>===== Original Message From [EMAIL PROTECTED] =====
>What the certificate contains depends on how you requested and made the
>cert. If you used CA.pl or CA.sh, which are in >mycert.key. Then I rename
newcert.pem to mycert.cert. In which case I have
>the cert in one file and the private key in another file. This mirrors what
>other tools, such as BSAFE or IsaSilk do.
My final year project supervisor created an X.509v3 certificate for me using
the CA in our lab. I tried to export my certificate from Netscape using the
'Export Certificate' function in it. Then I convert the .p12 file back to PEM
format and found that it contains both the certificate and my private key. I
suppose there must be some way for me to read in the cert7.db and key3.db
files and do the same thing in my own program.
>What are you trying to do? Are you trying to use OpenSSL as a message
>encryption tool like PGP?
I'm indeed writing a plugin for Netscape which works more or less like an
S/MIME plugin. I need to authenticate and identify the person who use the
plugin to request for document decryption key from my server. Then I need to
use an X.509v3 certificate. But my supervisor asked me if I could make use of
the public key and private key associated with the certificate to do any
public key encryption because I use PGP to do this now. Then I think I need to
read in Netscape's cert7.db and key3.db files.
I wonder if this is workable or not. Now I extract user's certificate from the
cert7.db file, but Netscape's site documented that this file's format is going
to change and suggested people using the NSS (or PSM, I couldn't remembered).
At present I have another problem with my program on the server. I have
written the same segment of code for use in the plugin as well as in the
server program. However that in the server program fails while that in the
plugin works without any problem. Here is the code in question:
---
BIO_set_mem_buf(in, bm, 0);
BIO_write(in, *cert, cert_len);
if ((x = (X509 *)PEM_read_bio_X509(in, NULL, NULL, NULL)) != NULL) {
name = (X509_NAME *)X509_get_subject_name(x);
/* common name */
obj = OBJ_nid2obj(NID_commonName);
last = -1;
/* if (( */ i = X509_NAME_get_index_by_OBJ(name, obj, last); /* ) >= 0) {
*/
if (i >= 0) {
ne = X509_NAME_get_entry(name, i);
common_name = X509_NAME_ENTRY_get_data(ne);
}
---
i is -1 in my server program running on Caldera OpenLinux 2.3. The same code
produces i >= 0 on Windows NT with the same set of input.
Angus Lee
---------------------------------------------------
Get Your Free Email at http://www.hknetmail.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
