Re: [1.0.1f] Building a certificate request with RSA-OAEP as Public Key Algorithm
Hello all, Trying to build a Certificate Signing Request using external means for crypto operations (eg key pair generation, signing). I'm relying on demos/x509/mkreq.c and the code in crypto/x509/. What I want to do is: - use external engine to generate RSA key pair - build X509_REQ as per mkreq.c - sign its X509_REQ_INFO with my external engine (RSA PKCS #1 w/ SHA-256) - plug this signature into X509_REQ Now before digging further into the code, I was wondering if anyone could explain, on the spot: 1) how to set the CSR's (Subject-Public-Key-Info)-(Public-Key-Algorithm) to RSA-OAEP (this key pair is to be used for encryption/decryption) ; I see X509_PUBKEY_set, but is there any way I can just change the EVP structure to specify OAEP and just call X509_REQ_set_pubkey as in the example? I'm assuming EVP_CTX_ctrl only works for initialized contexts. 2) the exact sequence of d2i/i2d/getters/setters to: - turn my X509_REQ_INFO into bytes, which I'll sign with my other engine - turn those bytes into an ASN1_BIT_STRING which I'll plug into my X509_REQ - set X509_REQ's sig_alg to something corresponding to RSA PKCS #1 w/ SHA-256 Thanks in advance :) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RSASSA-PSS command
Hi all, I want to sign with RSASSA-PSS, but I don't know how use openssl in command. Best Wishes, Thanks!
Re:RSASSA-PSS command
Oh, my purpose is generate x509 certificate that the Subject Public Key Information is id-RSASA-PSS 2058. Thanks At 2014-04-17 18:51:50,shixin shixin...@163.com wrote: Hi all, I want to sign with RSASSA-PSS, but I don't know how use openssl in command. Best Wishes, Thanks!
Re: Fwd: Application simply comes out in the function PEM_write_RSAPrivateKey.The private key file is simply 0KB.
Did you get solution? I am having same problem -- View this message in context: http://openssl.6102.n7.nabble.com/Application-simply-comes-out-in-the-function-PEM-write-RSAPrivateKey-The-private-key-file-is-simply--tp2033p49530.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RSASSA-PSS command
On Thu, 17 Apr 2014 19:20:49 +0800 (CST) shixin shixin...@163.com wrote: Oh, my purpose is generate x509 certificate that the Subject Public Key Information is id-RSASA-PSS 2058. I think openssl is not able to do that. At least it wasn't when I wrote my thesis on RSA-PSS [1]. The only software out there capable of creating such PSS-only-keys was the IAIK java library. [1] http://rsapss.hboeck.de/ -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42 signature.asc Description: PGP signature
Re:Re: RSASSA-PSS command
At 2014-04-17 19:29:34,Hanno Böck ha...@hboeck.de wrote: On Thu, 17 Apr 2014 19:20:49 +0800 (CST) shixin shixin...@163.com wrote: Oh, my purpose is generate x509 certificate that the Subject Public Key Information is id-RSASA-PSS 2058. I think openssl is not able to do that. At least it wasn't when I wrote my thesis on RSA-PSS [1]. The only software out there capable of creating such PSS-only-keys was the IAIK java library. [1] http://rsapss.hboeck.de/ -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42 Oh, I see your blog, and thank you very much. I implement X.509 certificates with RSASSA-PSS signatures by openssl function, is it possible? Best Wishes
Re: RSASSA-PSS command
On Thu, 17 Apr 2014 19:54:27 +0800 (CST) shixin shixin...@163.com wrote: I implement X.509 certificates with RSASSA-PSS signatures by openssl function, is it possible? It is possible, however most browsers won't like it. (my code for nss is unfortunately bitrotting in bugzilla) But we have two things here: a) you can create RSASSA-PSS signatures with normal RSA key type. Openssl supports that. b) You can have specific RSASSA-PSS-only-keys that are not allowed to do anything else. No support in OpenSSL as far as I know. -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42 signature.asc Description: PGP signature
Re: [1.0.1f] Building a certificate request with RSA-OAEP as Public Key Algorithm
tl;dr: is it worth using OpenSSL to build a CMS EnvelopedData message when the key transport algorithm is RSA-OAEP? If so, how? Long version: After some more digging, I'll try to make my request more precise. Some context: I am generating a RSA key pair with an external engine (say a HSM with PKCS #11). This key pair will be used to wrap/unwrap symmetric keys with RSAES-OAEP. RFC 4055 specifies some algorithm identifiers for use with CMS, RSAES-OAEP being one of them (§4). I'm making a certificate signing request for the public key, and of course I'd want its Public Key Algorithm to be RSAES-OAEP (probably with hash = SHA1, mgf = SHA1, param = none, since currently only those parameters are implemented with 1.0.1f). The idea is to use CMS to envelop some content (i.e. encrypt it with a symmetric key generated on-the-fly, and wrap this key with the public RSA key). The content-encryption-key will be unwrapped by the external engine. So essentially, I want to use OpenSSL to: - on the client side, build a CMS structure to hold an EnvelopedData type, the content-key being wrapped with OAEP, and export that to DER/PEM/whatever. - on the server side, parse the CMS structure, get the wrapped key and the encrypted message. The actual unwrapping/decryption will be made by the external engine. (Add some signing/verifying to the mix, i.e. encapsulate the EnvelopedData into a SignedData ; OpenSSL will then be used server-side to parse 1) the signature 2) the encapsulated-content-info out of the CMS, the actual verification will be made by the external engine) Is OpenSSL a good choice here? Client-side, I'll have to build a CMS structure ; demos/cms/cms_enc.c makes it look simple, but the key wrapping mechanism is chosen on the basis of the recipient's certificate... And using OpenSSL, building a CSR saying THIS KEY IS MEANT TO BE USED WITH OAEP seems tedious. I'm not even sure 1.0.1 supports OAEP as a method for key transport though: cms_RecipientInfo_ktri_encrypt() calls EVP_PKEY_CTX_ctrl, which I guess resolves to pkey_rsa_ctrl() ; OAEP padding is only set for EVP_PKEY_CTRL_CMS_DECRYPT. (I... don't really understand this part of the code (rsa_pmeth.c:580). When decrypting, the RecipientInfo structure is parsed and OAEP padding is specified ; but when it comes to encrypting the function just returns 1? ...) Server-side, I expect I'll only use the crypto library as a CMS/X.509 parser to get the bytes I'm interested in (i.e. the actual signature, wrapped key, encrypted message). Which means struggling with the ASN.1 API to find the correct functions for getting my content back from the internal structures. In the end I'll mostly use OpenSSL as a glorified CMS parser. Client-side, OAEP support for key wrapping seems unavailable (and if it is, I still don't know how to generate a certificate which actually reads OAEP as Public Key Algorithm) ; this means, I guess, that I'll use standard EVP functions to build my encrypted content/wrapped key, and then manually stuff them inside a CMS structure, bypassing the fancy CMS_encrypt function (haven't looked yet but I expect CMS_sign() should be able to handle ECDSA/SHA1... ?). (If I go for the manual stuffing option, I guess I can stop worrying about my Public Key Algorithm not reading OAEP and just have my client application know that it should wrap with OAEP, whatever the certificate says... After all, the server application will do exactly that, although it would be nice if it could decide the unwrapping mechanism based on the cert) When I ask if OpenSSL is a good choice, I don't mean to troll, I just figure some people must have faced the same problems (RFC 4055 has been out since 2005). So I assume those people chose to 1/ use a patched OpenSSL to support their particular mechanism choice (like that guy[1]) 2/ go for the manual stuffing option 3/ stop caring about standards and use their own conventions for encrypted content/wrapped key/signature transport, or 4/ find some other framework which actually supports all these algorithms and provides a nice CMS-building/parsing interface. (Or maybe 5/ they just use XMLENC/XMLDSIG) [1] http://stackoverflow.com/questions/22373305/rsa-public-key-encryption-openssl __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Getting error for libcrypto.a file in openssl-1.0.1g when making php
I am getting this error from an openssl-1.0.1g file when trying to make php-5.4.23 /usr/bin/ld: /opt/openssl-1.0.1g/lib/libcrypto.a(cversion.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC /opt/openssl-1.0.1g/lib/libcrypto.a: could not read symbols: Bad value collect2: ld returned 1 exit status make: *** [libphp5.la] Error 1 Can anyone tell me why this is happening? I was able to build php with openssl-1.0.1f so why is this error coming up with 1.0.1g? My system is RHEL6
Peek data
Hello, I would like to know whether it is possible to peek a message that was received after successful handshake? I am looking for similar behavior to python socket.MSG_PEEK flag which examine the data without consuming it and subsequent recv will read the data again. Thanks, Piotr __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Peek data
On Thu, Apr 17, 2014 at 04:39:29PM +0200, Piotr Kliczewski wrote: I would like to know whether it is possible to peek a message that was received after successful handshake? I am looking for similar behavior to python socket.MSG_PEEK flag which examine the data without consuming it and subsequent recv will read the data again. This would be the job of a buffering layer above the SSL connection. In Postfix, for example, there is a buffering vstream layer above SSL. Peeking at plaintext data without consuming it is a vstream layer feature. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Peek data
On Thu, Apr 17, 2014 at 12:48:11PM -0400, Jeffrey Walton wrote: This would be the job of a buffering layer above the SSL connection. In Postfix, for example, there is a buffering vstream layer above SSL. Peeking at plaintext data without consuming it is a vstream layer feature. SSL_peek? I'm not sure if its intended to be a public function, though. But it is used in s_client. Generally the public SSL library interfaces have names that start with SSL_ (upper case) and the private interfaces have names that start with ssl_ (lower case), so likely SSL_peek() is a public interface. Unfortunately, not all the public interfaces are documented as such, so we are sometimes forced to guess. In this case there are brief references to SSL_peek() in the SSL_get_error(3) and ssl(3) manpages, so the evidence for a public interface is stronger, though the function is not fully documented. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
unacknowledged donations
I have accumulated unread notifications of 179 donations dating back several days. Usually I try to send an acknowledgment promptly; a little click-and-drag, a little cut-and-paste to get it in the electronic ledger, and done. With some recent distractions I've fallen behind on either processing them manually or throwing together something automagical. So apologies again for my negligence in keeping up with those. I'll get there eventually. I hope. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Peek data
On Thu, Apr 17, 2014 at 7:04 PM, openssl-us...@dukhovni.org wrote: On Thu, Apr 17, 2014 at 12:48:11PM -0400, Jeffrey Walton wrote: This would be the job of a buffering layer above the SSL connection. In Postfix, for example, there is a buffering vstream layer above SSL. Peeking at plaintext data without consuming it is a vstream layer feature. SSL_peek? I'm not sure if its intended to be a public function, though. But it is used in s_client. Generally the public SSL library interfaces have names that start with SSL_ (upper case) and the private interfaces have names that start with ssl_ (lower case), so likely SSL_peek() is a public interface. Unfortunately, not all the public interfaces are documented as such, so we are sometimes forced to guess. In this case there are brief references to SSL_peek() in the SSL_get_error(3) and ssl(3) manpages, so the evidence for a public interface is stronger, though the function is not fully documented. I have to admit that I tried SSL_peek() and noticed that the behavior is a bit different than I expected. I am using M2Crypto [1] as openssl wrapper for python and when I use SSL_peek() I noticed that there is no read event after peeking for select.select() or select.poll(). It seems that it behaves a bit different than reading with socket.MSG_PEEK flag. 1. https://pypi.python.org/pypi/M2Crypto -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Getting error for libcrypto.a file in openssl-1.0.1g when making php
[Apologies for the top-post. Outlook does not properly handle bottom-posting when replying to HTML email, and doesn't properly convert HTML email to plain text, either. A pox on HTML email and Outlook and MIME and all their ilk.] You've built OpenSSL as a static library, and now you're trying to link it into a shared object. The ELF object file format requires that all code linked into a shared object be position-independent. Static libraries (i.e., ar archives of object files) can contain objects that are compiled as position-independent, but they can also contain objects that are not. In this case, you have an OpenSSL build that is not position-independent code. You need to reconfigure to force the generation of position-independent code (via the -fPIC flag, as the error message says) and rebuild OpenSSL. If memory serves, just adding the shared token to your Configure command line should suffice, since I think in that mode the OpenSSL makefiles compile with -fPIC (on platforms where that's appropriate) and then create both shared objects and static libraries. If that doesn't work, you could just edit Configure, find the target you're using, and add -fPIC to its compiler options list. Michael Wojcik Technology Specialist Micro Focus michael.woj...@microfocus.commailto:michael.woj...@microfocus.com 519 West Ash Street Mason, MI 48854-1553 Direct:+1 517 639 0892 Mobile : +1 517 862 9464 From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of James Butler Sent: Thursday, 17 April, 2014 09:51 To: openssl-users@openssl.org Subject: Getting error for libcrypto.a file in openssl-1.0.1g when making php I am getting this error from an openssl-1.0.1g file when trying to make php-5.4.23 /usr/bin/ld: /opt/openssl-1.0.1g/lib/libcrypto.a(cversion.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC /opt/openssl-1.0.1g/lib/libcrypto.a: could not read symbols: Bad value collect2: ld returned 1 exit status make: *** [libphp5.lahttp://libphp5.la] Error 1 Can anyone tell me why this is happening? I was able to build php with openssl-1.0.1f so why is this error coming up with 1.0.1g? This message has been scanned for malware by Websense. www.websense.com
Re: Getting error for libcrypto.a file in openssl-1.0.1g when making php
Thanks. I did that and it worked fine. Sent from my iPhone On Apr 17, 2014, at 8:06 PM, Michael Wojcik michael.woj...@microfocus.com wrote: [Apologies for the top-post. Outlook does not properly handle bottom-posting when replying to HTML email, and doesn't properly convert HTML email to plain text, either. A pox on HTML email and Outlook and MIME and all their ilk.] You've built OpenSSL as a static library, and now you're trying to link it into a shared object. The ELF object file format requires that all code linked into a shared object be position-independent. Static libraries (i.e., ar archives of object files) can contain objects that are compiled as position-independent, but they can also contain objects that are not. In this case, you have an OpenSSL build that is not position-independent code. You need to reconfigure to force the generation of position-independent code (via the -fPIC flag, as the error message says) and rebuild OpenSSL. If memory serves, just adding the shared token to your Configure command line should suffice, since I think in that mode the OpenSSL makefiles compile with -fPIC (on platforms where that's appropriate) and then create both shared objects and static libraries. If that doesn't work, you could just edit Configure, find the target you're using, and add -fPIC to its compiler options list. Michael Wojcik Technology Specialist Micro Focus michael.woj...@microfocus.com 519 West Ash Street Mason, MI 48854-1553 Direct:+1 517 639 0892 Mobile : +1 517 862 9464 From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of James Butler Sent: Thursday, 17 April, 2014 09:51 To: openssl-users@openssl.org Subject: Getting error for libcrypto.a file in openssl-1.0.1g when making php I am getting this error from an openssl-1.0.1g file when trying to make php-5.4.23 /usr/bin/ld: /opt/openssl-1.0.1g/lib/libcrypto.a(cversion.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC /opt/openssl-1.0.1g/lib/libcrypto.a: could not read symbols: Bad value collect2: ld returned 1 exit status make: *** [libphp5.la] Error 1 Can anyone tell me why this is happening? I was able to build php with openssl-1.0.1f so why is this error coming up with 1.0.1g? This message has been scanned for malware by Websense. www.websense.com
Peek data
Hello, I would like to know whether it is possible to peek a message that was received after successful handshake? I am looking for similar behavior to python socket.MSG_PEEK flag which examine the data without consuming it and subsequent recv will read the data again. Thanks, Piotr __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Distributing newly generated certificates via socket?
Hello: I used the example 10-6 in book *Network Security with OpenSSL* to generate x509 certificates. However, my program (server) want to send newly generated certificates to all other servers and clients via socket. After reading the book, I have two options to copy them into std::string certificate, which is used as a binary vector. *Option 1, using memoryBio and copy out the buffer consents: BIO *memoryBio = BIO_new (BIO_s_mem()); PEM_write_bio_X509 (memoryBio, cert));char *p (0);long length = BIO_get_mem_ptr (memoryBio, p);char **pp (0);length = BIO_get_mem_data (memoryBio, pp); certificate.reserve (length);certificate.assign (*p, length);* *Option 2: Using temp file to write out and read:PEM_write_X509 (fp, cert)* *Read in this temp file into certificate variable (std::string) and send via the socket.* At the receiver side, they need do the reversed steps to use it. Which option is better? Or any other options? I don't like the option2 as it generates a temp file and receiver side need to do the same steps. Also, is option 1 doable? Never read any code to do that way. For CRLs, I have the same question. Thanks. Steve.
