the correct code solution below for anyone to see how to programmatically create an OSCP request. ./OCSPrequest -help Usage: ./OCSPrequest cert issuer root eg: ./OCSPrequest 1000.pem ./demoCA/cacert.pem OCSPrequest.c /** * cc -o OCSPrequest -Wno-deprecated-declarations -Wno-pointer-type-mismatch OCSPrequest.c -lcrypto * * * Origin: r redpath * * * The fields in this structure are as follows: * * typedef struct { *char*url; *X509*cert; *X509*issuer; *spc_x509store_t *store; *X509*sign_cert; *EVP_PKEY*sign_key; *longskew; *longmaxage; * } spc_ocsprequest_t; * * url * Address of the OCSP responder to which to connect; this should always be a * URL that specifies either HTTP or HTTPS as the service. For example, * VeriSign's OCSP responder address is http://ocsp.verisign.com. * * cert * Pointer to the certificate whose revocation status you want to check. * In many cases, this will likely come from the peer when establishing or * renegotiating an SSL session. * * issuer * Pointer to the certificate that issued the certificate whose revocation * status you want to check. This should be a trusted root certificate. * * store * Any information required for building an X509_STORE object internally. * This object will be used for verifying the OCSP responder's certificate. * A full discussion of this object can be found in Recipe 10.5, but basically * it contains trusted certificates and CRLs that OpenSSL can use to verify * the validity of the certificate received from the OCSP responder. * * sign_cert * An OCSP request can optionally be signed. Some servers require signed * requests. Any server will accept a signed request provided that the server * is able to verify the signature. If you want the request to be signed, * this field should be non-NULL and should be a pointer to the certificate * to use to sign the request. If you are going to sign your request, you * should use a certificate that has been issued by a CA that is trusted by * the OCSP responder so that the responder will be able to verify its validity. * * sign_key * If the sign_cert member is non-NULL, this member must be filled in with * a pointer to the private key to use in signing the request. It is ignored * if the sign_cert member is NULL. * * skew * An OCSP response contains three time fields: thisUpdate, nextUpdate, and * producedAt. These fields must be checked to determine how reliable the * results from the responder are. For example, under no circumstance should * thisUpdate ever be greater than nextUpdate. However, it is likely that there * will be some amount of clock skew between the server and the client. skew * defines an acceptable amount of skew in units of seconds. It should be set * to a reasonably low value. In most cases, five seconds should work out fine. * * maxage * RFC 2560 OCSP responders are allowed to precompute responses to improve response * time by eliminating the need to sign a response for every request. There are * obvious security implications if a server opts to do this, as we discussed in * Recipe 10.1. The producedAt field in the response will contain the time at which * the response was computed, whether or not it was precomputed. The maxage member * specifies the maximum age in seconds of responses that should be considered * acceptable. Setting maxage to 0 will effectively cause the producedAt field in * the response to be ignored and any otherwise acceptable response to be accepted, * regardless of its age. OpenSSL's command-line ocsp command defaults to ignoring * the producedAt field. However, we think it is too risky to accept precomputed * responses. Unfortunately, there is no way to completely disable the acceptance * of precomputed responses. The closest we can get is to set this value to one * second, which is what we recommend you do. * Querying an OCSP responder is actually a complex operation, even though we are * effectively reducing the amount of work necessary for you to a single function * call. Because of the complexity of the operation, a number of things can go wrong, * and so we have defined a sizable number of possible error codes. In some cases, * we have lumped a number of finer-grained errors into a single error code, but * the code presented here can easily be expanded to provide more detailed error * information. * / #include lt;time.h #include
Re: OSCP request
Got the OCSP Server to respond to the test OCSP request program nicely. *Of course one more question.* I simply had to setup the infrastructure for the OSCP server excerpted below. to create the signing key and directories. mkdir demoCA mkdir demoCA/newcerts mkdir demoCA/private chmod demoCA touch index.txt echo 1000 serial openssl req -new -nodes -out ocspsign.csr -keyout ocspsign.key -batch -extensions v3_OCSP -config myconfig.cnf openssl req -new -x509 -days 3650 -extensions v3_ca -keyout ./demoCA/private/cakey.pem -out ./demoCA/cacert.pem -config myconfig.cnf -batch -passout pass:password openssl ca -in ocspsign.csr -out authocspsign.crt -batch -extensions v3_OCSP -config myconfig.cnf -passin pass:password The index.txt file looks like this now cat index.txt V 140717130131Z 1000unknown /C=AU/ST=Some-State/O=Redpath Corporation I start the server as openssl ocsp -index ./demoCA/index.txt -port 8082 -rsigner authocspsign.crt -rkey ocspsign.key -CA ./demoCA/cacert.pem -text and execute the OCSP request with a PEM that was created with serial ID 1000. The OCSP request and response are shown below OCSP Request Data: Version: 1 (0x0) Requestor List: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: D56D19422F523984CFB9477E7D39A8176AE3811C Issuer Key Hash: CD0B919B45A50EA0BDCE66D7215BA27CE33E2326 *Serial Number: 1000* Request Extensions: OCSP Nonce: 0410206070FB6BD7959849367CEA406BBDBD OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: C = AU, ST = Some-State, O = Redpath Corporation Produced At: Jul 17 13:26:58 2013 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: D56D19422F523984CFB9477E7D39A8176AE3811C Issuer Key Hash: CD0B919B45A50EA0BDCE66D7215BA27CE33E2326 * Serial Number: 1000* Cert Status: *unknown* This Update: Jul 17 13:26:58 2013 GMT * But the Cert Status says UNKNOWN? The cert is in demoCA/newcerts/1000.pem The index.txt file looks okay to me.* V 140717130131Z 1000unknown /C=AU/ST=Some-State/O=Redpath Corporation *So what is the issue?* -- View this message in context: http://openssl.6102.n7.nabble.com/OSCP-request-tp45835p45858.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OSCP request
To make this more clear, I simply have an X509 and want to programmatically create a OSCP request to check status for the cert. There are no examples other than openssl commands, I have a program on a device and need to programmatically check x509 periodically. Thanks in advance. -- View this message in context: http://openssl.6102.n7.nabble.com/OSCP-request-tp45835p45838.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OSCP request
I was able to piece together a test application (enclosed below) which loads an x509 file and performs an OSCP request programmatically. I created a server to dump what is written at the port. The result is shown below. POST [ /][Content-Type:application/ocsp-request] [Content-Length:113] 0o0m0F0D0B0 +Fɋ�Dl��I/�~ek@��U��(j��vʩ�s�Yˋ� �!��{@���#0!0 +0 ���%���u7$i It looks like it created the OSCP request but I want to use the openssl oscp server command to verify it. I have files rsa.pem and RSApublic.x509.0.cert created already for testing. I want to use the openssl oscp command to test this sample program that is sending a OSCP request. To start the server I use this openssl command openssl ocsp -CAfile rsa.pem -issuer rsa.pem -url http://127.0.0.1:8080 -resp_text But of course I get an error. unable to load certificate 22315:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-44/src/crypto/pem/pem_lib.c:648:Expecting: TRUSTED CERTIFICATE *So what is the setup for this oscp command since I already have a PEM and a X509 created already? Basically I just want a client to programmatically perform a OSCP request for verifying an x509. * The sample test code is shown below. /** * cc -o test -Wno-deprecated-declarations test.c -lcrypto * * * Origin: r redpath * * * The fields in this structure are as follows: * * typedef struct { *char*url; *X509*cert; *X509*issuer; *spc_x509store_t *store; *X509*sign_cert; *EVP_PKEY*sign_key; *longskew; *longmaxage; * } spc_ocsprequest_t; * * url * Address of the OCSP responder to which to connect; this should always be a * URL that specifies either HTTP or HTTPS as the service. For example, * VeriSign's OCSP responder address is http://ocsp.verisign.com. * * cert * Pointer to the certificate whose revocation status you want to check. * In many cases, this will likely come from the peer when establishing or * renegotiating an SSL session. * * issuer * Pointer to the certificate that issued the certificate whose revocation * status you want to check. This should be a trusted root certificate. * * store * Any information required for building an X509_STORE object internally. * This object will be used for verifying the OCSP responder's certificate. * A full discussion of this object can be found in Recipe 10.5, but basically * it contains trusted certificates and CRLs that OpenSSL can use to verify * the validity of the certificate received from the OCSP responder. * * sign_cert * An OCSP request can optionally be signed. Some servers require signed * requests. Any server will accept a signed request provided that the server * is able to verify the signature. If you want the request to be signed, * this field should be non-NULL and should be a pointer to the certificate * to use to sign the request. If you are going to sign your request, you * should use a certificate that has been issued by a CA that is trusted by * the OCSP responder so that the responder will be able to verify its validity. * * sign_key * If the sign_cert member is non-NULL, this member must be filled in with * a pointer to the private key to use in signing the request. It is ignored * if the sign_cert member is NULL. * * skew * An OCSP response contains three time fields: thisUpdate, nextUpdate, and * producedAt. These fields must be checked to determine how reliable the * results from the responder are. For example, under no circumstance should * thisUpdate ever be greater than nextUpdate. However, it is likely that there * will be some amount of clock skew between the server and the client. skew * defines an acceptable amount of skew in units of seconds. It should be set * to a reasonably low value. In most cases, five seconds should work out fine. * * maxage * RFC 2560 OCSP responders are allowed to precompute responses to improve response * time by eliminating the need to sign a response for every request. There are * obvious security implications if a server opts to do this, as we discussed in * Recipe 10.1. The producedAt field in the response will contain the time at which * the response was computed, whether or not it was precomputed. The maxage member * specifies the maximum age in seconds of responses that should be considered * acceptable. Setting maxage to 0 will effectively cause the producedAt field in * the response to be ignored and any otherwise acceptable response to be accepted, * regardless of its age. OpenSSL's command-line ocsp command defaults to ignoring * the producedAt field. However, we think it is too risky to accept precomputed * responses. Unfortunately, there is no way to completely disable the acceptance * of precomputed responses
OSCP request
I see that OPENSSL provides a command for a OSCP and need to create an OSCP request as a POST or GET. What source code file creates this request and makes a connection. Basically an OCSP REQUEST contains the following fields documented in RFC6960 - protocol version (I assume this is 0 for RFC6960) - service request (seems left open and known by the server you have implemented) - target certificate identifier (the serial number or an ID) - optional extensions, which MAY be processed by the OCSP responder (the server) But how is this information formatted for the POST request? Any pointers to source code would be appreciated. Well not a directory more or less a file that actually formats the request. The RFC is not much help other than the fields known. -- View this message in context: http://openssl.6102.n7.nabble.com/OSCP-request-tp45835.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
verify self signed x.509
I searched the forum and could not find a similar question. I have a self signed V3 x.509 file (RSA 512 for simplicity) X509 *x; EVP_PKEY *pk; if ((pk=EVP_PKEY_new()) == NULL){ fprintf(stderr,err 1\n); return(1); } rsa=RSA_generate_key(512,RSA_F4,NULL,NULL); //callback,NULL); if (!EVP_PKEY_assign_RSA(pk,rsa)){ fprintf(stderr,err 2\n); return 1; } : : : X509_set_pubkey(x,pk); : : rc= X509_sign(x,pk,EVP_sha1()); I send it to someone who can extract extended attributes. For best practices my question: How can this individual verify the x.509? I certainly do not want the receiving site to have private key; they are not the creator of such documents but simply the receiver for data. An excerpt of code would be most beneficial. -- View this message in context: http://openssl.6102.n7.nabble.com/verify-self-signed-x-509-tp45026.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: verify self signed x.509
Okay so excerpt code shown below. 1) Load the RSA public key 2) Load the x509 3) Create an PKEY 4) But the life of me cannot find how to set the public and verify? I did try a number of functions to set public key with core dump of course. This is just a test sample. testrsa = RSA_new(); FILE *fp = fopen(x509public.pem, r); if(PEM_read_RSAPublicKey(fp, testrsa, NULL, NULL) == NULL) { printf(\n%s\n, Error Reading public key x509public.pem); return; } fclose(fp); printf(TEST KEY OKAY \n); fp =fopen(my.x509, rb); if (fp==NULL){ printf( Error Reading x509 file\n); return; } X509 * x=NULL; . x= PEM_read_X509(fp,x, NULL, NULL); if (x==NULL){ fprintf(stderr,null x509 reading\n); return; } fclose(fp); printf(read x509 nicely\n); EVP_PKEY *pk; if ((pk=EVP_PKEY_new()) == NULL){ fprintf(stderr,err 1\n); return; } -- View this message in context: http://openssl.6102.n7.nabble.com/verify-self-signed-x-509-tp45026p45031.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: verify self signed x.509
Nothing like forgetting to add Algorithms which was the issue ERR_load_BIO_strings(); ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); basically get the public key testrsa = RSA_new(); FILE *fp = fopen(x509public.pem, r); if(PEM_read_RSAPublicKey(fp, testrsa, NULL, NULL) == NULL) { printf(\n%s\n, Error Reading public key x509public.pem); return; } printf(TEST KEY OKAY \n); Set the EVP up. EVP_PKEY *pk; if ((pk=EVP_PKEY_new()) == NULL){ fprintf(stderr,err 1\n); return; } printf(here now \n); EVP_PKEY * pubkey=EVP_PKEY_new(); int rc=EVP_PKEY_set1_RSA(pubkey, testrsa); Load the x509 x=NULL; x= PEM_read_X509(fp,x, NULL, NULL); if (x==NULL){ fprintf(stderr,null x509\n); return; } fclose(fp); and verify it rc= X509_verify(x,pubkey); returns a 1 value now. done. -- View this message in context: http://openssl.6102.n7.nabble.com/verify-self-signed-x-509-tp45026p45034.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
openssl req -x509 Serial Number
When an x509 is created using the openssl command it creates a default serial number if one not supplied How is this serial number created (algorithm) in general. openssl req -x509 etcetera The default serial number is quite long so just using time_t (long) to set the serial number is not very long (four bytes). So I am interested in what it does. -- View this message in context: http://openssl.6102.n7.nabble.com/openssl-req-x509-Serial-Number-tp44943.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: extended x509 custom, Attributes and BEGIN Certificate size
Okay but it seems duplicate in information. The extended attributes have information and the PEM has the base64 encoding below. Is there a way not to have this duplicate info for efficient size? -- View this message in context: http://openssl.6102.n7.nabble.com/extended-x509-custom-Attributes-and-BEGIN-Certificate-size-tp44938p44940.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] RE: extended x509 custom, Attributes and BEGIN Certificate size
I will toss it thanks. -- View this message in context: http://openssl.6102.n7.nabble.com/extended-x509-custom-Attributes-and-BEGIN-Certificate-size-tp44938p44942.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
X509 custom extension
I am adding a custom extension to an x509 a png icon basically (bytes). Since the png icon is too large to post the data I have subsituted it with a file called sample.txt that has a text line This is a sample. The code excerpt to add the extension is below. getdata(sample.txt,length); //abstracted nid = OBJ_create(1.03, samplealias, sample); ASN1_OCTET_STRING_set(os,(unsigned char*)data,length); ret = X509_EXTENSION_create_by_NID( NULL, nid, 0, os ); X509_add_ext(x,ret,-1); *I have 2 Questions (1) the x509 before adding a custom extension looks like this* Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=UK, CN=OpenSSL Group Validity Not Before: Apr 26 12:48:18 2013 GMT Not After : Apr 26 12:48:18 2014 GMT Subject: C=UK, CN=OpenSSL Group Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (512 bit) Modulus (512 bit): 00:df:82:85:c6:0b:18:50:75:35:6b:3b:cc:2e:94: a0:b4:a6:8e:21:19:9e:28:ca:46:54:b5:5f:75:c4: bb:a2:19:c7:51:c4:19:0d:ef:ce:65:39:0f:90:90: 2b:2a:46:76:f4:03:be:a7:f2:76:4d:26:af:8e:ce: 84:43:52:74:d1 Exponent: 65537 (0x10001) Signature Algorithm: sha1WithRSAEncryption 8b:a6:4d:0a:0b:b6:8f:13:f6:58:10:a2:a4:cc:9c:ba:37:8c: 53:07:22:f0:93:29:17:78:b4:0a:28:91:ae:24:86:bf:2f:bf: d8:bc:4a:97:bd:36:09:c2:b3:21:fa:fe:fe:90:91:31:00:5e: 01:f9:19:1b:54:89:f9:1f:b5:fa -BEGIN RSA PRIVATE KEY- MIIBOgIBAAJBAN+ChcYLGFB1NWs7zC6UoLSmjiEZnijKRlS1X3XEu6IZx1HEGQ3v zmU5D5CQKypGdvQDvqfydk0mr47OhENSdNECAwEAAQJAZH+v3ujGOgc5ycnNeXRi /leVuNRoBTdOgHA9SBr5s1zE14gfKX40N2WpaiD5aDyNcp/CImXzPtKgIZ4NoG33 AQIhAPPOXRy6aHSqEfFodntOnrpGayn4C+Gcy5E1E5R05KRJAiEA6rBKVB/YIN3r uUfOUbYBIgy61lhUweQvnwao6IWqvEkCIFrMFOM5DOO93rbQF6fubLCkvw4/QXWB ZlKquKMGMYx5AiB5hJqYAH0aV45Mu397E7B2fvznK4mHc62su/gNndiP8QIhAMWa bnLCEKDk3vZJsBXlDz0SeVvDA/+jR7hydR+BGP+g -END RSA PRIVATE KEY- -BEGIN CERTIFICATE- MIIBODCB46ADAgECAgEAMA0GCSqGSIb3DQEBBQUAMCUxCzAJBgNVBAYTAlVLMRYw FAYDVQQDEw1PcGVuU1NMIEdyb3VwMB4XDTEzMDQyNjEyNDgxOFoXDTE0MDQyNjEy NDgxOFowJTELMAkGA1UEBhMCVUsxFjAUBgNVBAMTDU9wZW5TU0wgR3JvdXAwXDAN BgkqhkiG9w0BAQEFAANLADBIAkEA34KFxgsYUHU1azvMLpSgtKaOIRmeKMpGVLVf dcS7ohnHUcQZDe/OZTkPkJArKkZ29AO+p/J2TSavjs6EQ1J00QIDAQABMA0GCSqG SIb3DQEBBQUAA0EAi6ZNCgu2jxP2WBCipMycujeMUwci8JMpF3i0CiiRriSGvy+/ 2LxKl702CcKzIfr+/pCRMQBeAfkZG1SJ+R+1+g== -END CERTIFICATE- *After I added the extension you can see my field added and thats great* Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=UK, CN=OpenSSL Group Validity Not Before: Apr 26 12:49:39 2013 GMT Not After : Apr 26 12:49:39 2014 GMT Subject: C=UK, CN=OpenSSL Group Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (512 bit) Modulus (512 bit): 00:cf:53:10:b6:c4:ef:f3:a7:7d:39:64:18:75:2a: 77:a9:82:52:59:a9:29:e8:d6:57:de:9e:4e:3f:6a: 69:b6:b5:48:c2:ab:5a:1e:f0:c4:8d:25:2a:3d:21: 04:49:59:46:b6:d5:23:39:38:26:68:71:1d:67:31: d4:dc:a4:3b:09 Exponent: 65537 (0x10001) *X509v3 extensions: sample: This is a sample * Signature Algorithm: sha1WithRSAEncryption af:5e:52:9d:cc:e7:5e:2c:63:81:76:53:c6:92:cb:81:3d:a7: 16:63:3d:97:2a:c1:dc:12:64:e1:5b:16:f3:8b:f4:5e:e2:0c: 3f:04:4d:b8:67:b7:35:75:8a:7b:b0:3a:c8:f0:7b:7d:2e:b3: b3:6a:9d:07:21:87:32:b6:4d:4f -BEGIN RSA PRIVATE KEY- MIIBOgIBAAJBAM9TELbE7/OnfTlkGHUqd6mCUlmpKejWV96eTj9qaba1SMKrWh7w xI0lKj0hBElZRrbVIzk4JmhxHWcx1NykOwkCAwEAAQJACS79w4rPsjROGLe1WaNK 76hFK5GRuK2d8M+EWczF6ADlUQaKJbc6G81v3soxNsd5If33It0AKZIrSwXKIPnb zQIhAOtou0qNZo8cOJNLvi2pXXYAVsFap5ydGqbqHgmGcmFXAiEA4XV2yqx9yktP NXqYiuB5ZeFXvwHqIa+eWGaVPGj6qp8CIHbTud6K+573dtNbI1c3K5cZ2rDlCsAy STbB7IGQXQInAiEAsAGdXRdPlA86pMsyLqiS3QAQGiMKfoW1HdnngyOJHI0CIG9J NiVAQRzi0pkBEQG23Kn9eq3m3zd1EoMpDeC+JftK -END RSA PRIVATE KEY- -BEGIN CERTIFICATE- MIIBVjCCAQCgAwIBAgIBADANBgkqhkiG9w0BAQUFADAlMQswCQYDVQQGEwJVSzEW MBQGA1UEAxMNT3BlblNTTCBHcm91cDAeFw0xMzA0MjYxMjQ5MzlaFw0xNDA0MjYx MjQ5MzlaMCUxCzAJBgNVBAYTAlVLMRYwFAYDVQQDEw1PcGVuU1NMIEdyb3VwMFww DQYJKoZIhvcNAQEBBQADSwAwSAJBAM9TELbE7/OnfTlkGHUqd6mCUlmpKejWV96e Tj9qaba1SMKrWh7wxI0lKj0hBElZRrbVIzk4JmhxHWcx1NykOwkCAwEAAaMbMBkw FwYBKwQSVGhpcyBpcyBhIHNhbXBsZQoKMA0GCSqGSIb3DQEBBQUAA0EAr15Snczn XixjgXZTxpLLgT2nFmM9lyrB3BJk4VsW84v0XuIMPwRNuGe3NXWKe7A6yPB7fS6z s2qdByGHMrZNTw== -END CERTIFICATE- *But I noticed that the end data
Re: X509 custom extension
Thanks and also the OID register. -- View this message in context: http://openssl.6102.n7.nabble.com/X509-custom-extension-tp44930p44933.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Data and Signature (envelope)
I thought the PKCS7 was the way to go thanks. Yes the command line is confusing as to what the PKCS7 can provide and thats what was a paradox to me. Any pointers to PKCS7 example code inserting objects and extracted them would be appreciated and I do use the men_bio nicely. -- View this message in context: http://openssl.6102.n7.nabble.com/Data-and-Signature-envelope-tp44885p44898.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Data and Signature (envelope)
I took the sign.c example and modified it slightly to use artifacts I have, but it seems the result just produces a PKCS7 that has a signature? I want to have the data (PDF or JPG) in there as I need to use it after validating that it is trusted. Basically I have a piece of data and a signature and want to envelope it in something for best practices. Otherwise I simply send the data and the signature and validate trust and use the data. I have to get the data out of the PKCS7 and use it just having a signature is not very useful for m. Is there something I am missing? The code I modified is shown below which is basically sign.c, get my private key and a x509 sign the data but hey I need the data int there too to extract later. //cc -o sign -Wno-deprecated-declarations sign.c -lcrypto #include stdio.h #include string.h #include openssl/bio.h #include openssl/x509.h #include openssl/pem.h #include openssl/err.h int main(argc,argv) int argc; char *argv[]; { X509 *x509; EVP_PKEY *pkey; PKCS7 *p7; PKCS7_SIGNER_INFO *si; BIO *in; BIO *data,*p7bio; char buf[1024*4]; int i; int nodetach=0; #ifndef OPENSSL_NO_MD2 EVP_add_digest(EVP_md2()); #endif #ifndef OPENSSL_NO_MD5 EVP_add_digest(EVP_md5()); #endif #ifndef OPENSSL_NO_SHA1 EVP_add_digest(EVP_sha1()); #endif #ifndef OPENSSL_NO_MDC2 EVP_add_digest(EVP_mdc2()); #endif data=BIO_new(BIO_s_file()); again: if (argc 1) { if (strcmp(argv[1],-nd) == 0) { nodetach=1; argv++; argc--; goto again; } if (!BIO_read_filename(data,argv[1])) goto err; } else BIO_set_fp(data,stdin,BIO_NOCLOSE); /** * Get our private key as it will be used from some other PKCS7 function later I assume to sign data? **/ FILE * fp =fopen(rsa.pem.0, rb); if (fp==NULL){ printf(NULL fp \n); return 1; } EVP_PKEY *pevpkey= PEM_read_PrivateKey(fp, NULL, NULL, NULL); if (pevpkey==NULL){ printf(PEM for read private failed\n); return 1; } else printf(PEM for read private SUCCESS\n); fclose(fp); if ((in=BIO_new_file(RSApublic.x509.0.cert,r)) == NULL) goto err; if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err; //BIO_reset(in); //if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL) goto err; BIO_free(in); p7=PKCS7_new(); PKCS7_set_type(p7,NID_pkcs7_signed); si=PKCS7_add_signature(p7,x509,pevpkey,EVP_sha1()); if (si == NULL) goto err; /* If you do this then you get signing time automatically added */ PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); /* USE THIS TO ADD a X509 if you wish to the PKCS7*/ // PKCS7_add_certificate(p7,x509); /* Set the content of the signed to 'data' */ PKCS7_content_new(p7,NID_pkcs7_data); // if (!nodetach) PKCS7_set_detached(p7,1); if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err; for (;;) { i=BIO_read(data,buf,sizeof(buf)); if (i = 0) break; printf(%d \n,BIO_write(p7bio,buf,i) ); } if (!PKCS7_dataFinal(p7,p7bio)) goto err; BIO_free(p7bio); PEM_write_PKCS7(stdout,p7); PKCS7_free(p7); exit(0); err: ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); exit(1); } -- View this message in context: http://openssl.6102.n7.nabble.com/Data-and-Signature-envelope-tp44885p44901.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Data and Signature (envelope)
Exactly a non-detached, I see the constant detached and thought thats what it meant but that road lead nowhere, so if anyone has pointers how to make a non-detacched or modify below that would be great. -- View this message in context: http://openssl.6102.n7.nabble.com/Data-and-Signature-envelope-tp44885p44904.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Data and Signature (envelope)
I looked at the latest smsign.c shown below modified with a large data item. The result is still a detached and quite small like a signature. The flag changed and yet nothing different. It should be quite large. All I see is the API to soign p7 = PKCS7_sign(scert, skey, NULL, in, flags); and tried to do some data content with only core dumps, so what modification do I have to do to store objects I can get later from the PKCS7? #include openssl/pem.h #include openssl/pkcs7.h #include openssl/err.h int main(int argc, char **argv) { BIO *in = NULL, *out = NULL, *tbio = NULL; X509 *scert = NULL; EVP_PKEY *skey = NULL; PKCS7 *p7 = NULL; int ret = 1; /* For simple S/MIME signing use PKCS7_DETACHED. * On OpenSSL 0.9.9 only: * for streaming detached set PKCS7_DETACHED|PKCS7_STREAM * for streaming non-detached set PKCS7_STREAM */ // int flags = PKCS7_DETACHED|PKCS7_STREAM; int flags = PKCS7_STREAM; OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); /* Read in signer certificate and private key */ tbio = BIO_new_file(signer.pem, r); if (!tbio) goto err; scert = PEM_read_bio_X509(tbio, NULL, 0, NULL); BIO_reset(tbio); skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); if (!scert || !skey) goto err; /* Open content being signed */ in = BIO_new_file(my.pdf, r); if (!in) goto err; /* Sign content */ p7 = PKCS7_sign(scert, skey, NULL, in, flags); if (!p7) goto err; out = BIO_new_file(smout.txt, w); if (!out) goto err; if (!(flags PKCS7_STREAM)) BIO_reset(in); /* Write out S/MIME message */ if (!SMIME_write_PKCS7(out, p7, in, flags)) goto err; ret = 0; err: if (ret) { fprintf(stderr, Error Signing Data\n); ERR_print_errors_fp(stderr); } if (p7) PKCS7_free(p7); if (scert) X509_free(scert); if (skey) EVP_PKEY_free(skey); if (in) BIO_free(in); if (out) BIO_free(out); if (tbio) BIO_free(tbio); return ret; } -- View this message in context: http://openssl.6102.n7.nabble.com/Data-and-Signature-envelope-tp44885p44912.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Data and Signature (envelope)
I have a piece of data like a JPG and a MD from it and a signature PKCS#1 from the MD. int rc= RSA_sign(NID_sha1, md, 20, sigret, siglen, rsapriv) I send the data and the signature to someone to verify the data and they use it. Now maybe there is standard measure to package the data and the signature and that would be? x.509 (that does not make sense or does it) pkcs12 (maybe) so what would it be? Of course I have to figure out how to extract the info out of the new envelope; any suggestions? -- View this message in context: http://openssl.6102.n7.nabble.com/Data-and-Signature-envelope-tp44885.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Data and Signature (envelope)
I saw the CMS but I did not see how to store raw data which I need to extract? Lets assume the data was a JPG and I created signature from the MD (SHA1) how can I get the JPG use it and validate it. I looked at the PKCS7 and no mention of adding objects. Any example is best to learn assuming data (JPG) derived MD from it for a signature and I have a private key. I am assuming RSA though I would like to do ECDSA. -- View this message in context: http://openssl.6102.n7.nabble.com/Data-and-Signature-envelope-tp44885p44889.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Build iOS library of openssl 1.0.1e
Anyone have a working script for building the new openssl for iOS static libraries. I tried this script and it nicely downloads the openssl tar file openssl-1.0.1e.tar then tries to compile and the log seems to have a problem with the standard includes, not sure what needs to be set. I think I remember some command tool that needs to be run to set up the gcc paths for the compiler on a terminal. *EXCERPT LOG FILE * Configured for iphoneos-cross. making all in crypto... ( echo #ifndef MK1MF_BUILD; \ echo ' /* auto-generated by crypto/Makefile for crypto/cversion.c */'; \ echo ' #define CFLAGS /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/usr/bin/gcc -arch i386 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator5.1.sdk -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator5.1.sdk -fomit-frame-pointer -fno-common'; \ echo ' #define PLATFORM iphoneos-cross'; \ echo #define DATE \`LC_ALL=C LC_TIME=C date`\; \ echo '#endif' ) buildinf.h /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/usr/bin/gcc -arch i386 -I. -I.. -I../include -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator5.1.sdk -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator5.1.sdk -fomit-frame-pointer -fno-common -c -o cryptlib.o cryptlib.c In file included from cryptlib.c:117: *cryptlib.h:62:20: error: stdlib.h: No such file or directory* cryptlib.h:63:20: error: string.h: No such file or directory In file included from cryptlib.h:65, *THE SCRIPT* #!/bin/sh # Automatic build script for libssl and libcrypto # for iPhoneOS and iPhoneSimulator # # Created by Felix Schulze on 16.12.10. # Copyright 2010 Felix Schulze. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the License); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an AS IS BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ### # Change values here # # # VERSION=1.0.1e # SDKVERSION=5.1 # # # ### # # # Don't change anything under this line! # # # ### CURRENTPATH=`pwd` ARCHS=i386 armv7 armv7s DEVELOPER=`xcode-select -print-path` if [ ! -d $DEVELOPER ]; then echo xcode path is not set correctly $DEVELOPER does not exist (most likely because of xcode 4.3) echo run echo sudo xcode-select -switch xcode path echo for default installation: echo sudo xcode-select -switch /Applications/Xcode.app/Contents/Developer exit 1 fi set -e if [ ! -e openssl-${VERSION}.tar.gz ]; then echo Downloading openssl-${VERSION}.tar.gz curl -O http://www.openssl.org/source/openssl-${VERSION}.tar.gz else echo Using openssl-${VERSION}.tar.gz fi mkdir -p ${CURRENTPATH}/src mkdir -p ${CURRENTPATH}/bin mkdir -p ${CURRENTPATH}/lib tar zxf openssl-${VERSION}.tar.gz -C ${CURRENTPATH}/src cd ${CURRENTPATH}/src/openssl-${VERSION} for ARCH in ${ARCHS} do if [ ${ARCH} == i386 ]; then PLATFORM=iPhoneSimulator else sed -ie s!static volatile sig_atomic_t
Re: Build iOS library of openssl 1.0.1e
For others to benefit. In the log the error is stdlib.h cannot be found which of course sends you in the wrong direction to find what is wrong like the environment include. Basically I set the SDK version to 6.0 not 5.1 as I have 6.0 with my xCode 4.5.1 with command tools installed. VERSION=1.0.1e SDKVERSION=6.0 and the script works nicely building the libraries Building openssl-1.0.1e for iPhoneSimulator 6.0 i386 Please stand by... Building openssl-1.0.1e for iPhoneOS 6.0 armv7 Please stand by... Building openssl-1.0.1e for iPhoneOS 6.0 armv7s Please stand by... Build library... Building done. Cleaning up... Done. Thanks Felix for the script. -- View this message in context: http://openssl.6102.n7.nabble.com/Build-iOS-library-of-openssl-1-0-1e-tp44568p44571.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: 0.9.8 vs 1.0.x
Well I discovered one thing this constant EVP_MAX_KEY_LENGTH changed when using FIPS from 32 to 64. The story is I am using 0.9.8 and this constant to assure the password a person may use by a user is not larger than this for AES128 ciphering as undetermined results happen on other platforms in other words I may cipher a file on one platform and decipher on another and if my key I used was greater than this constant I have issues (it don't work). Well makes sense there is a limit in password size. Well I was on Redhat linux and it had 1.0.x openssl and I had to define FIPS to use an ECDSA curve I was using to sign things. This constant EVP_MAX_KEY_LENGTH changed in size and when a user decided to use their password which was well above 32 bytes it accepted all of it and tried to use it to decipher something that had been ciphered a while back; well it did not work. So we have our own constant now and only accept passwords that are 32 bytes long though you can type in as much as you want we will only use 32 bytes. Also I hope the openssl 1.0.x is on all platforms including iOS. Well thats my experience. -- View this message in context: http://openssl.6102.n7.nabble.com/0-9-8-vs-1-0-x-tp44547p44549.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: 0.9.8 vs 1.0.x
I knew this was coming about the password and of course we take this password and create a key through Password-based Key derivation but point is the constant changed and we should have used our own. That was the only surprise for us. And yes I use AES_BLOCK_SIZE and other constants but you would think using EVP_EncryptInit_ex you can use the EVP constant. Live and learn. -- View this message in context: http://openssl.6102.n7.nabble.com/0-9-8-vs-1-0-x-tp44547p44554.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
set a startdate for CERT
I want to create expired Certs as to address them in code. You would think this would be easy. I use this command below to create a Cert and then a PKCS12 which I commonly use for things. openssl genrsa -out myrsa.pem 2048 openssl req -new -key myrsa.pem -inform pem -x509 -days 731 -out my.crt -subj /C=US/ST=NC/L=RTP/O=Temp Corp openssl x509 -text -in my.crt openssl pkcs12 -export -in my.crt -inkey myrsa.pem -out rsa.p12 -name rsa0 -passout pass:password and thats works fine and can use the PKCS12. Of course this is just verifying code with dummy passwords. I try this command well all sorts of things because I really want an expired date to be used. openssl ca -in my.crt -out new.crt -startdate 12081508Z -enddate 12081509Z I have looked on the forum and still have no idea how to create a Cert that has a notBeginDate I can see opening as an x509 that is expired of course. -- View this message in context: http://openssl.6102.n7.nabble.com/set-a-startdate-for-CERT-tp43561.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PEM_read_PrivateKey using ECDSA PEMS
First of all let me correct this I am using ECDSA to create and verify a signature for a document. I apparently cannot use the ecdsa.PEM *directory* and so here is my question. to this I am using ECDSA to create and verify a signature for a document. I apparently cannot use the ecdsa.PEM *directly* and so here is my question. I have no idea why the directly got typed as a directory, it happens. I will look at the usage of the PEM directly thank you in advance. -- View this message in context: http://openssl.6102.n7.nabble.com/PEM-read-PrivateKey-using-ECDSA-PEMS-tp43438p43492.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Java Key Store (JKS) verses just PKCS12 files
I store my cert and private key in PKCS12 files; I then add these PKCS12 files to Java Key Store. If I need to perform some security functions I extract the PKCS12 from the Java Key Store by alias and perform all sorts of openssl commands. And so why do I want to use a Java Key Store other than for a bag for my PKCS12s (as repository of security certificates) ? The alias is nice to access which ones I need and have to replace also its one file (JKS file) that can be backed up; thats all I see. Is there a standard well excepted measure to manage your sec certs, in other words is is wrong to just have PKCS12 files? I imagine the process which is performing all sorts of signing of documents would simply load the security certs in memory for quick usage be it from the Keystore or just the raw PKCS12s and periodically check for updates. Any comments on this. -- View this message in context: http://openssl.6102.n7.nabble.com/Java-Key-Store-JKS-verses-just-PKCS12-files-tp43476.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
openssl EC PEM to Java Keystore (JKS)
I would like to use the Java Keystore as the Key and Certificate Management utility. Hey gotta have some management system in place. 1) Create the EC KEYS 2) make x509 3) store in Java keystore openssl ecparam -out ec.pem -name secp224r1 -genkey openssl req -new -key ec.pem -inform pem -x509 -days 731 -out my.x509 keytool -import -alias foo -keystore %JAVA_HOME%\jre\lib\security\cacerts -file my.x509 *I get this ERROR* keytool error: java.security.NoSuchAlgorithmException: SHA1withECDSA Signature not available So I also try this as someone said DER for Keytools 1) Create the keys 2) make x509 3) make DER 3) store in Java keystore openssl ecparam -out ec.pem -name secp224r1 -genkey openssl req -new -key ec.pem -inform pem -x509 -days 731 -out my.x509 openssl x509 -outform der -in my.x509 -out my.der keytool -import -alias foo -keystore %JAVA_HOME%\jre\lib\security\cacerts -file my.der *I get this same ERROR* keytool error: java.security.NoSuchAlgorithmException: SHA1withECDSA Signature not available So how can I use the Java keystore to manage the keys. It does work for my openssl RSA keys nicely. Personally I just want to store the PEMS as is without having to create an x509 as I do create public x509s from these keys. thank you in advance. -- View this message in context: http://openssl.6102.n7.nabble.com/openssl-EC-PEM-to-Java-Keystore-JKS-tp43453.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl EC PEM to Java Keystore (JKS)
Found the issue, after scanning for SHA1withECDSA I found Java source code for Keytool which has been updated with new code to support this in Java 1.7.0.13. So I upgrade the Java and it stores the x509 now. geez -- View this message in context: http://openssl.6102.n7.nabble.com/openssl-EC-PEM-to-Java-Keystore-JKS-tp43453p43455.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
PEM_read_PrivateKey using ECDSA PEMS
I am using ECDSA to create and verify a signature for a document. I apparently cannot use the ecdsa.PEM directory and so here is my question. Below I have abstraction code for my question. The keys created are with the openssl commands shown below. openssl ecparam -out *ecdsa.pem *-name secp224r1 -genkey openssl req -newkey ec:ecdsa.pem -x509 -nodes -days 731 -keyout *ecdsapriv.pem* -out *ecdsapublic.x509* The artifacts generated by these commands are * ecdsa.pem ecdsapriv.pem ecdsapublic.x509* I then create an ECDSA using the ecdsapriv.pem m= getdata(*mydocument*,len); //orignal document result=sha256((char *)m,len); fp =fopen(*ecdsapriv.pem*, rb); */*marked*/* pevpkey= PEM_read_PrivateKey(fp, pevpkey, NULL, NULL); peckey= EVP_PKEY_get1_EC_KEY(pevpkey); EC_KEY_set_group(peckey,EC_GROUP_new_by_curve_name( NID_secp224r1) ); unsigned int siglen = ECDSA_size(peckey); printf(Max signature length is %d \n,siglen); siglen = ECDSA_size(peckey); unsigned char *ptr = OPENSSL_malloc(siglen); unsigned char *save= ptr; ECDSA_SIG *sig; ret= ECDSA_sign(0 ,result, SHA256_DIGEST_LENGTH, ptr, siglen, peckey); outfp = fopen(*mysignatureEC*,wb); fwrite(save, 1, siglen, outfp); fclose(fp); **then I verify it reading the X509* m= getdata(*mydocument*,len); //get original document data result=sha256((char *)m,len); sig= getdata(*mysignatureEC*,siglen); //get signature file data fp =fopen(ecdsapublic.x509, rb); //open x509 and get public key x509 = PEM_read_X509(fp,x509, NULL, NULL); evpkey= X509_get_pubkey(x509); pubeckey = EVP_PKEY_get1_EC_KEY(evpkey); ret = ECDSA_verify(0, result,SHA256_DIGEST_LENGTH, sig, siglen, pubeckey); if (ret == -1){ printf(signature error in verify\n); } else if (ret == 0){ printf( incorrect signature \n); } else /* ret == 1 */{ printf(signature ok \n); } * AND ALL WORKS WELL but *why can't I use the *ecdsa.pem* directly instead I had to use the ecdsapriv.pem? if I switched the filename fp =fopen(ecdsapriv.pem, rb); * /*marked*/* to this fp =fopen(ecdsa.pem, rb); * /*marked*/* The verify will not work. You would think the name of this function PEM_read_PrivateKey(**) means it reads a PEM that might have the public and private key and gets the private but apparently not? *So let me know anything different* unsigned char *sha256(char *data, int length) { static unsigned char hash[SHA256_DIGEST_LENGTH]; printf(**SHA2 digest follows length=%d:\n,length); SHA256_CTX sha256; SHA256_Init(sha256); SHA256_Update(sha256, data, length); SHA256_Final(hash, sha256); // for curiosity // int i = 0; // for(i = 0; i SHA256_DIGEST_LENGTH; i++) // printf(%02x, hash[i]); // printf(\n); return hash; } -- View this message in context: http://openssl.6102.n7.nabble.com/PEM-read-PrivateKey-using-ECDSA-PEMS-tp43438.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
ECDSA public key already know the curve type?
I read the public ECKEY in shown below from the x509 x509= PEM_read_bio_X509(bio,NULL, 0, NULL); //its public there is no password EVP_PKEY *evpkey = X509_get_pubkey(x509); pubeckey= EVP_PKEY_get1_EC_KEY(evpkey); BIO_free(bio); //But do I need this setting the curvetype??? //Will it know the curve type EC_GROUP *curve= EC_GROUP_new_by_curve_name(curvetype); int ret= EC_KEY_set_group(pubeckey,curve); //I use this to verify the signature int rc = ECDSA_verify(0, result, SHA256_DIGEST_LENGTH, signature.bytes, signature.length, pubeckey); -- View this message in context: http://openssl.6102.n7.nabble.com/ECDSA-public-key-already-know-the-curve-type-tp43390.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ECDSA public key already know the curve type?
Thanks yes of course all return codes are checked as well as the x509 is known to be obtained in a secure manner. so I really do not have to set the curve, this simple excerpt is enough. The reason I ask is I might eventually replace the x509 and use a different curve in the future and with this basic abstracted code below the process can be done without any knowledge of the curve that was used. x509= PEM_read_bio_X509(bio,NULL, 0, NULL); //its public there is no password EVP_PKEY *evpkey = X509_get_pubkey(x509); pubeckey= EVP_PKEY_get1_EC_KEY(evpkey); BIO_free(bio); int rc = ECDSA_verify(***); Again this is an abstraction, all return codes are checked as well as knowledge that the x509 has been obtained in a secure manner. -- View this message in context: http://openssl.6102.n7.nabble.com/ECDSA-public-key-already-know-the-curve-type-tp43390p43392.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
genrsa question how secure is the random creation
When using this command openssl genrsa -out test.pem 2048 an RSA pair is created. Its not so much I want to know how a pair is randomly selected but how secure is that random selection. Random number generators are a series and this selection could be followed for brute force deciphering. -- View this message in context: http://openssl.6102.n7.nabble.com/genrsa-question-how-secure-is-the-random-creation-tp42656.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
AES encryption openssl salt and Doing it in Java salt
I have written AES encryption which uses salt int nrounds=5; unsigned char salt[]= {1,2,3,4, 5,6,7,8}; unsigned char key[32], iv[32]; unsigned char *key_data=password; int key_data_len= 8; i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), salt, key_data, key_data_len, nrounds, key, iv); Sample code supplied for this. I am required to use Java to decrypt the openssl encrypted salted password AES so I wrote Java code to encrypt and decrypt using salt. I cannot figure out what are the parms for the salt to get the same results of encryption as I get with openssl. The C program which encrypts using openssl is shown along with the Java code that encrypts (and decrypts). This is the output of the Java program using password porsche and porsche for the string java AESjava password porsche Original: porsche 706F7273636865 Encrypted: 54D818BE067A1BCE0EE1320672576EEB Decrypted:porsche 706F7273636865 This is the output of the openssl code using password and porsche ./other password porsche AES_BLOCK_SIZE 16 MAX KEY LENGTH is 32 length in 7 Original: porsche 706F7273636865 length out 16 Encrypted: B667BEDBDA785A834A1FAD8F8958FC7B Obviously the encryption is different as the salt is not computed the same. Java verses the openssl encrypted result 54D818BE067A1BCE0EE1320672576EEB B667BEDBDA785A834A1FAD8F8958FC7B So if anyone out there should know what good parms to use for openssl and Java to encrypt using Salt for same results please let me know. I assume I can decrypt if same encrypt results. JAVA CODE import java.io.UnsupportedEncodingException; import java.security.*; import java.security.spec.*; import javax.crypto.*; import javax.crypto.spec.*; public class AESjava { private static final intKEY_LENGTH = 128; private static final intITERATIONS = 5; private static final String ALGORITHM = AES; private static final String SECRET_KEY_ALGORITHM= PBKDF2WithHmacSHA1; private static final String TRANSFORMATION = AES/CBC/PKCS5Padding; private final Cipherm_enc_cipher; private final Cipherm_dec_cipher; public AESjava(final char[] password, final byte[] salt) throws Exception { // Derive the key, given password and salt final SecretKeyFactory factory = SecretKeyFactory.getInstance(SECRET_KEY_ALGORITHM); final KeySpec spec = new PBEKeySpec(password, salt, ITERATIONS,KEY_LENGTH); SecretKey tmp = factory.generateSecret(spec); SecretKey secret = new SecretKeySpec(tmp.getEncoded(), ALGORITHM); // Build encryptor and get IV final Cipher enc_cipher = Cipher.getInstance(TRANSFORMATION); enc_cipher.init(Cipher.ENCRYPT_MODE, secret); // Build decryptor final Cipher dec_cipher = Cipher.getInstance(TRANSFORMATION); final AlgorithmParameters params = enc_cipher.getParameters(); final byte[] iv = params.getParameterSpec(IvParameterSpec.class) .getIV(); dec_cipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(iv)); this.m_enc_cipher = enc_cipher; this.m_dec_cipher = dec_cipher; } public byte[] encrypt(final byte[] data) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidParameterSpecException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException { return this.m_enc_cipher.doFinal(data); } public byte[] decrypt(final byte[] data) throws IllegalBlockSizeException, BadPaddingException { return this.m_dec_cipher.doFinal(data); } public static void test(String pass, String string) throws Exception{ final char[] password = pass.toCharArray(); final byte[] salt = new byte[] {1,2,3,4, 5,6,7,8}; final byte[] original_data = string.getBytes(); final AESjava aesA = new AESjava(password, salt); final byte[] encrypted_data = aesA.encrypt(original_data); System.out.println(Original: + string); System.out.println(javax.xml.bind.DatatypeConverter .printHexBinary(original_data) ); System.out.println(); System.out.println(Encrypted:); System.out.println(javax.xml.bind.DatatypeConverter .printHexBinary(encrypted_data)); System.out.println(); final byte[] decrypted_data = aesA.decrypt(encrypted_data); System.out.println(Decrypted:+new String(decrypted_data) ); System.out.println(javax.xml.bind.DatatypeConverter .printHexBinary(decrypted_data)); System.out.println(); } public static void main(final String[] args) { try { test(args[0], args[1]); } catch (Exception e){ e.printStackTrace(); } } } openssl code C /**
openssl RSA_sign() and Java verify how
); System.out.println(openssl says SHA1 is 9ceb5e5cbf223a2b9a3d349eead52383e4c9fef9 \n); hexout(mdbytes); /** * Read Signature into bytes **/ FileInputStream sigfis = new FileInputStream(landscape.steg.jpg.rsasigned); int len=sigfis.available(); System.out.println(Signature length is +len); byte[] sigToVerify = new byte[len]; int n= sigfis.read(sigToVerify); System.out.println(read SIGNATURE BYTES +n); sigfis.close(); /** * Check signature with public key, Message Digest of file and its signature **/ checkSignature( pubkey, mdbytes, sigToVerify); }catch (Exception e) { e.printStackTrace(); } } } The output is below. java sample hello yes we can open it DN: EMAILADDRESS=xx...@us.ibm.com, CN=R Redpath, OU=Sample Technology, O=MyCompany, L=RTP, ST=NC, C=US got Not After Date Mon Aug 29 08:52:51 EDT 2022 got public key public key format is X.509 SHA1 Length is 20 openssl says SHA1 is 9ceb5e5cbf223a2b9a3d349eead52383e4c9fef9 Hex format : 9ceb5e5cbf223a2b9a3d349eead52383e4c9fef9 Signature length is 128 read SIGNATURE BYTES 128 signature verifies: false -- View this message in context: http://old.nabble.com/openssl-RSA_sign%28%29--and-Java-verify-how-tp34621647p34621647.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Use openssl artifacts RSA_sign() (signature) and Java to verify
How to use created openssl artifacts (Signature and RSA public key in x509) from Java to verify signature of the contents of a file. I ran into problems doing this so I am posting it for others in the future. I use openssl to create artifacts a signature for a file contents and an RSA key in an x509 certificate. But I am required to use Java to verify the file contents using javax API. /* This will read the X509 certificate RSApublic.x509.1 created by the openssl commands and print out information about it. Then Open binary saved signature file using the public key and verify the contents of a file. */ import java.util.Date; import java.io.*; import java.security.cert.X509Certificate; import java.security.*; import java.security.cert.*; public class sample { public static PublicKey x509GetPublic(String filename){ try{ File f = new File(filename); FileInputStream fis = new FileInputStream(f); BufferedInputStream ksbufin = new BufferedInputStream(fis); X509Certificate certificate = (X509Certificate) CertificateFactory.getInstance(X.509).generateCertificate(ksbufin); if (certificate!= null){ System.out.println(yes we can open it \n); } Principal p= certificate.getIssuerDN(); System.out.println(DN: +p.getName()+\n); Date d= certificate.getNotAfter(); if (d!=null) System.out.println(got Not After Date \n+d.toString()); PublicKey pubkey= certificate.getPublicKey(); if (pubkey!=null) System.out.println(\n got public key \n); System.out.println(public key format is +pubkey.getFormat()); return pubkey; }catch (Exception e){ e.printStackTrace(); } return null; } public static byte[] SHA1(String filename)throws Exception { MessageDigest md = MessageDigest.getInstance(SHA-1); FileInputStream fis = new FileInputStream(filename); byte[] dataBytes = new byte[1024]; int nread = 0; while ((nread = fis.read(dataBytes)) != -1) { md.update(dataBytes, 0, nread); }; byte[] mdbytes = md.digest(); System.out.println(SHA1 Length is +mdbytes.length); return mdbytes; } static void hexout(byte[] mdbytes){ StringBuffer sb = new StringBuffer(); for (int i = 0; i mdbytes.length; i++) { sb.append(Integer.toString((mdbytes[i] 0xff) + 0x100, 16).substring(1)); } System.out.println(Hex format : + sb.toString()); } / The signature algorithm with SHA-* and the RSA encryption algorithm as defined in the OSI Interoperability Workshop, using the padding conventions described in PKCS #1. SHA1withRSA SHA256withRSA SHA384withRSA SHA512withRSA The ECDSA signature algorithms as defined in ANSI X9.62. Note:ECDSA is an ambiguous name for the SHA1withECDSA algorithm and should not be used. The formal name SHA1withECDSA should be used instead. NONEwithECDSA SHA1withECDSA SHA256withECDSA SHA384withECDSA SHA512withECDSA */ static public void checkSignature(PublicKey pubkey, byte[] bytes, byte[] sigToVerify){ try{ // Signature sig = Signature.getInstance(SHA256withRSA); //, SUN); Signature sig = Signature.getInstance(SHA1withRSA); //,SUN); sig.initVerify(pubkey); sig.update(bytes, 0, bytes.length); boolean verifies = sig.verify(sigToVerify); System.out.println(signature verifies: + verifies); }catch (Exception e){ e.printStackTrace(); } } /** * @param args */ public static void main(final String[] args) { System.out.println(hello\n); try{ /** * Get public key from X509 cert **/ PublicKey pubkey=x509GetPublic(RSApublic.x509.1); /** * Make MessageDigest from file contents: DO NOT DO THIS byte[] mdbytes=SHA1(landscape.steg.jpg); hexout(mdbytes); **/ /** * Get contents of file Java will compute the SHA1 */ FileInputStream sigfis = new FileInputStream(landscape.steg.jpg); byte[] data = new byte[sigfis.available()]; int datan= sigfis.read(data); System.out.println(read content BYTES +datan); sigfis.close(); /** * Read Signature into bytes **/ sigfis = new FileInputStream(landscape.steg.jpg.rsasigned); int len=sigfis.available(); System.out.println(Signature length is +len); byte[] sigToVerify = new byte[len]; int n= sigfis.read(sigToVerify); System.out.println(read
How to create a PKCS7 for a Signature using SHA256
I thought I had posted this already but cannot seem to find it. I have tried by all means to figure out the API to create a PKCS7 for a signature file. Basically I have a signature file and want to wrapper it in a PKCS7. The Signature is an ECDSA and uses a SHA256 digest of a file that needs to be Authenticated. So I wrote an abstract program and have some dead ends as I cannot figure what API functions to use and the meaning behind them from their names, too many vague interpretations. So please look at the bold comments, I thinks lots of people can benefit from the forum results /** Platform: Mac OSX 10.7 cc -o stuff -Wno-deprecated-declarations stuff.c -lcrypto This is sample prototype code for questions how to use a PKCS7 to envelope a ECDSA (signature) to verify the contents of a file. The current process is that a file contents is sent to a user which has a signature (ECDSA) for the file that was created using message digest algorithm SHA256 from its contents. Basically the file data is extracted and an SHA256 message digest (md) is created then the signature file data is extracted (sig) and verified using the x509 public key. ret = ECDSA_verify(0, md ,SHA256_DIGEST_LENGTH, sig, siglen, x509pubeckey); Instead a PKCS7 is to be used as it can envelope the ECDSA with an x509 cert for identification best practices. But is is not really clear how this is done so schaffolding code is shown below as we walk through it. This file information can be compiled. */ #include stdio.h #include stdlib.h #include string.h #include errno.h #include openssl/ssl.h #include openssl/evp.h /*** * Get the data from file and return a malloced buffer and size. * This code does not need to be digested it simply returns the whole contents if data * from reading a file. **/ unsigned char *getdata(char *filename, int *length){ FILE *fp =fopen(filename, rb); long avail; *length=0; if (fp==(FILE *)0){ printf(Get Data %s File error %d\n,filename,errno); return NULL; } fseek(fp, 0L, SEEK_END); avail = ftell(fp); fseek(fp, 0L, SEEK_SET); unsigned char *b= (unsigned char *) malloc(avail+1); if (fread (b,1,avail,fp)!=avail){ printf(INPUT JPG fail %s read error %d\n,filename, errno); return NULL; } b[avail]=0;// added one byte for debug if you use a text file *length=(int)avail; // but length returned is true length of data fclose(fp); return b; } void help(){ printf(\n); printf(Usage infile\n); printf(eg:\n); printf( stuff sample.data \n\n); } int main(int argc, char *args[]) { int length; unsigned char *data; EVP_MD_CTX mdctx; const EVP_MD *md; unsigned char md_value[EVP_MAX_MD_SIZE]; unsigned int md_len, i; int rc; if (argc2){ help(); return 1; } /** * Lets first compute a Message digest for a file contents to test out the SHA256 * data will have our file contents. ***/ if ( (data= getdata(args[1],length))==NULL) return 1; printf(INPUT file %s length %d \n,args[1],length); // OpenSSL_add_all_digests(); EVP_add_digest(EVP_sha256());//load our algorithm md = EVP_get_digestbyname(SHA256); printf(DIGEST is SHA256\n); EVP_MD_CTX_init(mdctx); EVP_DigestInit_ex(mdctx, md, NULL); EVP_DigestUpdate(mdctx, data,length); //use our file contents EVP_DigestFinal_ex(mdctx, md_value, md_len); EVP_MD_CTX_cleanup(mdctx); //Okay now we have a Message Digest from the file printf(Digest is: ); for(i = 0; i md_len; i++) printf(%02x, md_value[i]); printf(\n); /** * Create a PKCS7 with x509 public CERT to use to envelope a * ECDSA (signature) that used a SHA256 message digest * This convenience function below: * * PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags); * * cannot be used to create a PKCS7 as the signature process uses SHA1 * and we require a SHA256 for our pevkey for an ECDSA * * Our intent is the following, we have a ECDSA (signature) that was created from a file's contents * using a SHA256 message digest. The ECDSA is stored in a file (raw). * The file's contents is sent to others which have an x509 public key to authenticate the file using the ECDSA for the file contents message digest SHA256. * * For best Practices a PKCS7 should be used to envelop the ECDSA signature; the PKCS7 contains an x509 cert to identify the PKCS7 instead of just having the ECDSA in the raw as a file. * I am not sure what this x509 object should be should it be the x509 with the public key of the ECDSA? * We will not use this file in the PKCS7 but need something to identify the PKCS7 like an x509 does. * Overall all those that need to authenticate a file have a x509 public key for the ECDSA obtained by * a secure manner. * * So here goes
Re: PKCS7 open and extract signature
Tried to find documentation and examples ( which includes searching the forum) for using a PKCS7 standard in context to what I am trying to do for best practices when using a signature to verify a document received. Basically I have a document file (100k) called BackgroundCheck.doc (document_bytes document_length) and an ECDSA signature from this file (used SHA1 from the document using a ECDSA private key) called BackgroundCheck.ecdsa (signature_bytes signature_length) The document and signature is sent to a recipient who has a file called ecdsapublic.x509 to verify the signature from the document using the ECDSA public key. basically the Message Digest is computed from the document received by the recipient to verify the document. unsigned char md[20]; result= SHA1(document_bytes, document_size, md); //compute the message digest from the document Then use the X509 file with public key to verify the signature. X509*x509= PEM_read_bio_pubkey(bio, NULL,0 ,NULL); //read the ecdsapublic.x509 EVP_KEY*evpkey= X509_get_pubkey(x509);//get the public key EC_KEY *pubeckey = EVP_PKEY_get1_EC_KEY(evpkey); ret= EC_KEY_set_group(pubeckey, EC_GROUP_new_by_curve_name(curvetype); //set the curve type which recipient knows. rc = ECDSA_verify(0,md, 20, signature_bytes, signature_length); //now verify the document using the signature file And that works great sending many documents with signatures and the recipient can verify that they are authentic. The issue is the raw signature is simple not best practice (I assume) it could use a PKCS7 but I have no idea how this would apply. Basically a programmatic API could be used p7= PKCS7_new(); int rc= PKCS7_set_type(p7, NID_pkcs7_enveloped); to make a PKCS7 for the signature that could be sent with the document instead of the raw signature. So where are there examples? I have read the O'Reilly OpenSSL book but their context is not mine for the PKCS7 usage and its a thin chapter (well if you want to call it a chapter). Maybe an example can be posted here using the functions. redpath wrote: Well the situation is I have a file which has been signed for its contents. This signature is used to verify the authentication of the file. The signature works great but I want to use best practices to package the signature. A PKCS7 was suggested. So I assume I can extract this signature from the PKCS7 to verify the file contents which I create the message digest SHA2 from. Is there something I am missing here. Just want to use best practices. The challenger has the file and the PKCS7 (signature) to verify the contents. The challenger has the public key. redpath wrote: I have a PKCS7 file with signature in the envelope. What API function can I use to open the PKCS7 to extract the signature data and length and then verify the message digest? The verify is shown below assuming I got the signature data and length. int rc = ECDSA_verify(0, md, 20, signaturedata, signaturelength, pubeckey); Kinda hard to find the right functions which seems to be a pretty common thing. I did search the forum for this. -- View this message in context: http://old.nabble.com/PKCS7-open-and-extract-signature-tp34542036p34548505.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
PKCS7 open and extract signature
I have a PKCS7 file with signature in the envelope. What API function can I use to open the PKCS7 to extract the signature data and length and then verify the message digest? The verify is shown below assuming I got the signature data and length. int rc = ECDSA_verify(0, md, 20, signaturedata, signaturelength, pubeckey); Kinda hard to find the right functions which seems to be a pretty common thing. I did search the forum for this. -- View this message in context: http://old.nabble.com/PKCS7-open-and-extract-signature-tp34542036p34542036.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PKCS7 open and extract signature
Well the situation is I have a file which has been signed for its contents. This signature is used to verify the authentication of the file. The signature works great but I want to use best practices to package the signature. A PKCS7 was suggested. So I assume I can extract this signature from the PKCS7 to verify the file contents which I create the message digest SHA2 from. Is there something I am missing here. Just want to use best practices. The challenger has the file and the PKCS7 (signature) to verify the contents. The challenger has the public key. redpath wrote: I have a PKCS7 file with signature in the envelope. What API function can I use to open the PKCS7 to extract the signature data and length and then verify the message digest? The verify is shown below assuming I got the signature data and length. int rc = ECDSA_verify(0, md, 20, signaturedata, signaturelength, pubeckey); Kinda hard to find the right functions which seems to be a pretty common thing. I did search the forum for this. -- View this message in context: http://old.nabble.com/PKCS7-open-and-extract-signature-tp34542036p34542704.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to place signature into an X509 format
Yes that is exactly what I was asking a standard format and yes I do use a SHA1 for the message digest. So Formally known as PKCS#7 now called CMS thats the way to go. I will do that, and any pointers to documents/commands would be appreciated. redpath wrote: I have created EC Digital Signature and saved it in a file. Excerpt of code shown below for a message digest md unsigned int siglen = ECDSA_size(peckey); printf(Max signature length is %d \n,siglen); siglen = ECDSA_size(peckey); unsigned char *ptr = OPENSSL_malloc(siglen); unsigned char *save= ptr; ECDSA_SIG *sig; ret= ECDSA_sign(0 ,md, 20, ptr, siglen, peckey); //Do sign it dude if (!ret){ printf(ERROR signing null\n); return 1; } printf( Signature success \n); printf(Signature length is %d \n,siglen); /** * Write out Digital Signature File * ***/ strcpy(buffer,args[1]); strcat(buffer,.ecdsa); fp = fopen(buffer,wb); fwrite(save, 1, siglen, fp); fclose(fp); printf(OUTPUT signature file is %s\n\n,buffer); And I use this signature file to verify a message digest later using a public key. ret = ECDSA_verify(0, md, 20, sig, siglen, pubeckey); Everything works great. I want this signature to be in an X509 and open the X509 and extract it to use to verify things. How do you place a signature in an X509 format and use code to extract them? In the past I have created an X509 for public keys before and extract the key to use it; and that works great to extract them and use them. So if anyone has a procedure for the using the API to do this let me know. -- View this message in context: http://old.nabble.com/How-to-place-signature-into-an-X509-format-tp34513865p34531958.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
How to place signature into an X509 format
I have created EC Digital Signature and saved it in a file. Excerpt of code shown below for a message digest md unsigned int siglen = ECDSA_size(peckey); printf(Max signature length is %d \n,siglen); siglen = ECDSA_size(peckey); unsigned char *ptr = OPENSSL_malloc(siglen); unsigned char *save= ptr; ECDSA_SIG *sig; ret= ECDSA_sign(0 ,md, 20, ptr, siglen, peckey); //Do sign it dude if (!ret){ printf(ERROR signing null\n); return 1; } printf( Signature success \n); printf(Signature length is %d \n,siglen); /** * Write out Digital Signature File * ***/ strcpy(buffer,args[1]); strcat(buffer,.ecdsa); fp = fopen(buffer,wb); fwrite(save, 1, siglen, fp); fclose(fp); printf(OUTPUT signature file is %s\n\n,buffer); And I use this signature file to verify a message digest later using a public key. ret = ECDSA_verify(0, md, 20, sig, siglen, pubeckey); Everything works great. I want this signature to be in an X509 and open the X509 and extract it to use to verify things. How do you place a signature in an X509 format and use code to extract them? In the past I have created an X509 for public keys before and extract the key to use it; and that works great to extract them and use them. So if anyone has a procedure for the using the API to do this let me know. -- View this message in context: http://old.nabble.com/How-to-place-signature-into-an-X509-format-tp34513865p34513865.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org