Digitally Sign Document

Hi. Briefly, my goal is to digitally sign a document using the API of the Cloud Signature Consortium for the remote part and openssl for the local part. First of alI I tried signing only locally, providing hard-coded certificate and private key. It works like a charm. Here, the snippet I used for

Re: How to plug an external encryption to CMS_SignerInfo signing?

this way, then I'm afraid they will still require more boilerplate code than really necessary. Cheers, Francesco [1] https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_METHOD.html [2] https://github.com/openssl/openssl/blob/d1fb6b481b1d70932a1435f83eae10cc68edbe36/crypto/cms/cms_sd.c#L269

How to plug an external encryption to CMS_SignerInfo signing?

there an easier mechanism to plug a separate encryption method when creating the CMS_SignerInfo structure and have openssl do all the other dirty work for me? If so, is it possible to do with openssl 1.1.0/1.1.1? Cheers, Francesco #pragma once #include #include #include #include #include

R: CSR with only public key

Yes Paul, you are right. Real CA must never accept CSR without verifying the signature. Francesco Petruzzi Information Security Manager Innovery SpA Via Farini, 81 – 20159 Milano Cell. +39 320 170 4978 Da: Paul Yang [mailto:kaishen...@alipay.com] Inviato: giovedì 12 settembre 2019 10

R: CSR with only public key

Sign request with a fake private key and hope the client do not require signature verification. Regards Francesco Petruzzi Da: openssl-users [mailto:openssl-users-boun...@openssl.org] Per conto di Paul Yang via openssl-users Inviato: giovedì 12 settembre 2019 09:51 A: Bharathi Prasad Cc

R: concatenate two CRL's

The combined crl means a certificate revocation list including all revoked certificate for the whole (and single) CA and the partitioned one is a more light crl limited to a known number of emitted certificate. CAs must publish a number of partitioned crls that covers all issued certificates and

R: Why would RSA_size() crash?

Is pubKey a valid pointer after PEM_read_bio_RSA_PUBKEY? If it is NULL there is an error in PEM data. Da: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] Per conto di G S Inviato: lunedì 16 maggio 2011 12:13 A: openssl-users@openssl.org Oggetto: Why would RSA_size() c

R: error:0D07209B:asn1 encoding routines:ASN1_get_object:too long

Correct cast is , but your problem probably is in str content, not asn1 der format. Is your source certificate in der format? Da: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] Per conto di ikuzar Inviato: martedì 5 aprile 2011 02:05 A: openssl-users@openssl.org Ogge

R: Certificate Access Question

: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] Per conto di Harshvir Sidhu Inviato: mercoledì 9 marzo 2011 13:45 A: openssl-users@openssl.org Cc: Francesco Petruzzi Oggetto: Re: Certificate Access Question Hi, Do you mean i should install client certificate into

R: Certificate Access Question

If your service uses “my” in order to retrieve certificate it only reads its certificate (service launcher UserA), you can save certificate for LocalMachine but your service must use local machine store to retrieve certificate and not “my” (personal) store. Da: owner-openssl-us...@openssl.o

Re: Verify x509 certificate

/2008 alle 18.57 -0700, Sendroiu Eugen ha scritto: > > > I'm not sure you solved that. This works just because your certificate > chain will have only 1 certificate so no signature verification is > done. > > kr, > > Eugen Sendroiu > > > - O

Re: Verify x509 certificate

Solved ! I forgot to call SSLeay_add_all_algorithms(); ... a summer youthful folly :-) Flt Il giorno sab, 02/08/2008 alle 11.43 +0200, .:: Francesco la Torre ::. ha scritto: > On sab, 2008-08-02 at 02:04 -0700, Kyle Hamilton wrote: > > The verify(1ssl) man page has descriptions of th

Re: Verify x509 certificate

true, but I used the "stange" abjective because if I try to verify the certificate from command line openssl verify -CAfile /home/frank/test/test-CA/calist.pem cert.pem The output is : cert.pem: OK so both certificates are valid. Regards, Flt > -Kyle H > > On Fri, Aug

Re: Verify x509 certificate

On sab, 2008-08-02 at 00:21 +0200, .:: Francesco la Torre ::. wrote: > self reply :-) > > I've added a callback function like this > > static int cb(int ok, X509_STORE_CTX *ctx){ > char buf[256]; > > X509_NAME_oneline( > X509_ge

Re: Verify x509 certificate

rn(ok); } and also add this line to the main X509_STORE_set_verify_cb_func(&ca_ctx,cb); but the result is always the same : Verification error: certificate signature failure where are my mistakes ? Thanks Flt On ven, 2008-08-01 at 23:58 +0200, .:: Francesco la Torre ::. wrote: > On

Re: Verify x509 certificate

reful which text editor > you are using because some may replace spaces with their owns ( eg > CRLF - CR or LF ) in the root_cert_data declaration, and that might > spoil the signature. I'll check also this :-) > > Cheers. Thank you very much ! Flt > > - Ori

Re: Verify x509 certificate

Any help from someone ? :-) Flt Il giorno mer, 30/07/2008 alle 23.57 +0200, Francesco la Torre ha scritto: > Dear all, > I'm new in openssl api and I'm trying to write e simple application to > verify an x509 certificate but I'm facing with some strange problem. > &g

Verify x509 certificate

I try to verify my certificate by mean command line tool openssl verify -CAfile /home/frank/test/test-CA/calist.pem cert.pem The output is : cert.pem: OK Does anybody know where is the problem ? Thanks in advance, Francesco la Torre _

Re: Creating RSA key pair and generating BN prime number

Marek Marcola wrote: > But safe primes are needed for DH, not for RSA > and in generating RSA key p and q are not safe (in meaning > (p-1)/2 is prime too). Thanks for your quick reply regards Francesco. __ OpenSS

Creating RSA key pair and generating BN prime number

key pair of 1024 bit , computation time is about 0,364s. But when I generate a safe prime number of 1024 bit with BN_generate_prime , computation time is about 130s. thanks a lot. Francesco __ OpenSSL Project

Re: HSM/engine/SmartCard for OpenVMS

Richard Levitte - VMS Whacker wrote: > > In message <[EMAIL PROTECTED]> on Sun, 26 Mar 2006 20:22:48 +0200, Francesco > Gennai <[EMAIL PROTECTED]> said: > > francesco.gennai+openssl> thank you for the pointers. > > You're welcome. > > fr

Re: HSM/engine/SmartCard for OpenVMS

Richard Levitte - VMS Whacker wrote: > > In message <[EMAIL PROTECTED]> on Sun, 26 Mar 2006 00:51:54 +0100, Francesco > Gennai <[EMAIL PROTECTED]> said: > > francesco.gennai+openssl> I need to sign e-mail messages in OpenVMS > francesco.gennai+openssl

HSM/engine/SmartCard for OpenVMS

I need to sign e-mail messages in OpenVMS environment by a signing device (SmartCard, HSM, other...) Is there any solution to use a signing device with OpenSSL in OpenVMS environment ? Regards, Francesco __ OpenSSL Project

Re: Verify Certificate

Thanks! it works2005/7/21, Jorey Bump <[EMAIL PROTECTED]>: francesco wrote:> I found some problems to verify the certificate I created with my own CA.> I don't know which certificates have to be included in the -CApath option.> I created a self signed cert and a server ce

Verify Certificate

I found some problems to verify the certificate I created with my own CA. I don't know which certificates have to be included in the -CApath option. I created a self signed cert and a server cert, then I created a client cert (using ever the same key) and I tried to verify it with the command "open

OpenSSL on Solaris8

e directly. My code call only upper-level ssl function. I'm using OpenSSL version 0.9.6g. Another notice. I have ported the same libtool and TestPgm on Win platform and all works fine. Do you know what's my mistake? Do you have any suggestion to resolve this situation?

PKCS12_parse problem

key file call the PKCS12_parse Any hint, FAQ or known problem? Thanks in advance Francesco __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]

ssl server identity

server certificate verification to accept the itdentity of the remote server? Thanks in advance for any explaination that will be sent. Francesco Dal Bello __ OpenSSL Project http://www.openssl.org

openbsd on sparc64: problems

pport). Ideas? Thanks, bye Francesco G. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [

R: About OpenSSL 0.9.7 release

tent_free' undefined; assuming extern returning int 'fullname' : is not a member of 'DIST_POINT_NAME_st' 'req_kludge' : is not a member of 'X509_req_info_st' 'MS_STATIC' : undeclared identifier 'set' : is not a member of 'x509_

R: R: need help

ience). Install ActivePerl (you have alredy do it). Go to cmd session. Go to C:\OpenSSL. > VCVARS32 > perl Configure VC-WIN32 > ms\do_ms > nmake -f ms\ntdll.mak Francesco Dal Bello -Messaggio originale- Da: Alberto T Isais [mailto:[EMAIL PROTECTED]] Inviato: venerdì 5 aprile 20

Certificate format

Someone know if there is an simple OpenSSL function that say format (PEM or DER) of a given certificate? Tnx, Francesco Dal Bello __ OpenSSL Project http://www.openssl.org User Support Mailing

I've a question about OCSP

Hi. I have to build an OCSP client. I've download "openssl-0.9.6c.tar.gz", but I don't find right headers referring to this argument. Where do I find those headers? How is OpenSSL implementing this protocol? Thanks

I've a question about OCSP

Hi. I would build a client OCSP requestor. I've download "openssl-0.9.6c.tar.gz", but I don't find right headers referred to this argument. How do I find those headers? How is OpenSSL implementing this protocol? Best regards FDB