Re: Maximum encryption length [SOLVED]
Hi Goetz, Am Samstag, 03. Feb 2007, 21:46:36 +0100 schrieb Goetz Babin-Ebell: You should use the openssl smime command. I'm using Ruby; S/MIME seems to be rather young here. At least it is hidden properly well. I just found it. SMIME is basically PKCS#7 with some aditionally data, so you find the related info in the OpenSSL pkcs7 interface. I omit signing, the file won't be sent by mail. I'm doing this in Ruby with success: key_crt = OpenSSL::X509::Certificate.new -BEGIN CERTIFICATE... key_pem = OpenSSL::PKey::RSA.new -BEGIN RSA PRIVATE KEY... p7enc = OpenSSL::PKCS7::encrypt( [key_crt], original) encrypted = OpenSSL::PKCS7.write_smime( p7enc) p7dec = OpenSSL::PKCS7::read_smime( encrypted) decrypted = p7dec.decrypt( key_pem, key_crt) if decrypt != original then The command line version of this is: openssl smime -encrypt -in original -out encrypted some.crt openssl smime -decrypt -in encrypted -out decrypted -inkey some.pem some.crt Thanks. Bertram -- Bertram Scharpf Stuttgart, Deutschland/Germany http://www.bertram-scharpf.de __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
How to create intermediate CA
Hi All, Please can any one tell me what are the different methods to create an Intermediate ca certificate. Regards, Jaya __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
ASN.1 Encoding/Decoding when Optional field.
Hi, I have a slight problem manipulating optional ASN.1 fields. I'm encoding/decoding a simple DigestInfo structure (by the way, this corresponds to X509_SIG - I just rebuild my own for the fun ;-)). First, I populate my DigestInfo structure and encode it. As the parameters field is optional, note I allocate a new ASN1_TYPE object. Looks like it's the way to do it, to my understanding. So, then, in the end, when I have encoded the structure and finally free everything, I take care to call ASN1_TYPE_free. Then, I decode my DER encoded buffer. Strangely, I get OID: (nid=0) - undefined for the OID ! If, during encoding, I do NOT free the ASN1_TYPE, then I do retrieve my OID at decoding time ! OID: (nid=64) - sha1 I don't understand it, as the DER sequence is the same ! Does somebody have a hint ? Thanks Axelle. typedef struct { ASN1_OBJECT *id; ASN1_TYPE *parameters; } AlgorithmIdentifier; typedef struct { AlgorithmIdentifier *digestAlgorithm; ASN1_OCTET_STRING *digest; } DigestInfo; ASN1_SEQUENCE(AlgorithmIdentifier) = { ASN1_SIMPLE(AlgorithmIdentifier, id, ASN1_OBJECT), ASN1_OPT(AlgorithmIdentifier, parameters, ASN1_ANY) } ASN1_SEQUENCE_END(AlgorithmIdentifier) IMPLEMENT_ASN1_FUNCTIONS(AlgorithmIdentifier) ASN1_SEQUENCE(DigestInfo) = { ASN1_SIMPLE(DigestInfo, digestAlgorithm, AlgorithmIdentifier), ASN1_SIMPLE(DigestInfo, digest, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(DigestInfo) IMPLEMENT_ASN1_FUNCTIONS(DigestInfo) int encode_digestinfo(unsigned char **der) { DigestInfo *dinfo = DigestInfo_new(); unsigned char digest[] = { 0x01, ... }; // whatever ! (20 bytes long) int len; dinfo-digestAlgorithm-id = OBJ_nid2obj(NID_sha1); dinfo-digestAlgorithm-parameters = ASN1_TYPE_new(); ASN1_TYPE_set(dinfo-digestAlgorithm-parameters, V_ASN1_NULL, NULL); ASN1_OCTET_STRING_set(dinfo-digest, digest, sizeof(digest)); len = i2d_DigestInfo(dinfo, der); ASN1_TYPE_free(dinfo-digestAlgorithm-parameters); DigestInfo_free(dinfo); return len; } void decode_digestinfo(const unsigned char *der, int len) { DigestInfo *dinfo; int nid; // decode dinfo = d2i_DigestInfo(NULL, der, (long)len); // retrieve OID nid = OBJ_obj2nid(dinfo-digestAlgorithm-id); printf(-- OID: (nid=%d) - %s\n, nid, OBJ_nid2ln(nid)); // retrieve parameters if any if (dinfo-digestAlgorithm-parameters) { switch(ASN1_TYPE_get(dinfo-digestAlgorithm-parameters)) { case V_ASN1_NULL: printf(-- NULL parameters\n); break; } } // retrieve digest printf(-- Digest: \n); dump_buffer(dinfo-digest-data, dinfo-digest-length); // free DigestInfo_free(dinfo); } int main(int argc, char **argv) { unsigned char *der = NULL; int len; len = encode_digestinfo(der); printf(DER encoded sequence: \n); dump_buffer(der, len); printf(Decoding...\n); decode_digestinfo(der, len); free(der); return 1; } __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ASN.1 Encoding/Decoding when Optional field.
On Tue, Feb 06, 2007, [EMAIL PROTECTED] wrote: Hi, I have a slight problem manipulating optional ASN.1 fields. I'm encoding/decoding a simple DigestInfo structure (by the way, this corresponds to X509_SIG - I just rebuild my own for the fun ;-)). First, I populate my DigestInfo structure and encode it. As the parameters field is optional, note I allocate a new ASN1_TYPE object. Looks like it's the way to do it, to my understanding. So, then, in the end, when I have encoded the structure and finally free everything, I take care to call ASN1_TYPE_free. Then, I decode my DER encoded buffer. Strangely, I get OID: (nid=0) - undefined for the OID ! If, during encoding, I do NOT free the ASN1_TYPE, then I do retrieve my OID at decoding time ! OID: (nid=64) - sha1 I don't understand it, as the DER sequence is the same ! Does somebody have a hint ? You shouldn't free any internal fields in an ASN1 structure even if they are OPTIONAL. The main free function will automatically free them. In you case just calling DigestInfo_free() is sufficient. If you do free internals you'll get a double free which will typically result in undefined behaviour. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Problem with linking library
Hi, my problem is solved. Thanks anyway, Minh. --- Hi Dinh Thao, thank you very much for your reply. I have no more problem with linking. but now I have problem when I compile file client.c and common.c: [EMAIL PROTECTED]:~/SSL-connection$ gcc client.c -o client -Wall -lcrypto -lssl -lpthread /tmp/ccUugnSm.o: In function `main': client.c:(.text+0xcb): undefined reference to `init_OpenSSL' client.c:(.text+0xfc): undefined reference to `handle_error' client.c:(.text+0x13f): undefined reference to `handle_error' collect2: ld returned 1 exit status Can you tell me where is problem? Thanks, Minh. Here ist relevant code: common.h #include openssl/bio.h #include openssl/err.h #include openssl/rand.h #include openssl/ssl.h #include openssl/x509v3.h #ifndef WIN32 #include pthread.h #define THREAD_CC #define THREAD_TYPEpthread_t #define THREAD_CREATE(tid, entry, arg) pthread_create((tid), NULL, \ (entry), (arg)) #else #include windows.h #define THREAD_CC __cdecl #define THREAD_TYPEDWORD #define THREAD_CREATE(tid, entry, arg) do { _beginthread((entry), 0, (arg));\ (tid) = GetCurrentThreadId(); \ } while (0) #endif #define PORT6001 #define SERVER splat.zork.org #define CLIENT shell.zork.org #define int_error(msg) handle_error(__FILE__, __LINE__, msg) void handle_error(const char *file, int lineno, const char *msg); void init_OpenSSL(void); common.c== #include common.h void handle_error(const char *file, int lineno, const char *msg) { fprintf(stderr, ** %s:%i %s\n, file, lineno, msg); ERR_print_errors_fp(stderr); exit(-1); } void init_OpenSSL(void) { if (!SSL_library_init()) { fprintf(stderr, ** OpenSSL initialization failed!\n); exit(-1); } SSL_load_error_strings(); } client.c #include common.h void do_client_loop(BIO *conn) { int err, nwritten; char buf[80]; for (;;) { if (!fgets(buf, sizeof(buf), stdin)) break; for (nwritten = 0; nwritten sizeof(buf); nwritten += err) { err = BIO_write(conn, buf + nwritten, strlen(buf) - nwritten); if (err = 0) return; } } } int main(int argc, char *argv[]) { BIO *conn; init_OpenSSL(); conn = BIO_new_connect(SERVER : PORT); if (!conn) int_error(Error creating connection BIO); if (BIO_do_connect(conn) = 0) int_error(Error connecting to remote machine); fprintf(stderr, Connection opened\n); do_client_loop(conn); fprintf(stderr, Connection closed\n); BIO_free(conn); return 0; } __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]