"Tridib, Mumbai" wrote: > > Hi all, > Please help me. My problems are as follows: > > 1. I have generated key pair in Netscape (at client side) and then subsequently I >have created Certificate (at server side) using -SPKAC option of "ca" command i.e >signing the request with root private key. This works fine. My problem is how can I >generate the key pair in IE and then create certificate using openssl like what I >have done in Netscape. > > Has any one done this? Please help me. I need your help despaerately - I tried a lot >using actiovex etc. take a look at this page on microsoft's site: http://msdn.microsoft.com/library/psdk/certsrv/xen_abus_0elw.htm > 2. In case of signing a text in Netscape, there is no problem- crypto.signText() of >Java Script works fine and the output is PKCS#7 object. I can also verify at the >server using "verify" command of OpenCA. > > Could You please tell me how can I sign a text in the IE such that ouput will be >PKCS#7 object? currently, ie doesn't support signing text from certs in the cert store. however, my company has developed an activex control that will allow you to do so. i don't believe anyone else has developed one yet, but i could be wrong. we haven't decided what to do with regards to if/how we plan on making it available. contact me privately for more details. otherwise, you'll have to build the activex control yourself. > 3. If I have a crypto API which can generate a hash of a data and then sign it using >the private key of the certificate, then is it possible to output a PKCS#7 >signed-object?If yes, How it can be done. i'm don't believe openssl can build a pkcs7 signed object at this point in time, but it can parse one. you might want to look at another sdk. C SDK: http://www.mozilla.org/projects/security/pki/nss/ Java SDK: http://www.rtfm.com/puretls/ http://jcewww.iaik.tu-graz.ac.at/ http://security.dstc.edu.au/projects/java/jcsi.html others: http://www.timberlinetechnologies.com/products/devkit.html some are free, some are commercial. again, you could also learn asn.1, etc. and write your own pkcs7 builder... -brahm ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]