rsautl problem [newbie]
Hi there: This is my first post to the list. My problem is very simple yet I have not found an answer after reading the man pages, googling for it and browsing the list archive. I am writing a Java applet to sign documents created on line. No problem over here, I hope. However, to verify the signed documents output by the applet I resorted to openssl rsautl to sign the document and compare the result to the one signed by the applet. Here is where my problem is. $ openssl rsautl -sign -raw -in prueba.xml -inkey abbpermarn.priv.pem -out prueba.ssl.sgn Enter pass phrase for abbpermarn.priv.pem: RSA operation error 3919:error:0406B06E:rsa routines:RSA_padding_add_none:data too large for key size:rsa_none.c:70: I also tried: $ openssl rsautl -sign -pkcs -in prueba.xml -inkey abbpermarn.priv.pem -out prueba.ssl.sgn Enter pass phrase for abbpermarn.priv.pem: RSA operation error 3921:error:0406C06E:rsa routines:RSA_padding_add_PKCS1_type_1:data too large for key size:rsa_pk1.c:73: $ I have searched for data too large for key size and even took a look at the source code trying to find an answer to an apparently simple problem. The input file (prueba.xml) is a small xml file (184 bytes). I have tried two different private keys generated using openssl, which are working fine with the applet and in IE and Mozilla (after being exported to a PFX with the self-signed certificate). I even tried the private key used by Apache for HTTPS. In other words, I think there is no problem with the RSA keys. Given that the files are so small, I am attaching to this message a zip file that contains prueba.xml and the test private key (no password) just in case somebody wants to reproduce my test environment. I am using OpenSSL 0.9.7a Feb 19 2003 under Mandrake Linux 9.1. What am I doing wrong or missing? Thanks in advance and, please, excuse me for my english. Adolfo P.S: test.zip Description: Zip archive
another Newbie Question
Im currently reading network security with open ssl, and im well and truly stuck. ive google, and check the book site to see if its a reported mistake.. no luck. Does anyone know if SSL_library_init(), and SSL_load_error_strings() are part OpenSSL?, or are they functions the writer is using? Im getting external unresolved linker errors from them. Ive included the following... #include openssl/bio.h #include openssl/err.h #include openssl/rand.h #include openssl/ssl.h #include openssl/x509v3.h Any ideas? Thanks Darren __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: rsautl problem [newbie]
On Wed, 2004-01-21 at 06:59, Adolfo Bello wrote: Sorry for replying to myself. I just realized that I need to use the dgst command. Adolfo __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: another Newbie Question
On Wed, Jan 21, 2004 at 06:10:39AM -0500, Darren McDonald wrote: Im currently reading network security with open ssl, and im well and truly stuck. ive google, and check the book site to see if its a reported mistake.. no luck. Does anyone know if SSL_library_init(), and SSL_load_error_strings() are part OpenSSL?, or are they functions the writer is using? Im getting external unresolved linker errors from them. Ive included the following... #include openssl/bio.h #include openssl/err.h #include openssl/rand.h #include openssl/ssl.h #include openssl/x509v3.h When compling/linking append -lssl -lcrypto such that the necessary functions are actually linked in... Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SSLeay compatibale
Hi All What's the equivalent function for PEM_read_PUBKEY in SSLeay? I want to read a public key but I cannot read It by rsa = PEM_read_RSAPublicKey(fkeyfile, 0 ,0); function .The rsa is NULL. HELP WAA Thanks. __ Do you Yahoo!? Yahoo! Hotjobs: Enter the Signing Bonus Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: another Newbie Question
Thanks, but do you have any idea how idea accomplish this in C++ Borland builder? Ive already set it up to search for header files in the relavent folder, what am I missing? On Wed, Jan 21, 2004 at 06:10:39AM -0500, Darren McDonald wrote: Im currently reading network security with open ssl, and im well and truly stuck. ive google, and check the book site to see if its a reported mistake.. no luck. Does anyone know if SSL_library_init(), and SSL_load_error_strings() are part OpenSSL?, or are they functions the writer is using? Im getting external unresolved linker errors from them. Ive included the following... #include openssl/bio.h #include openssl/err.h #include openssl/rand.h #include openssl/ssl.h #include openssl/x509v3.h When compling/linking append -lssl -lcrypto such that the necessary functions are actually linked in... Best regards, Lutz -- Lutz Jaenicke __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Certificate OID
Hi, For OpenSSL you can add new OIDs in Configuration file option, which has a variable oid_file, this specifies a file containing additional OBJECT IDENTIFIERS. Each line of the file should consist of the numerical form of the object identifier followed by white space then the short name followed by white space and finally the long name. Generally the configuration file reside under '/etc/ssl/' or in '/usr/lib/ ' as openssl.cnf file, which possibly contain following lines and you can specify your OID file there. # OpenSSL example configuration file. # This is mostly being used for generation of certificate requests. # RANDFILE= $ENV::HOME/.rnd oid_file= $ENV::HOME/.oid oid_section= new_oids [ new_oids ] # Add a simple OID like this: # testoid1=1.2.3.4 # Or use config file substitution like this: # testoid2=${testoid1}.5.6 Object identifiers are, basically, strings of numbers. They are allocated in a hierarchical manner, They are used in a variety of protocols. The formal definition of OIDs comes from ITU-T recommendation X.208 (ASN.1) Refer this link for more details about OID http://www.alvestrand.no/objectid/index.html Regards, Kathiravan. V www.visolve.com - Original Message - From: Leonardo Javier Uzcategui Montes [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 19, 2004 6:33 PM Subject: Certificate OID Hi everyone i'd like to know... where is the information about the OID in the Certificate Policies??? thanks Leonardo Uzcategui GSC-RedULA Merida-Venezuela __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Hotjobs: Enter the Signing Bonus Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: another Newbie Question
aaahhh, I see now. I err, forgot to include the libarys that go with the header files, got it sorted now. Thanks to all. Darren __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]