Viktor,
The key format needed by the system is algorithm-specific DER format. It is
received from the user in the same algorithm-specific in PEM format.
The algorithm can be:
1) secp384r1 (i.e. created by "openssl ecparam -out ec_key.pem -name
secp384r1 -genkey")
2) rsa:2048(i.e. created by "
Hello,
I currently have a short program that converts a certificate from pem format
to der format.
static int vpncm_convert_pem_to_der(struct cm_module *module, char
*pem_file_name, char *der_file_name )
{
int res,ret = 0;
FILE* f;
BIO *out = NULL;
X509 *loaded = NULL;
f = fo
Hi Benny,
Thanks for the usefull info.
I built and installed the Haveged daemon on my embedded board.
Run it with: ./haveged -w 1028
I checked with command cat /proc/sys/kernel/random/entropy_avail that the
available entropy jumps from 128 before running the daemon to >1028 after.
But un
I tested the generation of a certificate with a keypair RSA 4096 bit on two
different platforms.
The openssl command I used is:
/openssl req -newkey rsa:4096 -keyout clientKey.pem -out clientReq.pem/
There was a huge difference in the time it took on each one of the
platforms. On a first Linux
Ok. So meanwhile, unless it will be proven that is is illegal, let's say that
for any reason the Certificate requester wants to add a "certificate
policies" extension in the CSR.
Is this syntax correct:?
add_ext(exts, NID_certificate_policies, "1.3.6.1");
(based on function mkreq() in file
openss
Oh I see. Can you point to a documentation where it is defined which
extensions a certificate requestor is allowed to add and which should be
added by the CA only?
Thanks.
--
View this message in context:
http://openssl.6102.n7.nabble.com/adding-certificate-policies-extension-in-CSR-tp46467p46
Hello,
I am trying to add a "certificate policies" extension in CSR. For this I am
using the openssl sample function mkreq() in file
openssl/demos/x509/openssl/demos/x509/mkreq.c
This the line of code I added:
add_ext(exts, NID_certificate_policies, "1.3.6.1");
Unfortunately it causes a segment
I have a 96 bytes long ecdsa signature created with sha384 algorithm by a
smart card in raw format.It is composed of two 48 bytes long integers r and
s. The ecdsa signature is in a buffer pointed to by sign_ptr. I'm converting
the raw format signature into buf_out in ASN1 format with this function
Country Name field in CA generated by openssl is encoded as PRINTABLESTRING
while other fields are UTF8STRING
I am generating a CA certificate with openssl version 1.0.1e with the
following commands:
openssl ecparam -out ec_key.pem -name secp384r1 -genkey
openssl req -new -key ec_key.pem -x509 -n
