X509 custom extension

[redpath]

 has gotten larger?

-BEGIN CERTIFICATE-
-END CERTIFICATE-*

*And of course it is much larger when using a real  PNG, very much so.. Why
is that?
I simply want to add the extension data. Is this okay and correct*


*(2) My second question: I am not sure I understand the nid and its fields
for use?*

 nid = OBJ_create(1.03, samplealias, sample);

I see that the sample is used for the extension name in the x509 but what
are the other fields.
I guess later I will create the same exact nid to get the Field from the
x509.







--
View this message in context: 
http://openssl.6102.n7.nabble.com/X509-custom-extension-tp44930.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: [openssl-users] X509 custom extension

[Erwann Abalea]

Bonjour,

Le 26/04/2013 15:15, redpath a écrit :

I am adding a custom extension to an x509 a png icon basically (bytes).
Since the png icon is too large to post the data I have subsituted it with
a
file called sample.txt that has a text line This is a sample.
The code excerpt to add the extension is below.


   getdata(sample.txt,length);  //abstracted

   nid = OBJ_create(1.03, samplealias, sample);


Avoid the use of existing OIDs for private purpose. 1.3 is already 
defined (/ISO/Identified-Organization).
Register for your own private OID (ask for one under the 1.3.6.1.4.1 
branch, for example), and do whatever you want in your sandbox.



   ASN1_OCTET_STRING_set(os,(unsigned char*)data,length);
   ret = X509_EXTENSION_create_by_NID( NULL, nid, 0, os );
  X509_add_ext(x,ret,-1);

*I have 2 Questions
(1) the x509 before adding a custom extension looks like this*

Certificate:
 Data:
 Version: 3 (0x2)
 Serial Number: 0 (0x0)
 Signature Algorithm: sha1WithRSAEncryption
 Issuer: C=UK, CN=OpenSSL Group
 Validity
 Not Before: Apr 26 12:48:18 2013 GMT
 Not After : Apr 26 12:48:18 2014 GMT
 Subject: C=UK, CN=OpenSSL Group
 Subject Public Key Info:
 Public Key Algorithm: rsaEncryption
 RSA Public Key: (512 bit)
 Modulus (512 bit):
 00:df:82:85:c6:0b:18:50:75:35:6b:3b:cc:2e:94:
 a0:b4:a6:8e:21:19:9e:28:ca:46:54:b5:5f:75:c4:
 bb:a2:19:c7:51:c4:19:0d:ef:ce:65:39:0f:90:90:
 2b:2a:46:76:f4:03:be:a7:f2:76:4d:26:af:8e:ce:
 84:43:52:74:d1
 Exponent: 65537 (0x10001)
 Signature Algorithm: sha1WithRSAEncryption
 8b:a6:4d:0a:0b:b6:8f:13:f6:58:10:a2:a4:cc:9c:ba:37:8c:
 53:07:22:f0:93:29:17:78:b4:0a:28:91:ae:24:86:bf:2f:bf:
 d8:bc:4a:97:bd:36:09:c2:b3:21:fa:fe:fe:90:91:31:00:5e:
 01:f9:19:1b:54:89:f9:1f:b5:fa
-BEGIN CERTIFICATE-
MIIBODCB46ADAgECAgEAMA0GCSqGSIb3DQEBBQUAMCUxCzAJBgNVBAYTAlVLMRYw
FAYDVQQDEw1PcGVuU1NMIEdyb3VwMB4XDTEzMDQyNjEyNDgxOFoXDTE0MDQyNjEy
NDgxOFowJTELMAkGA1UEBhMCVUsxFjAUBgNVBAMTDU9wZW5TU0wgR3JvdXAwXDAN
BgkqhkiG9w0BAQEFAANLADBIAkEA34KFxgsYUHU1azvMLpSgtKaOIRmeKMpGVLVf
dcS7ohnHUcQZDe/OZTkPkJArKkZ29AO+p/J2TSavjs6EQ1J00QIDAQABMA0GCSqG
SIb3DQEBBQUAA0EAi6ZNCgu2jxP2WBCipMycujeMUwci8JMpF3i0CiiRriSGvy+/
2LxKl702CcKzIfr+/pCRMQBeAfkZG1SJ+R+1+g==
-END CERTIFICATE-


*After I added the extension you can see my field added and thats great*

Certificate:
 Data:
 Version: 3 (0x2)
 Serial Number: 0 (0x0)
 Signature Algorithm: sha1WithRSAEncryption
 Issuer: C=UK, CN=OpenSSL Group
 Validity
 Not Before: Apr 26 12:49:39 2013 GMT
 Not After : Apr 26 12:49:39 2014 GMT
 Subject: C=UK, CN=OpenSSL Group
 Subject Public Key Info:
 Public Key Algorithm: rsaEncryption
 RSA Public Key: (512 bit)
 Modulus (512 bit):
 00:cf:53:10:b6:c4:ef:f3:a7:7d:39:64:18:75:2a:
 77:a9:82:52:59:a9:29:e8:d6:57:de:9e:4e:3f:6a:
 69:b6:b5:48:c2:ab:5a:1e:f0:c4:8d:25:2a:3d:21:
 04:49:59:46:b6:d5:23:39:38:26:68:71:1d:67:31:
 d4:dc:a4:3b:09
 Exponent: 65537 (0x10001)
*X509v3 extensions:
 sample:
 This is a sample
*

 Signature Algorithm: sha1WithRSAEncryption
 af:5e:52:9d:cc:e7:5e:2c:63:81:76:53:c6:92:cb:81:3d:a7:
 16:63:3d:97:2a:c1:dc:12:64:e1:5b:16:f3:8b:f4:5e:e2:0c:
 3f:04:4d:b8:67:b7:35:75:8a:7b:b0:3a:c8:f0:7b:7d:2e:b3:
 b3:6a:9d:07:21:87:32:b6:4d:4f
-BEGIN CERTIFICATE-
MIIBVjCCAQCgAwIBAgIBADANBgkqhkiG9w0BAQUFADAlMQswCQYDVQQGEwJVSzEW
MBQGA1UEAxMNT3BlblNTTCBHcm91cDAeFw0xMzA0MjYxMjQ5MzlaFw0xNDA0MjYx
MjQ5MzlaMCUxCzAJBgNVBAYTAlVLMRYwFAYDVQQDEw1PcGVuU1NMIEdyb3VwMFww
DQYJKoZIhvcNAQEBBQADSwAwSAJBAM9TELbE7/OnfTlkGHUqd6mCUlmpKejWV96e
Tj9qaba1SMKrWh7wxI0lKj0hBElZRrbVIzk4JmhxHWcx1NykOwkCAwEAAaMbMBkw
FwYBKwQSVGhpcyBpcyBhIHNhbXBsZQoKMA0GCSqGSIb3DQEBBQUAA0EAr15Snczn
XixjgXZTxpLLgT2nFmM9lyrB3BJk4VsW84v0XuIMPwRNuGe3NXWKe7A6yPB7fS6z
s2qdByGHMrZNTw==
-END CERTIFICATE-


The extension is here, it looks fine, but it's not.
The content of your extension is a simple string: This is a 
sample\n\n, where the content of an extension is supposed to be the DER 
encoding of something.



*But I noticed that the end data has gotten larger?

-BEGIN CERTIFICATE-
-END CERTIFICATE-*

*And of course it is much larger when using a real  PNG, very much so.. Why
is that?


I'm not sure I understand the question. You had no extension in your 
first certificate, you added an extension with 18 bytes of content, and 
are wondering if it's normal that your certificate is now bigger?
To the 18 bytes of content, you have to add 2 bytes 

Re: X509 custom extension

[redpath]

Thanks and also the OID register.



--
View this message in context: 
http://openssl.6102.n7.nabble.com/X509-custom-extension-tp44930p44933.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org