Re: Openssl in java
Hi, Thanks for your reply. can i use openssl to encrypt in c++ and bouncy castle to decrypt in java. Thanks S.Suresh - Original Message - From: Lawrence Bowie <[EMAIL PROTECTED]> Date: Thursday, December 16, 2004 10:38 am Subject: Re: Openssl in java > Try the native implementation bundled with Sun else you will have > to use some JNI methods ... > > > http://java.sun.com/products/jsse/ > > > LDB > > > > [EMAIL PROTECTED] wrote: > > >Hi, > > I am developing server application in java and client in vc++. > How to use openssl from java. > > > >Thanks in abvance > >S.Suresh > > > >__ > >OpenSSL Project > http://www.openssl.org>User Support Mailing List > [EMAIL PROTECTED] > >Automated List Manager > [EMAIL PROTECTED]> > > > > > > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
PEM_write_X509
Hi,
I am unable to write to a file using PEM_write_X509. Im
running my program on linux. The functions works when the file pointer is
stdout. It fails when any other valid file pointer is used. This is the same
problem with BIO_printf. If the output BIO is stdout it works but doesn’t
write into a file pointer supplied by the program. Im pasting sample code
below:
FILE *fp1 = NULL;
if((fp1 = fopen (“test”,
"rw"))== NULL){
printf
("opening %s \n", 's', "test failed");
}
X509* x509
int i = PEM_write_X509(stdout, x509);
//works fine and prints the certificate on the screen
int
j = PEM_write_X509(fp1, x509 ); //doesn’t work
The file has all required permissions and the file is being
opened. This is the same problem with BIO_printf, PEM_write_Privatekey.
BIO_printf(BIO* b, “Some text\n”);
When b – stdout in BIO wrapper it works but with file
pointer in BIO wrapper “Some text” is not written into the file.
Has anyone encountered this problem?
Regards
Aparna
Confidentiality Notice
The information contained in this electronic message and any attachments to this message are intended
for the exclusive use of the addressee(s) and may contain confidential or privileged information. If
you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately
and destroy all copies of this message and any attachments.
Custom engine, OBJ_cleanup
Hello! We implement custom engine registering some NIDs via OBJ_create(). We have problems using this engine in openssl commands calling OBJ_cleanup() before apps_shutdown() such as req, ca, x509. It causes a segfault inside EVP_cleanup() function. Now we use 20041207 snapshot. -- SY, Dmitry Belyavsky (ICQ UIN 6575) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Openssl in java
Try the native implementation bundled with Sun else you will have to use some JNI methods ... http://java.sun.com/products/jsse/ LDB [EMAIL PROTECTED] wrote: Hi, I am developing server application in java and client in vc++. How to use openssl from java. Thanks in abvance S.Suresh __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Openssl in java
Hi, I am developing server application in java and client in vc++. How to use openssl from java. Thanks in abvance S.Suresh __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: pkcs7_sign function
On Wed, Dec 15, 2004, Aparna Nandyal wrote: > > Hi, > > Thank you for your response. But I have a file in which private key is > available. > > Smime -sign command prompts me for a pass word which I enter and internally > private key is passed to pkcs7_sign () in EVP_PKEY without pass word. > > But I have a password protected private key in a file which I am not able to > input to pkcs7_sign() directly. I also have the password in another file. So > is there any function which takes password protected private key and > password and return an EVP_PKEY without password? > Depends on the file format. If its PEM (e.g. smime -sign works with it) then PEM_read_PrivateKey() will do the trick. Check out the pem manual page for more details. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
pkcs7_sign function
Hi Im using pkcs7_sign method. One of the input parameters to this function is EVP_PKEY private key. But private keys are password protected and there is no parameter in the function to take the password for the private key. So can anyone let me know how pkcs7_sign method can be used with password protected key? Thanks in advance Regards Aparna Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately and destroy all copies of this message and any attachments. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSL on MS Exchange 2003 Enterprise Edition.
go to control panel-add/remove-add/remove windows components, and install "certificate services" I'm not sure if Windows server 2003 has a way for you to be your own CA or not, but there's probably a way. I'm not an expert here either, but there is plenty of good help in Windows Help Center. [EMAIL PROTECTED] wrote on 12/14/2004 02:51:20 PM: > Hello all, > > I am a real novice trying to setup an Exchange server for my family. I need > to secure the server using SSL, but I do not know where to begin. > > Is there a binary openssl file that is out there for windows? and if so, > will it help me in securing my Exchange and is there a manual for > implementing SSL with my Exchange or am I not thinking right? > > Thanks in advance __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: pkcs7_sign function
On Wed, Dec 15, 2004, Aparna Nandyal wrote: > > Hi > > Im using pkcs7_sign method. One of the input parameters to this function is > EVP_PKEY private key. But private keys are password protected and there is > no parameter in the function to take the password for the private key. So > can anyone let me know how pkcs7_sign method can be used with password > protected key? > The password protection is normally handled when you obtain the EVP_PKEY structure. That might be from a PEM file or a PKCS#12 file. Those (and other options) include support for passwords. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: pkcs7_sign function
Hi, Thank you for your response. But I have a file in which private key is available. Smime -sign command prompts me for a pass word which I enter and internally private key is passed to pkcs7_sign () in EVP_PKEY without pass word. But I have a password protected private key in a file which I am not able to input to pkcs7_sign() directly. I also have the password in another file. So is there any function which takes password protected private key and password and return an EVP_PKEY without password? Thanks and Regards Aparna -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Wednesday, December 15, 2004 7:18 PM To: [EMAIL PROTECTED] Subject: Re: pkcs7_sign function On Wed, Dec 15, 2004, Aparna Nandyal wrote: > > Hi > > Im using pkcs7_sign method. One of the input parameters to this function is > EVP_PKEY private key. But private keys are password protected and there is > no parameter in the function to take the password for the private key. So > can anyone let me know how pkcs7_sign method can be used with password > protected key? > The password protection is normally handled when you obtain the EVP_PKEY structure. That might be from a PEM file or a PKCS#12 file. Those (and other options) include support for passwords. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately and destroy all copies of this message and any attachments. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: DER public key file structure
On Wed, Dec 15, 2004, Andrus wrote: > Stephen, > > thank you. > > The command > > openssl rsautl -verify -in signature.bin -inkey public.der -pubin -keyform > DER -out signout.bin > > Causes error: > > RSA operation error > 4294560507:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block > type > is not 01:crypto/rsa/rsa_pk1.c:100: > 4294560507:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check > fail > ed:crypto/rsa/rsa_eay.c:580: > > If I replace signature.bin with sign.bin file, all is OK > > Why signature.bin causes error ? > > Various padding bytes are added before encryption and removed (and checked) after decryption using RSA: the full details are in the PKCs#1 standard. The error means that the padding wasn't of the correct form. Other than that its hard to say what the problem is. Turning off padding (using -raw) doesn't help: the decrypted data looks like garbage. Where does 'signature.bin' come from? BTW to answer your other question the format of the public key is defined in the various standards mentioned. You can use various OpenSSL utilities to pase the structure. For example: openssl rsa -inform DER -pubin -in public.der -text -noout gives: Modulus (1024 bit): 00:ce:fa:21:c8:a1:02:3b:7b:81:50:2e:b9:aa:4a: 8e:b3:43:82:c7:7f:7b:56:76:90:45:c2:0d:28:1e: 55:22:9d:78:4d:0a:ff:0b:c8:7b:ec:fc:59:a4:65: f5:f4:f1:b5:96:5f:76:d0:ad:60:a3:e4:2e:cc:7d: 40:4c:5a:2f:b5:d1:58:49:3c:f1:0e:71:eb:61:6e: da:ad:80:2b:7d:e1:1c:86:83:5e:ba:00:ea:19:0c: b0:42:4c:a8:78:80:f0:3c:f5:bd:fd:27:78:8b:30: 94:d8:93:39:5d:33:da:1f:68:f1:bb:d3:35:cf:a6: dd:08:ca:b8:db:b7:a6:3c:df Exponent: 3 (0x3) To see the ASN1 structure you can use: openssl asn1parse -inform DER -in public.der which produces: 0:d=0 hl=3 l= 157 cons: SEQUENCE 3:d=1 hl=2 l= 13 cons: SEQUENCE 5:d=2 hl=2 l= 9 prim: OBJECT:rsaEncryption 16:d=2 hl=2 l= 0 prim: NULL 18:d=1 hl=3 l= 139 prim: BIT STRING The key components are in that BIT STRING which you can see with: openssl asn1parse -inform DER -in public.der -strparse 18 0:d=0 hl=3 l= 135 cons: SEQUENCE 3:d=1 hl=3 l= 129 prim: INTEGER :CEFA21C8A1023B7B81502EB9AA4A8EB34382C77F7B56769045C20D281E55229D784D0AFF0BC87BECFC59A465F5F4F1B5965F76D0AD60A3E42ECC7D404C5A2FB5D158493CF10E71EB616EDAAD802B7DE11C86835EBA00EA190CB0424CA87880F03CF5BDFD27788B3094D893395D33DA1F68F1BBD335CFA6DD08CAB8DBB7A63CDF 135:d=1 hl=2 l= 1 prim: INTEGER :03 Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
AW: DER public key file structure
Andrus,
as Stephen explains the key is represented in an ASN.1 structure called
"SubjectPublicKeyInfo" and is coded in DER (Distinguished Encoding Rules).
The structure consits of an ObjectIdentifier ([06 09] 2A...01 01 01) and the
parameter NULL ([05 00]) followed by the public modulus of your key. The
"footer" ([02 01] 03) is your public exponent (in ASN.1, BER coded)
Regards
Thomas
> -Ursprüngliche Nachricht-
> Von: Andrus [mailto:[EMAIL PROTECTED]
> Gesendet: Dienstag, 14. Dezember 2004 22:29
> An: [EMAIL PROTECTED]
> Betreff: Re: DER public key file structure
>
>
> Charles,
>
> thank you for reply. I studied those documents carefully bot
> havent found
> yet a solution.
> rfc3280.txt appendix C does not describe public key format.
> PKCS #1 v2.1: RSA Cryptography Standard does not not describe
> data storage
> exact format.
>
> The hex dump of my public.der file looks like:
>
> 00: 30 81 9D 30 0D 06 09 2A ¦ 86 48 86 F7 0D 01 01 01
> 0üØ0. *åHå"...
> 10: 05 00 03 81 8B 00 30 81 ¦ 87 02 81 81 00 B0 6D 8D
> ür 0ücüü _mZ
> 20: 8D 76 FB DA B6 91 A2 EA ¦ 11 DB 8A C2 92 AC 50 59
> Zv¹-CæóL-R-ƼPY
> 30: 83 30 39 87 F7 51 5C 1B ¦ F5 1B 5C 4D 83 5C 71 A4
> a09c"Q\§\Ma\qz
> 40: 5D 19 B2 1F 24 2E 0B 7F ¦ 5E C1 CF E9 93 3D F3 7B ]_ $.
> ^-Zko=¾{
> 50: 1B 1F 60 74 B5 68 93 83 ¦ F4 C8 55 18 3E BB 97 73
> `tAhoa¶+U>+Ss
> 60: BC 8C 27 8E 70 7C 89 13 ¦ 26 B0 13 55 57 67 F7 3E
> +i'Äp|e&_UWg">
> 70: 6B 07 FA C9 58 57 36 0E ¦ D7 9D 5A 24 A3 4A F5 8A
> k·+XW6uØZ$ZJ§R
> 80: D5 A3 62 A1 C2 18 12 90 ¦ 35 85 F7 34 18 BD 1D F1
> sZbI-É5g"4I
±
> 90: 37 5C 0D 29 48 E2 C7 FC ¦ 6A AD 55 D2 EB 02 01 03
> 7\)HOU³jLUel
>
> The 1024 bit modulus starts at bytes 00 B0 6D and ends with
> 55 D2 EB
>
> After that It seems that 02 01 03 is constant suffix at the
> end of .der
> file.
>
> What is the meaning of the file header bytes ?
> Where the modulus length is stored ?
> Where is the publix exponent (03) stored ?
>
> Can you point me any documentation of the openssl source code
> file where I
> can find information about this format ?
>
> Thanks,
>
> Andrus.
>
> - Original Message -
> From: "Charles B Cranston" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, December 14, 2004 10:35 PM
> Subject: Re: DER public key file structure
>
>
> > DER is short for ASN.1 Distinguished Encoding Rules. The actual
> > format of certificates and things are standardized by X.500 but
> > these documents are expensive, so the Internet RFC people have
> > reprinted the information in a series of documents. Take a look
> > at ftp://www.ietf.org/rfc/rfc3280.txt particularly the examples
> > in Appendix C for the DER formats for certificates.
> >
> > As for keys, I think the standards document are the PKCS documents
> > which can be found at http://www.rsasecurity.com/rsalabs
> > look on the left for PKCS and get PKCS #1 RSA Cryptography Standard.
> > Look in chapter 11 ASN.1 syntax
> > 11.1 Key representations
> > 11.1.1 Public-key syntax
> >
> > I think this is right -- good luck!
> >
> > Andrus wrote:
> > > I need to decrypt RSA signature using RSA public key.
> > > Thanks to Nils Larsch reply I discovered that the
> following command can
> be
> > > used for this:
> > >
> > > openssl rsautl -verify -in sig.bin -inkey public.der
> -pubin -keyform
> > > DER -out signout.bin
> > >
> > > I have a RSA 1024 bits modulus and exponent 3
> > >
> > > I need to create a public.der file (160 bytes) from this
> data to be
> passed
> > > to openssl using not a C language.
> > >
> > > I looked into openssl sources but havent yet found DER
> file structure
> > > description.
> > >
> > > Where I can found the DER public file structure
> description which this
> > > command accepts ?
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
