doubt regd oid
Hello all, I have an application wherein I digitally sign files. In that application, I have an option to include timestamp of the *data file* in the signature as an un-authenticated attribute. I would like to know the OID this attribute should have. Since I am not timestamping the signature, I can't use this one id-aa-timeStampToken OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) aa(2) 14 } which is defined in the rfc 3161. In the same rfc, I found this one PKIXTSP {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-tsp(13)} I understand that this refers to the ASN1 module that describes various types defined in that rfc 3161. Is that true? Can I use this OID for my purpose(OID for timestamp response as an un-authenticated attribute)? - sravan __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: how to EVP_SignInit_ex() ?
coco coco wrote: > Is there any developer guide, like giving better description of the API > provided by openssl, beside the O'Reilly book? It doesn't have to be > tutorial, I'm quite ok with crypto stuff in Java, but using openssl > has been a try-and-error process so far, and constantly need to > dive into the openssl code itself. Then man pages/web pages. Incomplete, and sometimes hard to find, but when you do find a documented function it is usually documented enough to get you going. Start from http://www.openssl.org/docs/ Also the OpenSSL mailinglist archives (search) and general web searches help. There are also some tutorials/samples in the code. -- Heikki Toivonen signature.asc Description: OpenPGP digital signature
DSA_sign maximum digest length?
Hi everybody, I am not at all familiar with OpenSSL or DSA, but I was tinkering around trying to get DSA_sign/DSA_verify to work. I've stumbled upon a peculiar issue I have not seen brought up anywhere else, or documented. Somehow I am not able to sign messages longer than 20 bytes. The error message I am getting back is error:0A070064:lib(10):func(112):reason(100). I have not been able to find further info on this. Is there a maximum digest length? This is how I generate my DSA object. dsa = DSA_generate_parameters(512, NULL, 0, NULL, NULL, NULL, NULL); Thank you very much for your time. -- heredup = negatedup invert negate dup dup +dup dup lshift invertnegate dup emit 2tuckrot 2tuck dup lshift + swap( Andrey/Andrei Warkentin )invert - emit 2tuck 2swap drop+ + dup rot + swap emit rot dup invert negate * + emit drop cr bye
Re: Need objective arguments against double certificate
Thanks all for replying. More heated debates I guess. _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: how to EVP_SignInit_ex() ?
try a EVP_MD_CTX_init() before using the EVP_MD_CTX objects Thanks, not very familiar with openssl at all, this is the first time trying to get something quickly done with openssl. Is there any developer guide, like giving better description of the API provided by openssl, beside the O'Reilly book? It doesn't have to be tutorial, I'm quite ok with crypto stuff in Java, but using openssl has been a try-and-error process so far, and constantly need to dive into the openssl code itself. _ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Certificate chain problem
Eleftheria Petraki wrote: Hi all, Hello Elefteria, with the intermediate CA in the SSLCertificateChainFile the openssl s_client -connect ..., returns verify code: 0 (ok). The certificate chain reports two certificates, the server and the intermediate CA certificate with the correct issuers, while just after CONNECTED(004) I can see all the certificates in the chain included the root CA. Beware: The certificate verify code in s_client has is still room for improvement. So s_client having an verify code 0 doesn't say that the certificate chain is correct and complete... However I still cannot see the page with IE even though the root CA certificate is correctly imported. Mozilla works only if both root and intermediate certificates are imported. ??? Strange. I remember doing a verify test with an certificate chain with root and intermediate CA. And AFAIR Mozilla had no problem with only the root known. I think for chaining to work, the CA certificates must be version 3 certificates with basicConstrains- and keyUsage- extensions set. Could you send me the certificates ? Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many smime.p7s Description: S/MIME Cryptographic Signature
Re: r.e testing beta
Rodney Thayer wrote: I've tried one of the 0.9.8 snapshots and "make test" is failing, after running for an enormous amount of time. (openssl-0.9.8-stable-SNAP-20050613.tar.gz) Two questions: 1. what's the output supposed to look like, these days? Specifically, is it supposed to run a long time? I've had some incidents where a fresh build seems to get into a loop for make test. Unfortunately, every time I've considered nailing it down, its gone away. I haven't reported it yet, for lack of any concrete information. But if I'm not the only one... -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: r.e testing beta
Rodney Thayer wrote: I've tried one of the 0.9.8 snapshots and "make test" is failing, after running for an enormous amount of time. (openssl-0.9.8-stable-SNAP-20050613.tar.gz) Two questions: 1. what's the output supposed to look like, these days? what do you get ? Specifically, is it supposed to run a long time? depending the computing power a "make test" run may need some time 2. where's the right place to report this - assuming for the moment I've found a legitimate bit of beta feedback ;-) openssl-dev or the openssl bug tracker ([EMAIL PROTECTED]) Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: mini-ASN.1 compiler 0.9.8-beta5
pana wrote: Hi, I try to run the mini-ASN.1 compiler with several OpenSSL version but it doesn't work. The "-genstr" option results ever unknown by the system. Where is the error? What I miss? works for me, what did you do ? Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: using AES encryption
Julien ALLANOS wrote: Hello, I want to use AES encryption in my C application, but I am missing documentation. I only have openssl/aes.h but there isn't any manpage. Can someone points me to any how-to or source code? Thanks for you help. consider using the EVP_Cipher* etc. functions (see EVP_CipherInit_ex manpage) Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: how to EVP_SignInit_ex() ?
coco coco wrote: Sorry if this is a dumb question, I'm not sure why EVP_SignInit_ext() is giving me unhandled exception error. My code is a very simple testing code: char * clearText = "testing openssl"; char cryptText[MAX_LEN]; char buf[MAX_LEN]; unsigned char ubuf[MAX_LEN]; unsigned char sig[MAX_LEN]; unsigned int sigLen; EVP_PKEY key; EVP_MD_CTX sctx, vctx; int ret = EVP_PKEY_assign_RSA(&key, RSA_generate_key(1024, RSA_3, 0, 0)); if (ret != 1) std::cout << "Generate rsa key failed..." << std::endl; EVP_SignInit_ex(&sctx, EVP_sha1(), NULL); EVP_SignUpdate(&sctx, clearText, strlen(clearText)); memset(sig, 0, MAX_LEN); ret = EVP_SignFinal(&sctx, sig, &sigLen, &key); if (ret != 1) std::cout << "Signing failed..." << std::endl; ... Everytime I get to EVP_SignInit_ex(), I get the error: Unhandled exception at 0x1003dee6 in test.exe: 0xC005: Access violation reading location 0x. try a EVP_MD_CTX_init() before using the EVP_MD_CTX objects Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: PKCS12 client
Thank you Heikki Toivonen and Goetz Babin-Ebell, your suggestions were very helpful. -David > david kine wrote: > > How does one load verify locations into a SSL_CTX > from > > in-memory X509 certificates? > > You can get the X509_STORE from the SSL_CTX. > There you do an X509_STORE_add_cert() > __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
using AES encryption
Hello, I want to use AES encryption in my C application, but I am missing documentation. I only have openssl/aes.h but there isn't any manpage. Can someone points me to any how-to or source code? Thanks for you help. -- Julien ALLANOS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Need objective arguments against double certificate
On Tue, Jun 14, 2005 at 12:14:54AM -1000, coco coco wrote: > My apologies if this is not really an openssl question. Just want to get > some ideas from the gurus here. > > There is this company (a so-called partner) which has hired an external > security consultant to oversee the security of a project which makes use of > crypto quite heavily. The security consultant didn't do anything else, > except coming up with a scheme that requires that every key must have two > certificates, one certificate used for encryption and the other used for > signature. The key and certificates are stored in a USB token. The reason > from the so-called security consultant was that it is more secure this way. > And he got the backup from the CEO (well, the CEO brought him in). > > We called it bullshit, and were having a hot debate, most people (the > technical people) are opposed to that, saying that there is nothing secure > about this scheme. If you want to separate the signature key from the > encryption key, you should have 2 keys, and not one key with 2 > certificates. This does not make any sense. > You'll get more substantive support on cryptography@metzdowd.com (subscribe via [EMAIL PROTECTED]), but your analysis is correct. There are a number of attacks on RSA keys that are used to both sign and encrypt (attacker) chosen data. While these attacks can be avoided by not directly signing chosen data (rather only signing locally randomly generated session keys or hashes of data), it is indeed a sound practice to use separate keys when possible, but separate signing and encryption certificates for a single public/private key pair are nonsense. The right answer is two separate key pairs, with separate certs with correct usage bits to enforce the key purpose. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
r.e testing beta
I've tried one of the 0.9.8 snapshots and "make test" is failing, after running for an enormous amount of time. (openssl-0.9.8-stable-SNAP-20050613.tar.gz) Two questions: 1. what's the output supposed to look like, these days? Specifically, is it supposed to run a long time? 2. where's the right place to report this - assuming for the moment I've found a legitimate bit of beta feedback ;-) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
mini-ASN.1 compiler 0.9.8-beta5
Hi, I try to run the mini-ASN.1 compiler with several OpenSSL version but it doesn't work. The "-genstr" option results ever unknown by the system. Where is the error? What I miss? Thanks pana __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Signed data in CMS format
Hello All, I have the requirement to sign the data in CMS format. I used PKCS7_sign function , which outputs data in PKCS#7 format. After creating signed data, I am passing the data to the function “Verify_CMS()” (This function is not listed below, part of _javascript_) to verify. But this function is returning “Incorrect CMS” error. Is there any mistake in the following piece of code in creating signed data in PKCS#7 format? Any comment on this will help me greatly. Thanking you… PBYTE PKI_SignData (PBYTE pbByteArraytoAuthenticate, unsigned int uiByteArraytoAuthenticate_len, int ioptions, char* pcCertName) { unsigned char* pcTempAuthData = NULL; unsigned short usDataLength = 0; X509 *pSignerCert = NULL; EVP_PKEY *pkey = NULL; BIO *InputData = NULL; if (pbByteArraytoAuthenticate == NULL) return 0; /* check options parameters and validate the platform support */ if ( (ioptions & 1) && (bSupportingOpaqueSignatures == false) ) { g_pkiReasonCode = CMS_NO_OPAQUE_SIGNATURES; return 0; } if ( (!(ioptions & 1)) && (bSupportingDitachedSignatures == false) ) { g_pkiReasonCode = CMS_NO_DETACH_SIGNATURE; return 0; } if ( (ioptions & 2) && (bStoringCertificate == false) ) { g_pkiReasonCode = CMS_NO_CERTIFICATE; return 0; } pSignerCert = GetCertifcateByCertName(pcCertName); // get certificate from Cert store if(!pSignerCert) { g_pkiReasonCode = CMS_NO_CERTIFICATE; return 0; } pkey = GetRSAPrivateKeyByCertName(pcCertName); // gets corresponding private key if(!pkey) { g_pkiReasonCode = CMS_NO_CERTIFICATE; return 0; } InputData = GetBIOBydata((char*)pbByteArraytoAuthenticate, uiByteArraytoAuthenticate_len); // converts array of data to bio, since PKCS7_sign takes data in //bio format if(!InputData) { g_pkiReasonCode = CMS_FAILURE; return 0; } EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); EVP_add_digest(EVP_dss1()); EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); pkcs7 = PKCS7_sign (pSignerCert, pkey, NULL, InputData, options); // here options = 0 usDataLength = ASN1_item_i2d(pkcs7, &pcTempAuthData,ASN1_ITEM_rptr(PKCS7)); if (!usDataLength) { g_pkiReasonCode = CMS_FAILURE; return 0; } Return pcTempAuthData; } Thanks, Madhu # This Email Message is for the sole use of the intended recipient(s) and May contain CONFIDENTIAL and PRIVILEGED information. LG Soft India will not be responisible for any viruses or defects or any forwarded attachements emanating either from within LG Soft India or outside. Any unauthorised review , use, disclosure or distribution is prohibited. If you are not intentded recipient, please contact the sender by reply email and destroy all copies of the original message. #
Re: Signed data in CMS format
Why is this message 38K? On Tue, Jun 14, 2005 at 04:55:01PM +0530, Madhu Sudhan Reddy wrote: > > > > > Hello All, > > > > I have the requirement to sign the data in CMS format. I > used PKCS7_sign function , which outputs data in PKCS#7 format. > > > > After creating signed data, I am passing the data to the function > "Verify_CMS()" (This function is not listed below, part of JAVA script) > to verify. But this function is returning "Incorrect CMS" error. > > > > Is there any mistake in the following piece of code in > creating signed data in PKCS#7 format? > > > > Any comment on this will help me greatly. Thanking you... > > > > > > > > PBYTE PKI_SignData (PBYTE pbByteArraytoAuthenticate, > unsigned int uiByteArraytoAuthenticate_len, > > > int ioptions, char* pcCertName) > > { > > unsigned char* pcTempAuthData = NULL; > > unsigned short usDataLength = 0; > > X509 *pSignerCert = NULL; > > EVP_PKEY *pkey = NULL; > > BIO *InputData = NULL; > > > > if (pbByteArraytoAuthenticate == NULL) > > return 0; > > > > /* check options parameters and validate the platform > support */ > > if ( (ioptions & 1) && (bSupportingOpaqueSignatures == > false) ) > > { > > g_pkiReasonCode = CMS_NO_OPAQUE_SIGNATURES; > > return 0; > > } > > if ( (!(ioptions & 1)) && (bSupportingDitachedSignatures == > false) ) > > { > > g_pkiReasonCode = CMS_NO_DETACH_SIGNATURE; > > return 0; > > } > > if ( (ioptions & 2) && (bStoringCertificate == false) ) > > { > > g_pkiReasonCode = CMS_NO_CERTIFICATE; > > return 0; > > } > > pSignerCert = GetCertifcateByCertName(pcCertName); // get > certificate from Cert store > > if(!pSignerCert) > > { > > g_pkiReasonCode = CMS_NO_CERTIFICATE; > > return 0; > > } > > > > pkey = GetRSAPrivateKeyByCertName(pcCertName); // gets > corresponding private key > > if(!pkey) > > { > > g_pkiReasonCode = CMS_NO_CERTIFICATE; > > return 0; > > } > > InputData = GetBIOBydata((char*)pbByteArraytoAuthenticate, > uiByteArraytoAuthenticate_len); // converts array of data to bio, since > PKCS7_sign takes data in > > > //bio format > > if(!InputData) > > { > > g_pkiReasonCode = CMS_FAILURE; > > return 0; > > } > > > > EVP_add_digest(EVP_sha1()); > > EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); > > > EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); > > EVP_add_digest(EVP_dss1()); > > EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); > > EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); > > EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); > > > > pkcs7 = PKCS7_sign (pSignerCert, pkey, NULL, InputData, > options); // here options = 0 > > > > > > usDataLength = ASN1_item_i2d(pkcs7, > &pcTempAuthData,ASN1_ITEM_rptr(PKCS7)); > > > > if (!usDataLength) > > { > > g_pkiReasonCode = CMS_FAILURE; > > return 0; > > } > > > > Return pcTempAuthData; > > > > } > > > > > > Thanks, > > Madhu > > # > This Email Message is for the sole use of the intended recipient(s) and May > contain CONFIDENTIAL and PRIVILEGED information. > LG Soft India will not be responisible for any viruses or defects or > any forwarded attachements emanating either from within > LG Soft India or outside. Any unauthorised review , use, disclosure or > distribution is prohibited. If you are not intentded > recipient, please contact the sender by reply email and destroy all > copies of the original message. > # __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Signed data in CMS format
Hello All, I have the requirement to sign the data in CMS format. I used PKCS7_sign function , which outputs data in PKCS#7 format. After creating signed data, I am passing the data to the function “Verify_CMS()” (This function is not listed below, part of _javascript_) to verify. But this function is returning “Incorrect CMS” error. Is there any mistake in the following piece of code in creating signed data in PKCS#7 format? Any comment on this will help me greatly. Thanking you… PBYTE PKI_SignData (PBYTE pbByteArraytoAuthenticate, unsigned int uiByteArraytoAuthenticate_len, int ioptions, char* pcCertName) { unsigned char* pcTempAuthData = NULL; unsigned short usDataLength = 0; X509 *pSignerCert = NULL; EVP_PKEY *pkey = NULL; BIO *InputData = NULL; if (pbByteArraytoAuthenticate == NULL) return 0; /* check options parameters and validate the platform support */ if ( (ioptions & 1) && (bSupportingOpaqueSignatures == false) ) { g_pkiReasonCode = CMS_NO_OPAQUE_SIGNATURES; return 0; } if ( (!(ioptions & 1)) && (bSupportingDitachedSignatures == false) ) { g_pkiReasonCode = CMS_NO_DETACH_SIGNATURE; return 0; } if ( (ioptions & 2) && (bStoringCertificate == false) ) { g_pkiReasonCode = CMS_NO_CERTIFICATE; return 0; } pSignerCert = GetCertifcateByCertName(pcCertName); // get certificate from Cert store if(!pSignerCert) { g_pkiReasonCode = CMS_NO_CERTIFICATE; return 0; } pkey = GetRSAPrivateKeyByCertName(pcCertName); // gets corresponding private key if(!pkey) { g_pkiReasonCode = CMS_NO_CERTIFICATE; return 0; } InputData = GetBIOBydata((char*)pbByteArraytoAuthenticate, uiByteArraytoAuthenticate_len); // converts array of data to bio, since PKCS7_sign takes data in //bio format if(!InputData) { g_pkiReasonCode = CMS_FAILURE; return 0; } EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); EVP_add_digest(EVP_dss1()); EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); pkcs7 = PKCS7_sign (pSignerCert, pkey, NULL, InputData, options); // here options = 0 usDataLength = ASN1_item_i2d(pkcs7, &pcTempAuthData,ASN1_ITEM_rptr(PKCS7)); if (!usDataLength) { g_pkiReasonCode = CMS_FAILURE; return 0; } Return pcTempAuthData; } Thanks, Madhu # This Email Message is for the sole use of the intended recipient(s) and May contain CONFIDENTIAL and PRIVILEGED information. LG Soft India will not be responisible for any viruses or defects or any forwarded attachements emanating either from within LG Soft India or outside. Any unauthorised review , use, disclosure or distribution is prohibited. If you are not intentded recipient, please contact the sender by reply email and destroy all copies of the original message. #
Re: Need objective arguments against double certificate
coco coco wrote: My apologies if this is not really an openssl question. Just want to get some ideas from the gurus here. There is this company (a so-called partner) which has hired an external security consultant to oversee the security of a project which makes use of crypto quite heavily. The security consultant didn't do anything else, except coming up with a scheme that requires that every key must have two certificates, one certificate used for encryption and the other used for signature. The key and certificates are stored in a USB token. The reason from the so-called security consultant was that it is more secure this way. And he got the backup from the CEO (well, the CEO brought him in). We called it bullshit, and were having a hot debate, most people (the technical people) are opposed to that, saying that there is nothing secure about this scheme. If you want to separate the signature key from the encryption key, you should have 2 keys, and not one key with 2 certificates. This does not make any sense. The CEO said he trusts the "security expert", and if we want to change that, we need to come up with better arguments than that. It does not affect us too much, as we just need to modify little portion of our code (mostly java) to handle the double-certificates thingy. But the annoying thing is, the 2 certificates do not even specify usage attributes correctly. And our security expert said it does not matter, we (the programmers) have to figure that out, which cert is used for signature and which one is used for encryption. We do all kinds of tricks to handle that, and it's not even reliable. And the bad thing is that he also wants to re-engineer all other existing applications to use this double-cert scheme. Even worse, the consultant from the local CA also supports that scheme, because (well, that's understandable) the CA got to sell two certs to each user. What do you think? The prime argument against this scheme is, that it is more work (and costs more money) doing it. So the argument should be the other way round, that is why does this scheme make things more secure? It may depend on the things you are doing with the certificates/keys, but I have not managed to imagine a scenario where using two different certs (especially if issued by the same CA) for the same key do increase security... But I'm afraid that if the CEO trusts the security guy more than he trusts you, and he wants to spend the money ("we have increased investments in security by 50%") you'll have a hard time finding better arguments... :-\ coco Hope it helps Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 smime.p7s Description: S/MIME Cryptographic Signature
RE: Need objective arguments against double certificate
>If you want to separate the signature key from the encryption key, you should have 2 keys, and not one key with 2 certificates. Totally agreed - the reason for using key separation is that encryption keys will (typically) have a shorter life time than signing keys (at least for certificate validity, if not for usage period), and the other reason is that if only one key is compromised then other one isn't. Two different certs for one key is strange indeed. Note the term "key separation" is used specifically, not the term "certificate separation" ... Dave __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Need objective arguments against double certificate
My apologies if this is not really an openssl question. Just want to get some ideas from the gurus here. There is this company (a so-called partner) which has hired an external security consultant to oversee the security of a project which makes use of crypto quite heavily. The security consultant didn't do anything else, except coming up with a scheme that requires that every key must have two certificates, one certificate used for encryption and the other used for signature. The key and certificates are stored in a USB token. The reason from the so-called security consultant was that it is more secure this way. And he got the backup from the CEO (well, the CEO brought him in). We called it bullshit, and were having a hot debate, most people (the technical people) are opposed to that, saying that there is nothing secure about this scheme. If you want to separate the signature key from the encryption key, you should have 2 keys, and not one key with 2 certificates. This does not make any sense. The CEO said he trusts the "security expert", and if we want to change that, we need to come up with better arguments than that. It does not affect us too much, as we just need to modify little portion of our code (mostly java) to handle the double-certificates thingy. But the annoying thing is, the 2 certificates do not even specify usage attributes correctly. And our security expert said it does not matter, we (the programmers) have to figure that out, which cert is used for signature and which one is used for encryption. We do all kinds of tricks to handle that, and it's not even reliable. And the bad thing is that he also wants to re-engineer all other existing applications to use this double-cert scheme. Even worse, the consultant from the local CA also supports that scheme, because (well, that's understandable) the CA got to sell two certs to each user. What do you think? coco _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
how to EVP_SignInit_ex() ?
Sorry if this is a dumb question, I'm not sure why EVP_SignInit_ext() is giving me unhandled exception error. My code is a very simple testing code: char * clearText = "testing openssl"; char cryptText[MAX_LEN]; char buf[MAX_LEN]; unsigned char ubuf[MAX_LEN]; unsigned char sig[MAX_LEN]; unsigned int sigLen; EVP_PKEY key; EVP_MD_CTX sctx, vctx; int ret = EVP_PKEY_assign_RSA(&key, RSA_generate_key(1024, RSA_3, 0, 0)); if (ret != 1) std::cout << "Generate rsa key failed..." << std::endl; EVP_SignInit_ex(&sctx, EVP_sha1(), NULL); EVP_SignUpdate(&sctx, clearText, strlen(clearText)); memset(sig, 0, MAX_LEN); ret = EVP_SignFinal(&sctx, sig, &sigLen, &key); if (ret != 1) std::cout << "Signing failed..." << std::endl; EVP_VerifyInit_ex(&vctx, EVP_sha1(), NULL); EVP_VerifyUpdate(&vctx, clearText, strlen(clearText)); ret = EVP_VerifyFinal(&vctx, sig, sigLen, &key); if (ret == 1) std::cout << "Signature is valid" << std::endl; else if (ret == 0) std::cout << "Signature is invalid..." << std::endl; else std::cout << "Verification failed..." << std::endl; Everytime I get to EVP_SignInit_ex(), I get the error: Unhandled exception at 0x1003dee6 in test.exe: 0xC005: Access violation reading location 0x. This code is basically copied from the sample. Is there anyting I need to initialize before that as well? thanks in advance cc _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Certificate chain problem
Hi all, with the intermediate CA in the SSLCertificateChainFile the openssl s_client -connect ..., returns verify code: 0 (ok). The certificate chain reports two certificates, the server and the intermediate CA certificate with the correct issuers, while just after CONNECTED(004) I can see all the certificates in the chain included the root CA. However I still cannot see the page with IE even though the root CA certificate is correctly imported. Mozilla works only if both root and intermediate certificates are imported. I am going to abandon this scheme and use only the root CA. Thank you for your answers... From: Goetz Babin-Ebell <[EMAIL PROTECTED]> Reply-To: openssl-users@openssl.org To: openssl-users@openssl.org Subject: Re: Certificate chain problem Date: Mon, 13 Jun 2005 22:40:10 +0200 Eleftheria Petraki wrote: > Hi all, Hello Eleftheria, > I have generated a self signed root certification authority and an > intermediate certification authority signed by the root CA using openssl > 0.9.7g. The intermediate CA signed an apache 1 with mod-ssl SSL server > certificate. Both the root and intermediate PEM certificates are placed > in the file ca.crt pointed by the directive SSLCACertificateFile. How about putting the intermediate CA-certificate in the file ca.chain and let the directive SSLCertificateChainFile point to it? SSLCACertificateFile is IMHO only for accepted CAs for client authentication (so no wonder the server does not accept the connection request, your browser does not have an according client certificate). Unfortunately it is not working. IE still cannot display the page and Mozilla causes the following entry in error_log: [Mon Jun 13 16:42:57 2005] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?] Perhaps you should start with a more basic approach: do an openssl s_client -connect server:443 -CAfile root.crt (root.crt should only contain the root certificate...) If this prints somewhere the verify error message "unable to get local issuer certificate" the server doesn't send the intermediate CA cert. (this is an error, only the root cert may be omitted...) You should insert the intermediate CE cert in the CA cert file the directive SSLCertificateChainFile points to... But CN is identical to server name and openssl verifies correctly the server certificate. If both root and intermediate CA certificates are imported in Mozilla the page is opened without problems. However the same thing does not work in IE - the page cannot be displayed. I am realy confused. In your constellation s_client should print an certificate chain with 2 certificates in it... * the root cert (from the CAfile) and * the intermediate cert (provided by the server) Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many << smime.p7s >> _ FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [Norton AntiSpam] question on reading PEM from memory
Thanks a lot, that seems to be the problem. rgds Try to split b64 data in 64 chars lines. Francesco Petruzzi _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [Norton AntiSpam] question on reading PEM from memory
Try to split b64 data in 64 chars lines. Francesco Petruzzi [EMAIL PROTECTED] The information contained in this electronic message and any attachments (the "Message") is intended for one or more specific individuals or entities, and may be confidential, proprietary, privileged or otherwise protected by law. If you are not the intended recipient, please notify the sender immediately, delete this Message and do not disclose, distribute, or copy it to any third party or otherwise use this Message. Electronic messages are not secure or error free and can contain viruses or may be delayed, and the sender is not liable for any of these occurrences. The sender reserves the right to monitor, record and retain electronic messages. Le informazioni contenute in questo messaggio e gli eventuali allegati (il "Messaggio") si intendono inviate a uno o piú specifici destinatari. Il contenuto del Messaggio puó essere confidenziale, riservato e comunque protetto dalla legge applicabile. Se non siete i destinatari del Messaggio, siete pregati di informare immediatamente il mittente, cancellare questo Messaggio, non rivelarlo, non distribuirlo ne' inoltrarlo a terzi, non copiarlo né farne alcun uso. I messaggi di posta elettronica non sono sicuri e sono soggetti ad alterazioni, possono essere trasmettitori di Virus informatici o soggetti a ritardi nella distribuzione. Il mittente del Messaggio non puó essere in alcun modo considerato responsabile per queste evenienze. Il mittente si riserva il diritto di archiviare, ritenere e controllare i messaggi di posta elettronica. - Original Message - From: "coco coco" <[EMAIL PROTECTED]> To: Sent: Tuesday, June 14, 2005 9:24 AM Subject: [Norton AntiSpam] question on reading PEM from memory > I'm trying to read a certificate in PEM format from memory, using BIO, but > everytime, it just returns NULL. Can anyone point out what's wrong with this > code? > > char * mykey = > "-BEGIN CERTIFICATE-\n" \ > "MIIBzjCCATegAwIBAgIIB+d8Z03zbQQwDQYJKoZIhvcNAQEFBQAwHzEMMAoGA1UEAxMDY3NwMQ8 wDQYDVQQGDAbkuK3lm70wHhcNMDUwMjA2MDc1OTQ3WhcNMDcwMjA2MDc1OTQ3WjAfMQwwCgYDVQQ DEwNjc3AxDzANBgNVBAYMBuS4reWbvTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAi5ERCTk 3RC8W/9T+ozruc9kWhLh9vQ1Ke130TfzWgX0wK2qGNUy+C4CCsjn6ThO8vz4QQtbt1QSwl8+BUAU dAto2iiHyI4nzxEnwhTheRDFnJsjMwwbjkYXZIDgpt+EiT9U0UryHtNaPUK7+se9Ee7PpjbJb51v wHhIGOikhDdkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEBADANBgkqhkiG9w0BAQUFAAOBgQB/nUF ATa4V8CXo0nMZYzBGA+bddbkphmW1unD/BLLbWq4ant4bgALt0a1nqHKEAPkeHXryxvsvZAoRR4m I7YvEjQvKaA06AwniATOcMDsa3RrHRoXp+/N2OfNMzjYt3Wa0ZqiI9Y/u1odrkvFamhKuCpMzvrJ SOACsiKB31v2fuw==\n" > \ > "-END CERTIFICATE-\n"; > > BIO *bio = BIO_new_mem_buf(mykey, -1); > > X509 *x509 = NULL; > PEM_read_bio_X509(bio, &x509, 0, NULL); > > if (x509 == NULL) > std::cout << "PEM_read_bio_X509 failed..." << std::endl; > > The problem is PEM_read_bio_X509() always return NULL for x509. I must have > done something wrong, but have no clue what is going on here. Browsing thru > the book "Network Security with OpenSSL" over and over again, and even > reading the code of OpenSSL, the way I invoked those functions seems correct > to me. > > Any help would be very much appreciated. > > rgds > > _ > Express yourself instantly with MSN Messenger! Download today - it's FREE! > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
question on reading PEM from memory
I'm trying to read a certificate in PEM format from memory, using BIO, but everytime, it just returns NULL. Can anyone point out what's wrong with this code? char * mykey = "-BEGIN CERTIFICATE-\n" \ "MIIBzjCCATegAwIBAgIIB+d8Z03zbQQwDQYJKoZIhvcNAQEFBQAwHzEMMAoGA1UEAxMDY3NwMQ8wDQYDVQQGDAbkuK3lm70wHhcNMDUwMjA2MDc1OTQ3WhcNMDcwMjA2MDc1OTQ3WjAfMQwwCgYDVQQDEwNjc3AxDzANBgNVBAYMBuS4reWbvTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAi5ERCTk3RC8W/9T+ozruc9kWhLh9vQ1Ke130TfzWgX0wK2qGNUy+C4CCsjn6ThO8vz4QQtbt1QSwl8+BUAUdAto2iiHyI4nzxEnwhTheRDFnJsjMwwbjkYXZIDgpt+EiT9U0UryHtNaPUK7+se9Ee7PpjbJb51vwHhIGOikhDdkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEBADANBgkqhkiG9w0BAQUFAAOBgQB/nUFATa4V8CXo0nMZYzBGA+bddbkphmW1unD/BLLbWq4ant4bgALt0a1nqHKEAPkeHXryxvsvZAoRR4mI7YvEjQvKaA06AwniATOcMDsa3RrHRoXp+/N2OfNMzjYt3Wa0ZqiI9Y/u1odrkvFamhKuCpMzvrJSOACsiKB31v2fuw==\n" \ "-END CERTIFICATE-\n"; BIO *bio = BIO_new_mem_buf(mykey, -1); X509 *x509 = NULL; PEM_read_bio_X509(bio, &x509, 0, NULL); if (x509 == NULL) std::cout << "PEM_read_bio_X509 failed..." << std::endl; The problem is PEM_read_bio_X509() always return NULL for x509. I must have done something wrong, but have no clue what is going on here. Browsing thru the book "Network Security with OpenSSL" over and over again, and even reading the code of OpenSSL, the way I invoked those functions seems correct to me. Any help would be very much appreciated. rgds _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Decrypting Client TLS Finish
Hi, I am trying to decrypt the client TLS finish. The TLS client finish message should contain 4 bytes of header (1 byte of type + 3 bytes of len), 12 bytes of verify data, 20 bytes of sha1-mac, 3 bytes of padding an 1 bytes of padlen. The EVP_CipherFinal fails with the following error message: 13255:error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt:evp_enc.c:450: The outlen is set to 32 after EVP_CipherUpdate . Any help will be appreciated. Thanks, Brijesh int inlen = 40; EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init (&ctx); EVP_CipherInit (&ctx, EVP_des_ede3_cbc(), tkb->client_write_key,tkb->client_write_iv, 0); if (EVP_CipherUpdate (&ctx, out, &outlen, in, inlen) != 1) { ERR_print_errors_fp (stderr); } if (EVP_CipherFinal (&ctx, out + outlen, &plen) != 1) { ERR_print_errors_fp (stderr); } outlen += plen; EVP_CIPHER_CTX_cleanup(&ctx); __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]