Just verify the signature of request with : openssl -req -verify -in
requestfile
When a user make a request, he sign them with private key, so if anyone
change the contents of the request, the signature verification failed.
--
Ludovic FLAMENT.
----- Original Message -----
From: "Andrew Cooke" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 24, 2001 4:54 PM
Subject: Practical CA problem - modified requests
>
> Hi,
>
> How do I detect whether a certificate request (in particular, the public
> key) has been modified before signing?
>
> The only solutions I can see are:
>
> - doing an explicit test using private and public key
>
> - checking the public key data in request and certificate by eye
>
> I cannot see any way of detecting this using openssl as a standalone
tool -
> there is no support (that I can see) for request fingerprints and no
> automated test to compare request and certificate, or certificate and
> private key.
>
> Note that fingerprints after signing do not detect modifications before
> signing and the openssl verify command checks CA chains, not
> certificate/key pairs.
>
> Also, are there any known attacks (apart from denial of service) that can
> exploit this?
>
> Sorry if this has an obvious solution that I've missed,
> Andrew
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
