Why do I see a private key?
Hi, people
I was tinkering with some piece of code (modified from /demos/selfsign)
and I was shocked to find that I saw a private key where
I shouldn't. Here is the code
CODE
=
#include stdio.h
#include stdlib.h
#include openssl/pem.h
#include openssl/conf.h
#include openssl/x509v3.h
int main() {
X509 *x509;
EVP_PKEY *pkey;
RSA *rsa;
X509_NAME *name=NULL;
X509_NAME_ENTRY *ne=NULL;
X509_EXTENSION *ex=NULL;
BIO *bio= NULL;
pkey = EVP_PKEY_new();
rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL);
EVP_PKEY_assign_RSA(pkey, rsa);
x509 = X509_new();
X509_set_version(x509,2);
ASN1_INTEGER_set(X509_get_serialNumber(x509), 0);
X509_gmtime_adj(X509_get_notBefore(x509),0);
X509_gmtime_adj(X509_get_notAfter(x509), (long) 60*60*24*365);
name = X509_get_subject_name(x509);
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, "ES", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, "GMV Sistemas
S.A.", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_ASC, "SGI Soluciones
Globales Internet", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, "CA SGI", -1, -1,
0);
X509_set_issuer_name(x509, name);
X509_set_pubkey(x509, pkey);
X509_sign(x509, pkey, EVP_md5());
RSA_print_fp(stdout,pkey-pkey.rsa,0);
X509_print_fp(stdout,x509);
PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL);
PEM_write_X509(stdout,x509);
}
RESULT
===
Private-Key: (1024 bit)
modulus:
00:d2:df:f1:13:d5:d0:4c:9e:08:2b:ab:2c:2b:44:
64:a0:e5:4b:b6:c6:10:d2:b2:29:49:be:f3:d1:b0:
9d:e3:b2:12:fb:43:71:ce:38:8d:b3:c4:24:e5:ae:
28:54:1f:6d:29:ca:cb:ef:a7:bd:67:31:ed:e3:c2:
88:4c:97:cc:c1:49:d0:be:d4:d6:f1:27:7d:14:40:
b4:5c:3b:5b:40:8e:0f:b9:19:70:b2:14:51:22:f8:
bf:c6:0f:ed:0b:33:e8:b8:6f:e8:ac:9f:8f:22:0a:
ab:09:93:a8:1d:41:d6:a8:e6:ad:71:3e:98:ee:d7:
88:47:92:6d:3c:c7:f8:5f:51
publicExponent: 65537 (0x10001)
privateExponent:
00:94:eb:45:4a:e6:b2:45:89:4c:e7:d9:e8:45:5d:
f5:5a:92:d3:97:6d:e4:af:86:d6:15:98:5e:83:75:
20:eb:8d:f4:4d:b1:61:8b:6a:f0:d7:44:eb:71:b0:
3e:16:ba:62:d3:22:be:46:ae:c4:d9:3d:af:6c:2b:
13:2a:54:01:6a:2e:21:37:b4:5c:28:f8:14:46:aa:
b6:d7:56:bc:a2:f0:8d:8b:62:9f:dc:96:3b:54:76:
21:13:10:7d:bf:d2:73:5d:3f:7f:66:c6:26:84:ae:
3d:db:79:e5:e8:af:66:a7:37:c8:94:17:87:63:71:
44:0d:34:c0:fb:84:34:4c:01
prime1:
00:f8:1a:52:d5:61:68:b9:7d:b2:f7:4d:80:ea:b9:
1d:a1:b9:cf:25:e3:88:ff:81:7b:72:3b:c6:4e:07:
fc:8b:6b:4a:8f:e1:b9:7b:d4:7e:e5:7e:a2:68:00:
67:5d:9d:db:33:71:ab:33:2f:c2:e6:eb:24:b2:77:
af:61:22:44:a1
prime2:
00:d9:96:43:85:a9:13:ce:66:c1:8c:52:80:4e:1f:
4c:f7:32:48:12:38:9c:fe:af:b6:79:5a:8a:73:aa:
9f:6e:fa:db:da:d8:a3:e0:de:da:08:a1:01:29:da:
f5:db:fe:b5:d5:ed:4e:a2:54:75:01:3e:64:b4:3a:
45:96:73:6c:b1
exponent1:
35:7a:07:0c:b3:38:4d:73:08:96:41:80:5e:17:94:
89:7d:71:66:eb:4a:66:38:54:91:64:cc:f3:98:c9:
18:8c:01:c0:4d:99:1b:55:cc:1c:4f:55:56:31:70:
16:3f:a6:35:ca:74:6a:4e:0b:26:96:dc:8c:13:3c:
1c:25:b4:c1
exponent2:
13:75:79:c2:69:55:89:1e:ed:6e:44:2e:8f:4e:03:
4f:14:23:17:e6:12:3c:40:b0:9b:f7:b9:ec:10:35:
43:f2:91:58:e8:08:f7:e2:56:33:71:5a:ae:48:93:
b6:41:f8:37:12:8a:f6:bf:80:db:44:9e:32:f4:07:
27:26:59:71
coefficient:
18:76:56:a4:b1:b7:5c:f6:55:c4:a4:28:66:ae:ce:
0d:d4:55:13:eb:77:58:d3:27:0a:90:21:16:06:78:
02:79:35:27:35:5c:9d:1a:62:aa:62:ee:fa:a3:b0:
54:c2:bf:8e:b9:1a:33:06:a6:bc:a6:9b:5a:d0:69:
3a:10:d5:3c
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=ES, O=GMV Sistemas S.A., OU=SGI Soluciones Globales
Internet, CN=CA SGI
Validity
Not Before: Mar 22 07:17:19 2000 GMT
Not After : Mar 22 07:17:19 2001 GMT
Subject: C=ES, O=GMV Sistemas S.A., OU=SGI Soluciones Globales
Internet, CN=CA SGI
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Private-Key: (1024 bit)
modulus:
00:d2:df:f1:13:d5:d0:4c:9e:08:2b:ab:2c:2b:44:
64:a0:e5:4b:b6:c6:10:d2:b2:29:49:be:f3:d1:b0:
9d:e3:b2:12:fb:43:71:ce:38:8d:b3:c4:24:e5:ae:
28:54:1f:6d:29:ca:cb:ef:a7:bd:67:31:ed:e3:c2:
88:4c:97:cc:c1:49:d0:be:d4:d6:f1:27:7d:14:40:
b4:5c:3b:5b:40:8e:0f:b9:19:70:b2:14:51:22:f8:
bf:c6:0f:ed:0b:33:e8:b8:6f:e8:ac:9f:8f:22:0a:
ab:09:93:a8:1d:41:d6:a8:e6:ad:71:3e:98:ee:d7:
88:47:92:6d:3c:c7:f8:5f:51
publicExponent: 65537 (0x10001)
privateExponent:
00:94:eb:45:4a:e6:b2:45:89:4c:e7:d9:e8:45:5d:
f5:5a:92:d3:97:6d:e4:af:86:d6:15:98:5e:83:75:
20:eb:8d:f4:4d:b1:61:8b:6a:f0:d7:44:eb:71:b0:
Re: Why do I see a private key?
rrln wrote: I was tinkering with some piece of code (modified from /demos/selfsign) and I was shocked to find that I saw a private key where I shouldn't. Here is the code I might be missing the point here, but the following calls look pretty explicit to me: RSA_print_fp(stdout,pkey-pkey.rsa,0); Which I guess is what outputs Private-Key: (1024 bit) modulus: ... PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL); Which would give you this: -BEGIN RSA PRIVATE KEY- ... It seems that the call to X509_print_fp() is showing the private key. I thought that X509_set_pubkey() only take the public part of the RSA key to the X509 structure, but it seems that it puts all the key . IMHO, X509_print_fp() isn't showing the private key, but RSA_print_fp() is. When I cut the PEM code ( BEGIN CERTIFICATE --- END CERTIFICATE part of the result) and use "openssl x509" command line utility I do not see the private key . True, the data inside the BEGIN/END CERTIFICATE headers would only contain the public key. Had you cut the data inside the BEGIN/END PRIVATE KEY headers you would have found both public and private keys (through "openssl rsa".) Cheers, //oscar S/MIME Cryptographic Signature
Re: Create my own CA
Hi, I suppose you should tell apache and your navigator where is your CA certificate, For apache, i think you can tell him with by the httpsd.conf directives: SSLCACertificatePath -- points to verification path SSLCACertificateFile -- points to CA [selfsigned] certificate You also can set the SSL_CERT_DIR SSL_CERT_FILE enviroment variables as the values you set in the "httpsd.conf" file either. For netscape or iex , you should load the CA certificate into the browser, so it can verify the possible client certificates you have in it. I hope this can help you. Greetings. Gustavo Amarilla wrote: I download the Apache/1.3.12 mod_ssl/2.6.2 and openssl-0.9.5.and I created my own CA, and I will do my own CA certified entity, because we can not pay to a entity like Virisign or something, but when I used MS Explorer 5.0 or Netscape 4.0 those program say to me:"I don't recognize the autority who sign this certificate". I used de sigh.sh (that came with the open_ssl package) and create a server.csr, I put this file in the httpd.conf but the same msg. May you help me, Thanks in advance __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re:
You can refer to www.apache-ssl.com, or to recent archives of this list. Hazel --- greg zhang [EMAIL PROTECTED] wrote: Hi All, I am new openssl. I set up a apache server with openssl feature. But I don't understand how to produce a certificate. I do "make certificate" get a failed result, like attach file.(break at step 4) Anyone can give me a advice how to set ssl function step by step? Thanks __ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Why do I see a private key?
rrln wrote: Hi, people I was tinkering with some piece of code (modified from /demos/selfsign) and I was shocked to find that I saw a private key where I shouldn't. Here is the code [stuff deleted] It seems that the call to X509_print_fp() is showing the private key. I thought that X509_set_pubkey() only take the public part of the RSA key to the X509 structure, but it seems that it puts all the key . When I cut the PEM code ( BEGIN CERTIFICATE --- END CERTIFICATE part of the result) and use "openssl x509" command line utility I do not see the private key . This makes me think that it is when you output the certificate (for example thorugh PEM_write_X509() call) that only the public part is codified. Am I right? As I do not know the whole library is a bit hard to look through the low level stuff :-(. X509_set_pubkey() sets the ASN1 certificate public key and also shares the EVP_PKEY structure. This means that although only the public key is actually encoded the private key is also printed out because it uses the EVP_PKEY strcture. The easiest solution in OpenSSL is to not share the EVP_PKEY structure in X509_set_pubkey(). This will then create a new EVP_PKEY structure from the encoded public key the next time it is extracted. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
0.9.5 sconnect demo sample, three bugs (Win32)
I'm trying to use the sconnect-demo with Win32 but
it does not work - the system crashes. (V 0.9.5)
I found bugs:
1) the internal random generator is not initialized
in the sample and writes some internal error messages.
2)The function ERR_print_errors_fp() (file err_prn.c) in
the sample crashes because of large return value from
calling ERR_get_error_line_data() and an overflow in the
fprintf() function next line.
3) the state of the socket is changing to BIO_CONN_S_OK
but the socket is not connected.
** fix 1)
I dont find out why ERR_print_errors_fp crashes but if you
add this code (file sconnect.c) after BIO_push() the random
generator is initialized.
#if defined(WIN16) || defined(WIN32)
RAND_screen();
NoiseHeavy();
NoiseLight();
#endif
Because Windows has not a "random device" like unix it
would be nice to integrate the NoiseHeavy() and
NoiseLight() functions into the rand-Module for a better
seed.
#if defined(WIN16) || defined(WIN32)
void NoiseHeavy()
{
#if defined(WIN16)
struct _find_t finddata;
char szWinpath[260];
unsigned h;
if (0GetWindowsDirectory(szWinpath, sizeof(szWinpath)))
{
strcat(szWinpath, "\\*");
h = _dos_findfirst(szWinpath, _A_NORMAL, finddata);
if (h!=0)
{
do
{
RAND_seed((unsigned char*)finddata, sizeof(finddata));
} while ((0==_dos_findnext(finddata)));
}
}
#else
HANDLE hSrch;
WIN32_FIND_DATA finddata;
TCHAR szWinpath[MAX_PATH+3];
GetWindowsDirectory(szWinpath, sizeof(szWinpath));
tcscat(szWinpath, _T("\\*"));
hSrch = FindFirstFile(szWinpath, finddata);
if (INVALID_HANDLE_VALUE!=hSrch)
{
do
{
RAND_seed((unsigned char*)finddata, sizeof(finddata));
} while (FindNextFile(hSrch, finddata));
FindClose(hSrch);
}
#endif
}
void NoiseLight()
{
#if defined(WIN16)
DWORD dw[2];
dw[0] = GetFreeSpace(0);
dw[1] = GetTickCount();
RAND_seed((unsigned char*)dw, sizeof(dw));
#else
SYSTEMTIME systime;
DWORD dw[2];
BOOL f;
SYSTEM_POWER_STATUS pwrstat;
MEMORYSTATUS memstat;
GetSystemTime(systime);
RAND_seed((unsigned char*)systime, sizeof(systime));
GetSystemTimeAdjustment(dw[0], dw[1], f);
RAND_seed((unsigned char*)dw, sizeof(dw));
if (GetSystemPowerStatus(pwrstat)) /* only notebooks */
RAND_seed((unsigned char*)pwrstat, sizeof(pwrstat));
GlobalMemoryStatus(memstat);
RAND_seed((unsigned char*)memstat, sizeof(memstat));
#endif
}
#endif
** fix 2)
Dont know a solution, but if you fix 1) there are no errors ;-)
** fix 3)
Dont switch to the state "BIO_CONN_S_OK" if you are not connected!
This code runs unter Win32, i have not tested it under other systems.
BIO Module, file bss_conn.c:
case BIO_CONN_S_BLOCKED_CONNECT:
i=BIO_sock_error(b-num);
if (0i)
{
BIO_clear_retry_flags(b);
SYSerr(SYS_F_CONNECT,i);
ERR_add_error_data(4,"host=",
c-param_hostname,
":",c-param_port);
BIOerr(BIO_F_CONN_STATE,BIO_R_NBIO_CONNECT_ERROR);
ret=0;
goto exit_loop;
}
if (0i)
{
c-state=BIO_CONN_S_OK;
break;
}
goto exit_loop; /* not connected yet, we wait... */
BIO Module, file b_sock.c:
static const struct timeval s_timevalWaitConnect = { 0, 200};
/* return -1 Error
* return 0 Not connected yet, please wait...
* return 1 connected
*/
int BIO_sock_error(int sock)
{
int j,i;
int size;
int nSelect;
FD_SET writefds;
FD_SET exceptfds;
size=sizeof(int);
/* Note: under Windows the third parameter is of type (char *)
* whereas under other systems it is (void *) if you don't have
* a cast it will choke the compiler: if you do have a cast then
* you can either go for (char *) or (void *).
*/
i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(void *)j,(void *)size);
if (0!=i)
return(-1); /* err rk */
/* rk new code */
FD_ZERO(writefds);
FD_ZERO(exceptfds);
FD_SET(sock, writefds);
FD_SET(sock, exceptfds);
nSelect = select(0, NULL, writefds, exceptfds, s_timevalWaitConnect);
if (SOCKET_ERROR==nSelect)
return (-1); /*Err */
if (0==nSelect)
return (0); /* time expired but not connected. Wait... */
if (FD_ISSET(sock, exceptfds))
return (-1); /* Err connect */
if (FD_ISSET(sock, writefds))
return (1); /* ooh, connected */
return (-1); // any other error
}
Bye,
Ralf
Dipl.-Ing. (BA) Ralf Kunoth
Application Development
fun communications GmbH
Brauerstrasse 6, D-76135 Karlsruhe, Germany
fon: +49 721 96448-0, fax: +49 721 96448-22
http://www.fun.de, mailto:[EMAIL PROTECTED]
I trust in http://www.keytrust.de
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
patch for jserv w/ apache-ssl
apologies for the open-ssl list for the repost. i want to make sure that
the patch below is correct.
a couple of months ago jean-luc rochat told me how to patch jserv to
relay client digital certificates to servlets. yesterday, with help of
ben laurie, i made jserv to do the same with apache-ssl. followwing
ben's suggestion i make the patches to jserv_ajpv12.c and
JServConnection.java ajavailable. (save it under ApacheJServ-1.1 and use
"patch -p0 pfile"):
diff -Naur src/patch/jserv_ajpv12.c src/c/jserv_ajpv12.c
--- src/patch/jserv_ajpv12.cWed Mar 22 07:14:59 2000
+++ src/c/jserv_ajpv12.cTue Mar 21 14:01:48 2000
@@ -554,13 +554,17 @@
ajpv12_sendstring( buffsocket, ap_get_server_version());
/* begin jluc */
-/* Send routing info var SSL CLIENT Certificates DNs */
+/* Send the SSL client certificate */
if (r-subprocess_env) {
-ajpv12_sendstring( buffsocket, ap_table_get(r-subprocess_env,
"JSERV_ROUTE"));
+ ap_add_common_vars(r);
+ ap_add_cgi_vars(r);
ajpv12_sendstring( buffsocket, ap_table_get(r-subprocess_env,
"SSL_CLIENT_DN"));
-ajpv12_sendstring( buffsocket, ap_table_get(r-subprocess_env,
"SSL_CLIENT_IDN"));
+ajpv12_sendstring( buffsocket, ap_table_get(r-subprocess_env,
"SSL_CLIENT_I_DN"));
+ajpv12_sendstring( buffsocket, ap_table_get(r-subprocess_env,
"SSL_CLIENT_CERT"));
+ajpv12_sendstring( buffsocket, ap_table_get(r-subprocess_env,
"UNIQUE_ID"));
}
else {
+ajpv12_sendstring( buffsocket, "");
ajpv12_sendstring( buffsocket, "");
ajpv12_sendstring( buffsocket, "");
ajpv12_sendstring( buffsocket, "");
diff -Naur src/java/org/apache/patches/JServConnection.java
src/java/org/apache/jserv/JServConnection.java
--- src/java/org/apache/patches/JServConnection.javaWed Mar 22
07:15:35 2000
+++ src/java/org/apache/jserv/JServConnection.java Wed Mar 22
06:41:06 2000
@@ -403,7 +403,9 @@
env_vars.put("SERVER_SOFTWARE", in.readString(""));
env_vars.put("JSERV_ROUTE", in.readString(""));
env_vars.put("SSL_CLIENT_DN", in.readString(""));
-env_vars.put("SSL_CLIENT_IDN", in.readString(""));
+env_vars.put("SSL_CLIENT_I_DN", in.readString(""));
+env_vars.put("SSL_CLIENT_CERT", in.readString(""));
+env_vars.put("UNIQUE_ID", in.readString(""));
break;
--
Aaron Stromas | "Tick-tick-tick!!!... ja, Pantani is weg"
Oracle Corp. | BRTN commentator,
+1 703 708 6821 | L'Alpe d'Huez, 1995 Tour de France
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: Why do I see a private key?
rrln It seems that the call to X509_print_fp() is showing the private key. I
rrln thought that X509_set_pubkey() only take the public part of the RSA key
rrln
rrln to the X509 structure, but it seems that it puts all the key .
rrln
rrln When I cut the PEM code ( BEGIN CERTIFICATE --- END CERTIFICATE part of
rrln the result) and use "openssl x509" command line utility I do not see
rrln the private key . This makes me think that it is when you output the
rrln certificate (for example thorugh PEM_write_X509() call) that only the
rrln public part is codified. Am I right? As I do not know the whole library
rrln is a bit hard to look through the low level stuff :-(.
rrln
rrln
rrln Some hint?
Yup. Compile the following program:
-snip-
#include stdio.h
#include stdlib.h
#include openssl/pem.h
#include openssl/x509v3.h
main()
{
X509 *x;
x = PEM_read_X509(stdin, NULL, NULL, NULL);
X509_print_fp(stdout, x);
}
-snip-
Pipe the output of your program to my program ('./your_program | ./my_program')
and observe what comes out.
So yeah, X509_set_pubkey() will not look too closely at the pkey you
give it, as long as it has a public part (I got that from a very quick
look at the source). However, PEM_write_X509 won't output the private
parts.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
Redakteur@Stacken \ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team
Unsolicited commercial email is subject to an archival fee of $400.
See http://www.stacken.kth.se/~levitte/mail/ for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: Why do I see a private key?
rrln wrote: That's right, and that was expected, but what bothers me is that a call to X509_print_fp() is showing private key info. You're right of course, and I should know better than to post after sitting up half the night playing drunken Need For Speed: Porsche Challenge. I think Stephen answered your question though. //oscar S/MIME Cryptographic Signature
Re: Why do I see a private key?
rrln wrote: That's right, and that was expected, but what bothers me is that a call to X509_print_fp() is showing private key info. Since this issue crops up quite often and it is a potential security risk (e.g. using the -text option when a certificate or request has just been signed) I've modified OpenSSL to change this. See previous message for an explanation of why it happens. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
What is the status of PKCS#7
Hi we plan to use the PKCS#7 module to signt + encrypt data. In the readme file of the crypto/pkcs7 directory we can read: "WARNING Everything in this directory is experimental and is subject to change. Do not rely on the stuff in here not changing in the next release" I'd be very grateful to have amswers to the following questions: 1- Is the readme statement still true? I.e. if we start implementing on a given set of APIs, is there a chance that everything changes in the next release? 2- Is the implementation stable, ie tested? 3- Does the openssl implementation of pkcs#7 supports the notion of "external signatures", as per note 3 of section 7 of the pkcs#7 spec? Thanks Richard Dykiel, Starburst Software150 Baker Avenue, Concord, MA 01742http://www.starburstsoftware.com1-800-585-3889 ext289
RSA_verify syntax
Hi,
I have another newbie question.
I'm using RSA_verify to verify a signature which synopsis according to the OpenSSL
webpage documentation if following:
int RSA_verify(int type, unsigned char *m, unsigned int m_len,
unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
and i've been wondering what should be there in siglen?
I tried strlen(sigbuf), but then my signature doesn't verify - RSA_verify returns a -1
and the error is "wrong signature length".
(If the sigbuf contains string terminating characters, strlen(sigbuf) doesn't return
the actual length of sigbuf.)
If i force the siglen to be "right" using the following code:
returnval = RSA_verify(NID_sha1, mdigest, md_len, sigret, (unsigned
int)RSA_size(pubkey-pkey.rsa), pubkey-pkey.rsa);
if (returnval != 1) {ERR_print_errors_fp (stderr); exit(1);}
the signature verifies ok.
Have i misunderstood something? How do I get the right size of sigbuf into the
variable siglen?
Thanx in advance,
Elen
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Does the IV for CBC really have to be zeros?
Is this an error in documentation? According to Applied Crypto, Schneier, p 194, the IV in CBC mode ciphers should be different for each message. Looking at the source for BF_cbc_encrypt(), it looks like iv can be initialized with any 64 bytes. from the blowfish(3) man page (http://www.openssl.org/docs/crypto/blowfish.html) BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish. It encrypts or decrypts the 64 bits chunks of in using the key schedule, putting the result in out. enc decides if encryption (BF_ENCRYPT) or decryption (BF_DECRYPT) shall be performed. ivec must point at an 8 byte long initialisation vector, which must be initially filled with zeros. Also, it looks like this code will fail unless the processor's word size is 32 bits. Does openssl work on an Alpha? --Noel __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: What is the status of PKCS#7
Richard Dykiel wrote: Hi we plan to use the PKCS#7 module to signt + encrypt data. In the readme file of the crypto/pkcs7 directory we can read: "WARNING Everything in this directory is experimental and is subject to change. Do not rely on the stuff in here not changing in the next release" I'd be very grateful to have amswers to the following questions: 1- Is the readme statement still true? I.e. if we start implementing on a given set of APIs, is there a chance that everything changes in the next release? No it isn't true. That was something Eric put in ages ago. It needs deleting. The stuff smime.c uses is not likely to change much. 2- Is the implementation stable, ie tested? It has now passed RSAs S/MIME compatibility test: see http://www.rsasecurity.com/standards/smime/interop_center.html Draw your own conclusions from that :-) 3- Does the openssl implementation of pkcs#7 supports the notion of "external signatures", as per note 3 of section 7 of the pkcs#7 spec? Yes. This stuff isn't documented much yet. Have a look at the 'smime' application in apps/smime.c for some pointers. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: RSA_verify syntax
At 19:24 22.03.00 +0200, you wrote: Hi, I have another newbie question. I'm using RSA_verify to verify a signature which synopsis according to the OpenSSL webpage documentation if following: int RSA_verify(int type, unsigned char *m, unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, RSA *rsa); and i've been wondering what should be there in siglen? You verify a signature. The signature is some data with some length. this length you have to pass as siglen. I tried strlen(sigbuf), but then my signature doesn't verify - RSA_verify Won't work. sigbuf is some binary data... Have i misunderstood something? How do I get the right size of sigbuf into the variable siglen? It is the size of the signature you want to verify. By Goetz -- Goetz Babin-Ebell, TC TrustCenter GmbH, http://www.trustcenter.de Sonninstr. 24-28, 20097 Hamburg, Germany Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Does the IV for CBC really have to be zeros?
noel Is this an error in documentation? According to Applied Crypto, noel Schneier, p 194, the IV in CBC mode ciphers should be different for noel each message. Looking at the source for BF_cbc_encrypt(), it looks noel like iv can be initialized with any 64 bytes. You're right, that is a documentation glitch. I got confused by SSH wehn I rwote that. SSH explicitely requires that the ivec be initialised to 0. What's important is that the recipient gets to know what initial ivec was used (as is mentioned in the same page). noel Also, it looks like this code will fail unless the processor's word noel size is 32 bits. Does openssl work on an Alpha? OpenSSL works on the Alphas where it has been tested, as far as I know. From what I can see, the BF code will use 8 bytes, using n2l and other macros. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 Redakteur@Stacken \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Undefined symbols with in libssl.a
OpenSSL was built with "no-rsa no-idea no-rc2 no-rc4 no-rc5 -DSSL_ALLOW_ADH". I then built stunnel it complained about the following symbols. Undefined first referenced symbol in file ssl2_clear /usr/local/ssl/lib/libssl.a(s23_srvr.o) ssl2_num_ciphers/usr/local/ssl/lib/libssl.a(s23_lib.o) ssl2_new/usr/local/ssl/lib/libssl.a(s23_srvr.o) ssl2_get_cipher_by_char /usr/local/ssl/lib/libssl.a(s23_lib.o) SSLv2_server_method /usr/local/ssl/lib/libssl.a(s23_srvr.o) ssl2_get_cipher /usr/local/ssl/lib/libssl.a(s23_lib.o) ld: fatal: Symbol referencing errors. No output written to stunnel collect2: ld returned 1 exit status make: *** [stunnel] Error 1 I checked the apps dir in OpenSSL and found that s_server.c had defined NO_SSL2 if NO_RSA was defined. Then all ssl2 functions were wrapped with #ifndef NO_SSL2. Is it safe to wrap the above functions in the same way? Or is there some standard way that OpenSSL can be built with no-rsa and have these functions either defined or not referenced? Thanks, John. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
FW: Returned mail: User unknown
I'm trying to generate a test certificate on my Solaris 7 box as explained in the README.SSL that came with Apache 1.3.12 + SSL and getting; % make certificate /tmp/bg/openssl-SNAP-2321/apps/openssl req -config ../SSLconf/conf/ssleay.cnf \ -new -x509 -nodes -out ../SSLconf/conf/httpsd.pem \ -keyout ../SSLconf/conf/httpsd.pem; \ ln -sf httpsd.pem ../SSLconf/conf/`/tmp/bg/openssl-SNAP-2321/apps/openssl \ x509 -noout -hash ../SSLconf/conf/httpsd.pem`.0 Using configuration from ../SSLconf/conf/ssleay.cnf unable to load 'random state' This means that the random number generator has not been seeded with much random data. Generating a 1024 bit RSA private key 8471:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:538: 8471:error:04069003:rsa routines:RSA_generate_key:BN lib:rsa_gen.c:182: *** Error code 1 make: Fatal error: Command failed for target `certificate' As you can see I am using the latest snapshot, but getting no where. Excuse my ignorance but I have spent the entire day searching through what docs there are and the mail archive and have found nothing that changes this. I have the latest pem_lib.c, I haven't found anything else so far that gives me any idea of what to do next. I can't be the only person trying to get this to work under Solaris, someone please help. PS: Please include my email address in the response I am not subscribed. -- Ben Groot, [EMAIL PROTECTED] Systems Administration Dept. of Computer Science University of Calgary Phone: (403)220-2289 Fax:(403)284-4707 http://www.cpsc.ucalgary.ca/~ben __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Create my own CA
During the process of creating your own CA, you came up with a 'ca.crt' file (the FIRST .crt file that you came up with). You need to download this into your client, as a specific MIME type. (application/x-x509-certificate) For MSIE, it requires it to be sent in .der format, which is essentially a .crt minus the base-64 encoding. (openssl x509 -inform crt -in ca.crt -outform der -out ca.der ... or something like that. It's been a while since I've done it. There's an FAQ entry on it, at the least.) --- Mat Butler, Winged Wolf [EMAIL PROTECTED] SPASTIC Web Engineer SPASTIC Server Administrator Begin FurryCode v1.3 FCWw5amrsw A- C+ D H+++ M+[servercoder] P+ R++ T+++ W Z++ Sm++ RLCT/M*/LW* a cl/u/v+ !d e- f h++ iwf+++ j p-+ sm++ End FurryCode v1.3 On Tue, 21 Mar 2000, Gustavo Amarilla wrote: I download the Apache/1.3.12 mod_ssl/2.6.2 and openssl-0.9.5.and I created my own CA, and I will do my own CA certified entity, because we can not pay to a entity like Virisign or something, but when I used MS Explorer 5.0 or Netscape 4.0 those program say to me:"I don't recognize the autority who sign this certificate". I used de sigh.sh (that came with the open_ssl package) and create a server.csr, I put this file in the httpd.conf but the same msg. May you help me, Thanks in advance __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: authentication delegation
My question is, how's a typical authentication delegation implemented using SSL? I can visualize a point-to-point authetication happening between the client and ServiceA. But, how can I control access to ServiceB's resources by ServiceA unless ServiceA is acting on behalf of a authorised user? Surely, I dont want ServiceA to know the clients Private key Assuming Client -- Service A -- Service B I don't believe you can do this with straight SSL. You will have to build some extra security protocol on top of, underneath, or "next to" it. Simplest is to define a protocol where A can say "treat me like you would the Client" and B is configured to allow A to do arbitrary impersonation. You might be able, with participation of the Client, have A play a man-in-the-middle game. This is really one of those places where it is important to understand the subtlies of *transport* level security as opposed to end-to-end. :) Wonder how those CORBA ORB-s use SSL for security when delegation is involved. Those who do it right add their own IA (identification and authorization) on top of SSL. There's a reason why (last time I looked) IIOP had its own security payload. /r$ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Unable to configure
Hi I hope I'm not just doing something stupid. I run the following: ./configure --prefix=/usr/local/openssh --with-ssl-dir=/usr/local/ssl also tried --with-ssl-dir=/usr/local/ssl/lib /usr/local/ssl/lib contains 2 files: libcrypto.a and libssl.a configure fails with the error that it "Could not find working SSLeay / OpenSSL libraries" I've only built installed SSL in order to run SSH, so I haven't used it in any other way. Do I need to set something up in SSL, like generate a key or two first? Thanks Howie __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: How do I generate 56 bit DES keys?
"Wilder, John" wrote: The openssl has utilities to generate DSA and RSA encrypted keys. Is there anyway to generate 56bit DES keys? If not by openssl, how? Just pick a random number. Cheers, Ben. -- http://www.apache-ssl.org/ben.html __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
