Question about DSA private keys - Quick replies appreciated!

2010-03-06 Thread Anand Giriraj
Hi Folks. If I generate DSA private key using the following commands: DSA_generate_params() DSA_generate_keys() The resulting private keys are not encoded using any of the PKCS formats, right?. If wrong, which format are they encoded in?. Would it be appropriate to encode them in PKCS8?. And if

Re: Question about DSA private keys - Quick replies appreciated!

2010-03-06 Thread Anand Giriraj
Sorry there was a small typo s/DSA_generate_keys/DSA_generate_key Could I possibly use EVP_PKEY2PKCS8() api for the encoding? Regards -AG On Fri, Mar 5, 2010 at 11:35 AM, Anand Giriraj wrote: > Hi Folks. > If I generate DSA private key using the following commands: > > DSA_generate_params() > D

Coaxing an error message out of PKCS7_verify()

2010-03-06 Thread Graham Leggett
Hi all, I am currently struggling to get to the bottom of a problem verifying a PKCS7 message, and before I can make any headway, I need access to the error message. The error message I am getting is this: "error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error" which, given

Re: Coaxing an error message out of PKCS7_verify()

2010-03-06 Thread Dr. Stephen Henson
On Sun, Mar 07, 2010, Graham Leggett wrote: > Hi all, > > I am currently struggling to get to the bottom of a problem verifying a > PKCS7 message, and before I can make any headway, I need access to the > error message. > > The error message I am getting is this: > > "error:21075075:PKCS7 routin

Re: Coaxing an error message out of PKCS7_verify()

2010-03-06 Thread Graham Leggett
On 07 Mar 2010, at 12:13 AM, Graham Leggett wrote: Can anyone tell me what function I should be using to retrieve the error saved by ERR_add_error_data()? After some reverse engineering, it turns out ERR_get_error_line_data() does the trick. It was the file and line parameters that threw me

PKCS7_verify() and being valid on a certain date

2010-03-06 Thread Graham Leggett
Hi all, Now that I have my full error message, the problem I have is that the verification is failing because the certificate has expired: error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error: Verify error:certificate has expired The error message is correct - the certifica

Re: PKCS7_verify() and being valid on a certain date

2010-03-06 Thread Dr. Stephen Henson
On Sun, Mar 07, 2010, Graham Leggett wrote: > Hi all, > > Now that I have my full error message, the problem I have is that the > verification is failing because the certificate has expired: > > error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error: Verify > error:certificate has e