[openssl-users] Help on basic EC programming

2015-11-24 Thread Matt Loah 
Hello all guys,

I'm a newbie... and going to understand the OpenSSL and the APIs involved
in, and even if I searched in the Net, there are two main question/subject
fields that I'd like to ask for.

1. Firstly, I wrote a little code that I don't know if it's really good
enough. So, comments, suggestions... will be greatly appreciated.


#include 
#include 
#include 
#include 

#define ECCTYPE "brainpoolP512t1"

int generate_keys (EC_KEY * ecc, EVP_PKEY * pkey)
{
if (EC_KEY_generate_key (ecc) <= 0)
return 1;
else
{
if (EVP_PKEY_assign_EC_KEY (pkey, ecc) <= 0)
return 2;
else
{
BIO * bp_public  = BIO_new_file ("./key.pub.pem", "w+");
BIO * bp_private = BIO_new_file ("./key.prv.pem", "w+");

if (bp_public)
{
if (PEM_write_bio_PUBKEY (bp_public, pkey) <= 0)
return 3;
else
BIO_free_all (bp_public);
}
else
return 4;

if (bp_private)
{
if (PEM_write_bio_PrivateKey (bp_private, pkey, nullptr,
nullptr, 0, 0, nullptr) <= 0)
return 5;
else
BIO_free_all (bp_private);
}
else
return 6;
}
}

return 0;
}

int main()
{
int retVal = 0;

OpenSSL_add_all_algorithms();
ERR_load_BIO_strings();
ERR_load_crypto_strings();

EVP_PKEY * pkey = EVP_PKEY_new();
EC_KEY * ecc = EC_KEY_new_by_curve_name (OBJ_txt2nid (ECCTYPE));

retVal = generate_keys (ecc, pkey);

EVP_PKEY_free (pkey);
EC_KEY_free (ecc);

return retVal;
}


2. Secondly, I'd like to be able to work with these two generated keys... I
mean, encrypt, decrypt... but don't reach to understand how to use them and
which functions should be invoked ?

And also, I'd like to get the public/private keys... Should use
EC_KEY_get0_private_key() & EC_KEY_get0_public_key() functions ?

Any help will be also highly appreciated.

Matt L.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] openssl des-ede3-cbc does not match with Java one

2015-11-24 Thread Jay Foster 
It is very likely that your text file also contains a newline at the 
end, so getting the same result as with the echo command would be 
expected.  If it is indeed the newline that is making the difference, 
you could try using the echo command with the '-n' option to suppress it.


Jay

On 11/24/2015 9:12 AM, David García wrote:

Sorry, still not getting the same result, now with the command:

echo 005863330 | openssl enc -e -des-ede3-cbc -K 
'b2aec78eb50e05f2a60b9efa20b82c903e6cad4f3bd2027b' -iv  
-nosalt | openssl enc -base64


I get:

H6cr2yN8oWXn2RxiDqnXLg==

but I should get:

H6cr2yN8oWUVY3a6/Vaaow==


BTW I get the same result if the text in the echo is between '' or is 
read from a text file.


2015-11-24 18:07 GMT+01:00 David García >:


You are right Viktor, that was my problem.

Thank you very much for your help Viktor and Michael.

2015-11-24 18:00 GMT+01:00 Viktor Dukhovni
mailto:openssl-us...@dukhovni.org>>:

On Tue, Nov 24, 2015 at 05:55:42PM +0100, David García wrote:

> openssl enc -e -des-ede3-cbc -in myfile.txt -k
> 'b2aec78eb50e05f2a60b9efa20b82c903e6cad4f3bd2027b' -iv
 -nosalt |
> openssl enc -base64

Please read Michael's message carefully. Note the comment about
"-k" vs. "-K" (upper-case).

--
Viktor.
___
openssl-users mailing list
To unsubscribe:
https://mta.openssl.org/mailman/listinfo/openssl-users




-- 
David





--
David


___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] openssl des-ede3-cbc does not match with Java one

2015-11-24 Thread Viktor Dukhovni 
On Tue, Nov 24, 2015 at 06:12:59PM +0100, David García wrote:

> Sorry, still not getting the same result, now with the command:
> 
> echo 005863330 | openssl enc -e -des-ede3-cbc -K
> 'b2aec78eb50e05f2a60b9efa20b82c903e6cad4f3bd2027b' -iv  -nosalt |
> openssl enc -base64

Please also read his comment about newlines (aka LF characters)
appended by "echo", or read from a file containing a line of text.

(Hint: instead of "echo 005863330" try "printf 005863330").

-- 
Viktor.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] OpenSSL compilation with no_des option.

2015-11-24 Thread Raman, Karthik IN BLR STS 
Hi,

I faced a problem to compile OpenSSL 1.0.2a with no_des option. I faced the 
same problem until OpenSSL 1.0.2d.
Fortunately I found a patch in the URL below.
I can do the code changes suggested in this URL and able to compile.

https://www.mail-archive.com/openssl-dev@openssl.org/msg39295.html

 I was wondering, how this code change can be incorporated formally in the 
OpenSSL source code. This will help to benefit everybody who ever uses OpenSSL 
with this option.




With best regards,
Karthik R




___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] openssl des-ede3-cbc does not match with Java one

2015-11-24 Thread David García 
Sorry, still not getting the same result, now with the command:

echo 005863330 | openssl enc -e -des-ede3-cbc -K
'b2aec78eb50e05f2a60b9efa20b82c903e6cad4f3bd2027b' -iv  -nosalt |
openssl enc -base64

I get:

H6cr2yN8oWXn2RxiDqnXLg==

but I should get:

H6cr2yN8oWUVY3a6/Vaaow==


BTW I get the same result if the text in the echo is between '' or is read
from a text file.

2015-11-24 18:07 GMT+01:00 David García :

> You are right Viktor, that was my problem.
>
> Thank you very much for your help Viktor and Michael.
>
> 2015-11-24 18:00 GMT+01:00 Viktor Dukhovni :
>
>> On Tue, Nov 24, 2015 at 05:55:42PM +0100, David García wrote:
>>
>> > openssl enc -e -des-ede3-cbc -in myfile.txt -k
>> > 'b2aec78eb50e05f2a60b9efa20b82c903e6cad4f3bd2027b' -iv  -nosalt
>> |
>> > openssl enc -base64
>>
>> Please read Michael's message carefully.  Note the comment about
>> "-k" vs. "-K" (upper-case).
>>
>> --
>> Viktor.
>> ___
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>
>
>
> --
> David
>



-- 
David
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] openssl des-ede3-cbc does not match with Java one

2015-11-24 Thread David García 
You are right Viktor, that was my problem.

Thank you very much for your help Viktor and Michael.

2015-11-24 18:00 GMT+01:00 Viktor Dukhovni :

> On Tue, Nov 24, 2015 at 05:55:42PM +0100, David García wrote:
>
> > openssl enc -e -des-ede3-cbc -in myfile.txt -k
> > 'b2aec78eb50e05f2a60b9efa20b82c903e6cad4f3bd2027b' -iv  -nosalt |
> > openssl enc -base64
>
> Please read Michael's message carefully.  Note the comment about
> "-k" vs. "-K" (upper-case).
>
> --
> Viktor.
> ___
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>



-- 
David
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] openssl des-ede3-cbc does not match with Java one

2015-11-24 Thread Viktor Dukhovni 
On Tue, Nov 24, 2015 at 05:55:42PM +0100, David García wrote:

> openssl enc -e -des-ede3-cbc -in myfile.txt -k
> 'b2aec78eb50e05f2a60b9efa20b82c903e6cad4f3bd2027b' -iv  -nosalt |
> openssl enc -base64

Please read Michael's message carefully.  Note the comment about
"-k" vs. "-K" (upper-case).

-- 
Viktor.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] openssl des-ede3-cbc does not match with Java one

2015-11-24 Thread David García 
I am sorry, I pasted an invalid key I was playing with to check some other
things. Next, the real key and now reading the value from a file instead
from echo (BTW I am using a linux terminal):

openssl enc -e -des-ede3-cbc -in myfile.txt -k
'b2aec78eb50e05f2a60b9efa20b82c903e6cad4f3bd2027b' -iv  -nosalt |
openssl enc -base64

myfile.txt (edited with vim) contains the string:

005863330

The value I get is:

SYqzNH5u8ExzyakWO3Cj/A==

meanwhile the one I am getting from Java and PHP examples is:

H6cr2yN8oWUVY3a6/Vaaow==


Regards.

2015-11-24 16:28 GMT+01:00 Michael Wojcik :

>
> > echo 'text_to_cypher' | openssl enc -e -des-ede3-cbc -k
> 'b2aec78eb50e04f2a60b9efa20b82c903e3cad4f3bd2027g' -iv  -nosalt |
> openssl enc -base64
>
> That echo command will append a LF (x'0a') byte (if this is a conventional
> UNIX or Linux system, or Cygwin, etc, and you're running under one of the
> standard shells). Do you have that byte in the value of your "cleartext"
> variable in the Java code? You failed to supply that. (Also, the
> single-quote characters are unnecessary, unless you're running a very odd
> shell.)
>
> The value of the -k argument you're passing to "openssl enc" ends with
> "g", which is not a hexadecimal digit; the rest of the value appears to be
> hexadecimal. But it's not clear why you're using -k anyway. Perhaps you
> mean to use -K (uppercase K, with an actual hexadecimal argument)?
>
>
> --
> Michael Wojcik
> Technology Specialist, Micro Focus
>
> ___
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>



-- 
David
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] openssl des-ede3-cbc does not match with Java one

2015-11-24 Thread Michael Wojcik 

> echo 'text_to_cypher' | openssl enc -e -des-ede3-cbc -k 
> 'b2aec78eb50e04f2a60b9efa20b82c903e3cad4f3bd2027g' -iv  -nosalt | 
> openssl enc -base64

That echo command will append a LF (x'0a') byte (if this is a conventional UNIX 
or Linux system, or Cygwin, etc, and you're running under one of the standard 
shells). Do you have that byte in the value of your "cleartext" variable in the 
Java code? You failed to supply that. (Also, the single-quote characters are 
unnecessary, unless you're running a very odd shell.)

The value of the -k argument you're passing to "openssl enc" ends with "g", 
which is not a hexadecimal digit; the rest of the value appears to be 
hexadecimal. But it's not clear why you're using -k anyway. Perhaps you mean to 
use -K (uppercase K, with an actual hexadecimal argument)?


-- 
Michael Wojcik
Technology Specialist, Micro Focus

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] openssl des-ede3-cbc does not match with Java one

2015-11-24 Thread David García 
Hi,

I am trying to use openssl command line tool for des-ede3-cbc encryption,
but it does not mach with the one I have in Java (and that I know that
works ok). I try to generate a des-ede3-cbc encryption with an IV =
0,0,0,0,0,0,0,0. Then I launch following command:


echo 'text_to_cypher' | openssl enc -e -des-ede3-cbc -k
'b2aec78eb50e04f2a60b9efa20b82c903e3cad4f3bd2027g' -iv  -nosalt |
openssl enc -base64


But I don't get the same result as the one I get in Java using Cipher:

private final byte [] IV = {0, 0, 0, 0, 0, 0, 0, 0};
.
DESedeKeySpec desKeySpec = new DESedeKeySpec(toByteArray(hexKey));
SecretKey desKey = new SecretKeySpec(desKeySpec.getKey(), "DESede");
Cipher desCipher = Cipher.getInstance("DESede/CBC/NoPadding");
desCipher.init(Cipher.ENCRYPT_MODE, desKey, new IvParameterSpec(IV));

//text 0 padding to get it multilpe of 8

byte[] ciphertext = desCipher.doFinal(cleartext);
new String(Base64.encodeBase64(ciphertext), "UTF-8");



Could anyone point me to what I am doing worng in this command line call?

Thanks in advance.
-- 
David
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Verifying Authenticode timestamp using openssl apis

2015-11-24 Thread Leena Soman 
Hi Matt,Here is an excerpt of openssl asn1parse 
3588:d=5
  hl=4 l=4940 cons: cont [ 1 ]
 3592:d=6  hl=4 l=4936 cons: SEQUENCE
 3596:d=7  hl=2 l=  10 prim: OBJECT    :1.3.6.1.4.1.311.3.3.1
 3608:d=7  hl=4 l=4920 cons: SET
 3612:d=8  hl=4 l=4916 cons: SEQUENCE
 3616:d=9  hl=2 l=   9 prim: OBJECT    :pkcs7-signedData
 3627:d=9  hl=4 l=4901 cons: cont [ 0 ]
 3631:d=10 hl=4 l=4897 cons: SEQUENCE
 3635:d=11 hl=2 l=   1 prim: INTEGER   :03
 3638:d=11 hl=2 l=  15 cons: SET
 3640:d=12 hl=2 l=  13 cons: SEQUENCE
 3642:d=13 hl=2 l=   9 prim: OBJECT    :sha256
 3653:d=13 hl=2 l=   0 prim: NULL
 3655:d=11 hl=4 l= 316 cons: SEQUENCE
 3659:d=12 hl=2 l=  11 prim: OBJECT    :id-smime-ct-TSTInfo
 3672:d=12 hl=4 l= 299 cons: cont [ 0 ]
 3676:d=13 hl=4 l= 295 prim: OCTET STRING  [HEX 
DUMP]:30820123020101060A2B0601040184590A03013031300D060960864801650304020105000420817580D34E29FAD72349E478B6EA0B6354F926FD5CB8719E230D0672BFC5E9C102065593CB94E2BC181232303135303731303035303331352E37315A3007020101800201F4A081B9A481B63081B3310B3009060355040613025553311330110603550408130A57617368696E67746F6E3110300E060355040713075265646D6F6E64311E301C060355040A13154D6963726F736F667420436F72706F726174696F6E310D300B060355040B13044D4F505231273025060355040B131E6E436970686572204453452045534E3A433046342D333038362D44454638312530230603550403131C4D6963726F736F66742054696D652D5374616D702053657276696365
 3975:d=11 hl=4 l=3792 cons: cont [ 0 ]
 3979:d=12 hl=4 l=1649 cons: SEQUENCE
 3983:d=13 hl=4 l=1113 cons: SEQUENCE
 3987:d=14 hl=2 l=   3 cons: cont [ 0 ]
 3989:d=15 hl=2 l=   1 prim: INTEGER   :02
 3992:d=14 hl=2 l=  10 prim: INTEGER   :6109812A0002
 4004:d=14 hl=2 l=  13 cons: SEQUENCE
 4006:d=15 hl=2 l=   9 prim: OBJECT    :sha256WithRSAEncryption
 4017:d=15 hl=2 l=   0 prim: NULL
 4019:d=14 hl=3 l= 136 cons: SEQUENCE
 4022:d=15 hl=2 l=  11 cons: SET
 4024:d=16 hl=2 l=   9 cons: SEQUENCE
 4026:d=17 hl=2 l=   3 prim: OBJECT    :countryName
 4031:d=17 hl=2 l=   2 prim: PRINTABLESTRING   
:US-
Thanks,Leena.
   From: Matt Caswell 
 To: openssl-users@openssl.org 
 Sent: Tuesday, November 24, 2015 3:00 PM
 Subject: Re: [openssl-users] Verifying Authenticode timestamp using openssl 
apis
   




On 24/11/15 05:17, Leena Soman wrote:
> Hello,
> I am trying to verify the timestamp in a file signed using Authenticode.
> I have found that this timestamp is in the RFC3161 format.
> Using openssl apis, I have parsed the Authenticode signature and reached
> the oid 1.3.6.1.4.1.311.3.3.1. I have subsequently used the following apis :

Am I right in understanding that you are attempting to use the OpenSSL
ASN.1 APIs to parse an RFC3161 response?

Did you realise that OpenSSL has APIs that support RFC3161 directly? See
opensssl/ts.h as well as the "openssl ts" command line app.

Matt
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


  ___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Verifying Authenticode timestamp using openssl apis

2015-11-24 Thread Matt Caswell 


On 24/11/15 05:17, Leena Soman wrote:
> Hello,
> I am trying to verify the timestamp in a file signed using Authenticode.
> I have found that this timestamp is in the RFC3161 format.
> Using openssl apis, I have parsed the Authenticode signature and reached
> the oid 1.3.6.1.4.1.311.3.3.1. I have subsequently used the following apis :

Am I right in understanding that you are attempting to use the OpenSSL
ASN.1 APIs to parse an RFC3161 response?

Did you realise that OpenSSL has APIs that support RFC3161 directly? See
opensssl/ts.h as well as the "openssl ts" command line app.

Matt
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users