Re: Hard coding keys and certs

Mon, 06 Feb 2006 21:03:53 -0800 

Thanks, this is exactly what I was looking for.

And thanks also to Peter for pointing out the already
built options openssl x509 -C
which produce the perfect C stub code.

Alberto

On Mon, 2006-02-06 at 10:04 +0000, Katie Lucas wrote:
> On Fri, Feb 03, 2006 at 02:54:38PM -0600, Alberto Alonso wrote:
> > I would like to be able to hard code the key/cert in the
> > application instead of having files.
> > 
> > Is there something similar to: SSL_CTX_use_PrivateKey_file
> > and SSL_CTX_use_PrivateKey_file but that I can use pointers
> > memory? 
> > 
> > If so, how do I convert the current files into that binary
> > data format?
> > 
> > I would also like to have already in memory the cert chain
> > for the root cert.
> > 
> > The goal is to distribute a single binary that doesn't depend
> > on any external files that can verify that it is connecting
> > to the right server.
> 
> 
> SSL_CTX_use_PrivateKey_ASN1 takes a pointer to char* and a length.
> 
> Although, all that does is call d2i_PrivateKey and then
> SSL_CTX_use_PrivateKey and error check everything... d2i_* takes a DER
> encoded something and returns the internal version.
> 
> So you can, at compile time, build a small app which will read a
> key/certificate/etc and use an i2d_* routine to DER encode it, dropping
> that into a file. The file you run through a quick filter to turn into
> a suitable include file making the binary data a character
> array. ("od" may help doing this with the right options, or failing
> that a quick perl script).
> 
> Then you can just use the pointer to that into d2i_PrivateKey then
> SSL_CTX_use_PrivateKey at runtime.
> 
> 
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           [EMAIL PROTECTED]
-- 
Alberto Alonso                        Global Gate Systems LLC.
(512) 351-7233                        http://www.ggsys.net
Hardware, consulting, sysadmin, monitoring and remote backups

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to