Linux version of Attribute certificate API

[Daniel Diaz Sanchez]

Hello,

I have compiled the Attribute Certificate API on Linux and it is working
with OpenSSL 0.9.8a (I didn't check other versions)


The source can be downloaded at
http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml

There are 3 versions:

Version 0.1 (Windows only)
Version 0.1 (Linux/Windows) some minor changes to the Windows version (types
and casts). It should work in windows also.
Version 0.2 (Windows) Includes some bugfixes and new functions to assist the
issuing process. Those new functions can be personalized using callbacks.
New functions are not yet covered by documentation.


I will try to move version 0.2 to Linux and also to finish the verifier for
version 0.3 (if I have some spare time)

Regards,

Daniel



--
Daniel Diaz Sanchez
Telecommunication Engineer
Researcher / Teaching Assistant
 
Dep. Ing. Telemática
Universidad Carlos III de Madrid
Av. Universidad, 30
28911 Leganés (Madrid/Spain)
Tel: (+34) 91-624-6233, Fax: -8749

Web: www.it.uc3m.es/dds
web: http://www.it.uc3m.es/pervasive
A toolkit for attribute certificates:
http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml

Mail: dds[at].it.uc3m.es
Skype: dds.it.uc3m.es



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Linux version of Attribute certificate API

[Daniel Diaz Sanchez]

--


-name(GNs):DirName: /C=ES/ST=Madrid/L=Leganes/O=Universidad Carlos
III/CN=SoA/[EMAIL PROTECTED]
-serial(INT):e3:1e:d2:8b:a0:60:53:2f:
-issuerUniqueID(INT):NULL
Holder Information
--

Holder BaseCertID:

-name(GNs):DirName: /C=es/ST=Madrid/L=Leganes/O=Universidad Carlos
III/CN=User/[EMAIL PROTECTED]
-serial(INT):bd:a6:37:3d:db:9e:37:89:
-issuerUniqueID(INT):NULL
Validity


Valid not before: 20070608185543Z
Valid not after: 20070615185543Z
Attribute information
-
Number of attributes: 4 

Attribute Number: 0

Attribute NID: 354 , Name: id-aca-authenticationInfo 
Service Authentication Information
Attribute syntax SvceAuthInfo
Consumed by the target application not the AC verifier
Multiple values allowed : yes
Values: 2
Printing value: 0
--
Ident information : Present
DirName: /C=es/ST=Madrid/L=Leganes/O=Universidad Carlos
III/CN=User/[EMAIL PROTECTED]
Service information : Present
DirName: /C=ES/ST=Madrid/L=Getafe/O=Universidad Carlos III
de Madrid/OU=Library/CN=Catalog
Auth Info : Not present
Printing value: 1
--
Ident information : Present
DirName: /C=es/ST=Madrid/L=Leganes/O=Universidad Carlos
III/CN=User/[EMAIL PROTECTED]
Service information : Present
DirName: /C=ES/ST=Madrid/L=Leganes/O=Universidad Carlos III
de Madrid/OU=Departamento Ingenieria Telematica/CN=Servicio de correo
electronico
Auth Info : Not present
Attribute Number: 1

Attribute NID: 355 , Name: id-aca-accessIdentity 
Access Identity
Attribute syntax SvceAuthInfo without AuthInfo
Consumed by the AC verifier to authorise
Multiple values allowed : yes
Values: 1
Printing value: 0
--
Ident information : Present
DirName: /C=es/ST=Madrid/L=Leganes/O=Universidad Carlos
III/CN=User/[EMAIL PROTECTED]
Service information : Present
DirName: /C=ES/ST=Madrid/L=Leganes/O=Universidad Carlos III
de Madrid/OU=Departamento Ingenieria Telematica/CN=Servicio de correo
electronico
Auth Info : Not present... it should be not present!
Attribute Number: 2

Attribute NID: 356 , Name: id-aca-chargingIdentity 
Charging Identity
Attribute syntax IetfAttrSyntax
Consumed by the AC verifier to authorise
Multiple values allowed : no
Values: 1
Printing value: 0
--
Policy Authority information : Present
DirName: /C=es/ST=Madrid/L=Leganes/O=Universidad Carlos
III/CN=User/[EMAIL PROTECTED]
Type of info :  V_ASN1_OCTET_STRING

0x530x6f0x6d0x650x200x640x610x740x610x200x740x6f0x200x610x640x640x200x740x6f
0x2e0x2e0x2e0x2e0x2e
Attribute Number: 3

Attribute NID: 400 , Name: role 
Role
Attribute syntax RoleSyntax
Consumed by the AC verifier
Multiple values allowed : yes
Values: 1
Printing value: 0
--
roleAuthority [Optional] : Present

roleName [MUST|URN]:  URI:it.uc3m.es:administrator

Extensions:

Number of extensions present : 1
NID: 287, ac-auditEntity
Critical: Yes
Data:61:75:64:69:74:2d:69:6e:66:6f:

Signature:

Signature Algorithm: sha1WithRSAEncryption
0e:40:4f:85:72:a2:15:ef:3c:f9:c3:54:74:64:bf:6e:e7:b3:
14:21:70:22:50:fa:16:73:a7:dc:8c:8b:e8:41:1c:ae:90:df:
6d:11:1f:24:1a:57:5c:b3:8f:ba:51:70:c3:fa:13:16:4a:30:
3e:4b:63:dd:46:ae:f2:9e:47:01:b4:17:4b:00:26:9c:e4:5b:
ef:f1:bc:72:63:a4:f1:bf:ec:7b:f0:27:76:4e:24:bb:63:06:
3c:67:f4:bc:f3:62:ce:53:94:ad:41:4c:36:11:9c:21:a2:f7:
e5:2d:7f:6c:6e:7b:e4:4b:ed:22:4f:de:80:d8:8c:61:20:ce:
d0:c3




 -Mensaje original-
 De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
 En nombre de Daniel Diaz Sanchez
 Enviado el: viernes, 08 de junio de 2007 15:50
 Para: openssl-users@openssl.org; [EMAIL PROTECTED]
 Asunto: Linux version of Attribute certificate API
 
 Hello,
 
 I have compiled the Attribute Certificate API on Linux and it is working
 with OpenSSL 0.9.8a (I didn't check other versions)
 
 
 The source can be downloaded at
 http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml
 
 There are 3 versions:
 
 Version 0.1 (Windows only)
 Version 0.1 (Linux/Windows) some minor changes to the Windows version
 (types

RE: ITU X509/ RFC 3281 Attribute Certificates API Beta

[Daniel Diaz Sanchez]

Hello,

We have been working in AC also, the API published in the website is older. 
Please, have a look to the latest one:

http://www.it.uc3m.es/dds/swRelease/pmi/ACv2.zip

This new software, also in beta stage, provides also a tool for issuing
attribute certificates in a very simple way, there is also a possibility to
define profiles and so on...

Please, have a look to the link above these lines, there is also a demo
program that issues 4 different types of attribute certificates:

1.- Attribute assignment certificate: assigns attributes to a holder
2.- Attribute definition certificate: defines an attribute, syntax policies,
domination rules...
3.- Role assignment certificate: assigns a role to an entity
4.- Role definition: defines what a given role can do.

We hope our code can fit in openssl once debugged and tested :)

Regards,

Daniel



--
Daniel Diaz Sanchez
Telecommunication Engineer
Researcher / Teaching Assistant
 
Dep. Ing. Telemática
Universidad Carlos III de Madrid
Av. Universidad, 30
28911 Leganés (Madrid/Spain)
Tel: (+34) 91-624-8817, Fax: -8749

Web: www.it.uc3m.es/dds
web: http://www.it.uc3m.es/pervasive
A toolkit for attribute certificates:
http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml

Mail: dds[at].it.uc3m.es
Skype: dds.it.uc3m.es


 -Mensaje original-
 De: [EMAIL PROTECTED] [mailto:owner-openssl-
 [EMAIL PROTECTED] En nombre de Vincenzo Sciarra
 Enviado el: sábado, 25 de noviembre de 2006 8:55
 Para: openssl-users@openssl.org
 Asunto: Re: ITU X509/ RFC 3281 Attribute Certificates API Beta
 
 I'm workingon AC, but there is very few implementation.
 Only the new API can help you for a little.
 It's not yet time for AC
 
 
 
 bye
 
 
 2006/11/24, Richard Levitte - VMS Whacker [EMAIL PROTECTED]:
  In message [EMAIL PROTECTED] on Tue, 10 Oct 2006
 11:35:30 +0200, Daniel Diaz Sanchez [EMAIL PROTECTED] said:
 
  dds Hello,
  dds
  dds Some source code to generate attribute certificates using OpenSSL
 can be
  dds found at:
  dds
  dds http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml
  dds
  dds It has been tested with some versions of OpenSSL and works with all
 of them
  dds including the latest release 0.9.8d.
 
  Hello,
 
  I've just had reasons to get interested in ACs, and I'm pleased it's
  been discussed already fairly recently.
 
  I'm really looking for something that could be included into OpenSSL
  propper, and as far as I've seen, there's your code, which could
  probably be retrofitted into OpenSSL, and there's the OpenPMI patch,
  which might come with a license incompatibility problem (they use
  AFL).  Choices, choices...
 
  Any help in that direction would be appreciated.
 
  Cheers,
  Richard
 
  -
  Please consider sponsoring my work on free software.
  See http://www.free.lp.se/sponsoring.html for details.
 
  --
  Richard Levitte [EMAIL PROTECTED]
 http://richard.levitte.org/
 
  When I became a man I put away childish things, including
   the fear of childishness and the desire to be very grown up.
 -- C.S. Lewis
  __
  OpenSSL Project http://www.openssl.org
  User Support Mailing Listopenssl-users@openssl.org
  Automated List Manager   [EMAIL PROTECTED]
 
 
 
 --
 Vincenzo Sciarra
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: ITU X509/ RFC 3281 Attribute Certificates API Beta

[Daniel Diaz Sanchez]

Hello,

Te API in the web site is really old. I can provide a new one for your
consideration. 

Please, have a look to the latest one:

http://www.it.uc3m.es/dds/swRelease/pmi/ACv2.zip


We can work all together in the same direction :)

Regards,

Daniel

--
Daniel Diaz Sanchez
Telecommunication Engineer
Researcher / Teaching Assistant
 
Dep. Ing. Telemática
Universidad Carlos III de Madrid
Av. Universidad, 30
28911 Leganés (Madrid/Spain)
Tel: (+34) 91-624-8817, Fax: -8749

Web: www.it.uc3m.es/dds
web: http://www.it.uc3m.es/pervasive
A toolkit for attribute certificates:
http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml

Mail: dds[at].it.uc3m.es
Skype: dds.it.uc3m.es


 -Mensaje original-
 De: Richard Levitte - VMS Whacker [mailto:[EMAIL PROTECTED]
 Enviado el: viernes, 24 de noviembre de 2006 20:40
 Para: openssl-users@openssl.org; [EMAIL PROTECTED]
 CC: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
 Asunto: Re: ITU X509/ RFC 3281 Attribute Certificates API Beta
 
 In message [EMAIL PROTECTED] on Tue, 10 Oct 2006
 11:35:30 +0200, Daniel Diaz Sanchez [EMAIL PROTECTED] said:
 
 dds Hello,
 dds
 dds Some source code to generate attribute certificates using OpenSSL can
 be
 dds found at:
 dds
 dds http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml
 dds
 dds It has been tested with some versions of OpenSSL and works with all of
 them
 dds including the latest release 0.9.8d.
 
 Hello,
 
 I've just had reasons to get interested in ACs, and I'm pleased it's
 been discussed already fairly recently.
 
 I'm really looking for something that could be included into OpenSSL
 propper, and as far as I've seen, there's your code, which could
 probably be retrofitted into OpenSSL, and there's the OpenPMI patch,
 which might come with a license incompatibility problem (they use
 AFL).  Choices, choices...
 
 Any help in that direction would be appreciated.
 
 Cheers,
 Richard
 
 -
 Please consider sponsoring my work on free software.
 See http://www.free.lp.se/sponsoring.html for details.
 
 --
 Richard Levitte [EMAIL PROTECTED]
 http://richard.levitte.org/
 
 When I became a man I put away childish things, including
  the fear of childishness and the desire to be very grown up.
-- C.S. Lewis


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Compiler error ASN1

[Daniel Diaz Sanchez]

Hello to everybody,
I have a problem when implementing a simple structure using OpenSSL
Asn1. This is the problem:

When I try to implement this data structure:

A ::= SEQUENCE {
b 
CHOICE {
b1 INTEGER,
b2 INTEGER},
a1 BOOLEAN,
a2 INTEGER OPTIONAL,
a3 [0] INTEGER OPTIONAL,
a4 [1] INTEGER
}
  
I do it in the following way:

/* .h */
typedef struct B_st
{
int type ;
union {
ASN1_INTEGER *b1;
ASN1_INTEGER *b2;
}value;
}B;

typedef struct A_st
{
B *b;
ASN1_BOOLEAN *a1;
ASN1_INTEGER *a2;
ASN1_INTEGER *a3;
ASN1_INTEGER *a4;
}A;

DECLARE_ASN1_ITEM(B)
DECLARE_ASN1_ITEM(A)
DECLARE_ASN1_FUNCTIONS(B)
DECLARE_ASN1_FUNCTIONS(A)

/* .c */

ASN1_CHOICE(B) = {
ASN1_SIMPLE(B,value.b1,ASN1_INTEGER)
ASN1_SIMPLE(B,value.b2,ASN1_INTEGER) //(*1)
}ASN1_CHOICE_END(B) //(*2)

ASN1_SEQUENCE(A) = {
ASN1_EXP(A,b,B) //choice
ASN1_SIMPLE(A,a1,ASN1_BOOLEAN)
ASN1_OPT(A,a2,ASN1_INTEGER)
ASN1_IMP_OPT(A,a3,ASN1_INTEGER,0)
ASN1_IMP(A,a4,ASN1_INTEGER,1)
}ASN1_SEQUENCE_END(A)

IMPLEMENT_ASN1_FUNCTION(A)

But I obtain (using Visual Studio)

error C2059: syntax error : '{' at line (*1) and 
error C2059: syntax error : '{' at line (*2)

I'm doing it ok or there is something missing?.

Thanks!,

Regards,

--
Daniel Diaz Sanchez
Telecommunication Engineer
Researcher / Teaching Assistant
 
Dep. Ing. Telemática
Universidad Carlos III de Madrid
Av. Universidad, 30
28911 Leganés (Madrid/Spain)
Tel: (+34) 91-624-8817, Fax: -8749

Web: www.it.uc3m.es/dds
web: http://www.it.uc3m.es/pervasive
A toolkit for attribute certificates:
http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml

Mail: dds[at].it.uc3m.es
Skype: dds.it.uc3m.es



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Compiler error ASN1

[Daniel Diaz Sanchez]

;
TIME_PERIOD *periodic;
}value;
}TIME;
typedef struct TIME_SPECIFICATION_st
{
TIME *time;
ASN1_BOOLEAN notThisTime;
ASN1_INTEGER *timeZone;
}TIME_SPECIFICATION;


/* .c */

ASN1_CHOICE(NAMEDDAY) = {
ASN1_SIMPLE(NAMEDDAY,value.intNamedDays,ASN1_ENUMERATED)

ASN1_SIMPLE(NAMEDDAY,value.bitNamedDays,ASN1_BIT_STRING)--C2059
}ASN1_CHOICE_END(NAMEDDAY)-error C2059/warning C4034 sizeof returns
0 

// fatal error unable to recover from previous errors

ASN1_CHOICE(XDAYOF) = {
ASN1_EXP(XDAYOF,value.first,NAMEDDAY,0)
ASN1_EXP(XDAYOF,value.second,NAMEDDAY,1)
ASN1_EXP(XDAYOF,value.third,NAMEDDAY,2)
ASN1_EXP(XDAYOF,value.fourth,NAMEDDAY,3)
ASN1_EXP(XDAYOF,value.fifth,NAMEDDAY,4)
}ASN1_CHOICE_END(XDAYOF)

ASN1_CHOICE(MONTHS) = {
ASN1_SIMPLE(MONTHS,value.allMonths,ASN1_NULL)
ASN1_SET_OF(MONTHS,value.intMonths,ASN1_INTEGER)
ASN1_SIMPLE(MONTHS,value.bitMonths,ASN1_BIT_STRING)
}ASN1_CHOICE_END(MONTHS)

ASN1_CHOICE(WEEKS) = {
ASN1_SIMPLE(WEEKS,value.allWeeks,ASN1_NULL)
ASN1_SET_OF(WEEKS,value.intWeek,ASN1_INTEGER)
ASN1_SIMPLE(WEEKS,value.bitWeek,ASN1_BIT_STRING)
}ASN1_CHOICE_END(WEEKS)

ASN1_CHOICE(DAYS) = {
ASN1_SET_OF(DAYS,value.intDay,ASN1_INTEGER)
ASN1_SIMPLE(DAYS,value.bitDay,ASN1_BIT_STRING)
ASN1_EXP_OPT(DAYS,value.XDayOf,XDAYOF) //XDAYOF is CHOICE
}ASN1_CHOICE_END(DAYS)

ASN1_SEQUENCE(TIME_PERIOD) = {
ASN1_EXP_OPT(TIME_PERIOD,timesOfDay,DAYTIMEBAND,0) //is
CHOICE
ASN1_EXP_OPT(TIME_PERIOD,days,DAYS,1) //is CHOICE
ASN1_EXP_OPT(TIME_PERIOD,weeks,WEEKS,2) //is CHOICE
ASN1_EXP_OPT(TIME_PERIOD,months,MONTHS,3) //is CHOICE
ASN1_IMP_SET_OF_OPT(TIME_PERIOD,years,ASN1_INTEGER,4) 
}ASN1_SEQUENCE_END(TIME_PERIOD)

ASN1_SEQUENCE(TIME_ABSOLUTE) = {
ASN1_IMP_OPT(TIME_ABSOLUTE,startTime,ASN1_GENERALIZEDTIME,0)
ASN1_IMP_OPT(TIME_ABSOLUTE,endTime,ANS1_GENERALIZEDTIME,1)
}ASN1_SEQUENCE_END(TIME_ABSOLUTE)

ASN1_CHOICE(TIME) = {
ASN1_SIMPLE(TIME,value.absolute,TIME_ABSOLUTE)
ASN1_SIMPLE(TIME,value.periodic,TIME_PERIOD)
}ASN1_CHOICE_END(TIME)

ASN1_SEQUENCE(TIME_SPECIFICATION) = {
ASN1_EXP(TIME_SPECIFICATION,time,TIME)
ASN1_SIMPLE(TIME_SPECIFICATION,notThisTime,ASN1_BOOLEAN)
ASN1_OPT(TIME_SPECIFICATION,timeZone,TIMEZONE)
}ASN1_SEQUENCE_END(TIME_SPECIFICATION)


IMPLEMENT_ASN1_FUNCTION(TIME_ABSOLUTE)
IMPLEMENT_ASN1_FUNCTION(TIME)
IMPLEMENT_ASN1_FUNCTION(TIME_SPECIFICATION)
IMPLEMENT_ASN1_DUP_FUNCTION(TIME_ABSOLUTE)
IMPLEMENT_ASN1_DUP_FUNCTION(TIME)
IMPLEMENT_ASN1_DUP_FUNCTION(TIME_SPECIFICATION)

--
Daniel Diaz Sanchez
Telecommunication Engineer
Researcher / Teaching Assistant
 
Dep. Ing. Telemática
Universidad Carlos III de Madrid
Av. Universidad, 30
28911 Leganés (Madrid/Spain)
Tel: (+34) 91-624-8817, Fax: -8749

Web: www.it.uc3m.es/dds
web: http://www.it.uc3m.es/pervasive
A toolkit for attribute certificates:
http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml

Mail: dds[at].it.uc3m.es
Skype: dds.it.uc3m.es


-$  -Mensaje original-
-$  De: [EMAIL PROTECTED] [mailto:owner-openssl-
-$  [EMAIL PROTECTED] En nombre de Peter Sylvester
-$  Enviado el: martes, 17 de octubre de 2006 12:40
-$  Para: openssl-users@openssl.org
-$  Asunto: Re: Compiler error ASN1
-$  
-$  Daniel Diaz Sanchez wrote:
-$   Hello to everybody,
-$ I have a problem when implementing a simple structure using
-$  OpenSSL
-$   Asn1. This is the problem:
-$  
-$ When I try to implement this data structure:
-$  
-$ A ::= SEQUENCE {
-$ b
-$ CHOICE {
-$ b1 INTEGER,
-$ b2 INTEGER},
-$  
-$  The previous is ambiguous. use for example b2 [0] INTEGER
-$  Also, the given syntax does not say whether you are in global
-$  environment of EXPLICIT or IMPLICIT tagging. It seems
-$  that you assume IMPLICIT
-$  
-$  
-$ a1 BOOLEAN,
-$ a2 INTEGER OPTIONAL,
-$ a3 [0] INTEGER OPTIONAL,
-$ a4 [1] INTEGER
-$ }
-$  
-$ I do it in the following way:
-$  
-$ /* .h */
-$ typedef struct B_st
-$ {
-$ int type ;
-$ union {
-$ ASN1_INTEGER *b1;
-$ ASN1_INTEGER *b2;
-$ }value;
-$ }B;
-$  
-$ typedef struct A_st
-$ {
-$ B *b;
-$ ASN1_BOOLEAN *a1

RE: Compiler error ASN1

[Daniel Diaz Sanchez]

I'm sorry, I have noticed some errors. I will check them.

--
Daniel Diaz Sanchez
Telecommunication Engineer
Researcher / Teaching Assistant
 
Dep. Ing. Telemática
Universidad Carlos III de Madrid
Av. Universidad, 30
28911 Leganés (Madrid/Spain)
Tel: (+34) 91-624-8817, Fax: -8749

Web: www.it.uc3m.es/dds
web: http://www.it.uc3m.es/pervasive
A toolkit for attribute certificates:
http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml

Mail: dds[at].it.uc3m.es
Skype: dds.it.uc3m.es


-$  -Mensaje original-
-$  De: [EMAIL PROTECTED] [mailto:owner-openssl-
-$  [EMAIL PROTECTED] En nombre de Daniel Diaz Sanchez
-$  Enviado el: martes, 17 de octubre de 2006 13:03
-$  Para: openssl-users@openssl.org
-$  Asunto: RE: Compiler error ASN1
-$  
-$  Thanks for your reply,
-$  
-$  I'm in an implicit TAGS environment:
-$  
-$  AttributeCertificateDefinitions {joint-iso-itu-t ds(5) module(1)
-$attributeCertificateDefinitions(32) 5} DEFINITIONS IMPLICIT TAGS ::=
-$  BEGIN
-$  
-$  What I really want to implement is this extension, but I obtain an error
-$  in
-$  the first asn1 structure, have a look to the implementation
-$  
-$  error C2059: syntax error : '}'
-$  
-$  timeSpecification EXTENSION ::= {
-$SYNTAX TimeSpecification
-$IDENTIFIED BY  id-ce-timeSpecification
-$  }
-$  
-$  TimeSpecification ::= SEQUENCE {
-$time
-$  CHOICE {absolute
-$SEQUENCE {startTime  [0]  GeneralizedTime OPTIONAL,
-$  endTime[1]  GeneralizedTime OPTIONAL},
-$  periodic  SET OF Period},
-$notThisTime  BOOLEAN DEFAULT FALSE,
-$timeZone TimeZone OPTIONAL
-$  }
-$  
-$  Period ::= SEQUENCE {
-$timesOfDay  [0]  SET SIZE (1..MAX) OF DayTimeBand OPTIONAL,
-$days
-$  [1]  CHOICE {intDay  SET OF INTEGER,
-$   bitDay
-$ BIT STRING {sunday(0), monday(1), tuesday(2),
-$  wednesday(3),
-$ thursday(4), friday(5), saturday(6)},
-$   dayOf   XDayOf} OPTIONAL,
-$weeks
-$  [2]  CHOICE {allWeeks  NULL,
-$   intWeek   SET OF INTEGER,
-$   bitWeek
-$ BIT STRING {week1(0), week2(1), week3(2), week4(3),
-$  week5(4)}
-$} OPTIONAL,
-$months
-$  [3]  CHOICE {allMonths  NULL,
-$   intMonth   SET OF INTEGER,
-$   bitMonth
-$ BIT STRING {january(0), february(1), march(2),
-$  april(3),
-$ may(4), june(5), july(6), august(7),
-$ september(8), october(9), november(10),
-$ december(11)}} OPTIONAL,
-$years   [4]  SET OF INTEGER(1000..MAX) OPTIONAL
-$  }
-$  
-$  XDayOf ::= CHOICE {
-$first   [1]  NamedDay,
-$second  [2]  NamedDay,
-$third   [3]  NamedDay,
-$fourth  [4]  NamedDay,
-$fifth   [5]  NamedDay
-$  }
-$  
-$  NamedDay ::= CHOICE {
-$intNamedDays
-$  ENUMERATED {sunday(1), monday(2), tuesday(3), wednesday(4),
-$  thursday(5),
-$  friday(6), saturday(7)},
-$bitNamedDays
-$  BIT STRING {sunday(0), monday(1), tuesday(2), wednesday(3),
-$  thursday(4),
-$  friday(5), saturday(6)}
-$  }
-$  
-$  DayTimeBand ::= SEQUENCE {
-$startDayTime  [0]  DayTime DEFAULT {hour 0},
-$endDayTime[1]  DayTime DEFAULT {hour 23, minute 59, second 59}
-$  }
-$  
-$  DayTime ::= SEQUENCE {
-$hour[0]  INTEGER(0..23),
-$minute  [1]  INTEGER(0..59) DEFAULT 0,
-$second  [2]  INTEGER(0..59) DEFAULT 0
-$  }
-$  
-$  TimeZone ::= INTEGER(-12..12)
-$  
-$  
-$  
-$  My implementation is in the following way, the places where I obtain the
-$  error are marked with C2059
-$  
-$  /* .h */
-$  
-$  typedef struct NAMEDDAY_st
-$  {
-$  int type;
-$  union{
-$  ASN1_ENUMERATED *intNamedDays;
-$  ASN1_BIT_STRING *bitNamedDays;
-$  }value;
-$  }NAMEDDAY;
-$  
-$  typedef struct XDAYOF_st
-$  {
-$  int type;
-$  union{
-$  NAMEDDAY *first;
-$  NAMEDDAY *second;
-$  NAMEDDAY *third;
-$  NAMEDDAY *fourth;
-$  NAMEDDAY *fifth;
-$  }value;
-$  }XDAYOF;
-$  
-$  typedef struct DAYTIME_st
-$  {
-$  ASN1_INTEGER *hour;
-$  ASN1_INTEGER *minute;
-$  ASN1_INTEGER *second;
-$  }DAYTIME;
-$  
-$  typedef struct DAYTIMEBAND_st
-$  {
-$  DAYTIME *startDayTime;
-$  DAYTIME *endDayTime;
-$  }DAYTIMEBAND;
-$  
-$  typedef struct DAYS_st
-$  {
-$  int type;
-$  union{
-$  STACK_OF(ASN1_INTEGER) *intDay;
-$  ASN1_BIT_STRING *bitDay;
-$  XDAYOF *dayOf;
-$  }value;
-$  }DAYS

ITU X509/ RFC 3281 Attribute Certificates API Beta

[Daniel Diaz Sanchez]

Hello,

Some source code to generate attribute certificates using OpenSSL can be
found at: 

http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml   


It has been tested with some versions of OpenSSL and works with all of them
including the latest release 0.9.8d.


I hope you will find it useful,

Regards,

--
Daniel Diaz Sanchez
Telecommunication Engineer
Researcher / Teaching Assistant
 
Dep. Ing. Telemática
Universidad Carlos III de Madrid
Av. Universidad, 30
28911 Leganés (Madrid/Spain)
Tel: (+34) 91-624-8817, Fax: -8749

Web: http://www.it.uc3m.es/dds
web: http://www.it.uc3m.es/pervasive

Mail: dds[at].it.uc3m.es
Skype: dds.it.uc3m.es




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Plataforms

[Daniel Diaz Sanchez]

If you need OpenSSL for windows Mobile 2003 visit:

http://rubinstein.gast.it.uc3m.es/research/dds/

we are working in Windows mobile 5.0 and also in Symbian.

Regards

--
Daniel Diaz Sanchez
Telecommunication Engineer
Researcher / Teaching Assistant
 
Dep. Ing. Telemática
Universidad Carlos III de Madrid
Av. Universidad, 30
28911 Leganés (Madrid/Spain)
Tel: (+34) 91-624-8817, Fax: -8749

Web: www.it.uc3m.es/dds
web: http://www.it.uc3m.es/pervasive

Mail: dds[at].it.uc3m.es
Skype: dds.it.uc3m.es



De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
En nombre de Eduardo Luiz
Enviado el: lunes, 09 de octubre de 2006 6:45
Para: openssl-users@openssl.org
Asunto: Plataforms

Does anybody knows if exists any implementation of openSSL on the following
plataforms:
Symbian
Brew
Windows CE
Java ME
If it exists, can you send me it or say to me where i can get?

Thanks!

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: open ssl configuration with .net

[Daniel Diaz Sanchez]

Hello, 

Have a look to 
http://sourceforge.net/projects/openssl-net

This link was submitted to the OpenSSL list by Frank Laub on 03/19/2006

Bye

Dani

--
Daniel Diaz Sanchez
Telecommunication Engineer
Researcher / Teaching Assistant
 
Dep. Ing. Telemática
Universidad Carlos III de Madrid
Av. Universidad, 30
28911 Leganés (Madrid/Spain)
Tel: (+34) 91-624-8817, Fax: -8749

Web: www.it.uc3m.es/dds
web: http://www.it.uc3m.es/pervasive

Mail: dds[at].it.uc3m.es
Skype: dds.it.uc3m.es

-$  -Mensaje original-
-$  De: [EMAIL PROTECTED] [mailto:owner-openssl-
-$  [EMAIL PROTECTED] En nombre de bhanu_rao
-$  Enviado el: lunes, 09 de octubre de 2006 7:11
-$  Para: openssl-users@openssl.org
-$  Asunto: Re: open ssl configuration with .net
-$  
-$  
-$  Hi all,
-$  Havent recieve any reply,why?
-$  I earilar also send some querry but nobody answer that time also,
-$  So please give me some answer or tell me place where I get those
-$  answers.
-$  
-$  
-$  
-$  bhanu_rao wrote:
-$  
-$   Hi friends,
-$  
-$Can any body tell me ,how can we configure the openssl with .net
-$  web
-$   applications.
-$  
-$   Thanks in Advance!!!
-$  
-$  
-$  
-$  
-$  --
-$  View this message in context: http://www.nabble.com/open-ssl-
-$  configuration-with-.net-tf2395392.html#a6711779
-$  Sent from the OpenSSL - User mailing list archive at Nabble.com.
-$  
-$  __
-$  OpenSSL Project http://www.openssl.org
-$  User Support Mailing Listopenssl-users@openssl.org
-$  Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RV: Attribute Certificate with OpenSSL?

[Daniel Diaz Sanchez]

 of the necessary structures:
*
• int X509AC_set_GENERAL_NAME_name(GENERAL_NAMES *gens, X509_NAME *name)
Introduce a X509_NAME into a GENERAL_NAMES structure.

• int X509AC_set_baseCertID_name(X509AC_ISSUER_SERIAL *bci, X509_NAME *name)
Introduce a X509_NAME into a BaseCertId structure.

• int X509AC_set_baseCertID_serial(X509AC_ISSUER_SERIAL *bci, ASN1_INTEGER
*serial)
Introduce the serial number into a BaseCertId structure.

• int X509AC_set_baseCertID_issuerUniqueID(X509AC_ISSUER_SERIAL *bci,
ASN1_BIT_STRING *uid)
Introduce a unique id into a BaseCertId structure.

Attribute functions
***
• X509_ATTRIBUTE * X509AC_get_attr( X509AC *a, int idx )
Get the X509_ATTRIBUTE that occupies the position idx in the stack.
• int X509AC_add_attribute_by_NID(X509AC *a, int nid, int atrtype,
void *value)
Create and add an attribute based in its NID.

• int X509AC_add_attribute(X509AC *a, X509_ATTRIBUTE *attr)

• int X509AC_add_X509_ATTRIBUTE(X509AC *a, X509_ATTRIBUTE *attr)
Add an attribute to the stack in the attribute certificate.

• ASN1_TYPE *X509AC_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
Get a pointer to the ASN1_TYPE structure of the first attribute value of the
attribute placed in the position idx.

• void *X509AC_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int
atrtype, void *data)
Get a pointer to the data of the first attribute value of the attribute
placed in the position idx.

• int X509AC_get_attributecount(X509AC *a)
Get the attribute count present in a attribute certificate.

Extensions:
***
• int X509AC_add_extension(X509AC *a, X509_EXTENSION *ex, int loc)
Add a X509_EXTENSION to the certificate X509_EXTENSION stack.

Signature
*

• int X509AC_sign_rsa(X509AC *a, RSA *rsa, EVP_MD *md)
• int X509AC_sign_pkey(X509AC *a, EVP_PKEY *pkey, EVP_MD *md)
These functions sign the attribute certificate using a RSA key or a
EVP_PKEY.

Presentation


• void X509AC_print(X509AC *ac)
Prints to stdout the information present in a attribute certificate.

• int GENERAL_NAMES_print(FILE *out, GENERAL_NAMES *gens)
• int GENERAL_NAME_print(FILE *out, GENERAL_NAME *gen)

Other:
**

int X509AC_X509_NAME_dup(X509_NAME **xn, X509_NAME *name)



--
Daniel Diaz Sanchez
Telecommunication Engineer
Researcher / Teaching Assistant
 
Dep. Ing. Telemática
Universidad Carlos III de Madrid
Av. Universidad, 30
28911 Leganés (Madrid/Spain)
Tel: (+34) 91-624-8817, Fax: -8749
Web: www.it.uc3m.es/dds
web: http://www.it.uc3m.es/pervasive
Mail: dds[at].it.uc3m.es
Skype: dds.it.uc3m.es


-Mensaje original-
De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
En nombre de Mouse
Enviado el: jueves, 14 de septiembre de 2006 15:49
Para: openssl-users@openssl.org
Asunto: RE: Attribute Certificate with OpenSSL?

First - thank you!  At least it was something.

I went through the Web sit and the code distro itself.

Web site shows how to use their command x509AT. Great.
There's no AT-related README though, no documentation, no edits or
patch-format changes. Thus hard to figure out the scope of changes involved.
The Web page states that it is beta code. References to Lopez and Montenegro
pages are dead. I.e. dead unmaintained project.

So OpenSSL did not pick the Attribute Certificate extensions that Lopez and
Montenegro added? Is there an alternative distro supporting AT? Is there
(official?) work going on on (cleanly :-) adding support for Attribute
Certs to OpenSSL?

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of Saurabh Arora
 Sent: Wednesday, September 13, 2006 17:58
 To: openssl-users@openssl.org
 Subject: Re: Attribute Certificate with OpenSSL?
 
 On 9/14/06, Mouse [EMAIL PROTECTED] wrote:
  Did anybody use OpenSSL successfully for creating and processing 
  Attribute Certificates?
 
 very much .. chek dis link..  http://openpmi.sourceforge.net/
 
  Is there any helpful HOWTO or TFM?
 
 download openssl distro(patched to support AC) frm d same link.
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   
 [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Attribute Certificate with OpenSSL?

[Daniel Diaz Sanchez]

Hello, 

I developed a beta API code for OpenSSL that may help you. Find enclosed a
pdf document with the description. Tell me if you are interested or anybody
wants to help me to improve it. Take into account that is a very very beta
code.

Apart from that, Jose Antonio Montenegro and Javier Lopez from Malaga
University have been working on authorization for a very long time with very
good results. I think that OpenPMI is not an unmaintained project.

Try to contact the authors through 

http://www.lcc.uma.es/LCC?-f=indexlang.lcc-l=english


Regards,

Daniel

--
Daniel Diaz Sanchez
Telecommunication Engineer
Researcher / Teaching Assistant
 
Dep. Ing. Telemática
Universidad Carlos III de Madrid
Av. Universidad, 30
28911 Leganés (Madrid/Spain)
Tel: (+34) 91-624-8817, Fax: -8749
Web: www.it.uc3m.es/dds
web: http://www.it.uc3m.es/pervasive
Mail: dds[at].it.uc3m.es
Skype: dds.it.uc3m.es


-Mensaje original-
De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
En nombre de Mouse
Enviado el: jueves, 14 de septiembre de 2006 15:49
Para: openssl-users@openssl.org
Asunto: RE: Attribute Certificate with OpenSSL?

First - thank you!  At least it was something.

I went through the Web sit and the code distro itself.

Web site shows how to use their command x509AT. Great.
There's no AT-related README though, no documentation, no edits or
patch-format changes. Thus hard to figure out the scope of changes involved.
The Web page states that it is beta code. References to Lopez and Montenegro
pages are dead. I.e. dead unmaintained project.

So OpenSSL did not pick the Attribute Certificate extensions that Lopez and
Montenegro added? Is there an alternative distro supporting AT? Is there
(official?) work going on on (cleanly :-) adding support for Attribute
Certs to OpenSSL?

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of Saurabh Arora
 Sent: Wednesday, September 13, 2006 17:58
 To: openssl-users@openssl.org
 Subject: Re: Attribute Certificate with OpenSSL?
 
 On 9/14/06, Mouse [EMAIL PROTECTED] wrote:
  Did anybody use OpenSSL successfully for creating and processing 
  Attribute Certificates?
 
 very much .. chek dis link..  http://openpmi.sourceforge.net/
 
  Is there any helpful HOWTO or TFM?
 
 download openssl distro(patched to support AC) frm d same link.
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   
 [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]


Attribute Certificates APIs.pdf
Description: Adobe PDF document

RE: 3rd time request... PLEASE help! Phone cert creation

[Daniel Diaz Sanchez]

Hi,



CryptoAPI
is the security API of Microsoft. If you are using a Pocket PC or SmartPhone
you can use a subset of functions of that API (that is completely supported on
NT). You can have a look to openssl-dev and will find a message from me giving
support to build OpenSSL for Pocket PC or Windows Mobile 2003 with full access
to the openssl.exe application by using a console on the device (a little difficult
to use with the Soft Input Panel but ok to have openssl everywhere).



For
your concrete problem may you can ask in a Motorola forum or to anybody who
knows flex operating system (the one from Motorola).



Daniel
Díaz 



[EMAIL PROTECTED]











De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] En
nombre de David Templar
Enviado el: martes, 12 de julio de
2005 20:01
Para: openssl-users@openssl.org
Asunto: Re: 3rd time request...
PLEASE help! Phone cert creation





Thanks, it does
help a bit... could you tell me about the cryptoapi program?

But I will say that it is not a smartphone. It uses standard motorola
software and its jce package All I really need to do is convert my standard
certs to the motman.crt file I had attached. I have tried everything else -
including using the windows sdk to create certificates. Importing certificates
on motorola can only be done by manually placing the certificate in the x509
directory - hence the need to be able to generate a certificate that complies
with the format.

The reason why I am posting here is because openssl (I have been using for many
years) comes with cert creation abilities - it has helped me for many years
with PC java!

Also, I was hoping I would be able to ask many crypto experts on the forum!

RGDS

David
Pablo J Royo wrote: 

I suppose this is not the right forum to ask for Smartphone issues.Anyway, here:http://www.jacco2.dds.nl/networking/crtimprt.htmlmay be you could find a way to do what you need , a little idea or maybesomething more.He explains how to import a *personal* certificate and a CA certificate on aPocketPC, running Windows Mobile 2003.I have tryed the same on a Windows 2002 Smartphone and it doesn't work, butI think it could work on windows Mobile 2003, becuse it worked in myPocketPC PDA.You could also try to use a little CryptoAPI program for that. Again ,Isuspect this is not the right forum  ;-).Hope this helps- Original Message -From: David Templar [EMAIL PROTECTED]To: openssl-users@openssl.orgSent: Tuesday, July 12, 2005 5:49 PMSubject: 3rd time request... PLEASE help! Phone cert creation  

Hi all,I am really stuck and have tried all I can - I really need your help togenerate a software publishing certificate and its root cert to installon motorola phones.I am enclosing a copy of an already existing cert on the phone. Itappears to be a V4 x509 cert - I could be wrong though. The phone doesnot seem to accept any certificates I have currently generated. Someonesaid to delete the first 2 octets, using that I can read the file now,but how do I generate a certificate like it?? The certificate is calledmotman.crt, but I have attached it as motman.txt as the openssly postingdoes not allow .crt extensions.The certificate I have enclosed is new to me, and myself as well asothers are having a problem working out what it is...Please tell me how to create my own certificates like it either usingopenssl or any other tool.Your help is really needed and appreciated - even if you cannot help,please tell me where I can get some help...Thanks in advance,David    

  





0,



©0,[1]' 



[1][1][1]0 *?H?÷0y1 0 



U



[1]US10



U



Illinois10



U



    

Libertyville10



U



  

 Motorola Inc1 0



U



 



PCS10



U







Motorola Java CA400‑03082107Z18082107Z01 0    





U



[1]US10



U



Illinois10



U



 Libertyville10



U



  

 Motorola Inc1 0



U



 



PCS1!0­



U







Manufacturer Domain 40-10,0 *?H?÷



,0,[1],©ºAJ^ÇòÑ-,øæ=2    

ѽv­¨#pË



¿T9×~.(Ø[EMAIL PROTECTED](ãL¥_,ì?á7?=CÏ:¶Ø¦åv­ñ¨s?wì!¯`[1]2ÂT©õ˹yøí­SÞä%ôB [EMAIL PROTECTED]r';µ46wëȪq?³Sr[êe¡Þ± ­/¬qyâÿEýBo‑«ò?gçùsͺ§.o­f]iïÏ­Ð8O¤a,ÁâZ×ZMá¡[1]YùÅTs\G 1~71#¸æß?.éÃÕìÕ'+



Éǝ .Ù-s :Ðfg¿h´ÙÛAP-²¸§¼fýzQmQbåÆpA¯?#o»Sþã»Ïø¶fôêïfí®iqKlò«½¨*O
5,vÝhq?­BZß¿O,ºmÓU~?fupþÏ0G¹-ÀfåJ4à,­æ/[1]Îòú ¤è»f~1½TϧþÇQÜ,°m?õ÷Z?°)ú ¡®9¢³Hµ®_έL9¯kãna¹W½ÚêGÛ Ù²»è0¥K0ûñyl:¿Ã-_¿b0__OpenSSL Project     http://www.openssl.orgUser Support Mailing List    openssl-users@openssl.orgAutomated List Manager   [EMAIL PROTECTED]