Hi Erwann and Stephen, We solved the problem about generating a PKCS#10 from a embedded processor. Some configurations in the signature generation coprocessor were wrong.
Your hints helps to discover it. Tnakyou very much Giordano 2011/8/5 Dr. Stephen Henson <st...@openssl.org>: > On Fri, Aug 05, 2011, Erwann ABALEA wrote: > >> Bonjour Giordano >> >> Let's start with your example file: example.der. >> >> Extract the contained public key: >> openssl req -pubkey -inform D -in example.der -noout > example.key >> >> Now we'll extract the signature block. >> >> Start by ASN1-parse your file: >> openssl asn1parse -inform D -i -dump -in example.der >> >> You'll see the subject name, public key, extension requests, and the >> signature at the end: >> 318:d=1 hl=3 l= 129 prim: BIT STRING >> 0000 - 00 8f 2c 23 95 d5 70 b6-19 df 20 fb 59 a6 e8 9f ..,#..p... >> .Y... >> 0010 - 5d 59 0b b5 33 69 6b ee-8b 4f 4e f8 1a 4d be 12 >> ]Y..3ik..ON..M.. >> 0020 - 30 5b 8b 1c bf 3b 09 9b-62 9c 00 a9 47 91 0d 06 >> 0[...;..b...G... >> 0030 - a4 3f 6e e7 a4 77 32 f4-ca 09 c7 1a b2 2f e8 62 >> .?n..w2....../.b >> 0040 - c7 43 b1 0e a4 fe d6 61-fa 6c 43 81 3e af de a9 >> .C.....a.lC.>... >> 0050 - 79 2d 72 b5 3a bc 00 01-59 d3 86 59 45 7a 28 54 >> y-r.:...Y..YEz(T >> 0060 - 55 c6 b7 45 c0 22 96 6c-7a b1 a3 b7 f5 3f e2 5f >> U..E.".lz....?._ >> 0070 - c9 96 b0 b8 2c 3c dc b8-9b 0b c0 e5 77 41 5a ae >> ....,<......wAZ. >> 0080 - 61 a >> >> You know that the signature starts at offset 318. We need only the raw >> signature, so we'll skip the first 318 bytes, the header (hl=3, so >> skip 3 more bytes), and since it's a bit string, it starts with the >> number of unused bits (expressed in one octet, 00 in this case), you >> must also skip this octet. Finally, you need to skip 318+3+1=322 >> bytes: >> dd if=example.der of=example.der.sig bs=1 skip=322 >> > > Note that you can also dump this using the asn1parse command: > > openssl asn1parse -inform DER -noout -in example.der -out example.der.sig \ > -strparse 318 > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
