I am adding a custom extension to an x509 a png icon basically (bytes).
Since the png icon is too large to post the data I have subsituted it with
a
file called sample.txt that has a text line "This is a sample".
The code excerpt to add the extension is below.
getdata("sample.txt",&length); //abstracted
nid = OBJ_create("1.03", "samplealias", "sample");
ASN1_OCTET_STRING_set(os,(unsigned char*)data,length);
ret = X509_EXTENSION_create_by_NID( NULL, nid, 0, os );
X509_add_ext(x,ret,-1);
*I have 2 Questions
(1) the x509 before adding a custom extension looks like this*
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=UK, CN=OpenSSL Group
Validity
Not Before: Apr 26 12:48:18 2013 GMT
Not After : Apr 26 12:48:18 2014 GMT
Subject: C=UK, CN=OpenSSL Group
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:df:82:85:c6:0b:18:50:75:35:6b:3b:cc:2e:94:
a0:b4:a6:8e:21:19:9e:28:ca:46:54:b5:5f:75:c4:
bb:a2:19:c7:51:c4:19:0d:ef:ce:65:39:0f:90:90:
2b:2a:46:76:f4:03:be:a7:f2:76:4d:26:af:8e:ce:
84:43:52:74:d1
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
8b:a6:4d:0a:0b:b6:8f:13:f6:58:10:a2:a4:cc:9c:ba:37:8c:
53:07:22:f0:93:29:17:78:b4:0a:28:91:ae:24:86:bf:2f:bf:
d8:bc:4a:97:bd:36:09:c2:b3:21:fa:fe:fe:90:91:31:00:5e:
01:f9:19:1b:54:89:f9:1f:b5:fa
-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBAN+ChcYLGFB1NWs7zC6UoLSmjiEZnijKRlS1X3XEu6IZx1HEGQ3v
zmU5D5CQKypGdvQDvqfydk0mr47OhENSdNECAwEAAQJAZH+v3ujGOgc5ycnNeXRi
/leVuNRoBTdOgHA9SBr5s1zE14gfKX40N2WpaiD5aDyNcp/CImXzPtKgIZ4NoG33
AQIhAPPOXRy6aHSqEfFodntOnrpGayn4C+Gcy5E1E5R05KRJAiEA6rBKVB/YIN3r
uUfOUbYBIgy61lhUweQvnwao6IWqvEkCIFrMFOM5DOO93rbQF6fubLCkvw4/QXWB
ZlKquKMGMYx5AiB5hJqYAH0aV45Mu397E7B2fvznK4mHc62su/gNndiP8QIhAMWa
bnLCEKDk3vZJsBXlDz0SeVvDA/+jR7hydR+BGP+g
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIBODCB46ADAgECAgEAMA0GCSqGSIb3DQEBBQUAMCUxCzAJBgNVBAYTAlVLMRYw
FAYDVQQDEw1PcGVuU1NMIEdyb3VwMB4XDTEzMDQyNjEyNDgxOFoXDTE0MDQyNjEy
NDgxOFowJTELMAkGA1UEBhMCVUsxFjAUBgNVBAMTDU9wZW5TU0wgR3JvdXAwXDAN
BgkqhkiG9w0BAQEFAANLADBIAkEA34KFxgsYUHU1azvMLpSgtKaOIRmeKMpGVLVf
dcS7ohnHUcQZDe/OZTkPkJArKkZ29AO+p/J2TSavjs6EQ1J00QIDAQABMA0GCSqG
SIb3DQEBBQUAA0EAi6ZNCgu2jxP2WBCipMycujeMUwci8JMpF3i0CiiRriSGvy+/
2LxKl702CcKzIfr+/pCRMQBeAfkZG1SJ+R+1+g==
-----END CERTIFICATE-----
*After I added the extension you can see my field added and thats great*
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=UK, CN=OpenSSL Group
Validity
Not Before: Apr 26 12:49:39 2013 GMT
Not After : Apr 26 12:49:39 2014 GMT
Subject: C=UK, CN=OpenSSL Group
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:cf:53:10:b6:c4:ef:f3:a7:7d:39:64:18:75:2a:
77:a9:82:52:59:a9:29:e8:d6:57:de:9e:4e:3f:6a:
69:b6:b5:48:c2:ab:5a:1e:f0:c4:8d:25:2a:3d:21:
04:49:59:46:b6:d5:23:39:38:26:68:71:1d:67:31:
d4:dc:a4:3b:09
Exponent: 65537 (0x10001)
* X509v3 extensions:
sample:
This is a sample
*
Signature Algorithm: sha1WithRSAEncryption
af:5e:52:9d:cc:e7:5e:2c:63:81:76:53:c6:92:cb:81:3d:a7:
16:63:3d:97:2a:c1:dc:12:64:e1:5b:16:f3:8b:f4:5e:e2:0c:
3f:04:4d:b8:67:b7:35:75:8a:7b:b0:3a:c8:f0:7b:7d:2e:b3:
b3:6a:9d:07:21:87:32:b6:4d:4f
-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBAM9TELbE7/OnfTlkGHUqd6mCUlmpKejWV96eTj9qaba1SMKrWh7w
xI0lKj0hBElZRrbVIzk4JmhxHWcx1NykOwkCAwEAAQJACS79w4rPsjROGLe1WaNK
76hFK5GRuK2d8M+EWczF6ADlUQaKJbc6G81v3soxNsd5If33It0AKZIrSwXKIPnb
zQIhAOtou0qNZo8cOJNLvi2pXXYAVsFap5ydGqbqHgmGcmFXAiEA4XV2yqx9yktP
NXqYiuB5ZeFXvwHqIa+eWGaVPGj6qp8CIHbTud6K+573dtNbI1c3K5cZ2rDlCsAy
STbB7IGQXQInAiEAsAGdXRdPlA86pMsyLqiS3QAQGiMKfoW1HdnngyOJHI0CIG9J
NiVAQRzi0pkBEQG23Kn9eq3m3zd1EoMpDeC+JftK
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIBVjCCAQCgAwIBAgIBADANBgkqhkiG9w0BAQUFADAlMQswCQYDVQQGEwJVSzEW
MBQGA1UEAxMNT3BlblNTTCBHcm91cDAeFw0xMzA0MjYxMjQ5MzlaFw0xNDA0MjYx
MjQ5MzlaMCUxCzAJBgNVBAYTAlVLMRYwFAYDVQQDEw1PcGVuU1NMIEdyb3VwMFww
DQYJKoZIhvcNAQEBBQADSwAwSAJBAM9TELbE7/OnfTlkGHUqd6mCUlmpKejWV96e
Tj9qaba1SMKrWh7wxI0lKj0hBElZRrbVIzk4JmhxHWcx1NykOwkCAwEAAaMbMBkw
FwYBKwQSVGhpcyBpcyBhIHNhbXBsZQoKMA0GCSqGSIb3DQEBBQUAA0EAr15Snczn
XixjgXZTxpLLgT2nFmM9lyrB3BJk4VsW84v0XuIMPwRNuGe3NXWKe7A6yPB7fS6z
s2qdByGHMrZNTw==
-----END CERTIFICATE-----
*But I noticed that the end data has gotten larger?
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----*
*And of course it is much larger when using a real PNG, very much so.. Why
is that?
I simply want to add the extension data. Is this okay and correct*
*(2) My second question: I am not sure I understand the nid and its fields
for use?*
nid = OBJ_create("1.03", "samplealias", "sample");
I see that the "sample" is used for the extension name in the x509 but what
are the other fields.
I guess later I will create the same exact nid to get the Field from the
x509.
--
View this message in context:
http://openssl.6102.n7.nabble.com/X509-custom-extension-tp44930.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
