Generating key and cert
Hello. I'm using openssl in Tcl, via Tls. Everything works great, but Tls does not allow key/certificate generation (for servers). I want to add such features to Tls. I've read Tls and openssl sources, and it seems that what I want is in openssl/apps/req.c. I noticed that docs on openssl.org are a bit incomplete, so I do not really understand what is happening. I want an RSA key, so I basically do this: if ((pkey = EVP_PKEY_new())!=NULL) { if (!EVP_PKEY_assign_RSA(pkey, RSA_generate_key(1024, 0x10001, NULL, NULL))) { return TCL_ERROR; } in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); EVP_PKEY_free(pkey); } This should create a 1024 bit key. How do I save the key to a file, create a corresponding .pem file and save it as well? I really get confused with the code in apps/req.c. -- WK __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Hlp,plz: pkcs12 complient password-based secret-key generation
Hi all. I posted question about PKCS12_key_gen() a few days ago, but nobody answered; I beleive, that's because the posting subj was not so clear. What is the correct way to create pkcs12-complient password-based key (sorry for complitely beginner's question)? If I need an a crossplatform- cryptography implementation: OpenSSL--JCE - the java side is smth like: PBEKeySpec keyspec = new PBEKeySpec(pwd.toCharArray()); SecretKeyFactory KFac = SecretKeyFactory.getInstance(keyAlg); SecretKey key = KFac.generateSecret(keyspec); PBEParameterSpec pars = new PBEParameterSpec(salt, iters); Cipher cf = Cipher.getInstance(cryptAlg); cf.init(Cipher.DECRYPT_MODE, key, pars); How shoul'd I do the same with OpenSSL? For instace, with cbc-triple-des - is that the correct way? : { char *k1, *k2, *k3, *pwd; char deskey[24]; char salt[8] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}; int saltlen = 8; des_key_schedule ks1,ks2,ks3; if(PKCS12_key_gen(usr_passwd, strlen(usr_passwd), salt, saltlen, PKCS12_KEY_ID, 1024, /* iters */ 24, /*DES3_KEY_LEN, */ deskey, EVP_sha1()) != 1) exit(printf(failed: PKCS12_key_gen call\n)); k1 = deskey; k2 = deskey + 8; k3 = deskey + 16; des_set_key((C_Block *)k1,ks1); des_set_key((C_Block *)k2,ks2); des_set_key((C_Block *)k3,ks3); des_ede3_cbc_encrypt((C_Block *)inBuff, (C_Block *)outBuff, data_len, ks1, ks2, ks3, (C_Block *)salt, DES_ENCRYPT); ... } Thanx a lot for any help Sincerely Jab. [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
unable to verify server.crt
Hello, When i try to check my server.crt , i get the following problem? What doe sthat mean? because of this error I have not been able to use my certificates. openssl x509 -noout -modulus -in sever.crt |openssl md5 Error opening Certificate sever.crt 1666:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('sever.crt','r') 1666:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261: unable to load certificate d41d8cd98f00b204e9800998ecf8427e Thanks in advance. --veena __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Anyone Know of a Web Based Certificate Authority.
Anyone know of a web based certificate authority that actually works as advertised. I have tried php-ca but I am having alot of trouble getting it to work. OpenCA is a little bit to full featured for what I am trying to accomplish. Basically I am looking to send a secret to an email address in order to verify a requestor's identity. If the requestor can correctly verifies themself, I would like to issue them a certificate. Thanks in Advance James Wilson _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Anyone Know of a Web Based Certificate Authority.
I now pyca www.pyca.de and http://cultura.eii.us.es/~pablo/elyca/ I didn't try last one, but the first send an e-mail to requestor to verify it. Anton -Original Message- From: John Doe [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2003 07:48 To: [EMAIL PROTECTED] Subject: Anyone Know of a Web Based Certificate Authority. Anyone know of a web based certificate authority that actually works as advertised. I have tried php-ca but I am having alot of trouble getting it to work. OpenCA is a little bit to full featured for what I am trying to accomplish. Basically I am looking to send a secret to an email address in order to verify a requestor's identity. If the requestor can correctly verifies themself, I would like to issue them a certificate. Thanks in Advance James Wilson _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]