Re: ECDH-RSA and TLS 1.2
On Thu, Nov 01, 2012, Abhiram Shandilya wrote: I ran openssl s_server with an ECC certificate signed by an RSA Root CA. When I try to connect using s_client and a TLS 1.2 ECDH-RSA cipher suite (eg ECDH-RSA-AES128-SHA256 or ECDH-RSA-AES128-GCM-SHA256), the connection fails with s_server printing the following error: 3086918464:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1353:. Can someone please tell me why this doesn't work? Here are the commands I used: Starting s_server: openssl s_server -accept 4433 -key ./key.pem -cert cert.pem Connecting with s_client: openssl s_client -connect localhost:4433 -cipher ECDH-RSA-AES128-SHA256 You probably don't want ECDH-RSA-AES128-SHA256 as it is a fixed ECDH ciphersuite (if you do you need to use an appropriate curve in the EE certificate and include key agreement in the key usage extension, if present). You should try ECDHE-ECDSA-AES128-SHA256 which uses ephemeral ECDH. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Freeing memory allocated during PKCS12_parse
Hi, What's the correct way of freeing the memory allocated by a call to: int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) Assuming ca is non-null? Thanks, Richard.
Enabling https capability
Not sure if this is the right place to ask, but I will give it a try because it seems likely that someone here can point me in the right direction if need be. I am not a programmer. I have an application that can make http connections but not https. The connections are made from a Windows command line interface, not a browser. I would like to enable it to make https connections too without having to reinvent the wheel. If there is some way to connect it to an intermediary proxy program that does have built-in support for the https protocol, that would be swell. Is such a thing possible or is there another solution I don't see? Thanks. John __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
AES encryption openssl salt and Doing it in Java salt
I have written AES encryption which uses salt
int nrounds=5;
unsigned char salt[]= {1,2,3,4, 5,6,7,8};
unsigned char key[32], iv[32];
unsigned char *key_data=password;
int key_data_len= 8;
i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), salt, key_data,
key_data_len, nrounds, key, iv);
Sample code supplied for this.
I am required to use Java to decrypt the openssl encrypted salted password
AES
so I wrote Java code to encrypt and decrypt using salt. I cannot figure out
what are the
parms for the salt to get the same results of encryption as I get with
openssl.
The C program which encrypts using openssl is shown along with the
Java code that encrypts (and decrypts).
This is the output of the Java program using password porsche and porsche
for the string
java AESjava password porsche
Original: porsche
706F7273636865
Encrypted:
54D818BE067A1BCE0EE1320672576EEB
Decrypted:porsche
706F7273636865
This is the output of the openssl code using password and porsche
./other password porsche
AES_BLOCK_SIZE 16
MAX KEY LENGTH is 32
length in 7
Original: porsche
706F7273636865
length out 16
Encrypted:
B667BEDBDA785A834A1FAD8F8958FC7B
Obviously the encryption is different as the salt is not computed the same.
Java verses the openssl encrypted result
54D818BE067A1BCE0EE1320672576EEB
B667BEDBDA785A834A1FAD8F8958FC7B
So if anyone out there should know what good parms to use for openssl and
Java
to encrypt using Salt for same results please let me know. I assume I can
decrypt
if same encrypt results.
JAVA CODE
import java.io.UnsupportedEncodingException;
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
public class AESjava {
private static final intKEY_LENGTH = 128;
private static final intITERATIONS = 5;
private static final String ALGORITHM = AES;
private static final String SECRET_KEY_ALGORITHM=
PBKDF2WithHmacSHA1;
private static final String TRANSFORMATION =
AES/CBC/PKCS5Padding;
private final Cipherm_enc_cipher;
private final Cipherm_dec_cipher;
public AESjava(final char[] password, final byte[] salt)
throws Exception {
// Derive the key, given password and salt
final SecretKeyFactory factory =
SecretKeyFactory.getInstance(SECRET_KEY_ALGORITHM);
final KeySpec spec = new PBEKeySpec(password, salt,
ITERATIONS,KEY_LENGTH);
SecretKey tmp = factory.generateSecret(spec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), ALGORITHM);
// Build encryptor and get IV
final Cipher enc_cipher = Cipher.getInstance(TRANSFORMATION);
enc_cipher.init(Cipher.ENCRYPT_MODE, secret);
// Build decryptor
final Cipher dec_cipher = Cipher.getInstance(TRANSFORMATION);
final AlgorithmParameters params = enc_cipher.getParameters();
final byte[] iv = params.getParameterSpec(IvParameterSpec.class)
.getIV();
dec_cipher.init(Cipher.DECRYPT_MODE, secret, new
IvParameterSpec(iv));
this.m_enc_cipher = enc_cipher;
this.m_dec_cipher = dec_cipher;
}
public byte[] encrypt(final byte[] data) throws
NoSuchAlgorithmException,
InvalidKeySpecException, NoSuchPaddingException,
InvalidKeyException, InvalidParameterSpecException,
IllegalBlockSizeException, BadPaddingException,
UnsupportedEncodingException {
return this.m_enc_cipher.doFinal(data);
}
public byte[] decrypt(final byte[] data) throws
IllegalBlockSizeException,
BadPaddingException {
return this.m_dec_cipher.doFinal(data);
}
public static void test(String pass, String string) throws Exception{
final char[] password = pass.toCharArray();
final byte[] salt = new byte[] {1,2,3,4, 5,6,7,8};
final byte[] original_data = string.getBytes();
final AESjava aesA = new AESjava(password, salt);
final byte[] encrypted_data = aesA.encrypt(original_data);
System.out.println(Original: + string);
System.out.println(javax.xml.bind.DatatypeConverter
.printHexBinary(original_data) );
System.out.println();
System.out.println(Encrypted:);
System.out.println(javax.xml.bind.DatatypeConverter
.printHexBinary(encrypted_data));
System.out.println();
final byte[] decrypted_data = aesA.decrypt(encrypted_data);
System.out.println(Decrypted:+new String(decrypted_data) );
System.out.println(javax.xml.bind.DatatypeConverter
.printHexBinary(decrypted_data));
System.out.println();
}
public static void main(final String[] args) {
try {
test(args[0], args[1]);
} catch (Exception e){
e.printStackTrace();
}
}
}
openssl code C
/**
Re: Enabling https capability
(Note you really should have started a new thread, not replied to an old one). On 11/1/2012 5:00 PM, John A. Wallace wrote: Not sure if this is the right place to ask, but I will give it a try because it seems likely that someone here can point me in the right direction if need be. I am not a programmer. I have an application that can make http connections but not https. The connections are made from a Windows command line interface, not a browser. I would like to enable it to make https connections too without having to reinvent the wheel. If there is some way to connect it to an intermediary proxy program that does have built-in support for the https protocol, that would be swell. Is such a thing possible or is there another solution I don't see? Thanks. If you don't want to link the SSL code into you application, look up stunnel, which is a free program (for Windows too) which does almost exactly what you ask for. If you would rather link the code into your application, you are in the right place, this is exactly what OpenSSL was originally created for. Link your application to the latest version of OpenSSL and follow the tutorials elsewhere for how to call it in a https client (It is mostly about passing all your socket send/recv calls through OpenSSL functions, plus some slightly tricky code to call when doing connect() and socketclose()). If you have questions about any of the function calls needed, post on this mailing list. P.S. If anyone could point the OP (and others as this seems a FAQ) to a good example of adding OpenSSL to existing socket code with current best practices, please post it as a reply in this thread. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: https server using openssl
Hi, Thanks for the information , actually I need to write simple webserver for the android (in the ndk level for some requirement) . I have added some new CIPHER suite to the openssl as per our requirement . now I need to write simple webeserver which uses that modified-openssl , hence I planned to use the code which is there in the link(http://www.rtfm.com/openssl-examples/) compiled with new openssl .. so now will it be okay to go with this code ..? incase if it is not good to use the above approach , then is boost library available for android to use the Mr.Ted approach ..? Rgds Indra On Wed, Oct 31, 2012 at 1:20 PM, Ted Byers r.ted.by...@gmail.com wrote: On Wed, Oct 31, 2012 at 12:31 PM, Indtiny s indt...@gmail.com wrote: Hi, Thanks for the suggestion , while browsing about openssl I came across this site http://www.rtfm.com/openssl-examples/ which has code for server which is based on the openssl . Can I use that server code for my simple webserver application ..? Rgds Indra I don't know how or if Boost's asio library interacts with openssl, but if you want to develop your own server, you probably ought to begin with Boost's asio library. If I where going to write my own server, that is what I would do (if I were writing it in C++ rather than Perl). http://www.boost.org/doc/libs/1_51_0/doc/html/boost_asio.html The site you referenced provides an example that is over a decade old. The link I provide above it this year, with current examples for both http servers and clients with and without using SSL. Being a Boost C++ library, it provides a solid base on which to build. The license basically lets you use all that code for whatever purpose you wish. And, I am sure, once yu have studied it, and openssl, you'll be able to extend it to use openssl if it does not presently use it, to add capabilities that openssl provides that are not presently available in asio (provided you have a good grasp of C++ templates and inheritance). Cheers Ted __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: AES encryption openssl salt and Doing it in Java salt
From: owner-openssl-us...@openssl.org On Behalf Of redpath
Sent: Thursday, 01 November, 2012 13:07
I have written AES encryption which uses salt
*password-based* with salt, as you correctly say for Java below.
int nrounds=5;
unsigned char salt[]= {1,2,3,4, 5,6,7,8};
unsigned char key[32], iv[32];
unsigned char *key_data=password;
int key_data_len= 8;
i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), salt, key_data,
key_data_len, nrounds, key, iv);
Sample code supplied for this.
EVP_BytesToKey uses original PKCS#5, retronymed PBKDF1,
up to the hash size (16 or 20 bytes) and a nonstandard
extension beyond that. AES-256-CBC requires 48 bytes.
I am required to use Java to decrypt the openssl encrypted
salted password AES
so I wrote Java code to encrypt and decrypt using salt. I
cannot figure out what are the
parms for the salt to get the same results of encryption as I get with
openssl.
Salt is not the problem, it's one of the few things you have right.
snip example and code
Your Java codes uses PBKDF2WithHMACSHA1. This is a different
algorithm, although designed on somewhat similar principles.
As far as I can find, Suncle Java with the standard providers
does not provide PBKDF1 as a primitive, although it provides
a few (older) PBE encryptions I'm pretty *include* KDF1.
I'm certain it doesn't provide OpenSSL's extended-KDF1.
OTOH, OpenSSL (evp.h) also provides PKCS5_PBKDF2_HMAC_SHA1
(or optionally other hash), and that is compatible with Java.
Also, your Java code uses AES-128, and a default (random)
IV rather than the PB-generated IV. While random IV may
actually be preferable, it must be implemented (compatibly)
at both ends and transmitted or stored with the ciphertext.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: https server using openssl
On Thu, Nov 1, 2012 at 1:47 PM, Indtiny s indt...@gmail.com wrote: Hi, Thanks for the information , actually I need to write simple webserver for the android (in the ndk level for some requirement) . I have added some new CIPHER suite to the openssl as per our requirement . now I need to write simple webeserver which uses that modified-openssl , hence I planned to use the code which is there in the link(http://www.rtfm.com/openssl-examples/) compiled with new openssl .. so now will it be okay to go with this code ..? Bear in mind the caveats on that page. The code is ancient. Look for copyright information - who owns the copy right for that page/code, and what license did they apply. The anwsers you want, regarding permission to use it are in that documentation, if it exists. If the code is correctly perceived to be open source, then you can do what you like with it. But, even if you can, that is not the same thing as you should. Remember, the age of that code. Revising it may be more trouble than it is worth. incase if it is not good to use the above approach , then is boost library available for android to use the Mr.Ted approach ..? The boost library is a C++ library, and thus an be used on any platform for which there is a standards compliant C++ compiler. Therefore, if you have a C++ compiler for Android, then you can use boost libraries. The short answer, is yes, there is a C++ compiler on Android and thus you can use boost. BTW: The boost asio library does use openssl for it's security functionality. Therefore, it ought to be very easy for you to extend to include your new cipher, or anything else that you may want. Cheers Ted __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: ECDH-RSA and TLS 1.2
Hi Steve, Thanks for your response. I'm just trying to figure out what it takes to get this working - are you of the opinion that an SSL server should not support TLS 1.2 ECDH-RSA cipher suites? Could you also mention why? I configured my openssl RSA CA to add the key usage extension for key agreement to the ECC certificate but even then it does not work. Pre-TLS 1.2 cipher suites such as ECDH-RSA-AES128-SHA work fine but just not the TLS 1.2 cipher suites with AESGCM. Thanks Abhi -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Thursday, November 01, 2012 4:40 AM To: openssl-users@openssl.org Subject: Re: ECDH-RSA and TLS 1.2 On Thu, Nov 01, 2012, Abhiram Shandilya wrote: I ran openssl s_server with an ECC certificate signed by an RSA Root CA. When I try to connect using s_client and a TLS 1.2 ECDH-RSA cipher suite (eg ECDH-RSA-AES128-SHA256 or ECDH-RSA-AES128-GCM-SHA256), the connection fails with s_server printing the following error: 3086918464:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1353:. Can someone please tell me why this doesn't work? Here are the commands I used: Starting s_server: openssl s_server -accept 4433 -key ./key.pem -cert cert.pem Connecting with s_client: openssl s_client -connect localhost:4433 -cipher ECDH-RSA-AES128-SHA256 You probably don't want ECDH-RSA-AES128-SHA256 as it is a fixed ECDH ciphersuite (if you do you need to use an appropriate curve in the EE certificate and include key agreement in the key usage extension, if present). You should try ECDHE-ECDSA-AES128-SHA256 which uses ephemeral ECDH. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ECDH-RSA and TLS 1.2
On Fri, Nov 02, 2012, Abhiram Shandilya wrote: Hi Steve, Thanks for your response. I'm just trying to figure out what it takes to get this working - are you of the opinion that an SSL server should not support TLS 1.2 ECDH-RSA cipher suites? Could you also mention why? Well one reason is that the fixed ECDH cipher suites do not support forward secrecy because they always use the same ECDH key. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
