Thanks!
BTW - The code below will only work for a PEM encoded certificate. The previous code you had required a DER cert. It's nearly the same thing except the head and tail of the certificate are removed leaving "pure" base64. Given the code below works, I suspect that was the problem.
Cheers,
BerinGRU Samuel wrote:
First, i have found my error ! To load the certificate, I replace the code by : * BIO *bio=BIO_new(BIO_s_file()); BIO_read_filename(bio,cert.c_str()); X509* x50=PEM_read_bio_X509(bio,NULL,0,NULL); certX509 = new OpenSSLCryptoX509(x50);*
But after , i had an Exception : "OpenSSL:RSA::verify() - Error decrypting signature"
I found that in the DSIGSignature::sign method,
the buffer char b64Buf[256] is too small, my "signature" contains 310 characters, so i change it with b64Buf[512]
With this code, i can sign and verify my XML document !
Samuel Gru.
Berin Lautenbach a écrit :
Samuel,
The base64 decode looks strange indeed!
How do you transform the cert to DER format?
Can you send me a copy of the cert?
Cheers, Berin
GRU Samuel wrote:
Hi,
To complete my first message, i generate my key and my certificate with OpenSSL (0.9.7c) with default options.
generation of key : openssl genrsa -out privkey.pem 2048
generation of certificate : openssl req -outform DER -new -x509 -key privkey.pem -out certificate.pem -days 1095
Is it Ok ?
GRU Samuel a icrit :
Hi,
The certificate is well formed because i can open it in windows 2000.
I have this code : * string cert="certificate.der";
** OpenSSLCryptoX509* x509 = NULL; if (!cert.empty()) { x509 = new OpenSSLCryptoX509(); ifstream s(cert.c_str()); string buf; char ch; while ((ch=s.get())!=EOF) buf+=ch; x509->loadX509Base64Bin(buf.data(),buf.length());
} * I have a problem when i call the *loadX509Base64Bin *method. I have the exception *XSECCryptoException.* I doesn't work. I don't understand every thing in this method ! Can someone explain me, please ?
* EVP_ENCODE_CTX m_dctx; EVP_DecodeInit(&m_dctx);
* ----> buf contains data and len = 460
* int rc = EVP_DecodeUpdate(&m_dctx, outBuf, &bufLen, (unsigned char *) buf, len); * ----> rc = 0 but bufLen = 0 and outBuf is empty . Is it normal ?
* if (rc < 0) {
throw XSECCryptoException(XSECCryptoException::Base64Error,
"OpenSSL:Base64 - Error during Base64 Decode of X509 Certificate");
}
*
* int finalLen;
rc = EVP_DecodeFinal(&m_dctx, &outBuf[bufLen], &finalLen);
bufLen += finalLen;
*----> finalLen = 0 so bufLen = 0 . It isn't normal ? ----> so after, we have the exception !!! * if (bufLen > 0) { mp_X509= d2i_X509(NULL, &outBuf, bufLen); } * * // Check to see if we have a certificate.... if (mp_X509 == NULL) {
throw XSECCryptoException(XSECCryptoException::X509Error,
"OpenSSL:X509 - Error transating Base64 DER encoding into OpenSSL X509 structure");
}*
Thank you.
Samuel
*
*
