RE: Mapping Certs to local account names: is there a standard pra ctice?
> >What I was hoping to determine from this thread was whether or not by > >using a verified cert one could determine in a trusted manner who the > >user is. > > You really think X509 certs should be a global ID > mechanism? You think it's a step backwards that > they're not? I wouldn't describe it as a step backwards. But I wouldn't consider it a step forward either. What is the purpose of global CAs such as Verisign if I can't trust the certificates to identify an end user? If I must require that all users register their certs in my own local database than I might as well be my own CA. So much for interoperability. Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2 The Kermit Project * Columbia University 612 West 115th St #716 * New York, NY * 10025 http://www.kermit-project.org/k95.html * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Mapping Certs to local account names: is there a standard pra ctice?
>What is the purpose of global CAs such as >Verisign if I can't trust the certificates to identify an end user? That is indeed the question. At least the part before the "if" :) At least now you can have a single value (subject,issuer,serial#) to map "global identity" (sic) into local credentials. If you think that any random cert signed by any random CA can be trusted by your local programs. In many cases globally-scalable identities have to be mapped down into a smaller ID space -- e.g., a 32bit Unix userid. There's no magic bullet here. /r$ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Mapping Certs to local account names: is there a standard pra ctice?
> >What is the purpose of global CAs such as > >Verisign if I can't trust the certificates to identify an end user? > > That is indeed the question. At least the part before the "if" :) > > At least now you can have a single value (subject,issuer,serial#) > to map "global identity" (sic) into local credentials. If you > think that any random cert signed by any random CA can be trusted > by your local programs. > > In many cases globally-scalable identities have to be mapped down > into a smaller ID space -- e.g., a 32bit Unix userid. > > There's no magic bullet here. > /r$ I'm not looking for a magic bullet. What I am looking for is a method to package and distribute clients and servers that will work out of the box. And the answer is, that if you want to do client auth with PKI then you can't. You need to modify the code to support whatever local system is in use for certificate to ID mapping. What this says to me is that Client Auth should not be a part of SSL/TLS and that the client auth protocol should be built on a higher layer. Whether that client authentication layer be PKI based or something like Kerberos, Secure Remote Password, SecureID, OTP, or something else. Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2 The Kermit Project * Columbia University 612 West 115th St #716 * New York, NY * 10025 http://www.kermit-project.org/k95.html * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Using OpenSSL, pipsecd...
Michael Robinson wrote: > > >2) What kind of key generation do I need for pipsecd? > > I use: > > % cat /dev/random | od -X I should then be using a 30-character octal random string, yes? I had to use urandom. > That gives you one key per line, once you remove the formatting. I assume you mean the tabs, which gives 1 40-char octal string per line. > pipsecd uses symmetric keys for security associations (if you've ever used > RADIUS secrets, it's the same sort of thing). So, the same octal string needs to be used on each side, for auth, right? > >4) Have any of you used pipsecd? Good? Bad? Ugly? > > Fantastic, great, but almost completely undocumented. Once you figure it out, > though, it works flawlessly (at least under FreeBSD 3.x). I will be writing a HOWTO (for the clueless, like me) once I get this working. > It's the way to go. If your PPP addresses come out of a pool, you have to > use the magic "0.0.0.0" address, which means "whatever the real ip address > of the interface happens to be right now". I am using static on both ends. > The other thing you need to know is that the destination IP address for > remote entries floats automatically: > > >sa ipah spi=1000 auth=hmac-md5-96 akey=0102030405060708090a0b0c0d0e0f > dest=1.2.3.4 > > So, for this Security Parameter Index (spi), if pipsecd receives an > Encapsulating Security Payload (esp) packet from a remote host that > authenticates against this key, it will replace the old destinatation address > with the new IP address (instead of 1.2.3.4). If the keepalive fails, then > it will revert to the old destination address. > > So, you need at least one system in your VPN that has a known IP address. > All the floating IP's connect to the fixed IP address, using it as a hub. > > You then set up the routing accordingly. ok, what we are doing is NATing 2 private networks, so this will be set up on the NAT boxes. 192.168.2.x->nat-<-->Internet<-->-nat<-10.x.x.x Here's the error I am seeing: Nov 10 13:45:26 fornax pipsecd[488]: pipsecd starting Nov 10 13:45:26 fornax pipsecd[488]: local address for 63.195.71.106 is 209.24.64.3 Nov 10 13:45:26 fornax pipsecd[488]: local address for 63.195.71.106 is 209.24.64.3 Nov 10 13:45:28 fornax pipsecd[488]: HMAC mismatch from 63.195.71.106 And the config files (note: [STRINGx] is actually a 30-char octal string...) -- HOST 1 -- sa ipah spi=1000 auth=hmac-md5-96 akey=[STRING1] dest=[HOST2] sa ipah spi=1000 auth=hmac-md5-96 akey=[STRING2] if /dev/tun0 local_spi=1000 remote_spi=1000 -- HOST 1 -- -- HOST 2 -- sa ipah spi=1000 auth=hmac-md5-96 akey=[STRING1] dest=[HOST1] sa ipah spi=1000 auth=hmac-md5-96 akey=[STRING2] if /dev/tun0 local_spi=1000 remote_spi=1000 -- HOST 2 -- I also tried swapping strings on one of the config files, and using the same string in all 4 fields. I am now trying with ipesp. Thanks a lot for all your help. -- Brian Nelson Network Minion mailto:[EMAIL PROTECTED] PocketScience, Inc. * I believe the technical term is "Oops!" begin:vcard n:Nelson;Brian x-mozilla-html:FALSE org:PocketScience, Inc;Network Operations adr:;; version:2.1 email;internet:[EMAIL PROTECTED] title:Network Daemon x-mozilla-cpt:;0 fn:Brian Nelson end:vcard
Re: VC6 - conflict with objidl.h - fixed
Hi again, I found my problem, I was simply including a .h file more than once. Sorry about that... Vince - Original Message - From: Vincent Levesque To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, November 09, 1999 6:07 PM Subject: VC6 - conflict with objidl.h Hi, I'm trying to compile some code under Visual C++ v6 and I get the following error messages: C:\Program Files\Microsoft Visual Studio\VC98\INCLUDE\objidl.h(786) : error C2059: syntax error : '('C:\Program Files\Microsoft Visual Studio\VC98\INCLUDE\objidl.h(786) : error C2501: 'CRYPTO_realloc' : missing storage-class or type specifiersC:\Program Files\Microsoft Visual Studio\VC98\INCLUDE\objidl.h(786) : error C2059: syntax error : ')'C:\Program Files\Microsoft Visual Studio\VC98\INCLUDE\objidl.h(786) : error C2143: syntax error : missing ';' before ')'C:\Program Files\Microsoft Visual Studio\VC98\INCLUDE\objidl.h(786) : error C2238: unexpected token(s) preceding ';' I found the following message in the archive: >On Wed, 21 Jul 1999, sch wrote:>> I am using VC5, I notice the header file objidl.h in VC>> has identifiers 'Alloc', 'Realloc' and 'Free' which were>> expanded as CRYPTO_** as defined in /crypto.h.>> This expansion is giving rise to some compile errors.>> I think it can give rise to more conflicts with other guys'>> naming convention.>> I suggest the openSSL group should define Malloc, Realloc..,>> as functions, not macros.>I also have VC5, and was always able to compile the whole stuff without>any problem I don't know if I'm doing something wrong or if there's really a conflict so I thought I'd ask if anyone else has faced that problem. Do you have any suggestions as to how I can work around that problem? Thanks in advance. Vincent
Problem with ssl
Hi, I managed to get a certificate up and running, but whilst running with apache-ssl, i get : [Thu Nov 11 11:18:50 1999] [debug] apache_ssl.c(355): Random input /dev/urandom(1024) -> 1112 [Thu Nov 11 11:18:50 1999] [debug] apache_ssl.c(928): Generating 512 bit key [Thu Nov 11 11:18:51 1999] [debug] apache_ssl.c(272): SSL_accept returned 0 [Thu Nov 11 11:18:51 1999] [debug] apache_ssl.c(276): error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate ANy ideas, in the web browser it says The security library has experienced an out of memory error. Please try to reconnect. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: How to create PKCS8 key format
Jan Leßner wrote: > > Hello OpenSSL guys > Does anybody know how to create a PKSC8 formatted private key file? > Well I wrote the PKCS#8 code so I might be able to help :-) > As far as I understood, OpenSSL by default generates private key files > in PKCS5 format. I was hoping that the pkcs8 tool whould allow the > conversion I need, but unfortunately it refuses to read the files I > generated with the genrsa tool, reporting an error like > > > openssl pkcs8 -inform DER < tmp.der By default OpenSSL uses the old SSLeay format which uses PKCS#1 for RSA keys and some SSLeay specific stuff for its PEM encryption and DSA keys. All very non standard but it has to stay in the name of compatability... Anyway the pkcs8 utility is now documented. In common with other utilities it expects input in the form suggested by its name by default: thus pkcs12 expects to input a PKCS#12 file, pkcs8 a PKCS#8 file and so on. To change this you need to use the -topk8 option which reverses things so it reads a traditional format private key and converts to PKCS#8. I suggest you read the man page (assuming its the proper one now and not the duff one I included yesterday) because there are various issues involved. By default you only get 56 bit DES encryption. If you want more then using "-v2 des3" will do the trick but the format will not be compatabible with older implementations. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
creating certs
I created a self signed with the following command: openssl x509 -req -days 365 -in blahcsr.pem -signkey blahkey.pem -out blahcert.pem blahkey was created with the genrsa command. Now, docs and info I can gleen state that the -signkey option causes the resulting output file, in this case "blahcert.pem", to be a self signed certificate using the private key supplied in the file "blahkey.pem". However when I tried to use this file (blahcert.pem) in "openssl s_server" or with the "serv" program what I find is that both bitch that thier is no private key. So, I concatinated the private key as follows: cat blahcert.pem blahkey.pem > goodcert.pem Sure enough, both "s_server" and "serv" quieted down and became quite contented and well behaved. So my questions are as follows: 1) clearly there must be a distinction between a certificate signed with a private key and a file which contains both the cert as well as the private key. I originally thought the process of signing a cert resulted in the private key being included in the certificate. 2) When a private key file is generated with say "openssl genrsa" both the public and the private parts of the key end up in the file. Clearly when this key is concatinated as I did into a file such as "goodcert.pem", both parts are known. It seems to me that any software actually using the private key - such as a server - must know both the public and private parts of the key. This would be the case because the server for instance must send out the public portion of the key to whatever client it is establishing a connection with, and it must of course have the private part available in order to decode the message coming back. Ok, supposing this to be the case - what happens if we create a "goodcert.pem" file with a self signed cert created with key "A" and a private key "B" where key "A" and key "B" are different. What is used for what? Will the server say "here is who I am - key "A" identifies me as being legitimate" meanwhile you can encrypt information for me with key "B"? If so - then key "A" in this senerio is the Certificate Authority key while key "B" is just an arbitrary public key that can be generated at will. Is this 100% correct or have I missed something. 3) When the selfsigned certificate is created as in the x509 command above, what specifically happens. I suspect the public portion of the key is stripped out of the "blahkey.pem" file and pasted into the "blahcert.pem" file and that not much more happens. If so - then the "blahcert.pem" file created above could theoretically be distributed willy nilly to anyone without compromising security. Is this true? 4) Finally, is there a chart that shows the pieces of this jigsaw puzzle? Thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Bad Mac Decode?
Hi all, I'm on RH 6.1, Apache 1.3.9, modssl 2.4.8-1.3.9, and openssl 0.9.4. When I attempted to establish a secure connection, my Netscape browser complained about an incorrect "Message Authentication Code." The end of ssl_engine_log looks like this: [10/Nov/1999 20:47:25 25706] [info] Connection to child 3 established (server blah.com:443, client 12.34.56.78) [10/Nov/1999 20:47:25 25706] [error] SSL handshake failed (server blah.com:443, client 12.34.56.78) (OpenSSL library error follows) [10/Nov/1999 20:47:25 25706] [error] OpenSSL: error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02 [10/Nov/1999 20:47:25 25706] [error] OpenSSL: error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed [10/Nov/1999 20:47:25 25706] [error] OpenSSL: error:1408F071:SSL routines:SSL3_GET_RECORD:bad mac decode Can anybody help me? Here's some background, if needed: I downloaded and untarred the sources. Moving to openSSL, I did: ./configure make make test Everything looked good. I then moved to mod_SSL and did: ./configure --with-apache=../apache_1.3.9 --with-ssl=../openssl-0.9.4 --prefix=/usr/local/apache Looked fine. Then I moved to the apache source and did: make make certificate (I kept all the www.snakeoil.com defaults) make install Everything looked good. I was able to do this successfully with Apache 1.3.6 (and the appropriate mod_ssl version), but 1.3.9 is giving me fits. The rest of the server (e.g. non-encrypted stuff) runs fine. Any ideas? Thanks, Steve Freitas __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: pipsecd...
>Where can one find some info on pipesecd? Did not find anything >on freebsd.org http://www.freebsd.org/cgi/ports.cgi?query=pipsecd&stype=all -Michael Robinson __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
POP3 server with SSL HOWTO
Hi, Please tell me where I can find an HOWTO about setting up an POP3 server with SSL on a Linux box? Thanx. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
POP3 server with SSL HOWTO
Hi, I don't know if this is the right place where I should ask this, but I'll do it anyway. Is there an HOWTO about setting up an POP3 server with SSL support on a Linux box? Thanx. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Using OpenSSL, pipsecd...
Brian Nelson <[EMAIL PROTECTED]> writes: >> % cat /dev/random | od -X > >I should then be using a 30-character octal random string, yes? I had >to use urandom. 128-bit (16-byte, 32-character) hexadecimal string (more or less, according to whatever hash algorithm you pick; 128 bits is for hmac-md5). >> pipsecd uses symmetric keys for security associations (if you've ever used >> RADIUS secrets, it's the same sort of thing). > >So, the same octal string needs to be used on each side, for auth, >right? Like this: host 1: sa (ipah|ipsec) spi= (akey|ekey)= sa (ipah|ipsec) spi= (akey|ekey)= dest= host 2: sa (ipah|ipsec) spi= (akey|ekey)= sa (ipah|ipsec) spi= (akey|ekey)= dest= The spi is a table index. It is included in the esp packet, and tells pipsecd which configuration line should be referenced. Thus, in the example above, has to be the same in both places, and has to be the same in both places. If the (local/remote) spi's match, and the protocol (ipsec, ipah) matches, then the key and algorithm also have to match on both systems. Of course, nothing prevents you from using the same key everywhere, but that's not particularly good practice. >ok, what we are doing is NATing 2 private networks, so this will be set >up on the NAT boxes. > >192.168.2.x->nat-<-->Internet<-->-nat<-10.x.x.x Ugly. Both ends of the encrypted tunnel need to be in one subnet. You'll have to create a link subnet, and set up routing for it. e.g.: ifconfig tun0 172.16.0.1 172.16.0.2 netmask 0xfffc mtu 1440 route add -net 10.0.0.0 172.16.0.2 -netmask 0xff00 And vice-versa on the other system. This goes into /etc/ipsec/startup. Also, the "dest=" fields have to be the raw ip addresses, not the NAT ip addresses (unless your NAT handles esp packets). In other words, VPN packets go through the ipsec tunnel, non-VPN packets go through the NAT, and no packets go through both. >-- HOST 1 -- >sa ipah spi=1000 auth=hmac-md5-96 akey=[STRING1] dest=[HOST2] >sa ipah spi=1000 auth=hmac-md5-96 akey=[STRING2] >if /dev/tun0 local_spi=1000 remote_spi=1000 >-- HOST 1 -- >-- HOST 2 -- >sa ipah spi=1000 auth=hmac-md5-96 akey=[STRING1] dest=[HOST1] >sa ipah spi=1000 auth=hmac-md5-96 akey=[STRING2] >if /dev/tun0 local_spi=1000 remote_spi=1000 >-- HOST 2 -- This is backward. See above. -Michael Robinson __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]