subject:"Timestamp reply validation"

Re: Timestamp reply validation

2013-06-14 Thread Nicolas ROCHE


Hi,
Sorry, I forgot the -cert option during the query.
Nicolas.

Le 13/06/2013 11:34, Nicolas ROCHE a écrit :

Hello,

I'm beginning with TSA and I'm wondering if it is possible to validate
a timestamp request against a unique (self signed) certificate.

Now I can do :
$ openssl ts -verify -queryfile file.tsq -in file.tsr -CAfile 
demoCA/cacert.pem -untrusted demoCA/tsacert.pem


I add the 'cacert.pem' certificate to the trusted diretory (hash 
simlink) but it didn't help :
$ openssl ts -verify -queryfile file.tsq -in file.tsr -CAfile 
demoCA/cacert.pem

signer certificate not found

Please, may someone tell me what I'm missing ?
Nicolas.

Here is my testing envirenoment (on debian wheezy) :
 


#!/bin/bash

# Configuration
cp /etc/ssl/openssl.cnf .
sed -i -e 's/\# extendedKeyUsage/extendedKeyUsage/' openssl.cnf
mkdir demoCA
mkdir demoCA/private
mkdir demoCA/newcerts
touch demoCA/index.txt
echo 0001  demoCA/serial
echo 0001  demoCA/tsaserial
export OPENSSL_CONF=$PWD/openssl.cnf

# CA Cert (no password for the script usage!)
openssl genrsa 1024  demoCA/private/cakey.pem
openssl req -new -x509 -days 365 -key demoCA/private/cakey.pem  
demoCA/newcerts/cacert.pem EOF

FR
France
Ulis
Me
RD
CA-Me
nro...@me.fr
EOF
cp demoCA/newcerts/cacert.pem demoCA

# TSA Cert
openssl genrsa 1024  demoCA/private/tsakey.pem
openssl req -new -key demoCA/private/tsakey.pem  tsacert.csr EOF
FR
France
Ulis
Me
RD
CA-Me
nro...@me.fr


EOF
openssl ca -in tsacert.csr  demoCA/newcerts/tsacert.pem EOF
y
y
EOF
cp demoCA/newcerts/tsacert.pem demoCA

# Token query
cowsay yé  file.txt
openssl ts -query -data file.txt -policy tsa_policy1  file.tsq
openssl ts -query -in file.tsq -text

# Token reply
openssl ts -reply -queryfile file.tsq -inkey demoCA/private/tsakey.pem 
-signer demoCA/tsacert.pem  file.tsr

openssl ts -reply -in file.tsr -text

# Token validation
openssl ts -verify -queryfile file.tsq -in file.tsr -CAfile 
demoCA/cacert.pem -untrusted demoCA/tsacert.pem
openssl ts -verify -data file.txt -in file.tsr -CAfile 
demoCA/cacert.pem -untrusted demoCA/tsacert.pem
 


__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Timestamp reply validation

2013-06-13 Thread Nicolas ROCHE


Hello,

I'm beginning with TSA and I'm wondering if it is possible to validate
a timestamp request against a unique (self signed) certificate.

Now I can do :
$ openssl ts -verify -queryfile file.tsq -in file.tsr -CAfile 
demoCA/cacert.pem -untrusted demoCA/tsacert.pem


I add the 'cacert.pem' certificate to the trusted diretory (hash 
simlink) but it didn't help :
$ openssl ts -verify -queryfile file.tsq -in file.tsr -CAfile 
demoCA/cacert.pem

signer certificate not found

Please, may someone tell me what I'm missing ?
Nicolas.

Here is my testing envirenoment (on debian wheezy) :

#!/bin/bash

# Configuration
cp /etc/ssl/openssl.cnf .
sed -i -e 's/\# extendedKeyUsage/extendedKeyUsage/' openssl.cnf
mkdir demoCA
mkdir demoCA/private
mkdir demoCA/newcerts
touch demoCA/index.txt
echo 0001  demoCA/serial
echo 0001  demoCA/tsaserial
export OPENSSL_CONF=$PWD/openssl.cnf

# CA Cert (no password for the script usage!)
openssl genrsa 1024  demoCA/private/cakey.pem
openssl req -new -x509 -days 365 -key demoCA/private/cakey.pem  
demoCA/newcerts/cacert.pem EOF

FR
France
Ulis
Me
RD
CA-Me
nro...@me.fr
EOF
cp demoCA/newcerts/cacert.pem demoCA

# TSA Cert
openssl genrsa 1024  demoCA/private/tsakey.pem
openssl req -new -key demoCA/private/tsakey.pem  tsacert.csr EOF
FR
France
Ulis
Me
RD
CA-Me
nro...@me.fr


EOF
openssl ca -in tsacert.csr  demoCA/newcerts/tsacert.pem EOF
y
y
EOF
cp demoCA/newcerts/tsacert.pem demoCA

# Token query
cowsay yé  file.txt
openssl ts -query -data file.txt -policy tsa_policy1  file.tsq
openssl ts -query -in file.tsq -text

# Token reply
openssl ts -reply -queryfile file.tsq -inkey demoCA/private/tsakey.pem 
-signer demoCA/tsacert.pem  file.tsr

openssl ts -reply -in file.tsr -text

# Token validation
openssl ts -verify -queryfile file.tsq -in file.tsr -CAfile 
demoCA/cacert.pem -untrusted demoCA/tsacert.pem
openssl ts -verify -data file.txt -in file.tsr -CAfile demoCA/cacert.pem 
-untrusted demoCA/tsacert.pem


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Timestamp reply validation

Timestamp reply validation

2 matches

Site Navigation

Mail list logo

Footer information