I based my code off the stuff in the wiki. So what am I doing wrong? I
just want the PSS to make the SCA shut up.
bool X509CertMod::CheckCertDate(bool bNotBefore)
{
bool bRetValue;
if (bNotBefore)
{
bRetValue = CertIsCurrentTimeAfter(notBeforeDate);
//printf("Created: %02d %02d, %02d %02d:%02d:%02dZ\n", monthInt, dayInt,
yearInt, hoursInt, minutesInt, secondsInt);
if (bRetValue)
{
//printf("* NotBefore in past. Can use.\n");
return true;
}
else
{
//printf("* NotBefore in future. Can't use!\n");
return false;
}
}
else
{
bRetValue = CertIsCurrentTimeAfter(notAfterDate);
//printf("Expires: %02d %02d, %02d %02d:%02d:%02dZ\n", monthInt, dayInt,
yearInt, hoursInt, minutesInt, secondsInt);
if (bRetValue)
{
//printf("* NotAfter in past. Can't use!\n");
return false;
}
else
{
//printf("* NotAfter in future. Can use.\n");
return true;
}
}
return false;
}
bool X509CertMod::LoadX509PEMCertificateFromString(const std::string
&certStr)
{
try
{
StringSource ss(certStr, true);
PEM_Load(ss, m_Cert);
m_CertStr = certStr;
notBeforeDate.SetDate(m_Cert.GetNotBefore().EncodeValue().c_str());
notAfterDate.SetDate(m_Cert.GetNotAfter().EncodeValue().c_str());
bLoaded = true;
return true;
}
catch (const std::exception &ex)
{
printf("Failed to load cert string: %s\n", ex.what());
}
return false;
}
bool X509CertMod::VerifyCert(void)
{
const SecByteBlock &signature = m_Cert.GetCertificateSignature();
const SecByteBlock &toBeSigned = m_Cert.GetToBeSigned();
const X509PublicKey &publicKey = m_Cert.GetSubjectPublicKey();
if (CheckCertDate(true))
{
if (CheckCertDate(false))
{
RSASS<PKCS1v15, SHA256>::Verifier verifier(publicKey);
bool result = verifier.VerifyMessage(toBeSigned, toBeSigned.size(),
signature, signature.size());
if (result)
{
//std::cout << "Verified root certificate" << std::endl;
return true;
}
//std::cout << "Failed to verify root certificate" << std::endl;
}
}
return false;
}
On Wednesday, April 24, 2024 at 1:59:49 PM UTC-4 One Sini wrote:
> This code demonstrates how to load an X509 certificate and private/public
> keys from files.
>
>
> #include <iostream>
>
> #include <fstream>
>
> #include <string>
>
>
> #include <cryptopp/rsa.h>
>
> #include <cryptopp/files.h>
>
> #include <cryptopp/base64.h>
>
> #include <cryptopp/osrng.h>
>
> #include <cryptopp/pssr.h>
>
>
> using namespace CryptoPP;
>
> using namespace std;
>
>
> void loadX509Certificate(const string& certFile, X509Certificate&
> certificate) {
>
> ifstream file(certFile.c_str(), ios::in | ios::binary);
>
> if (!file) {
>
> cerr << "Error: Failed to open certificate file." << endl;
>
> // Handle error appropriately
>
> return;
>
> }
>
>
> try {
>
> PEM_Load(file, certificate);
>
> } catch (const Exception& ex) {
>
> cerr << "Error: Failed to load X509 certificate - " << ex.what()
> << endl;
>
> // Handle error appropriately
>
> return;
>
> }
>
> }
>
>
> void loadPrivateKey(const string& privateKeyFile, RSA::PrivateKey&
> privateKey) {
>
> ifstream file(privateKeyFile.c_str());
>
> if (!file) {
>
> cerr << "Error: Failed to open private key file." << endl;
>
> // Handle error appropriately
>
> return;
>
> }
>
>
> try {
>
> PEM_Load(file, privateKey);
>
> } catch (const Exception& ex) {
>
> cerr << "Error: Failed to load private key - " << ex.what() <<
> endl;
>
> // Handle error appropriately
>
> return;
>
> }
>
> }
>
>
> void loadPublicKey(const string& publicKeyFile, RSA::PublicKey& publicKey)
> {
>
> ifstream file(publicKeyFile.c_str());
>
> if (!file) {
>
> cerr << "Error: Failed to open public key file." << endl;
>
> // Handle error appropriately
>
> return;
>
> }
>
>
> try {
>
> PEM_Load(file, publicKey);
>
> } catch (const Exception& ex) {
>
> cerr << "Error: Failed to load public key - " << ex.what() << endl;
>
> // Handle error appropriately
>
> return;
>
> }
>
> }
>
>
> int main() {
>
> string certFile = "certificate.pem";
>
> string privateKeyFile = "private.key";
>
> string publicKeyFile = "public.key";
>
>
> X509Certificate certificate;
>
> RSA::PrivateKey privateKey;
>
> RSA::PublicKey publicKey;
>
>
> loadX509Certificate(certFile, certificate);
>
> loadPrivateKey(privateKeyFile, privateKey);
>
> loadPublicKey(publicKeyFile, publicKey);
>
>
> // Continue with using the certificate and keys...
>
>
> return 0;
>
> }
>
>
>
> One Sini <[email protected]> schrieb am Mi. 24. Apr. 2024 um 19:51:
>
>> Test this way
>>
>> a basic guide on how to generate an RSA key pair with PSS padding, sign
>> an X509 certificate with the private key, and verify the signature with the
>> public key using the Crypto++ library:
>>
>> 1. Generating an RSA Key Pair with PSS Padding:
>>
>> cpp
>>
>> Copy code
>>
>> #include <cryptopp/rsa.h>
>>
>> #include <cryptopp/osrng.h>
>>
>> #include <cryptopp/pssr.h>
>>
>>
>> using namespace CryptoPP;
>>
>>
>> void generateRSAKeyPair(RSA::PrivateKey& privateKey, RSA::PublicKey&
>> publicKey) {
>>
>> AutoSeededRandomPool rng;
>>
>>
>> InvertibleRSAFunction params;
>>
>> params.GenerateRandomWithKeySize(rng, 2048);
>>
>>
>> privateKey = RSA::PrivateKey(params);
>>
>> publicKey = RSA::PublicKey(params);
>>
>> }
>>
>>
>> int main() {
>>
>> RSA::PrivateKey privateKey;
>>
>> RSA::PublicKey publicKey;
>>
>>
>> generateRSAKeyPair(privateKey, publicKey);
>>
>>
>> // The RSA key pair has been generated and is now available
>>
>> return 0;
>>
>> }
>>
>> 1. Signing the X509 Certificate with the Private Key:
>>
>> cpp
>>
>>
>> Copy code
>>
>> #include <cryptopp/cryptlib.h>
>>
>> #include <cryptopp/oids.h>
>>
>> #include <cryptopp/rsa.h>
>>
>> #include <cryptopp/sha.h>
>>
>> #include <cryptopp/filters.h>
>>
>> #include <cryptopp/base64.h>
>>
>>
>> using namespace CryptoPP;
>>
>>
>> void signCertificate(const RSA::PrivateKey& privateKey, const X509&
>> certificate, byte* signature) {
>>
>> // Implement the process of signing the certificate here
>>
>> // Use privateKey and certificate to sign the certificate
>>
>> }
>>
>>
>> int main() {
>>
>> // Load or create your X509 certificate
>>
>> // Here, we assume you already have an X509 certificate
>>
>>
>> RSA::PrivateKey privateKey;
>>
>> // Load or generate your private key
>>
>> // Here, we assume you already have a private key
>>
>>
>> byte signature[256]; // Space for the signature
>>
>>
>> signCertificate(privateKey, certificate, signature);
>>
>>
>> // The certificate has been signed, and the signature is now available
>>
>> return 0;
>>
>> }
>>
>> 1. Verifying the Signature with the Public Key:
>>
>> cpp
>>
>>
>> Copy code
>>
>> #include <cryptopp/rsa.h>
>>
>> #include <cryptopp/sha.h>
>>
>> #include <cryptopp/filters.h>
>>
>> #include <cryptopp/base64.h>
>>
>>
>> using namespace CryptoPP;
>>
>>
>> bool verifySignature(const RSA::PublicKey& publicKey, const X509&
>> certificate, const byte* signature) {
>>
>> // Implement the process of verifying the signature here
>>
>> // Use publicKey, certificate, and signature
>>
>>
>> // Return true if the signature is valid, otherwise false
>>
>> return false;
>>
>> }
>>
>>
>> int main() {
>>
>> // Load or create your X509 certificate
>>
>> // Here, we assume you already have an X509 certificate
>>
>>
>> RSA::PublicKey publicKey;
>>
>> // Load or generate your public key
>>
>> // Here, we assume you already have a public key
>>
>>
>> byte signature[256]; // Take the signature from the certificate
>> signature
>>
>>
>> bool isValid = verifySignature(publicKey, certificate, signature);
>>
>>
>> // Check if the signature is valid
>>
>> return 0;
>>
>> }
>>
>> These code snippets serve as a foundation. You will need to adapt them
>> according to your specific implementation, including the loading process
>> for the X509 certificate and the private/public keys. Remember to include
>> error handling and handle edge cases in your implementation
>> I hope this help you
>> ;)
>>
>> Manish sharma <[email protected]> schrieb am Mi. 24. Apr. 2024 um
>> 14:42:
>>
>>> Crypto Betting <https://www.brsoftech.com/blog/crypto-sports-betting/>
>>>
>>> On Wed, Apr 24, 2024 at 6:08 PM Frank Sapone <[email protected]>
>>> wrote:
>>>
>>>> Has anyone figured out how to use PSS and SHA256 *WITH *CryptoPP-PEM?
>>>> I also tried reporting this to the issuer tracker at
>>>> https://github.com/noloader/cryptopp-pem and nobody has replied. I
>>>> can't imagine I'm the only person using this library in order to achieve
>>>> this with X509 Certs.
>>>>
>>>> Thanks,
>>>> Frank
>>>>
>>>> On Wednesday, April 17, 2024 at 11:43:54 AM UTC-4 HELA YAICH wrote:
>>>>
>>>>> Hello,
>>>>> (I'm new user of ns3 and crypto)
>>>>> I have link errors with Crypto++. These errors indicate that the
>>>>> compiler cannot find certain functions or classes defined in Crypto++.
>>>>> This
>>>>> can happen if Crypto++ is not correctly linked to my project. However, I
>>>>> tried to modify my project's CMakeLists.txt file as follows:
>>>>> set(target_prefix scratch_)
>>>>>
>>>>> function(create_scratch source_files)
>>>>> # Return early if no sources in the subdirectory
>>>>> list(LENGTH source_files number_sources)
>>>>> if(number_sources EQUAL 0)
>>>>> return()
>>>>> endif()
>>>>>
>>>>> # If the scratch has more than a source file, we need to find the
>>>>> source with
>>>>> # the main function
>>>>> set(scratch_src)
>>>>> foreach(source_file ${source_files})
>>>>> file(READ ${source_file} source_file_contents)
>>>>> string(REGEX MATCHALL "main[(| (]" main_position
>>>>> "${source_file_contents}")
>>>>> if(CMAKE_MATCH_0)
>>>>> set(scratch_src ${source_file})
>>>>> endif()
>>>>> endforeach()
>>>>>
>>>>> if(NOT scratch_src)
>>>>> return()
>>>>> endif()
>>>>>
>>>>> # Get parent directory name
>>>>> get_filename_component(scratch_dirname ${scratch_src} DIRECTORY)
>>>>> string(REPLACE "${CMAKE_CURRENT_SOURCE_DIR}" "" scratch_dirname
>>>>> "${scratch_dirname}"
>>>>> )
>>>>> string(REPLACE "/" "_" scratch_dirname "${scratch_dirname}")
>>>>>
>>>>> # Get source name
>>>>> get_filename_component(scratch_name ${scratch_src} NAME_WE)
>>>>>
>>>>> set(target_prefix scratch_)
>>>>> if(scratch_dirname)
>>>>> # Join the names together if dirname is not the scratch folder
>>>>> set(target_prefix scratch${scratch_dirname}_)
>>>>> endif()
>>>>>
>>>>> # Get source absolute path and transform into relative path
>>>>> get_filename_component(scratch_src ${scratch_src} ABSOLUTE)
>>>>> get_filename_component(scratch_absolute_directory ${scratch_src}
>>>>> DIRECTORY)
>>>>> string(REPLACE "${PROJECT_SOURCE_DIR}" "${CMAKE_OUTPUT_DIRECTORY}"
>>>>> scratch_directory ${scratch_absolute_directory}
>>>>> )
>>>>> add_executable(${target_prefix}${scratch_name} "${source_files}")
>>>>> if(${NS3_STATIC})
>>>>> target_link_libraries(
>>>>> ${target_prefix}${scratch_name} ${LIB_AS_NEEDED_PRE_STATIC}
>>>>> ${lib-ns3-static}
>>>>> )
>>>>> else()
>>>>> target_link_libraries(
>>>>> ${target_prefix}${scratch_name} "${ns3-libs}"
>>>>> "${ns3-contrib-libs}"
>>>>> "${ns3-external-libs}"
>>>>> )
>>>>> endif()
>>>>> set_runtime_outputdirectory(
>>>>> ${scratch_name} ${scratch_directory}/ ${target_prefix}
>>>>> )
>>>>> endfunction()
>>>>>
>>>>> # Scan *.cc files in ns-3-dev/scratch and build a target for each
>>>>> file(GLOB single_source_file_scratches CONFIGURE_DEPENDS
>>>>> ${CMAKE_CURRENT_SOURCE_DIR}/*.cc)
>>>>> foreach(scratch_src ${single_source_file_scratches})
>>>>> create_scratch(${scratch_src})
>>>>> endforeach()
>>>>>
>>>>> # Scan *.cc files in ns-3-dev/scratch subdirectories and build a
>>>>> target for each
>>>>> # subdirectory
>>>>> file(
>>>>> GLOB_RECURSE scratch_subdirectories
>>>>> CONFIGURE_DEPENDS
>>>>> LIST_DIRECTORIES true
>>>>> ${CMAKE_CURRENT_SOURCE_DIR}/**
>>>>> )
>>>>> # Filter out files
>>>>> foreach(entry ${scratch_subdirectories})
>>>>> if(NOT (IS_DIRECTORY ${entry}))
>>>>> list(REMOVE_ITEM scratch_subdirectories ${entry})
>>>>> endif()
>>>>> endforeach()
>>>>>
>>>>> foreach(subdir ${scratch_subdirectories})
>>>>> if(EXISTS ${subdir}/CMakeLists.txt)
>>>>> # If the subdirectory contains a CMakeLists.txt file
>>>>> # we let the CMake file manage the source files
>>>>> #
>>>>> # Use this if you want to link to external libraries
>>>>> # without creating a module
>>>>> add_subdirectory(${subdir})
>>>>> else()
>>>>> # Otherwise we pick all the files in the subdirectory
>>>>> # and create a scratch for them automatically
>>>>> file(GLOB scratch_sources CONFIGURE_DEPENDS ${subdir}/*.cc)
>>>>> create_scratch("${scratch_sources}")
>>>>> endif()
>>>>> endforeach()
>>>>> find_external_library(DEPENDENCY_NAME cryptopp
>>>>> HEADER_NAME aes.h
>>>>> LIBRARY_NAME cryptopp
>>>>> SEARCH_PATHS /usr/include/cryptopp)
>>>>>
>>>>>
>>>>> if(${CRYPTOPP_FOUND}) # Notice that the contents of DEPENDENCY_NAME
>>>>> became a prefix for the _FOUND variable
>>>>> find_package(cryptopp REQUIRED)
>>>>> include_directories(${CRYPTOPP_INCLUDE_DIRS})
>>>>> link_libraries(${CRYPTOPP_LIBRARIES})
>>>>> endif()
>>>>> add_executable(${target_prefix}${scratch_name} "fanetex.cc")
>>>>> target_link_libraries(${target_prefix}${scratch_name} PRIVATE cryptopp)
>>>>>
>>>>> can you help me to solve this problem ? Thank you [image: Capture
>>>>> d’écran 2024-04-17 114345.png]
>>>>>
>>>>> Le mardi 16 avril 2024 à 21:53:22 UTC-5, Frank Sapone a écrit :
>>>>>
>>>>>> I grabbed it but it's not relevant. I need to have a certificate
>>>>>> with RSA PSS that can be read by CryptoPP with the X509Cert lib. Is it
>>>>>> possible to do this?
>>>>>>
>>>>>> On Tuesday, April 16, 2024 at 3:19:47 PM UTC-4 Jeffrey Walton wrote:
>>>>>>
>>>>>>> On Tue, Apr 16, 2024 at 1:44 PM One Sini <[email protected]> wrote:
>>>>>>>
>>>>>>>> I wasn't entirely satisfied with the security, so I've adjusted the
>>>>>>>> code. I'm not sure if that helps you, depending on what you're doing
>>>>>>>> with
>>>>>>>> it.
>>>>>>>>
>>>>>>>> This code uses RSA with OAEP (Optimal Asymmetric Encryption
>>>>>>>> Padding) to avoid security issues like padding oracle attacks. It
>>>>>>>> generates
>>>>>>>> RSA keys with a length of 2048 bits, encrypts the message with OAEP
>>>>>>>> padding, and then decrypts it.
>>>>>>>>
>>>>>>>> Best Regards Satoshi
>>>>>>>>
>>>>>>>
>>>>>>> I deleted the message from the group. The *.pdf and *.pages smells
>>>>>>> of malware.
>>>>>>>
>>>>>>> If you want to provide code, please inline it or provide it as a
>>>>>>> text attachment.
>>>>>>>
>>>>>>> Jeff
>>>>>>>
>>>>>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Crypto++ Users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/cryptopp-users/db9bad9f-be9e-4a25-a09f-d52ce28adec0n%40googlegroups.com
>>>>
>>>> <https://groups.google.com/d/msgid/cryptopp-users/db9bad9f-be9e-4a25-a09f-d52ce28adec0n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>
>>>
>>> --
>>> Kind Regards,
>>> Manish Kr. Sharma
>>> Digital Marketing Manager
>>>
>>> Website: www.brsoftech.com
>>> E-mail: [email protected]
>>>
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Crypto++ Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/cryptopp-users/CABUB1NSTdFJPHBeh9b-fqfjrQBUWVzDzjNdjYUAQpzBb9CQsZw%40mail.gmail.com
>>>
>>> <https://groups.google.com/d/msgid/cryptopp-users/CABUB1NSTdFJPHBeh9b-fqfjrQBUWVzDzjNdjYUAQpzBb9CQsZw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/cryptopp-users/18b7e58b-9c58-484f-8bed-69a63f8be39dn%40googlegroups.com.
