Re: Creating a x509 request with Whirlpool

Mon, 28 Jun 2010 05:54:12 -0700 

So did you make up your own OID, or your own ASN structure or did you
find the right OID somewhere so the rest of us can use it?

On 28-06-2010 13:33, Davi Tozoni wrote:

Hi,
  Thank you for the information. I modified some source codes in OpenSSL
and achieve what I was looking for.

2010/6/7 Dr. Stephen Henson <st...@openssl.org <mailto:st...@openssl.org>>

    On Mon, Jun 07, 2010, Davi Tozoni wrote:

     > Hello,
     >
     > I was experimenting OpenSSL 1.0.0 and I needed to create a
    request that must
     > be signed with Whirlpool hash algorithm. However, when I used the
    command:
     >
     >  openssl req -whirlpool -newkey rsa:1024 -keyout key.pem -out req.pem
     >
     > It didn't work. The error message was:
     > 3078702728:error:0606B06E:digital envelope
    routines:EVP_SignFinal:wrong
     > public key type:p_sign.c:125:
     > 3078702728:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP
     > lib:a_sign.c:279:
     >
     > I wish to know if the fact that whirlpool can't work for x509
    requests is a
     > decision of openssl developers or there is another reason.
    Perhaps I am not
     > using it correctly.
     >
     > PS: I am trying to hack openssl source code to find where I could
    include
     > changes that would allow to use whirlpool. Do you have any hint?
     >

    In order to use a digest for signature purposes it has to have an
    appropriate
    object identifier (OID) defined. For example sha1WithRSAEncryption
    for SHA1
    and RSA. You can't just make one up it has to be standardised, there
    is no OID
    in OpenSSL corresponding to whirlpool with RSA and you get that
    error as a
    result.

    Steve.
    --
    Dr Stephen N. Henson. OpenSSL project core developer.
    Commercial tech support now available see: http://www.openssl.org
    ______________________________________________________________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    <mailto:openssl-users@openssl.org>
    Automated List Manager majord...@openssl.org
    <mailto:majord...@openssl.org>




--
Davi Tozoni
Engenharia
KRYPTUS Engenharia Criptográfica
(19) 88140530
www.kryptus.com <http://www.kryptus.com>


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to