On Mon, Oct 01, 2007, Marek Marcola wrote: > Hello, > > I need to generate unsigned (not signed by any certificate) CRL > > > > How can I do this? Maybe it is possible to crack signed CRL and eraze a > > signature? > CRL is ASN.1 SEQUENCE of tbsCerlList, signatureAlgorithm and > signatureValue. If you want to get only tbsCertList (tbs - to be sign) > part, you may convert CRL to DER form: > $ openssl crl -in crl.pem -out crl.der -outform der > display ASN.1 structure: > $ openssl asn1parse -in crl.der -inform der -i > and get with dd any part of this binary file you want. >
You can also pull bits of the structure using the -strparse and -out options to asn1parse. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
