On 9/25/2012 5:19 PM, redpath wrote:
Yes I see lots of fields to fill in for the X509 which is definitely the way
to go
from the RFC5480.
Is there any sample code out there to make a X509. I see that
EVP_PKEY_assign_EC_KEY(***);
r = i2d_PUBKEY_Bio(bp,evpkey);
will create a DER and from there any code to an x509.
The OpenSSL demoCA scripts can be used as a CA.
You can also create a self signed certificate
using the command:
openssl req -x509 ...
either using an existing key or creating a new key,
or using an engine to access the private key.
If generating a key, you may need to create the ecparams
first for example:
openssl ecparam -name prime256v1 > caparm
But note that an engine that supports ECC needs access to
ecdsa_method in ecs_locl.h (I have OpenSC engine that needs this.)
See these bug reports that are over a year and a half old:
http://rt.openssl.org/Ticket/Display.html?id=2568&user=guest&pass=guest
http://rt.openssl.org/Ticket/Display.html?id=2459&user=guest&pass=guest
redpath wrote:
I have saved the private and public key of the ECDSA;
Just sample code below.
int len= i2o_ECPublicKey(eckey,NULL);
unsigned char *buf=(unsigned char *)0;
ret= i2o_ECPublicKey(eckey,( unsigned char **)&buf);
if (!ret){
printf("Public key to octect string failed\n");
return 1;
}
printf("\ni2o public\n");
for (int i=0; i<len; i++)
printf("%X ",buf[i]);
printf("\n\n");
printf("started SHA1\n");
fp = fopen(args[1],"wb");
if (fp==NULL){
printf("Public file [%s] failed to create\n",args[1]);
return 1;
}
fwrite(buf,1,len,fp);
fclose(fp);
And have used this public key to check signature simply by reading the
file back
as data to "pubdata" using this function.
pubkey= o2i_ECPublicKey(&pubkey, (const unsigned char **)&pubdata,
publen);
But what is the best packaging for this Public key as in handing it out?
I can simply provide this file but is there some packaging format
generally
used as Best Practices?
--
Douglas E. Engert <deeng...@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org