How to generate private key format accept by microsoft signcode ?
Hello, How to generate private key format accept by microsoft signcode tool ? Thanks for advance __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: cURL and HTTPS
Could you post the curl command line that you're using? You might just be missing a param or two. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
cURL and HTTPS
I've posted the following request to the cURL-users list but there was no response there (I'm very surprised). I even posted a follow-up asking if I can RTM somewhere or take the inquiry somewhere else, but still no response. I've done my research and come up dry. I'm hoping someone here can help, or at least lead me to a source of info. Thanks! I've been using cURL for a long time but just getting into the SSL end of it. I'm not a crypto guy, so just the process of creating, signing, and installing certs is also new, but I'm making progress. The info at http://eal.us/archives/000964.html has proven invaluable for creating a cert with OpenSSL which can be installed to IIS, and IE works fine with it. (Note the info there says you jump back and forth between Windows and Linux to create/sign certs but it can all be done from one OS. The problem I'm having is creating a PEM from a server .crt file with OpenSSL that the cURL commandline can use. I've tried many permutations and never seem to get it quite right. I'm using this OpenSSL line to create the PEM: openssl x509 -in server.crt -out server.pem -outform PEM I think I need to add the cert info to curl-ca-bundle.crt, or (preferably) I need to properly tell the commandline to use a different file rather than going to the bundle. I've used notepad to copy/paste the cert into the bundle with no joy. (Don't use Wordpad or it will change all the EOL delimiters). Can anyone give me a definitive set of steps to get from a working cert to a working HTTPS with cURL? I'll be happy to put all of this info (including helpful notes of my own) up on my website for future reference. Daniel Stenberg has mentioned in previous posts on the topic (since the bundle was first introduced) that there is no real documentation for this yet. I'm wondering how anyone makes it work. Many Thanks. Tony __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Key Identifier in X509v3 extensions
On Fri, Mar 05, 2004, Claus Nagel wrote: > > It follows the RFC3280 recommendation in 4.2.1.2 (1): > > > > The keyIdentifier is composed of the 160-bit SHA-1 hash of the > > value of the BIT STRING subjectPublicKey (excluding the tag, > > length, and number of unused bits). > > thanks. sorry, i missed that point while reading. well i'm not exactly > sure... would hashing the DER encoded ASN.1 RSAPublicKey object sufficient for > this recommandation? if not, how do i know, which bits are unused? > Since for an RSA key the subjectPublicKey field contains a DER RSAPublicKey structure yes that would produce the same result. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Key Identifier in X509v3 extensions
> It follows the RFC3280 recommendation in 4.2.1.2 (1): > > The keyIdentifier is composed of the 160-bit SHA-1 hash of the >value of the BIT STRING subjectPublicKey (excluding the tag, >length, and number of unused bits). thanks. sorry, i missed that point while reading. well i'm not exactly sure... would hashing the DER encoded ASN.1 RSAPublicKey object sufficient for this recommandation? if not, how do i know, which bits are unused? -- +++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++ 100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
information
ok <>
Re: Key Identifier in X509v3 extensions
On Fri, Mar 05, 2004, Claus Nagel wrote: > > The SKID can be calculated automatically by the extension code (see > > doc/openssl.txt). The AKID is normally copied from the SKID of the issuers > > certificate. > > As for the SKID I found the following in the openssl.txt: > Example: subjectKeyIdentifier=hash > But which values are taken to calculate that hash and which algorithm is > used? > It follows the RFC3280 recommendation in 4.2.1.2 (1): The keyIdentifier is composed of the 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits). Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Key Identifier in X509v3 extensions
> The SKID can be calculated automatically by the extension code (see > doc/openssl.txt). The AKID is normally copied from the SKID of the issuers > certificate. As for the SKID I found the following in the openssl.txt: Example: subjectKeyIdentifier=hash But which values are taken to calculate that hash and which algorithm is used? > You don't store the MD5 and SHA1 thumbprints in the certificate they are > calculated by taking the MD5 or SHA1 hash of the whole certificates > encoding. Thx :-) -- +++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++ 100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Key Identifier in X509v3 extensions
On Fri, Mar 05, 2004, Claus Nagel wrote: > hello, > how do i compute the values for X509v3 Subject Key Identifier and X509v3 > Authority Key Identifier{keyid} in a X509v3 certificate? And where can I store > MD5 or SHA1 thumbprints in a X509v3 certificate? > thx, The SKID can be calculated automatically by the extension code (see doc/openssl.txt). The AKID is normally copied from the SKID of the issuers certificate. You don't store the MD5 and SHA1 thumbprints in the certificate they are calculated by taking the MD5 or SHA1 hash of the whole certificates encoding. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Key Identifier in X509v3 extensions
hello, how do i compute the values for X509v3 Subject Key Identifier and X509v3 Authority Key Identifier{keyid} in a X509v3 certificate? And where can I store MD5 or SHA1 thumbprints in a X509v3 certificate? thx, Claus Nagel -- +++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++ 100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]