Hello, > I need to generate unsigned (not signed by any certificate) CRL > > How can I do this? Maybe it is possible to crack signed CRL and eraze a > signature? CRL is ASN.1 SEQUENCE of tbsCerlList, signatureAlgorithm and signatureValue. If you want to get only tbsCertList (tbs - to be sign) part, you may convert CRL to DER form: $ openssl crl -in crl.pem -out crl.der -outform der display ASN.1 structure: $ openssl asn1parse -in crl.der -inform der -i and get with dd any part of this binary file you want.
Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
