----- Original Message -----
From: "Dr. Stephen Henson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, January 23, 2003 2:03 AM
Subject: Re: Problem with signing X509 certificate.
> On Wed, Jan 22, 2003, Jaco Kroon wrote:
>
> > Hallo all
> >
> > I have a little problem atm where I have to sign certificates. I have
both
> > the private key, and the ca certificate loaded as cacert and cakey
> > respectively. Here is the part of the code where I suspect
> > things break.
> >
> > /*
> > * Variables to be used:
> > * X509 *cacert; // contains CA certificate.
> > * EVP_PKEY *cakey; // contains CA private key.
> > */
> > X509 *usrcert = X509_new();
> > if(!usrcert)
> > {
> > log_ssl_errors("X509_new");
> > return ERROR_NULL;
> > }
> >
> > if(!X509_set_version(usrcert,USRCERTVERSION))
> > {
> > log_ssl_errors("X509_set_version");
> > return ERROR_SSL;
> > }
> >
> > if(!X509_set_issuer_name(usrcert,X509_get_subject_name(cacert)))
> > {
> > log_ssl_errors("X509_set_issuer_name/X509_get_subject_name");
> > return ERROR_SSL;
> > }
> >
> > X509_gmtime_adj(X509_get_notBefore(usrcert),0);
> >
X509_gmtime_adj(X509_get_notAfter(usrcert),(long)60*60*24*TRIALPERIOD);
> >
> > X509_NAME *subject = X509_NAME_new();
> > if(!subject)
> > {
> > log_ssl_errors("X509_NAME_new");
> > return ERROR_NULL;
> > }
> >
> > if(
> >
> >
!X509_NAME_add_entry_by_NID(subject,NID_pkcs9_emailAddress,MBSTRING_ASC,(uns
> > igned char*)email,-1,-1,0) ||
> >
> >
!X509_NAME_add_entry_by_NID(subject,NID_commonName,MBSTRING_ASC,(unsigned
> > char*)uname,-1,-1,0)
> > )
> > {
> > log_ssl_errors("X509_NAME_add_entry_by_NID");
> > return ERROR_SSL;
> > }
> >
> > if(!X509_set_subject_name(usrcert,subject))
> > {
> > log_ssl_errors("X509_set_subject_name");
> > return ERROR_SSL;
> > }
> > X509_NAME_free(subject);
> >
> > if(!X509_set_pubkey(usrcert,pkey))
> > {
> > log_ssl_errors("X509_set_pubkey");
> > return ERROR_SSL;
> > }
> >
> > EVP_MD *dgst = USR_DGST();
> > res = X509_sign(usrcert,cakey,dgst);
> >
> > /*
> > * res now equals 128 - the size of the private rsa key.
> > */
> >
> > I then go ahead and dump the certificate using X509_print and get
> > Certificate:
> > Data:
> > Version: 1 (0x0)
> > Serial Number: 0 (0x0)
> > Signature Algorithm: sha1WithRSAEncryption
> > Issuer: C=ZA, ST=Gauteng, L=Pretoria, O=InterExcel,
OU=BackupServer,
> > [EMAIL PROTECTED]
> > Validity
> > Not Before: Jan 22 19:20:46 2003 GMT
> > Not After : Feb 21 19:20:46 2003 GMT
> > Subject: [EMAIL PROTECTED], CN=6feffc9edd8be3e8
> > Subject Public Key Info:
> > Public Key Algorithm: rsaEncryption
> > RSA Public Key: (1024 bit)
> > Modulus (1024 bit):
> > 00:b9:d5:be:8b:1e:f2:9e:6c:4b:88:5a:84:23:c5:
> > ec:3e:be:7c:97:1d:e4:c1:f8:c4:45:b5:a6:1e:45:
> > b9:57:d2:84:36:21:ec:53:35:94:65:18:c9:f8:f5:
> > ef:da:10:c1:25:14:04:fa:14:77:83:a7:8b:79:ac:
> > d2:c7:51:f2:6f:8e:83:19:ba:20:8d:ed:96:24:fd:
> > ad:e9:9c:68:78:92:76:64:c0:b9:54:08:2c:5c:6a:
> > d0:70:15:75:4c:57:b6:9e:f9:68:b1:44:8e:2a:16:
> > 2e:90:85:73:63:30:43:21:28:f2:46:5d:f7:40:d5:
> > 8a:a5:72:a2:00:0d:f9:7c:d7
> > Exponent: 65537 (0x10001)
> > Signature Algorithm: sha1WithRSAEncryption
> > 4c:7b:eb:10:3b:70:7f:d6:96:67:96:2d:55:e6:ce:ab:48:ee:
> > cc:28:dc:81:9e:2a:b1:80:ac:e5:bf:84:e6:71:b7:56:dd:39:
> > 41:2b:1d:fb:dc:8e:16:85:2a:f0:f7:96:6f:b1:c9:69:38:bc:
> > 46:2e:13:cc:28:5e:95:72:81:81:f7:83:97:80:98:96:35:73:
> > c7:4e:3b:48:b9:99:60:ae:c8:8f:4f:57:74:73:fb:09:0c:19:
> > c5:00:37:71:40:1f:cb:2c:3e:11:c5:c8:88:a5:53:f7:d6:61:
> > e2:f6:76:e7:3b:d8:bb:35:9d:24:21:55:bd:fe:09:81:ee:6b:
> > 70:bc
> >
> > Which is what I want. Except that when I perform the command "openssl
> > verify -CAfile cacert.pem gencert.pem" I get the output:
> >
> > error 7 at 0 depth lookup:certificate signature failure
> >
> > And my own program gives more detail:
> >
> > rsa routines::RSA_verify failed with error code 0x4077068 (bad
signature).
> > asn1 encoding routines::ASN1_verify failed with error code 0xd079006
(bad
> > get asn1 object call).
> > Certificate failed.
> >
> > I output the X509 certificate using PEM_write_X509(stdout,usrcert) which
I
> > then pipe into a file.
> >
>
> One problem is probably that you aren't setting the certificate serial
number.
> You will get the default of zero which will clash with the CA certificate
> serial number. The issuer_name and serial number combination should be
unique.
>
I don't think this is it. I managed to set up a certificate with excactly
the same parameters using the openssl utitility, including a serial number
of 0. It verified ok. Could it be that I'm not setting it explicitly? Say
I have a string containing a hex number, how would I go about converting
this to a BN I can use for setting the serial number?
Also, something else that *might* influence things is that the pkey struct
is initialized from a private key using code similar to:
RSA *usrrsa;
// then proceed to convert the received ASN1 data to an RSA structure.
EVP_PKEY *pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey,usrrsa);
then I don't use pkey again until where I assign it to the certificate. If
somehow the private key becomes part of the signature but only the public
key ends up in the certificate this will explain it as the hashes at the
time of signing and at the time of verification will differ, which will
explain why I can directly after signing verify and it will verify ok, but
after writing out and then verifying it gives a bad signature. If the
signing code is written with great care or the X509_set_pubkey only extracts
the public key, this should not be a problem. How would I go about getting
only the public key?
Thanks for your help so far.
Jaco
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
