Karsten Spang wrote:
>
> Is it possible to generate a certificate request with the openssl command line
> tool, using an RSA public key only? I tried various combinations of options, but
> I only managed to make it read a private key. Can the library do it, if I write
> a simple front-end?
>
It isn't possible to create a valid certificate request because you need
to sign the request with the private key. So although you don't need the
private key components you do need to be able to sign something with it.
If that isn't possible then you can only create a request with an
invalid signature. Some pieces of software may have an option to not
reject a request with an invalid signature.
Usually though a valid signature is required because it proves that you
have access to the private key: otherwise you could use someone elses
public key, this is considered a security risk for various reasons.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
