Re: Maximum encryption length [SOLVED]
Hi Goetz, Am Samstag, 03. Feb 2007, 21:46:36 +0100 schrieb Goetz Babin-Ebell: You should use the openssl smime command. I'm using Ruby; S/MIME seems to be rather young here. At least it is hidden properly well. I just found it. SMIME is basically PKCS#7 with some aditionally data, so you find the related info in the OpenSSL pkcs7 interface. I omit signing, the file won't be sent by mail. I'm doing this in Ruby with success: key_crt = OpenSSL::X509::Certificate.new -BEGIN CERTIFICATE... key_pem = OpenSSL::PKey::RSA.new -BEGIN RSA PRIVATE KEY... p7enc = OpenSSL::PKCS7::encrypt( [key_crt], original) encrypted = OpenSSL::PKCS7.write_smime( p7enc) p7dec = OpenSSL::PKCS7::read_smime( encrypted) decrypted = p7dec.decrypt( key_pem, key_crt) if decrypt != original then The command line version of this is: openssl smime -encrypt -in original -out encrypted some.crt openssl smime -decrypt -in encrypted -out decrypted -inkey some.pem some.crt Thanks. Bertram -- Bertram Scharpf Stuttgart, Deutschland/Germany http://www.bertram-scharpf.de __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
How to create intermediate CA
Hi All, Please can any one tell me what are the different methods to create an Intermediate ca certificate. Regards, Jaya __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
ASN.1 Encoding/Decoding when Optional field.
Hi,
I have a slight problem manipulating optional ASN.1 fields. I'm
encoding/decoding a simple DigestInfo structure (by the way, this
corresponds to X509_SIG - I just rebuild my own for the fun ;-)).
First, I populate my DigestInfo structure and encode it. As the
parameters field is optional, note I allocate a new ASN1_TYPE object.
Looks like it's the way to do it, to my understanding. So, then, in the
end, when I have encoded the structure and finally free everything, I
take care to call ASN1_TYPE_free.
Then, I decode my DER encoded buffer. Strangely, I get
OID: (nid=0) - undefined for the OID !
If, during encoding, I do NOT free the ASN1_TYPE, then I do retrieve my
OID at decoding time !
OID: (nid=64) - sha1
I don't understand it, as the DER sequence is the same ! Does somebody
have a hint ?
Thanks
Axelle.
typedef struct {
ASN1_OBJECT *id;
ASN1_TYPE *parameters;
} AlgorithmIdentifier;
typedef struct {
AlgorithmIdentifier *digestAlgorithm;
ASN1_OCTET_STRING *digest;
} DigestInfo;
ASN1_SEQUENCE(AlgorithmIdentifier) = {
ASN1_SIMPLE(AlgorithmIdentifier, id, ASN1_OBJECT),
ASN1_OPT(AlgorithmIdentifier, parameters, ASN1_ANY)
} ASN1_SEQUENCE_END(AlgorithmIdentifier)
IMPLEMENT_ASN1_FUNCTIONS(AlgorithmIdentifier)
ASN1_SEQUENCE(DigestInfo) = {
ASN1_SIMPLE(DigestInfo, digestAlgorithm, AlgorithmIdentifier),
ASN1_SIMPLE(DigestInfo, digest, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(DigestInfo)
IMPLEMENT_ASN1_FUNCTIONS(DigestInfo)
int encode_digestinfo(unsigned char **der) {
DigestInfo *dinfo = DigestInfo_new();
unsigned char digest[] = { 0x01, ... }; // whatever ! (20 bytes long)
int len;
dinfo-digestAlgorithm-id = OBJ_nid2obj(NID_sha1);
dinfo-digestAlgorithm-parameters = ASN1_TYPE_new();
ASN1_TYPE_set(dinfo-digestAlgorithm-parameters, V_ASN1_NULL, NULL);
ASN1_OCTET_STRING_set(dinfo-digest, digest, sizeof(digest));
len = i2d_DigestInfo(dinfo, der);
ASN1_TYPE_free(dinfo-digestAlgorithm-parameters);
DigestInfo_free(dinfo);
return len;
}
void decode_digestinfo(const unsigned char *der, int len) {
DigestInfo *dinfo;
int nid;
// decode
dinfo = d2i_DigestInfo(NULL, der, (long)len);
// retrieve OID
nid = OBJ_obj2nid(dinfo-digestAlgorithm-id);
printf(-- OID: (nid=%d) - %s\n, nid, OBJ_nid2ln(nid));
// retrieve parameters if any
if (dinfo-digestAlgorithm-parameters) {
switch(ASN1_TYPE_get(dinfo-digestAlgorithm-parameters)) {
case V_ASN1_NULL:
printf(-- NULL parameters\n);
break;
}
}
// retrieve digest
printf(-- Digest: \n);
dump_buffer(dinfo-digest-data, dinfo-digest-length);
// free
DigestInfo_free(dinfo);
}
int main(int argc, char **argv) {
unsigned char *der = NULL;
int len;
len = encode_digestinfo(der);
printf(DER encoded sequence: \n);
dump_buffer(der, len);
printf(Decoding...\n);
decode_digestinfo(der, len);
free(der);
return 1;
}
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: ASN.1 Encoding/Decoding when Optional field.
On Tue, Feb 06, 2007, [EMAIL PROTECTED] wrote: Hi, I have a slight problem manipulating optional ASN.1 fields. I'm encoding/decoding a simple DigestInfo structure (by the way, this corresponds to X509_SIG - I just rebuild my own for the fun ;-)). First, I populate my DigestInfo structure and encode it. As the parameters field is optional, note I allocate a new ASN1_TYPE object. Looks like it's the way to do it, to my understanding. So, then, in the end, when I have encoded the structure and finally free everything, I take care to call ASN1_TYPE_free. Then, I decode my DER encoded buffer. Strangely, I get OID: (nid=0) - undefined for the OID ! If, during encoding, I do NOT free the ASN1_TYPE, then I do retrieve my OID at decoding time ! OID: (nid=64) - sha1 I don't understand it, as the DER sequence is the same ! Does somebody have a hint ? You shouldn't free any internal fields in an ASN1 structure even if they are OPTIONAL. The main free function will automatically free them. In you case just calling DigestInfo_free() is sufficient. If you do free internals you'll get a double free which will typically result in undefined behaviour. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Problem with linking library
Hi,
my problem is solved.
Thanks anyway,
Minh.
---
Hi Dinh Thao,
thank you very much for your reply. I have no more problem with
linking.
but now I have problem when I compile file client.c and common.c:
[EMAIL PROTECTED]:~/SSL-connection$ gcc client.c -o client -Wall
-lcrypto
-lssl -lpthread
/tmp/ccUugnSm.o: In function `main':
client.c:(.text+0xcb): undefined reference to `init_OpenSSL'
client.c:(.text+0xfc): undefined reference to `handle_error'
client.c:(.text+0x13f): undefined reference to `handle_error'
collect2: ld returned 1 exit status
Can you tell me where is problem?
Thanks, Minh.
Here ist relevant code:
common.h
#include openssl/bio.h
#include openssl/err.h
#include openssl/rand.h
#include openssl/ssl.h
#include openssl/x509v3.h
#ifndef WIN32
#include pthread.h
#define THREAD_CC
#define THREAD_TYPEpthread_t
#define THREAD_CREATE(tid, entry, arg) pthread_create((tid), NULL,
\
(entry),
(arg))
#else
#include windows.h
#define THREAD_CC __cdecl
#define THREAD_TYPEDWORD
#define THREAD_CREATE(tid, entry, arg) do { _beginthread((entry), 0,
(arg));\
(tid) =
GetCurrentThreadId(); \
} while (0)
#endif
#define PORT6001
#define SERVER splat.zork.org
#define CLIENT shell.zork.org
#define int_error(msg) handle_error(__FILE__, __LINE__, msg)
void handle_error(const char *file, int lineno, const char *msg);
void init_OpenSSL(void);
common.c==
#include common.h
void handle_error(const char *file, int lineno, const char *msg)
{
fprintf(stderr, ** %s:%i %s\n, file, lineno, msg);
ERR_print_errors_fp(stderr);
exit(-1);
}
void init_OpenSSL(void)
{
if (!SSL_library_init())
{
fprintf(stderr, ** OpenSSL initialization failed!\n);
exit(-1);
}
SSL_load_error_strings();
}
client.c
#include common.h
void do_client_loop(BIO *conn)
{
int err, nwritten;
char buf[80];
for (;;)
{
if (!fgets(buf, sizeof(buf), stdin))
break;
for (nwritten = 0; nwritten sizeof(buf); nwritten +=
err)
{
err = BIO_write(conn, buf + nwritten, strlen(buf) -
nwritten);
if (err = 0)
return;
}
}
}
int main(int argc, char *argv[])
{
BIO *conn;
init_OpenSSL();
conn = BIO_new_connect(SERVER : PORT);
if (!conn)
int_error(Error creating connection BIO);
if (BIO_do_connect(conn) = 0)
int_error(Error connecting to remote machine);
fprintf(stderr, Connection opened\n);
do_client_loop(conn);
fprintf(stderr, Connection closed\n);
BIO_free(conn);
return 0;
}
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
