> From: [EMAIL PROTECTED] On Behalf Of Kyle Hamilton
> Sent: Friday, 09 May, 2008 07:22
> To: openssl-users@openssl.org
> Subject: Re: Unable to Generate a CSR
>
>
> This appears to be a case of your configuration file being truncated,
> or your environment otherwise slightly messed up.
>
> The
> Well the first embedded SEQUENCE is the tbsCertificate data. You
> need to hash
> all of that including the SEQUENCE tag+length bytes.
This is correct. My previous statement that you don't include the tag and
length bytes was incorrect. Sorry.
DS
> There is an example here:
>
> http://www.openssl.org/docs/apps/rsautl.html#EXAMPLES
>
Awesome, that is exactly what I'm looking for.
Thanks!
Anthony.
__
OpenSSL Project http://www.openssl.org
On Fri, May 09, 2008, Anthony Floyd wrote:
> To generate the signature, has that first embedded SEQUENCE (the one
> that contains the certificate data) been hashed entirely? Including the
> tag and length fields? Or has some subset of that been hashed? I
> assume that the SEQUENCE with the hash
On Fri, May 09, 2008, Anthony Floyd wrote:
> To generate the signature, has that first embedded SEQUENCE (the one
> that contains the certificate data) been hashed entirely? Including the
> tag and length fields? Or has some subset of that been hashed? I
> assume that the SEQUENCE with the hash
After much head scratching, I tracked down the issue to the negotiated
cipher suite. I had left in a cipher suite that didn't have DH support, so
it ended up picking the one that didn't support DH (only one in common).
Bruce
On Wed, May 7, 2008 at 1:39 PM, Bruce Keats <[EMAIL PROTECTED]> wrote:
> This page is helpful as well:
> http://en.wikipedia.org/wiki/X.509
>
> Under "Structure of a certificate", it shows that a
> certificate consists of
> an inner certificate (sometimes called the TBS certificate),
> followed by the
> certificate signature algorithm and the signature itself. The
> To do that properly you do need to at least parse some of the
> ASN1 data. There
> is some header information at the start which contains the
> SEQUENCE tag+length
> bytes.
Right. This isn't a problem, as I've been pulling the data out by
parsing the ASN.1 data anyway.
> The actual bit you
Hi All,
I am writing a server that needs to periodically rotate its SSL
certificate, with the cert being passed over a network. I would like
to write an authentication function so that my server can verify that
the incoming certificate was signed by the expected authority and
that it is
This appears to be a case of your configuration file being truncated,
or your environment otherwise slightly messed up.
The main error is, of course, the "PRNG not seeded" error -- as it
says, you need to read the OpenSSL FAQ for information on how to solve
it. (It goes into much tried-and-true d
Short answer: No.
Longer answer: The code will perform cryptographic verification, but
it doesn't know anything about the structure of PDF documents or how
their signatures are put together. Thus, depending on the algorithms
in use, it might be be useful as a toolkit to help perform validation
--
Getting errors like :
[Linker error] undefined reference to `BIO_s_file'
[Linker error] undefined reference to `BIO_ctrl'
[Linker error] undefined reference to `BIO_new'
[Linker error] undefined reference to `CRYPTO_dbg_get_options'
Etc
OS: Windows XP
Please Advice
Sujith
Hi together!
Is openssl capable of validating and/or extracting PDF signatures?
Thanks in advance!
Regards
Heiko Nardmann
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Hi:
I'm running OpenSSL 0.9.8d on an HP-UX 11 box. In the past I've been
able to generate CSRs and keys via the command line with no trouble.
However, today I generated a key just fine, but when I tried to generate
the CSR it failed. I'm not aware of anything having been changed since
the last CSR
> To do that properly you do need to at least parse some of the
> ASN1 data. There
> is some header information at the start which contains the
> SEQUENCE tag+length
> bytes.
>
> The actual bit you will hash is in the middle of the data. One SEQUENCE
> header is deleted from the start and some dat
15 matches
Mail list logo
