Re: RSA-SHA1 Digest
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello David, WCR wrote: > also Goetz, > >> Doing digest and sign in two steps is very unusual. >> Usually you process the digest and generate the signature >> in one step. > > Unfortunately, I think I do need both the digest and the signature to stuff > my xml message as in example attached in previous posts. If you really need the digest and the signature, you can do a EVP_MD_CTX_copy() before signing: [...] EVP_MD_CTX *ctx_work, *ctx_dgst; ctx_work = EVP_MD_CTX_create(); ctx_dgst = EVP_MD_CTX_create(); char dgst_data[EVP_MAX_MD_SIZE]; int dgst_size = EVP_MAX_MD_SIZE; int sign_size = EVP_PKEY_size(key); char*sign_data = OPENSSL_malloc(sign_size); [...] error = EVP_SignInit(ctx_work,EVP_sha1()); while((length = read_data(buffer)) > 0) error = EVP_SignUpdate(ctx_work,buffer,length); [...] error = EVP_MD_CTX_copy_ex(ctx_dgst,ctx_work); error = EVP_DigestFinal(ctx_dgst,dgst,dgst_size); EVP_MD_CTX_destroy(ctx_dgst); error = EVP_SignFinal(ctx_work,sign_data,&sign_size,key); EVP_MD_CTX_destroy(ctx_work); [...] OPENSSL_free(sign_data); [...] WARNING: this code is untested. It was written from my memory how openssl works and after consulting some man pages of the development head. Release versions may have a slightly different interface... Bye Goetz -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFF5I432iGqZUF3qPYRAhk6AKCB9MV3uP7eG6i52nzaJcLp2EVjlgCfYw8f 9aFddvGxRhdpwEib8wLWCRc= =hvVf -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: RSA-SHA1 Digest
If you take the data inside here and base64 decode it, you end up with 20 bytes. sXD2SsGQxI7DDFMwHwONxjGOaoI= $ echo 'sXD2SsGQxI7DDFMwHwONxjGOaoI=' | openssl base64 -d | hexdump -C b1 70 f6 4a c1 90 c4 8e c3 0c 53 30 1f 03 8d c6 0010 31 8e 6a 82 The result is twenty bytes - you can count them. :-) b1 70 f6 4a c1 90 c4 8e c3 0c 53 30 1f 03 8d c6 31 8e 6a 82 yours, Julius On 2/27/07, WCR <[EMAIL PROTECTED]> wrote: Julius, I'm a bit slow and a newbie, but this looks to me like a 28 byte string not 20? Can you explain please. sXD2SsGQxI7DDFMwHwONxjGOaoI= also Goetz, > Doing digest and sign in two steps is very unusual. > Usually you process the digest and generate the signature > in one step. Unfortunately, I think I do need both the digest and the signature to stuff my xml message as in example attached in previous posts. Thank you both for your patience. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Julius Davies Sent: 26 February 2007 22:30 To: openssl-users@openssl.org Subject: Re: RSA-SHA1 Digest I think I finally understand. This isn't 28 bytes: sXD2SsGQxI7DDFMwHwONxjGOaoI= That's 20 bytes of base64 encoded bytes. So you really are using sha1. yours, Julius On 2/26/07, Goetz Babin-Ebell <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hello David, > > WCR wrote: > > Julius > > > > You're probably pointing me in the right direction. > Not really. > > > I tried "openssl dgst -sha224" and yes I got a 56byte hex string / 28byte > > character string. My problem now is I can't use it in my xml message because > > of invalid characters. > > > > If I try "openssl enc -base64" the output is 40bytes. > > > > Is there another step I need to take to get a valid string? > > Doing digest and sign in two steps is very unusual. > Usually you process the digest and generate the signature > in one step. > > If you only want a raw base64 encoded signature (no PKCS#7) > You do the following: > > openssl dgst -sha1 -sign key.pem -out sig.bin datatobesigned.txt > openssl enc -base64 -in sig.bin -out signature.b64 > > 1st step: digest and sign data > 2nd step: convert generated binary signature into base64 > With a 1024 bit RSA key the file is 175 bytes long (containing > 3 line feeds) > > In a program the first step is done with the functions > EVP_SignInit() (or EVP_SignInit_ex()), EVP_SignUpdate() and > EVP_SignFinal() > > Bye > > Goetz > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.2 (GNU/Linux) > Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org > > iD8DBQFF4yvP2iGqZUF3qPYRAus7AJ9sTTd9kSvDYMOLjL88da0Rm/G8pACcD7qR > zHll0H48SpOrutZJ036eycE= > =S40W > -END PGP SIGNATURE- > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > -- yours, Julius Davies 416-652-0183 http://juliusdavies.ca/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- yours, Julius Davies 416-652-0183 http://juliusdavies.ca/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: RSA-SHA1 Digest
Julius, I'm a bit slow and a newbie, but this looks to me like a 28 byte string not 20? Can you explain please. sXD2SsGQxI7DDFMwHwONxjGOaoI= also Goetz, > Doing digest and sign in two steps is very unusual. > Usually you process the digest and generate the signature > in one step. Unfortunately, I think I do need both the digest and the signature to stuff my xml message as in example attached in previous posts. Thank you both for your patience. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Julius Davies Sent: 26 February 2007 22:30 To: openssl-users@openssl.org Subject: Re: RSA-SHA1 Digest I think I finally understand. This isn't 28 bytes: sXD2SsGQxI7DDFMwHwONxjGOaoI= That's 20 bytes of base64 encoded bytes. So you really are using sha1. yours, Julius On 2/26/07, Goetz Babin-Ebell <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hello David, > > WCR wrote: > > Julius > > > > You're probably pointing me in the right direction. > Not really. > > > I tried "openssl dgst -sha224" and yes I got a 56byte hex string / 28byte > > character string. My problem now is I can't use it in my xml message because > > of invalid characters. > > > > If I try "openssl enc -base64" the output is 40bytes. > > > > Is there another step I need to take to get a valid string? > > Doing digest and sign in two steps is very unusual. > Usually you process the digest and generate the signature > in one step. > > If you only want a raw base64 encoded signature (no PKCS#7) > You do the following: > > openssl dgst -sha1 -sign key.pem -out sig.bin datatobesigned.txt > openssl enc -base64 -in sig.bin -out signature.b64 > > 1st step: digest and sign data > 2nd step: convert generated binary signature into base64 > With a 1024 bit RSA key the file is 175 bytes long (containing > 3 line feeds) > > In a program the first step is done with the functions > EVP_SignInit() (or EVP_SignInit_ex()), EVP_SignUpdate() and > EVP_SignFinal() > > Bye > > Goetz > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.2 (GNU/Linux) > Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org > > iD8DBQFF4yvP2iGqZUF3qPYRAus7AJ9sTTd9kSvDYMOLjL88da0Rm/G8pACcD7qR > zHll0H48SpOrutZJ036eycE= > =S40W > -END PGP SIGNATURE- > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > -- yours, Julius Davies 416-652-0183 http://juliusdavies.ca/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Multiple certs and private keys (RSA, DSA, ECDSA)
Postfix sets up RSA and DSA certs by calling: /* RSA public and private keys */ SSL_CTX_use_certificate_chain_file(ctx, rsa_cert_file); SSL_CTX_use_PrivateKey_file(ctx, rsa_key_file, SSL_FILETYPE_PEM); /* DSA public and private keys */ SSL_CTX_use_certificate_chain_file(ctx, dsa_cert_file); SSL_CTX_use_PrivateKey_file(ctx, dsa_key_file, SSL_FILETYPE_PEM); I am adding support for ECDSA, and considering (a proposed simpler user-interface in main.cf makes this more natural) changing the call sequence to: /* First all the public keys */ SSL_CTX_use_certificate_chain_file(ctx, rsa_cert_file); SSL_CTX_use_certificate_chain_file(ctx, dsa_cert_file); SSL_CTX_use_certificate_chain_file(ctx, ecdsa_cert_file); /* Now all the private keys */ SSL_CTX_use_PrivateKey_file(ctx, rsa_key_file, SSL_FILETYPE_PEM); SSL_CTX_use_PrivateKey_file(ctx, dsa_key_file, SSL_FILETYPE_PEM); SSL_CTX_use_PrivateKey_file(ctx, ecdsa_key_file, SSL_FILETYPE_PEM); The re-ordered call sequence works the same way given the library implementation, but is this freedom part of the interface or just an implementation accident? Am I required to interleave the public/private key calls to avoid compatibility issues with future releases? The 0.9.9 manpage for these functions still talks about supporting only two certificate types, but three are supported now that ECDSA is implemented, so the documentation is not entirely current. Finally, it is not clear to me how SSL_CTX_use_certificate_chain_file() interacts with multiple cert files/chains. Is this still the right interface when RSA, DSA and ECDSA certs are all in play? I don't understand the intent of the following text from SSL_CTX_use_certificate_chain_file(3): SSL_CTX_use_certificate_chain_file() adds the first certificate found in the file to the certificate store. The other certificates are added to the store of chain certificates using SSL_CTX_add_extra_chain_cert(3). There exists only one extra chain store, so that the same chain is appended to both types of certificates, RSA and DSA! If it is not intended to use both type of certificate at the same time, it is recommended to use the SSL_CTX_use_certificate_chain_file() instead of the SSL_CTX_use_certificate_file() function in order to allow the use of complete certificate chains even when no trusted CA storage is used or when the CA issuing the certificate shall not be added to the trusted CA storage. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Duplicate mail
On Tue, Feb 27, 2007 at 02:34:10PM +0200, Constantin wrote: > Is there any chance that someone down at openssl.org can sort out the > duplicate sent mail?! I am getting duplicates on both openssl-dev and > openssl-users lists. The problem is almost certainly on your end. Look at the Received: headers of the duplicate messages, find the last (top-most) Received: headers that are identical in every detail with the Received headers above those being the first that differ. The duplication is the result of an issue (configuration, timeouts, ...) between those two systems (most likely both yours). Before reporting this type of issue to a public mailing list, carry out all appropriate local checks, and report the Received headers to the postmaster of the owner of the sending machine where the problem happens if the problem is upstream from you. Do not report the problem to the list. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Duplicate mail
Is there any chance that someone down at openssl.org can sort out the duplicate sent mail?! I am getting duplicates on both openssl-dev and openssl-users lists. Please please please Many thanks Constantin
Re: Runtime error with SSL_CTX_use_PrivateKey_file function
On Tue, Feb 27, 2007 at 01:49:13AM -0800, Anita Kumar wrote:
> static int password_callback(char *buf, int size, int rwflag, void *userdata)
> {
> printf("*** Callback function called\n");
> strcpy(buf, "ibmdw");
> return 1;
> }
>
> SSL_CTX_set_default_passwd_cb(ctx, &password_callback);
>From the manpage for SSL_CTX_set_default_passwd_cb:
The pem_passwd_cb(), which must be provided by the application, hands
back the password to be used during decryption. On invocation a pointer
to userdata is provided. The pem_passwd_cb must write the password into
the provided buffer buf which is of size size. The actual length of the
password must be returned to the calling function. rwflag indicates
whether the callback is used for reading/decryption (rwflag=0) or writ-
ing/encryption (rwflag=1).
Read the second-last sentence carefully.
--
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: How to Verify Message Digest and its Signature with X.509 certificate
On Tue, Feb 27, 2007, Zhuang Yuyao wrote: > Victor Duchovni wrote: > >On Tue, Feb 27, 2007 at 09:52:38AM +0800, Zhuang Yuyao wrote: > > > >>I need to verify a message digest and its signature with a X.509 > >>certificate. As far as I known, the procedure may looks like this: > >>pubkey = X509_get_pubkey(x); > >>rsa = EVP_PKEY_get1_RSA(pkey); > >>RSA_public_decrypt(signature_len, signature, rsa_out, rsa, pad); > >>memcmp(rsa_out, message_digest, message_digest_len); > > > >man EVP_VerifyInit > > > > the original message is required to do > EVP_VerifyInit() > EVP_VerifyUpdate() > EVP_VerifyFinal(). > > but my question is: I do not have the original message but only have the > digest of the message. how can I verify this message digest and its > signature. > The only algorithm neutral way to do this currently is with the EVP_PKEY_verify() function which is only present in OpenSSL 0.9.9-dev. Previous versions will need algorithm specific solutions but there are only 3 algorithms to cover: RSA, DSA, ECDSA. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Runtime error with SSL_CTX_use_PrivateKey_file function
Hi,
I'm trying to use the encrypted private key for my test SSL server.
I generated an encrypted private key cert_27.key using genrsa tool and I gave
a paswd to it. I wrote a call back function as follows, which just stores my
passwd into buf character buffer.
static int password_callback(char *buf, int size, int rwflag, void
*userdata)
{
/* For the purposes of this demonstration, the password is "ibmdw" */
printf("*** Callback function called\n");
strcpy(buf, "ibmdw");
return 1;
}
Now, I tried to load the private key in my server application as follows
int main()
{
SSL_CTX *ctx;
SSL *ssl, *ssl1;
BIO *bio, *abio, *out;
int p;
char r[1024];
CRYPTO_malloc_init();
SSL_library_init();
SSL_load_error_strings();
ERR_load_BIO_strings();
ERR_load_SSL_strings();
OpenSSL_add_all_algorithms();
printf("Attempting to create SSL context... ");
ctx = SSL_CTX_new(SSLv23_server_method());
if(ctx == NULL)
{
printf("Failed. Aborting.\n");
return 0;
}
printf("\nLoading certificates...\n");
SSL_CTX_set_default_passwd_cb(ctx, &password_callback);
if(!SSL_CTX_use_certificate_file(ctx, "signedcert_27.pem", SSL_FILETYPE_PEM))
{
ERR_print_errors_fp(stdout);
SSL_CTX_free(ctx);
return 0;
}
printf("\nLoading Private key...\n");
if(!SSL_CTX_use_PrivateKey_file(ctx, "cert_27.key", SSL_FILETYPE_PEM))
{
ERR_print_errors_fp(stdout);
SSL_CTX_free(ctx);
return 0;
}
}
when executing this application, i get the following runtime error in the
function, SSL_CTX_use_PrivateKey_file
OPENSSL_Uplink(100EB010,07): no OPENSSL_Applink.
When I comment the SSL_CTX_set_default_passwd_cb() line. The executable is
running, it asks for pem passphrase. When I enter the password, everything is
fine. But, I did not want this behaviour as I need to enter the passwd from
screen.
I would appriciate if I get nay comments on this.
Thanks and Regards,
Renuga.
-
Access over 1 million songs - Yahoo! Music Unlimited.
