Generating key and cert
Hello.
I'm using openssl in Tcl, via Tls. Everything works great, but Tls does
not allow key/certificate generation (for servers). I want to add such
features to Tls.
I've read Tls and openssl sources, and it seems that what I want is in
openssl/apps/req.c.
I noticed that docs on openssl.org are a bit incomplete, so I do not
really understand what is happening.
I want an RSA key, so I basically do this:
if ((pkey = EVP_PKEY_new())!=NULL)
{
if (!EVP_PKEY_assign_RSA(pkey,
RSA_generate_key(1024, 0x10001, NULL, NULL)))
{
return TCL_ERROR;
}
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
EVP_PKEY_free(pkey);
}
This should create a 1024 bit key. How do I save the key to a file,
create a corresponding .pem file and save it as well?
I really get confused with the code in apps/req.c.
--
WK
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Hlp,plz: pkcs12 complient password-based secret-key generation
Hi all.
I posted question about PKCS12_key_gen() a few days ago,
but nobody answered; I beleive, that's because the posting
subj was not so clear. What is the correct way to create
pkcs12-complient password-based key (sorry for complitely
beginner's question)? If I need an a crossplatform-
cryptography implementation: OpenSSL--JCE - the java side
is smth like:
PBEKeySpec keyspec =
new PBEKeySpec(pwd.toCharArray());
SecretKeyFactory KFac =
SecretKeyFactory.getInstance(keyAlg);
SecretKey key = KFac.generateSecret(keyspec);
PBEParameterSpec pars =
new PBEParameterSpec(salt, iters);
Cipher cf = Cipher.getInstance(cryptAlg);
cf.init(Cipher.DECRYPT_MODE, key, pars);
How shoul'd I do the same with OpenSSL? For instace, with
cbc-triple-des - is that the correct way? :
{
char *k1, *k2, *k3, *pwd;
char deskey[24];
char salt[8] = {0x01,
0x02,
0x03,
0x04,
0x05,
0x06,
0x07,
0x08};
int saltlen = 8;
des_key_schedule ks1,ks2,ks3;
if(PKCS12_key_gen(usr_passwd,
strlen(usr_passwd),
salt,
saltlen,
PKCS12_KEY_ID,
1024, /* iters */
24, /*DES3_KEY_LEN, */
deskey,
EVP_sha1()) != 1)
exit(printf(failed: PKCS12_key_gen call\n));
k1 = deskey;
k2 = deskey + 8;
k3 = deskey + 16;
des_set_key((C_Block *)k1,ks1);
des_set_key((C_Block *)k2,ks2);
des_set_key((C_Block *)k3,ks3);
des_ede3_cbc_encrypt((C_Block *)inBuff,
(C_Block *)outBuff,
data_len,
ks1, ks2, ks3,
(C_Block *)salt,
DES_ENCRYPT);
...
}
Thanx a lot for any help
Sincerely
Jab.
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
unable to verify server.crt
Hello,
When i try to check my server.crt , i get the
following problem?
What doe sthat mean? because of this error I have not
been able to use my certificates.
openssl x509 -noout -modulus -in sever.crt |openssl
md5
Error opening Certificate sever.crt
1666:error:02001002:system library:fopen:No such file
or directory:bss_file.c:259:fopen('sever.crt','r')
1666:error:20074002:BIO routines:FILE_CTRL:system
lib:bss_file.c:261:
unable to load certificate
d41d8cd98f00b204e9800998ecf8427e
Thanks in advance.
--veena
__
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Anyone Know of a Web Based Certificate Authority.
Anyone know of a web based certificate authority that actually works as advertised. I have tried php-ca but I am having alot of trouble getting it to work. OpenCA is a little bit to full featured for what I am trying to accomplish. Basically I am looking to send a secret to an email address in order to verify a requestor's identity. If the requestor can correctly verifies themself, I would like to issue them a certificate. Thanks in Advance James Wilson _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Anyone Know of a Web Based Certificate Authority.
I now pyca www.pyca.de and http://cultura.eii.us.es/~pablo/elyca/ I didn't try last one, but the first send an e-mail to requestor to verify it. Anton -Original Message- From: John Doe [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2003 07:48 To: [EMAIL PROTECTED] Subject: Anyone Know of a Web Based Certificate Authority. Anyone know of a web based certificate authority that actually works as advertised. I have tried php-ca but I am having alot of trouble getting it to work. OpenCA is a little bit to full featured for what I am trying to accomplish. Basically I am looking to send a secret to an email address in order to verify a requestor's identity. If the requestor can correctly verifies themself, I would like to issue them a certificate. Thanks in Advance James Wilson _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
