Re: openssl rsa command

On Wed, Dec 05, 2012 at 10:38:59AM -0800, Alex Chen wrote: > I am trying to change the password of a private key with 'openssl rsa' > command. The original key file, server.key.enc has the following format: > -BEGIN ENCRYPTED PRIVATE KEY- > > -END ENCRYPTED PRIVATE KEY- This

Re: Convert symmetrically encrypted content to base64

Hi Bjoern, please see my comments below: (rather Qt and memory related) On Thu, Aug 23, 2012 at 03:12:55PM +0200, Bjoern Schiessle wrote: > > QMap Encryption::key2pem(RSA *rsa, QString password) > { > QMap keypair; > BUF_MEM *bptr; > BIO *pubBio = BIO_new(BIO_s_mem()); > BIO *pri

Re: OpenSSL linking question; handling 1.0.0 vs 0.9.8

Hi Jason, some general things about linking: - The symbolic link(s) libcrypto.so pointing to libcrypto.so.0.9.8 are only needed during BUILD time. On a host where no compiling happens the symbolic links are not required. - While linking the application, the linker opens the library libcryp

Re: Generate config file from existing certificate?

Hi Joshua, On Mon, Jun 04, 2012 at 04:13:24PM -0700, Joshua Bowman wrote: > As the subject asks, is there any way to generate a config file from an > existing certificate? Either built into openssl or via third-party tool. XCA shows the x509v3 extensions additionally as openssl config file snippe

Re: Not able to read public modulus & public exponent fields

Hi, Try: EVP_PKEY *pkey = X509_get_pubkey(cert); rsa_public_key = EVP_PKEY_get1_RSA(pkey); Cheers Christian On Mon, May 23, 2011 at 06:41:34PM +0530, Vinay Kumar wrote: > Hi All, > > I am trying to print *public modulus* and *public exponent* from a *X509 > certificate*. The code

Re: Custom Attributes in the Subject of X.509 Certificate

On Wed, Jan 12, 2011 at 10:19:59PM -0800, Scott Thomas wrote: > Bonjour All, > > First i explain the scenarion. My domain name is lets say idtech.com. Under > it i > have created an ou=certificate users. Users are created under this OU. > So my FQDN of a user is CN=scott,OU=Certificate Users,DC

Re: Signature Algorithm

On Mon, Jan 10, 2011 at 02:32:35PM +0530, Karthik Ravikanti wrote: > I remember seeing a method to get the signature parameters as a buffer. I > can't find it now. :-( OBJ_nid2ln(OBJ_obj2nid(cert->sig_alg->algorithm)) returns a pointer to the string representation of the signature algorithm like "

Re: Signature Algorithm

On Mon, Jan 10, 2011 at 10:51:21AM +0530, Karthik Ravikanti wrote: > Hi, > > How can we get a string representation of a signature algorithm from a > certificate? X509 *cert; const char *sigalg = OBJ_nid2ln(OBJ_obj2nid(cert->sig_alg->algorithm)); Cheers Christian __

Re: Problem with rsa_keygen

ntation fault" when the rsa_keygen ends. But if I return 0 > or -1 (errors) OpenSSL reports me "error in genrsa" and call ends ok (no > segmentation fault or something like that). What about posting the relevant part of the code? And the gdb output. It would help a lot. Cheers

Re: Problem with rsa_keygen

On Wed, Sep 22, 2010 at 03:41:30PM +0200, Nacho ?lvarez wrote: > Hello everybody > > Several months ago I developed an OpenSSL PKCS#11 engine for Windows XP and > it worked ok (it was compiled with MinGW). > Now I'm trying to compile it on Linux (Debian 5 with GCC 4.3.1) but I have > the next prob

Re: get subjectAltName

On Wed, Sep 22, 2010 at 05:48:07PM +0530, Naveen B.N wrote: > Thank you Christian, > your suggestions helped us to get the position but as you mentioned the > problem > of resolving to kerberos principal name, i tried Google and added a > piece of code > but i am not getting the out put as sho

Re: get subjectAltName

On Wed, Sep 22, 2010 at 02:40:26PM +0530, Naveen B.N wrote: > Hello, > I am using Linux. > I am trying to print the subjectAltName present in the certificate, but > i am seeing crash in /lib/libcrypto.so.6 > core was generated by `./a.out'. > Program terminated with signal 11, Segmentation fault.

Re: Subject in DER format for PKCS#11

Hi, On Tue, Sep 21, 2010 at 01:24:01PM +0200, Jan Danielsson wrote: > Hello, > >The PKCS#11 specification stipulates that certificate object should > have a subject attribute which is DER encoded. > >Let's say I have an X509 structure in a C program. Is there an easy > and direct way to

Re: Check the private key

Hi Vladimir, $ openssl asn1parse > Hi, > > I've got private key file priv.key with the following contents > > -BEGIN RSA PRIVATE KEY- > MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMXxTv8clwKiAqHH > oI3mn53v1VaH17K/o3toc040pF7+QYY+Pn1Vb53xQtb7zCe7DNPGyA5AylP4WoHi > kBiolMASchWYDxyi

Re: Is there a limit on CN length?

On Fri, Jul 16, 2010 at 10:50:02AM +0100, Alexander Fisher wrote: > Hi > > I've very recently decided to create my own Cert Authority in order to > produce certificates to replace all the built in self-signed ones on > devices such as routers,switches etc. > > I'm having problems with the certifi

Re: Adding OIDs

Hi Mag, On Tue, Jun 29, 2010 at 06:43:24PM -0700, Mag wrote: > I'm interested in using custom OIDs for private application purposes. > I've found the documentation to be deficient. > > For instance, in openssl.cnf it gives an example line of > [ new_oids ] > #testoid1=1.2.3.4 > > When I uncomm

Re: Extracting certificate start and end dates

On Mon, Jun 07, 2010 at 08:02:22PM -0500, Dallas Clement wrote: > Hi All, > > I am trying to crack open a certificate and print out the start and > expire dates to a debug log message. Just for printing I suggest: int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) Cheers Christian ___

Re: error: ASN1_mbstring_copy:string too long:a_mbstr.c:154:maxsize=2 _only_ when using config file and prompt off

Hi, On Tue, Apr 13, 2010 at 12:13:49AM -0700, Alex Lam wrote: > Hi all, > > For some strange reasons, when I disable prompt in the cnf file, I run into > the "error: ASN1_mbstring_copy:string too > long:a_mbstr.c:154:maxsize=2" error. > Digging around on the net showed that my counter code is lo

Re: problem with signing with DSA private keys using EVP_SignFina

Hi, On Fri, Apr 09, 2010 at 12:53:35AM +0800, ?? wrote: > Hi guys, I have a problem with signing with *DSA* private keys using > *EVP_SignFina > function.* > ** > There is some fragment of my code following: > > /* Do the signature */ > EVP_MD_CTX_init(&md_ctx); > err = EVP_SignInit (&md_ctx

Re: OpenSSL PKCS11 engine implementation

Hi Samuel, you are aware of the PKCS#11 engine from the OpenSC project ? http://www.opensc-project.org/engine_pkcs11 If this is not already the engine you want to implement, maybe its sources could give some hints and inspirations. Christian On Thu, Feb 04, 2010 at 06:24:13AM -0800, Sa

Re: [FWD] RE: Help Request

On Tue, Jan 12, 2010 at 06:19:18PM +0100, Lutz Jaenicke wrote: > Forwarded to openssl-users for public discussion. > > Best regards, > Lutz > > - Forwarded message from Vincenzo Giarratana > - > > From: Vincenzo Giarratana > To: r...@openssl.org > Subject: RE: Help Request > Dat

Re: Unable to load CRL

Hi, On Fri, Jan 08, 2010 at 11:42:39AM +0530, Radha krishna Meduri -X (radmedur - HCL at Cisco) wrote: > > > X509_CRL *pCRL=0, *pTempCRL = 0; > > pCRL = d2i_X509_CRL_fp( m_pfCRLFile, &pTempCRL ); > > if( !pCRL ) > { > printf("Unable to read using d2i_X509_CRL_fp\n"); /* Filepointer

Re: help me decrypting a binary file which is encrypted by aes 256 cbc mode

h i'm getting when I decrypt the bin > file through shell can be unzipped to get some result files whereas my code > i'm getting a output file i'm not able to unzip it properly ..can you help > regarding this issue.. > thanks in advance.. > > Christian Hohnstaedt wrot

Re: help me decrypting a binary file which is encrypted by aes 256 cbc mode

Hi, you used the ASCII representation of the key, instead of the real key. Same with iv. On Tue, Nov 17, 2009 at 02:43:48AM -0800, NaGaGo wrote: > > Hai > this is the openssl shell command i'm using to decrypt a binary file... > openssl enc -d -K > 3834373532303435333730323834383132373330393233

Re: aes256cbc_encrypt

On Wed, Oct 28, 2009 at 12:44:28AM -0700, himas wrote: > > tried to run my decryption func with test vectors and got not proper result > > -- CODE -- > void aes256cbc_encrypt() > { > int i, outlen; int i, outlen, tm; > unsigned char *outbuf = (unsigned char*)malloc(1024);

Re: using Linux hardware crypto devices with OpenSSL?

On Fri, Aug 22, 2008 at 04:27:02PM +0200, Tomasz Chmielewski wrote: > Christian Hohnstaedt schrieb: > > > >The overhead of putting the data into the kernel and into the NPE > >and back again was amortized by hardware speed only > >above 1Kbyte of data length on the IXP4

Re: using Linux hardware crypto devices with OpenSSL?

Hello Tomasz, On Fri, Aug 22, 2008 at 03:04:24PM +0200, Tomasz Chmielewski wrote: > I would like to use IXP4xx NPE crypto engine on Linux with OpenSSL. Using the hardware crypto engine was once possible via the OCF cryptodev api. However, I have no idea if it still works with the latest kernel.

Re: problem using pkcs7 DER encoding

On Thu, Aug 16, 2007 at 03:58:19PM +0200, Christian Wiesbauer wrote: > Hi, > > > > I'm trying to write a pkcs7 object with following code to a file: > > > > unsigned char *tmp, signature; unsigned char *tmp, *signature; > > int iLen; > > > > iLen = i2d_PKCS7(p7, NULL); > > signat

Re: ERROR: EVP_PKEY_get1_RSA:expecting an rsa key

On Wed, Feb 28, 2007 at 03:48:03PM +0100, Rafal Masztalerz wrote: > > Yes, you're right. My private key has the following heading and tail. > > -BEGIN DSA PRIVATE KEY- Please compare carefully ... :-) > >-BEGIN RSA PRIVATE KEY- > Christian

Re: Sign using RSA-SHA1

On Wed, Feb 14, 2007 at 02:59:23PM +0530, Kaushalye Kapuruge wrote: > Nils Larsch wrote: > >Kaushalye Kapuruge wrote: > >>Hi List, > >>I need to sign a text using RSA-SHA1. ( > >>http://www.w3.org/2000/09/xmldsig#rsa-sha1 > >> as per XML-Signature > >>

Re: Extracting Public Key from .CER file

On Mon, Feb 12, 2007 at 05:53:56PM -0800, Ravi Bhatt wrote: > Hello, > I want to use the Open SSL function call to extract the Public Key from the > Manufacturers X.509 Certificate, which is in the .CER format. Could someone > please advise me? fp = fopen(); c = PEM_read_X509(fp, NULL, NULL, NU

Re: some errors

http://www.openssl.org/support/faq.html#PROG2 Regards Christian On Wed, Sep 17, 2003 at 02:58:53PM +0200, [EMAIL PROTECTED] wrote: > > ACF> you forgot to call OpenSSL_add_all_algorithms() at the beginning. > > hmmm, same error... :o( > debugger says at this line error: Unhandled exception in rs

Re: weird corruption on return from SSL_write

http://www.openssl.org/support/faq.html#PROG2 On Mon, Jul 21, 2003 at 03:36:07PM +0100, Andrew Marlow wrote: > [EMAIL PROTECTED] writes: > >On Mon, Jul 21, 2003, Andrew Marlow wrote: > >> I am using openssl-0.9.7b on Windoze with the Visual Studio v6 compiler > >> and have found a strange problem.

Re: more spam

Readjust your spamfilter, my spamfilter has marked it as Spam :-)) Regards Christian On Thu, Jul 17, 2003 at 10:06:28AM +0200, Aleix Conchillo Flaque wrote: > > hi, > > i have sent a message to the list, and some anti spam software that this > user ([EMAIL PROTECTED]) has installed has sent to

Re: PKC12 to PEM to DER

TRING in pem.h) Regards Christian > > Regards, > > Andy. > > > > -Original Message- > From: Christian Hohnstaedt [mailto:[EMAIL PROTECTED] > Sent: 08 July 2003 16:07 > To: [EMAIL PROTECTED] > Subject: Re: PKC12 to PEM to DER > > > Hi Andrew, &g

Re: PKC12 to PEM to DER

> Question: > 1)How do I tell whether the private key has been pushed into the PEM/DER formats? > 2)Should I be able to see any reference to the private keys in a x509 -nout -text > command? > > Regards, > > Andy. > > > -Original Message- > From

Re: about digital signature

On Mon, Dec 09, 2002 at 04:16:12PM +0200, [EMAIL PROTECTED] wrote: > Hi > > I've realised a signed pkcs7 with "pkcs7_sign", then I > repeat the same function but the content is the first > signed pkcs7, so I get a signed pkcs7 into a signed > pkcs7. All works fine, but when I try to verify it,

Re: Why use a certificate request

Hi Jasper, the major goal of using requests is that the signer does not know and need the private key of the client certificate. If your application creates a key and a request and signs the request then you don't need the request and directly can create a signed certificate and key and hand the

Re: How can I get the public key from a key file?

On Thu, Nov 07, 2002 at 08:56:53PM +0100, [EMAIL PROTECTED] wrote: > > Hello! > > I generate a private key using: > openssl genrsa -out xxx.key 1024 > It contains the private key, but I can get the public key this way: > openssl rsa -in xxx.key -pubout -out yyy.pub > > I can get the private key

Re: Remove passprase

http://www.openssl.org/docs/apps/rsa.html On Fri, Oct 25, 2002 at 03:16:10PM +0200, Robbert Hardin wrote: > Hello All > > Is it possible to remove or chagne a PEM pass phrase on keypair.pem > generated with openssl? > > Kind regards, Robbert >

Re: question about X.509 certs and subjectAltName

Hi, The "DNS" refers to the configuration value in your openssl.cnf file it is the name of the "conf-value" e.g. subjectAltName = DNS:foo.bar.com, IP:10.11.12.13 also look at doc/openssl.txt Greets Christian On Thu, Oct 24, 2002 at 11:57:42AM -0700, Edward Chan wrote: > Hi there, > > I'm lo

Re: PEM_write_X509 - access violation

Same here on a WIN98 box, seems like all PEM_write_XXX functions do segfault. OpenSSL was compiled with the VC++ .dsp files provided by http://www.iconsinc.com/~agray/ossldev/ the same code runs without errors on linux Regards Christian On Mon, Sep 23, 2002 at 10:27:46PM +0400, Alexey S. Po

Re: howto create your own certificate

On Mon, Sep 23, 2002 at 03:19:29PM +0400, Alexey S. Poluntchenko wrote: > using openssl X509 api ? > mb any examples exist ? openssl-0.9.6g/demos/x509/* regards christian > > thanks __ OpenSSL Project

Re: newbie - saving keys to file

You have heared about: PEM_read_RSAPrivateKey(fp, NULL, cb, &p); PEM_write_RSAPrivateKey(fp, key, enc, NULL, 0, cb, NULL); d2i_RSAPrivateKey_fp(fp, NULL); i2d_RSAPrivateKey_fp(fp, rsa); ? regards Christian On Tue, Sep 17, 2002 at 04:43:05PM -0300, Bruno Bisol wrote: > Hi, I am starting

Re: Exporting a key from a cert or csr

On Fri, Sep 06, 2002 at 11:09:44AM -0500, Eduardo Muñoz wrote: > I think you can extract the key from the certificate > using the following instruction: > > openssl rsa < certificate.pem > certkey.pem > > I hopoe this works > Eduardo No, it wont work. 'openssl x509 -pubkey > --- "Gary W." <

Re: determining if a given cert was signed by some trusted CA.

openssl verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 e.g. openssl verify -CAfile ca.crt client1.crt regards Christian On Thu, Aug 08, 2002 at 11:35:29PM -0400, Alice Henderson wrote: > Hello, > > I have a CA certificate that I use to sign a bunch of client c

Re: self signing - me as the CA

On Fri, Aug 02, 2002 at 10:34:35AM -0500, David Iungerich wrote: > Based on my needs, I believe utlizing the tools I already have would be best > for me. That said, does anyone have a yes or no answer for me as to whether > it will work. Again, the scenario follows. > > I have a situation where

Re: CA depth

On Tue, Jul 30, 2002 at 05:52:09AM -0700, Oleg Shema wrote: > > Hello, openssl. > > Can anybody describe, how can I make CA certificates with depth more tham zero? I think, you mean this: openssl.cnf: basicConstraints = CA:true,pathlen:5 more details at doc/openssl.txt Christian ___

Re: fw::re::httpd startup failure

Try: openssl x509 -inform DER server.pem and set the SSLCertificateFile directive in httpd.conf to server.pem hope, that helps... Christian On Tue, Jul 23, 2002 at 09:33:26AM -0400, Dirk van der Giesen wrote: > I have it like this: > > > > -rw-r--r--1 rootroot1029 Jul 11 10:

Re: ans1 0D09F007 and 0D091007 error with verisign cert.

On Wed, Jul 17, 2002 at 09:15:22AM +0200, Axel Keul wrote: > Dear all, > > Using Apache/modssl/openssl SSL worked fine with test certs. But when I try to add a >verisign cert I get the following error and the startup failes. > > -- mod_ssl: Init: Unable to read server certificate from file >/o