Re: How to convert certificate from .pem to .der format

praveens wrote: I want to know the openssl APIs to convert a certificate from .pem to .der format. I know about the openssl command which does the same. But Can you tell me how to do it in a Cprogram using openssl or any other method Hi, load your x509 file using loaded = PEM_read_X509(f, N

Re: The Authority Key ID extension

Silviu VLASCEANU wrote: Hi, Sorry to bother again, but I still haven't found how to add the Authority Key ID to a certificate, using openssl. Please, I need some help with this. The details are below. Thank you in advance, -- Silviu 2008/9/3 Silviu VLASCEANU <[EMAIL PROTECTED]

Remove Ask for a pass phrase

Hello everyone, I'm trying to load a private key with this function : /EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,pem_password_cb *cb, void *u);/ I use it this way : EVP_PKEY* key = PEM_read_Privatekey(file,NULL,NULL,passwd); with file a File* containing the correct file, and passwd

Remove ask for a pass phrase

Hello everyone, I'm trying to load a private key with this function : /EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,pem_password_cb *cb, void *u);/ I use it this way : EVP_PKEY* key = PEM_read_Privatekey(file,NULL,NULL,passwd); with file a File* containing the correct file, and passwd

Re: Create a X509 from a string

delcour.pierre wrote: Hello, I don't look at the mail archiver. A similar question was send. Here is the link if you are interested : http://www.mail-archive.com/openssl-users@openssl.org/msg52560.html Sorry to disturb you. Have a nice day, p

Create a X509 from a string

Hello everyone, I need to create a X509 certificate from a string. In fact, the string contains the PEM value of the certificate without the "-BEGIN CERTIFICATE-" and the "-END CERTIFICATE-". Here you have an exemple : MIID9jCCAt6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBZMQ0wCwYDVQQKEw

Re: How to compute all attributes of RSA private key from modulus and private exponent?

delcour.pierre wrote: Metalpalo wrote: Hello Ihave got one question: Does exist some way how to compute all attributes of private key from modulus and private exponent? I think as public exponent, prime1, prime2, exp1, exp2... Thanks My previous answer doesn't answer to your que

Re: How to compute all attributes of RSA private key from modulus and private exponent?

Metalpalo wrote: Hello Ihave got one question: Does exist some way how to compute all attributes of private key from modulus and private exponent? I think as public exponent, prime1, prime2, exp1, exp2... Thanks If you want to generate a rsa key with openssl code (not in line command) :

Re: X509_CRL_dup() problem ?

Dr. Stephen Henson wrote: On Mon, Aug 11, 2008, delcour.pierre wrote: Hello everyone, I try to add a certificate in a CRL. To do that, i use a X509* cert, a X509_CRL* crl with this algorithm : X509_REVOKED *r = NULL; r = X509_REVOKED_new(); r->serialNumber = X509_get_serialNumber(c

X509_CRL_dup() problem ?

Hello everyone, I try to add a certificate in a CRL. To do that, i use a X509* cert, a X509_CRL* crl with this algorithm : X509_REVOKED *r = NULL; r = X509_REVOKED_new(); r->serialNumber = X509_get_serialNumber(cert); if(!crl->crl->revoked) ci->revoked = sk_X509_REVOKED_new(X509_REVOKED

Re: How to load a chain of certificates ?

delcour.pierre wrote: Hello, Ariel Salomon wrote: Hi Pierre, If you are using this certificate chain for an SSL connection, use SSL_CTX_use_certificate_chain_file which does precisely what you are asking. If you are just looking for a way to load this chain for other uses, the source

Re: How to extract subjectAltName

Gerhard Gappmeier wrote: Hi, I try to read subjectAltName, but ASN1_STRING_to_UTF8 seems not to work. For the X509_NAME entries the same procedure works, but this ASN1_STRING seems to be different. In the debugger I can already see the ASN1_STRING: pString->length = 43 pString->type = 4 pString

Re: How to load a chain of certificates ?

delcour.pierre wrote: Hello, Ariel Salomon wrote: Hi Pierre, If you are using this certificate chain for an SSL connection, use SSL_CTX_use_certificate_chain_file which does precisely what you are asking. If you are just looking for a way to load this chain for other uses, the source

X509_dup bug ?

Hello, I wrote this code : X509* CA = X509_new(); X509* cert = X509_dup ( CA ); Each time i got a segmentation fault when i use cert (cert == NULL is true). For me, X509_dup duplicate the given X509 certificate, so i don't think that cert == NULL is a good behavior. . I'm using openssl 0.9.8g

Re: how to add an extension to a X509 certificate ? the answer

HEllo, here is the solution of my problem : I want to have this extension in my X509v3 certificate : X509v3 Authority Key Identifier: keyid:6B:FC:14:20:72:EE:15:6E:D1:29:7A:4D:40:69:90:F7:AE:B1:3A:FF DirName:/O=o/OU=ou/CN=vn/dnQualifier=a/wUIHLuFW7RKXpNQGmQ966xOv8= serial:01 To made this possib

Re: How to load a chain of certificates ?

should help you out. take a look at the man page: http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html - Ariel delcour.pierre wrote: Hello everyone, I have to load a chain of x509v3 certificates which is only one file, like this one (i cut it): -BEGIN CERTIFICATE- MIIEjjC

Re: how to add an extension to a X509 certificate ?

Dr. Stephen Henson wrote: On Fri, Jun 06, 2008, delcour.pierre wrote: Hello everyone, I have a different problem now. I want to add a "X509v3 Authority Key Identifier" field in a x509v3 certificate. This field must have these three parts : - keyid (the keyid of the issuer) - di

Re: How to load a chain of certificates ?

should help you out. take a look at the man page: http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html - Ariel delcour.pierre wrote: Hello everyone, I have to load a chain of x509v3 certificates which is only one file, like this one (i cut it): -BEGIN CERTIFICATE- MIIEjjC

Re: how to add an extension to a X509 certificate ?

Hello everyone, I have a different problem now. I want to add a "X509v3 Authority Key Identifier" field in a x509v3 certificate. This field must have these three parts : - keyid (the keyid of the issuer) - dirname (the same string as issuer field) - serial (of issuer) int type = NID_authori

Set X509v3 Authority Key Identifier with openssl0.9.8g

Hello, I try to set a "X509v3 Authority Key Identifier" extension with this value : "keyid:6B:FC:14:20:72:EE:15:6E:D1:29:7A:4D:40:69:90:F7:AE:B1:3A:FF\nDirName:/O=O/OU=DC.OU/CN=.ROOT.CN/dnQualifier=a/wUIHLuFW7RKXpNQGmQ966xOv8=\nserial:01\0" With this code : X509* _d_cert ; // loaded from a fi

how to add an extension to a X509 certificate ?

Hello everyone, I would like to add an extension to a X509v3 certificate. I wrote : void Addmyextension(X509* cert, int nid, char* value, bool crit) { X509_EXTENSION* ex = X509_EXTENSION_new(); ex->object = OBJ_nid2obj(nid); crit? ex->critical = 0xff : ex->critical = -1; // Question 1 ASN1

How to load a chain of certificates ?

Hello everyone, I have to load a chain of x509v3 certificates which is only one file, like this one (i cut it): -BEGIN CERTIFICATE- MIIEjjC[...]7DjKlgcOcx -END CERTIFICATE- -BEGIN CERTIFICATE- MIIEfzC[...]ds0pfH -END CERTIFICATE- -BEGIN CERTIFICATE- MIIE

Re: [EVP_PKEY] How to duplicate it ?

Thomas Mangold wrote: Why not just copy the key? EVP_PKEY *cp_key (EVP_PKEY *pkey) { /* error handling omittet */ EVP_PKEY *pnew; int key_type; pnew = EVP_PKEY_new(); switch(pkey->type) { case EVP_PKEY_RSA: DSA *dsa = EVP_PKEY_get1_DSA(pkey); EVP_PKEY_s

[EVP_PKEY] How to duplicate it ?

Hello everyone, I would like to duplicate an EVP_PKEY struct. I wrote this not working code: BIO *bout = BIO_new(BIO_s_mem()); PEM_write_bio_PrivateKey(bout, key, NULL, NULL, 0, NULL, NULL); key = PEM_read_bio_PrivateKey(bout, NULL, NULL, NULL); cout << (key == NULL) << endl; BIO_free(

Re: Public key from a x509v3 certificate

Hello, David Schwartz wrote: If you want to compare the DER encodings, you need to get the DER encoding, not the number. If you want to compare the numbers, '03' should compare equal to '3' anyway. What are you trying to do? DS I just want to extract the public key to store it in another place

Re: Public key from a x509v3 certificate

Hello, Thank's for the answer, but i still got a little problem, when i run this code : EVP_PKEY *key2 = X509_get_pubkey(certif.getX509Certificate()); cout << BN_bn2hex(key2->pkey.rsa->n); I miss the first 00 of the public key... How can i get them ? [EMAIL PROTECTED] wrote: Hello, [EMAI

Public key from a x509v3 certificate

Hello, I'm looking to get back the public key from a x509 v3 certificate. I use the function ASN1_BIT_STRING * key = 509_get0_pubkey_bitstr(x509* certificate); but i don't get what i want : I get (from a conversion to hexadecimal thanks to : cout << setw(2) << setfill('0') << right << hex <<