On Tue, Dec 02, 2003, Слепнев Владимир wrote: > Hello, > > some time ago I posted a question to this list about how to generate a > certificate request, knowing only the public key. One of the answers I > got is generate a request "manually" from its fields, then hack the > openssl utilities so they don't check the signature on the request. > > The new function asn1parse -genconf in 0.9.8dev seems to address the > issue of "manual generation", and the question arises: how should the > config file look, for asn1parse -genconf to generate a certificate > request? I've already succeeded in generating a valid (i.e. acceptable > by openssl utilities) RSA public key in DER format with asn1parse > -genconf, but this one seems a little trickier. >
I didn't actually mean it like that. What I meant was this... 1. Create a certificate request using any private key using the OpenSSL 'req' utility. 2. Write a short program that reads in the request and the new public key. It should call X509_REQ_set_pubkey() then write the request out again. This will have the correct public key but an invalid signature. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
