On Fri, Feb 18, 2011 at 01:22:44AM -0800, kalpesh07 wrote:
>
> hi,
> I am trying to create digital signature for pdf document by openssl commands
> from php file.
>
> I write these two commands first in php file
> exec("openssl req -x509 -nodes -days 365 -subj
> '/C=In/ST=Mumbai/L=Maharashtra/CN=www.kalpesh.com' -newkey rsa:1024 -keyout
> openssl_key.pem -out openssl_crt.pem");
This command should probably at the very least set a umask of 077 to
protect the key. Alternatively, it should encrypt the key. The key generation
step is usually best done separately from the generation of the self-signed
cert.
> exec("openssl pkcs12 -export -inkey openssl_key.pem -in openssl_crt.pem -out
> openssl_key_crt.p12 -name openssl_key_crt");
This command requires a pass-phrase to encrypt the PKCS#12 container.
> exec("openssl pkcs12 -in openssl_key_crt.p12 -out openssl_key_crt_enc.pem");
>
> I successfully created openssl_key.pem and openssl_crt.pem files
> But openssl_key_crt.p12 and openssl_key_crt_enc.pem comes blank.
>
> Is there something wrong i am doing?
Not providing all the required inputs to the pkcs12 commands.
> How should i create digital signature using openssl on the fly for users in
> my site.
Carefully and securely. What is the purpose of these digital signatures?
Why are signatures under a self-signed certificate any better than
no signatures? It seems that the real issue is at a higher level
than your difficulty with using the pkcs12 command. What is your
actual goal?
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
