RE: OpenSSL, IIS, and OFX Keys
Steve, Oops, should have mentioned that up front. WinNT 4.0 using CygWin and ActivePerl. Looks like ActivePerl (for win) doesn't support the symlink function. Since it looked like it was just trying to create symbolic links I commented it out. But the compile still fails. It's not fresh in my mind but I think it fails when it starts trying to create/move files into the usr/local/ssl dirs. That directory doesn't get created. It may be part of the symlink function or something else, haven't had time to look. Thank you, C. Michael Tipton BBT Online Banking Services Client Server Systems Analyst -Original Message- From: Dr S N Henson [mailto:[EMAIL PROTECTED]] Sent: Friday, November 24, 2000 2:14 PM To: [EMAIL PROTECTED] Subject: Re: OpenSSL, IIS, and OFX Keys "Tipton, Michael" wrote: Thank you, I'll give it a try.. I'm using 0.9.5 right now.. when I tried to compile 0.9.6 I get.. The symlink function is unimplemented at ./util/mklink.pl line 53. make: *** [links] Error 255 I've banged my head on it some but if anyone knows the fix.. Odd, what OS are you using? Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: OpenSSL, IIS, and OFX Keys
Thinking about this some more, is there a command line switch to make openssl not perform validation and write the outfile anyway. If what is failing is what I think that would get me past it.. openssl rsa -inform NET -in keybackup.bin -out key.pem C. Michael Tipton BBT Online Banking Services Client Server Systems Analyst -Original Message- From: Tipton, Michael Sent: Friday, November 24, 2000 11:58 AM To: '[EMAIL PROTECTED]' Subject: OpenSSL, IIS, and OFX Keys I am using OpenSLL to extract the private keys from my IIS Key Backup files. I am able to accomplish this fine except for certain servers we have. These servers keys/certs are marked as OFX (Financial Exchange). These are a special type of key/cert that you have to specificly request from Verisign , etc.. When I try to extract from these files I am getting the same error that I get if I use a wrong password. unable to load key 207:error:0D08C007:asn1 encoding routines:D2I_NETSCAPE_PKEY:expecting an asn1 se quence:n_pkey.c:311:address=167888280 offset=0 207:error:0D08E08B:asn1 encoding routines:d2i_Netscape_RSA_2:unable to decode rs a private key:n_pkey.c:268: 207:error:0D08D06F:asn1 encoding routines:d2i_Netscape_RSA:decoding error:n_pkey .c:2450:address=167873496 offset=17 I am guessing that there is a string that marks the type of key/cert and openssl is not recognizing the code for OFX when it unencrypts / validates the file. It checks the info and does not find an expected string so thinks the passowrd/unencrypt is bad.. This is pure speculation on my part. Does anyone have any idea if this is what is going on, and more importantly a way to fix / workaround it? C. Michael Tipton BBT Online Banking Services Client Server Systems Analyst __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL, IIS, and OFX Keys
"Tipton, Michael" wrote: I am using OpenSLL to extract the private keys from my IIS Key Backup files. I am able to accomplish this fine except for certain servers we have. These servers keys/certs are marked as OFX (Financial Exchange). These are a special type of key/cert that you have to specificly request from Verisign , etc.. When I try to extract from these files I am getting the same error that I get if I use a wrong password. unable to load key 207:error:0D08C007:asn1 encoding routines:D2I_NETSCAPE_PKEY:expecting an asn1 se quence:n_pkey.c:311:address=167888280 offset=0 207:error:0D08E08B:asn1 encoding routines:d2i_Netscape_RSA_2:unable to decode rs a private key:n_pkey.c:268: 207:error:0D08D06F:asn1 encoding routines:d2i_Netscape_RSA:decoding error:n_pkey .c:2450:address=167873496 offset=17 I am guessing that there is a string that marks the type of key/cert and openssl is not recognizing the code for OFX when it unencrypts / validates the file. It checks the info and does not find an expected string so thinks the passowrd/unencrypt is bad.. This is pure speculation on my part. Does anyone have any idea if this is what is going on, and more importantly a way to fix / workaround it? Try using the -sgckey option in OpenSSL 0.9.6 Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL, IIS, and OFX Keys
"Tipton, Michael" wrote: Thank you, I'll give it a try.. I'm using 0.9.5 right now.. when I tried to compile 0.9.6 I get.. The symlink function is unimplemented at ./util/mklink.pl line 53. make: *** [links] Error 255 I've banged my head on it some but if anyone knows the fix.. Odd, what OS are you using? Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
