RE: How is a certificate signed with an nCipher HSM?

Tue, 19 May 2009 17:03:54 -0700 

>       From: owner-openssl-us...@openssl.org On Behalf Of Silviu VLASCEANU
>       Sent: Tuesday, 19 May, 2009 01:57

>       2009/5/18 <d...@deadhat.com>

>               > Does anybody has any experience with generating a
certificate from a
>               > certificate request, by signing it with an nCipher HSM
(the CA key being
>               > stored on the HSM), through the nCore API? <snip>
                
>               I tried and failed with the API. I ended up using openssl,
<snip>
                
>               I don't think (but I may be wrong) that the nCipher HSM will
turn your
>               cert request into a well formed cert. It will just sign the
formed cert.
>               You still need openssl or something similar to parse the
request and make
>               a cert.
                

>       Let's admit that I already parsed the request and filled the cert 
> with all the required fields, through the OpenSSL API, in a X509 struct.

>       Now which part of the X509 struct should I pass to the HSM for
signing? 
> I tried to pass the X509_CINF field in the struct as a char stream, but
the 
> HSM does not generate the same signature as OpenSSL would through the
X509_sign 
> function, but one longer by 8 bytes (and completely different). 
        
I'm not sure exactly what you mean by char stream, but the _DER encoding_
of (the value in) the X509_CINF struct is indeed the correct thing to sign.
I.e. use i2d_X509_CINF .

Are you (definitely) using same-size keys in nCipher and software?
In fact are you using exactly the same key (i.e. generated in hardware 
and 'exported' as unprotected, or generated outside and 'imported')?
If you're not using same key of course the signature will be different.

Also are you using the same formatting aka padding? It appears to me 
openssl always uses PKCS#1 type 1, which is the very common convention 
but not the only possibility; nCipher may have options, especially if
this is at a 'primitive' (low-level building block) operation.

A raw RSA signature should be the same size as the key's modulus (for 
any input length allowed) and that's what X509_sign should provide.
Possibly the nCipher operation is returning the _encoded_ BIT STRING 
(adds usually 4 bytes) and/or adding some header/flags or something.



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to