OpenSSL command line to display EC key data
I have an EC key I am trying to extract the private+public key info I use the command line: openssl ec -in mykey.key.pem -noout -text Output is as follows: read EC key Private-Key: (256 bit) priv: 1 (0x1) pub: x x x ASN1 OID: prime256v1 The private section is not being displayed, only the public. I've seen many samples using the same command where both private+public key data are displayed... not sure what's up with this. The key headers are -BEGIN EC PRIVATE KEY- -END EC PRIVATE KEY- This is an intermediate cert. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Java keytool certgen - Alertnative Subject Name
That did the trick... thanks. -dname "C=US,ST=CA,L=Cupertino,O=Apple\ Computer,OU=MyUnit,CN=MyServer,OID.2.5.4.13=1495543419" -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Java keytool certgen - Alertnative Subject Name
We are moving from OpenSSL to Java to handle CSRs for our CA. Our devices require a custom 'description' field as part of the Subject sequence. (Related link) https://linux.die.net/man/3/x509_name_get_text_by_nid The following command line fails (we are using a HSM but that's not relevant to the question) java -Dprotect=module -DignorePassphrase=true sun.security.tools.keytool.Main -certreq -alias myalias -file c:\mycerts\certs\cert23may.csr.pem -keypass 00 -dname "C=US,ST=CA,L=Cupertino,O=Apple\ Computer,OU=MyUnit,CN=MyServer,description=1495543419" -keystore c:\mycerts\private\may18_2017.ncsw -sigalg SHA256withECDSA -storepass 00 -storetype nCipher.sworld keytool error: java.io.IOException: Invalid keyword "DESCRIPTION" Similar OpenSSL command: openssl req -config openssl_cp2.cnf -new -days 9100 -key /mycerts/private/private.key.pem -out /certs/csr/my.csr.pem -subj "/C=US/ST=CA/L=Cupertino/O=Apple\ Computer/OU=MyUnit/CN=MyServer/description=1495543419" -verify I've dug around and have not found a way to get Java keytool to take the custom description= field. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Problems with python-nss get_cert_nicknames
I need to enumerate the certs in my local store, and in my testing, only user certs can be enumerated using the get_cert_nicknames api. It also appears to be the only exposed api for listing certs in the db. I'm using the ver 0.12 version of python-nss. The function get_cert_nicknames takes a parameter which lists ALL certs, USER certs, CA certs, SERVER certs. I have a mix of user and valid CA certs in my nssdb, and the only flag that works is nss.SEC_CERT_NICKNAMES_USER, and does indeed return my user certs. I'm unable to programmatically discover other certs using this api. After reviewing the nss 'C' source code, I noticed a #ifdef surrounding the sections that handle the other 3 cases. Is this functional, and if not, is there some other mechanism to enumerate the certs? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Problems with python-nss get_cert_nicknames
On Friday, January 9, 2015 at 1:36:51 PM UTC-5, John Dennis wrote: On 01/09/2015 08:07 AM, Roger Dunn wrote: I need to enumerate the certs in my local store, and in my testing, only user certs can be enumerated using the get_cert_nicknames api. It also appears to be the only exposed api for listing certs in the db. I'm using the ver 0.12 version of python-nss. The function get_cert_nicknames takes a parameter which lists ALL certs, USER certs, CA certs, SERVER certs. I have a mix of user and valid CA certs in my nssdb, and the only flag that works is nss.SEC_CERT_NICKNAMES_USER, and does indeed return my user certs. I'm unable to programmatically discover other certs using this api. After reviewing the nss 'C' source code, I noticed a #ifdef surrounding the sections that handle the other 3 cases. Is this functional, and if not, is there some other mechanism to enumerate the certs? There was an almost identical question posted last night by tahoeki...@gmail.com with the subject nss-python issue. I assume this is a duplicate post by the same person, yes or no? In any event if you tracked the problem down to a specific location in the source code it would help if you included that information. I located the problematic code: file: lib/certhigh/certhigh.c line: 371 function: CollectNicknames I have no idea why this logic is commented out. FWIW I did code up a simple python-nss test and reproduced the behavior. The problem has nothing to do with python-nss. python-nss simply calls the NSS function CERT_GetCertNicknames(). Maybe one of the core NSS developers can shed light on why the code is commented out. My suggestion would be to file a bug against NSS. https://bugzilla.mozilla.org/enter_bug.cgi?format=guided#h=bugForm|NSS|Libraries -- John Yes, that was me on both posts... the first one was taking awhile to pop up on the grid (overnight), thought it was lost in a black hole. Thanks or the update, I shall post a bug as you suggested. -Roger -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
