Linux version of Attribute certificate API
Hello, I have compiled the Attribute Certificate API on Linux and it is working with OpenSSL 0.9.8a (I didn't check other versions) The source can be downloaded at http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml There are 3 versions: Version 0.1 (Windows only) Version 0.1 (Linux/Windows) some minor changes to the Windows version (types and casts). It should work in windows also. Version 0.2 (Windows) Includes some bugfixes and new functions to assist the issuing process. Those new functions can be personalized using callbacks. New functions are not yet covered by documentation. I will try to move version 0.2 to Linux and also to finish the verifier for version 0.3 (if I have some spare time) Regards, Daniel -- Daniel Diaz Sanchez Telecommunication Engineer Researcher / Teaching Assistant Dep. Ing. Telemática Universidad Carlos III de Madrid Av. Universidad, 30 28911 Leganés (Madrid/Spain) Tel: (+34) 91-624-6233, Fax: -8749 Web: www.it.uc3m.es/dds web: http://www.it.uc3m.es/pervasive A toolkit for attribute certificates: http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml Mail: dds[at].it.uc3m.es Skype: dds.it.uc3m.es __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Linux version of Attribute certificate API
-- -name(GNs):DirName: /C=ES/ST=Madrid/L=Leganes/O=Universidad Carlos III/CN=SoA/[EMAIL PROTECTED] -serial(INT):e3:1e:d2:8b:a0:60:53:2f: -issuerUniqueID(INT):NULL Holder Information -- Holder BaseCertID: -name(GNs):DirName: /C=es/ST=Madrid/L=Leganes/O=Universidad Carlos III/CN=User/[EMAIL PROTECTED] -serial(INT):bd:a6:37:3d:db:9e:37:89: -issuerUniqueID(INT):NULL Validity Valid not before: 20070608185543Z Valid not after: 20070615185543Z Attribute information - Number of attributes: 4 Attribute Number: 0 Attribute NID: 354 , Name: id-aca-authenticationInfo Service Authentication Information Attribute syntax SvceAuthInfo Consumed by the target application not the AC verifier Multiple values allowed : yes Values: 2 Printing value: 0 -- Ident information : Present DirName: /C=es/ST=Madrid/L=Leganes/O=Universidad Carlos III/CN=User/[EMAIL PROTECTED] Service information : Present DirName: /C=ES/ST=Madrid/L=Getafe/O=Universidad Carlos III de Madrid/OU=Library/CN=Catalog Auth Info : Not present Printing value: 1 -- Ident information : Present DirName: /C=es/ST=Madrid/L=Leganes/O=Universidad Carlos III/CN=User/[EMAIL PROTECTED] Service information : Present DirName: /C=ES/ST=Madrid/L=Leganes/O=Universidad Carlos III de Madrid/OU=Departamento Ingenieria Telematica/CN=Servicio de correo electronico Auth Info : Not present Attribute Number: 1 Attribute NID: 355 , Name: id-aca-accessIdentity Access Identity Attribute syntax SvceAuthInfo without AuthInfo Consumed by the AC verifier to authorise Multiple values allowed : yes Values: 1 Printing value: 0 -- Ident information : Present DirName: /C=es/ST=Madrid/L=Leganes/O=Universidad Carlos III/CN=User/[EMAIL PROTECTED] Service information : Present DirName: /C=ES/ST=Madrid/L=Leganes/O=Universidad Carlos III de Madrid/OU=Departamento Ingenieria Telematica/CN=Servicio de correo electronico Auth Info : Not present... it should be not present! Attribute Number: 2 Attribute NID: 356 , Name: id-aca-chargingIdentity Charging Identity Attribute syntax IetfAttrSyntax Consumed by the AC verifier to authorise Multiple values allowed : no Values: 1 Printing value: 0 -- Policy Authority information : Present DirName: /C=es/ST=Madrid/L=Leganes/O=Universidad Carlos III/CN=User/[EMAIL PROTECTED] Type of info : V_ASN1_OCTET_STRING 0x530x6f0x6d0x650x200x640x610x740x610x200x740x6f0x200x610x640x640x200x740x6f 0x2e0x2e0x2e0x2e0x2e Attribute Number: 3 Attribute NID: 400 , Name: role Role Attribute syntax RoleSyntax Consumed by the AC verifier Multiple values allowed : yes Values: 1 Printing value: 0 -- roleAuthority [Optional] : Present roleName [MUST|URN]: URI:it.uc3m.es:administrator Extensions: Number of extensions present : 1 NID: 287, ac-auditEntity Critical: Yes Data:61:75:64:69:74:2d:69:6e:66:6f: Signature: Signature Algorithm: sha1WithRSAEncryption 0e:40:4f:85:72:a2:15:ef:3c:f9:c3:54:74:64:bf:6e:e7:b3: 14:21:70:22:50:fa:16:73:a7:dc:8c:8b:e8:41:1c:ae:90:df: 6d:11:1f:24:1a:57:5c:b3:8f:ba:51:70:c3:fa:13:16:4a:30: 3e:4b:63:dd:46:ae:f2:9e:47:01:b4:17:4b:00:26:9c:e4:5b: ef:f1:bc:72:63:a4:f1:bf:ec:7b:f0:27:76:4e:24:bb:63:06: 3c:67:f4:bc:f3:62:ce:53:94:ad:41:4c:36:11:9c:21:a2:f7: e5:2d:7f:6c:6e:7b:e4:4b:ed:22:4f:de:80:d8:8c:61:20:ce: d0:c3 -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Daniel Diaz Sanchez Enviado el: viernes, 08 de junio de 2007 15:50 Para: openssl-users@openssl.org; [EMAIL PROTECTED] Asunto: Linux version of Attribute certificate API Hello, I have compiled the Attribute Certificate API on Linux and it is working with OpenSSL 0.9.8a (I didn't check other versions) The source can be downloaded at http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml There are 3 versions: Version 0.1 (Windows only) Version 0.1 (Linux/Windows) some minor changes to the Windows version (types
RE: ITU X509/ RFC 3281 Attribute Certificates API Beta
Hello, We have been working in AC also, the API published in the website is older. Please, have a look to the latest one: http://www.it.uc3m.es/dds/swRelease/pmi/ACv2.zip This new software, also in beta stage, provides also a tool for issuing attribute certificates in a very simple way, there is also a possibility to define profiles and so on... Please, have a look to the link above these lines, there is also a demo program that issues 4 different types of attribute certificates: 1.- Attribute assignment certificate: assigns attributes to a holder 2.- Attribute definition certificate: defines an attribute, syntax policies, domination rules... 3.- Role assignment certificate: assigns a role to an entity 4.- Role definition: defines what a given role can do. We hope our code can fit in openssl once debugged and tested :) Regards, Daniel -- Daniel Diaz Sanchez Telecommunication Engineer Researcher / Teaching Assistant Dep. Ing. Telemática Universidad Carlos III de Madrid Av. Universidad, 30 28911 Leganés (Madrid/Spain) Tel: (+34) 91-624-8817, Fax: -8749 Web: www.it.uc3m.es/dds web: http://www.it.uc3m.es/pervasive A toolkit for attribute certificates: http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml Mail: dds[at].it.uc3m.es Skype: dds.it.uc3m.es -Mensaje original- De: [EMAIL PROTECTED] [mailto:owner-openssl- [EMAIL PROTECTED] En nombre de Vincenzo Sciarra Enviado el: sábado, 25 de noviembre de 2006 8:55 Para: openssl-users@openssl.org Asunto: Re: ITU X509/ RFC 3281 Attribute Certificates API Beta I'm workingon AC, but there is very few implementation. Only the new API can help you for a little. It's not yet time for AC bye 2006/11/24, Richard Levitte - VMS Whacker [EMAIL PROTECTED]: In message [EMAIL PROTECTED] on Tue, 10 Oct 2006 11:35:30 +0200, Daniel Diaz Sanchez [EMAIL PROTECTED] said: dds Hello, dds dds Some source code to generate attribute certificates using OpenSSL can be dds found at: dds dds http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml dds dds It has been tested with some versions of OpenSSL and works with all of them dds including the latest release 0.9.8d. Hello, I've just had reasons to get interested in ACs, and I'm pleased it's been discussed already fairly recently. I'm really looking for something that could be included into OpenSSL propper, and as far as I've seen, there's your code, which could probably be retrofitted into OpenSSL, and there's the OpenPMI patch, which might come with a license incompatibility problem (they use AFL). Choices, choices... Any help in that direction would be appreciated. Cheers, Richard - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up. -- C.S. Lewis __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Vincenzo Sciarra __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: ITU X509/ RFC 3281 Attribute Certificates API Beta
Hello, Te API in the web site is really old. I can provide a new one for your consideration. Please, have a look to the latest one: http://www.it.uc3m.es/dds/swRelease/pmi/ACv2.zip We can work all together in the same direction :) Regards, Daniel -- Daniel Diaz Sanchez Telecommunication Engineer Researcher / Teaching Assistant Dep. Ing. Telemática Universidad Carlos III de Madrid Av. Universidad, 30 28911 Leganés (Madrid/Spain) Tel: (+34) 91-624-8817, Fax: -8749 Web: www.it.uc3m.es/dds web: http://www.it.uc3m.es/pervasive A toolkit for attribute certificates: http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml Mail: dds[at].it.uc3m.es Skype: dds.it.uc3m.es -Mensaje original- De: Richard Levitte - VMS Whacker [mailto:[EMAIL PROTECTED] Enviado el: viernes, 24 de noviembre de 2006 20:40 Para: openssl-users@openssl.org; [EMAIL PROTECTED] CC: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Asunto: Re: ITU X509/ RFC 3281 Attribute Certificates API Beta In message [EMAIL PROTECTED] on Tue, 10 Oct 2006 11:35:30 +0200, Daniel Diaz Sanchez [EMAIL PROTECTED] said: dds Hello, dds dds Some source code to generate attribute certificates using OpenSSL can be dds found at: dds dds http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml dds dds It has been tested with some versions of OpenSSL and works with all of them dds including the latest release 0.9.8d. Hello, I've just had reasons to get interested in ACs, and I'm pleased it's been discussed already fairly recently. I'm really looking for something that could be included into OpenSSL propper, and as far as I've seen, there's your code, which could probably be retrofitted into OpenSSL, and there's the OpenPMI patch, which might come with a license incompatibility problem (they use AFL). Choices, choices... Any help in that direction would be appreciated. Cheers, Richard - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up. -- C.S. Lewis __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Compiler error ASN1
Hello to everybody, I have a problem when implementing a simple structure using OpenSSL Asn1. This is the problem: When I try to implement this data structure: A ::= SEQUENCE { b CHOICE { b1 INTEGER, b2 INTEGER}, a1 BOOLEAN, a2 INTEGER OPTIONAL, a3 [0] INTEGER OPTIONAL, a4 [1] INTEGER } I do it in the following way: /* .h */ typedef struct B_st { int type ; union { ASN1_INTEGER *b1; ASN1_INTEGER *b2; }value; }B; typedef struct A_st { B *b; ASN1_BOOLEAN *a1; ASN1_INTEGER *a2; ASN1_INTEGER *a3; ASN1_INTEGER *a4; }A; DECLARE_ASN1_ITEM(B) DECLARE_ASN1_ITEM(A) DECLARE_ASN1_FUNCTIONS(B) DECLARE_ASN1_FUNCTIONS(A) /* .c */ ASN1_CHOICE(B) = { ASN1_SIMPLE(B,value.b1,ASN1_INTEGER) ASN1_SIMPLE(B,value.b2,ASN1_INTEGER) //(*1) }ASN1_CHOICE_END(B) //(*2) ASN1_SEQUENCE(A) = { ASN1_EXP(A,b,B) //choice ASN1_SIMPLE(A,a1,ASN1_BOOLEAN) ASN1_OPT(A,a2,ASN1_INTEGER) ASN1_IMP_OPT(A,a3,ASN1_INTEGER,0) ASN1_IMP(A,a4,ASN1_INTEGER,1) }ASN1_SEQUENCE_END(A) IMPLEMENT_ASN1_FUNCTION(A) But I obtain (using Visual Studio) error C2059: syntax error : '{' at line (*1) and error C2059: syntax error : '{' at line (*2) I'm doing it ok or there is something missing?. Thanks!, Regards, -- Daniel Diaz Sanchez Telecommunication Engineer Researcher / Teaching Assistant Dep. Ing. Telemática Universidad Carlos III de Madrid Av. Universidad, 30 28911 Leganés (Madrid/Spain) Tel: (+34) 91-624-8817, Fax: -8749 Web: www.it.uc3m.es/dds web: http://www.it.uc3m.es/pervasive A toolkit for attribute certificates: http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml Mail: dds[at].it.uc3m.es Skype: dds.it.uc3m.es __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Compiler error ASN1
; TIME_PERIOD *periodic; }value; }TIME; typedef struct TIME_SPECIFICATION_st { TIME *time; ASN1_BOOLEAN notThisTime; ASN1_INTEGER *timeZone; }TIME_SPECIFICATION; /* .c */ ASN1_CHOICE(NAMEDDAY) = { ASN1_SIMPLE(NAMEDDAY,value.intNamedDays,ASN1_ENUMERATED) ASN1_SIMPLE(NAMEDDAY,value.bitNamedDays,ASN1_BIT_STRING)--C2059 }ASN1_CHOICE_END(NAMEDDAY)-error C2059/warning C4034 sizeof returns 0 // fatal error unable to recover from previous errors ASN1_CHOICE(XDAYOF) = { ASN1_EXP(XDAYOF,value.first,NAMEDDAY,0) ASN1_EXP(XDAYOF,value.second,NAMEDDAY,1) ASN1_EXP(XDAYOF,value.third,NAMEDDAY,2) ASN1_EXP(XDAYOF,value.fourth,NAMEDDAY,3) ASN1_EXP(XDAYOF,value.fifth,NAMEDDAY,4) }ASN1_CHOICE_END(XDAYOF) ASN1_CHOICE(MONTHS) = { ASN1_SIMPLE(MONTHS,value.allMonths,ASN1_NULL) ASN1_SET_OF(MONTHS,value.intMonths,ASN1_INTEGER) ASN1_SIMPLE(MONTHS,value.bitMonths,ASN1_BIT_STRING) }ASN1_CHOICE_END(MONTHS) ASN1_CHOICE(WEEKS) = { ASN1_SIMPLE(WEEKS,value.allWeeks,ASN1_NULL) ASN1_SET_OF(WEEKS,value.intWeek,ASN1_INTEGER) ASN1_SIMPLE(WEEKS,value.bitWeek,ASN1_BIT_STRING) }ASN1_CHOICE_END(WEEKS) ASN1_CHOICE(DAYS) = { ASN1_SET_OF(DAYS,value.intDay,ASN1_INTEGER) ASN1_SIMPLE(DAYS,value.bitDay,ASN1_BIT_STRING) ASN1_EXP_OPT(DAYS,value.XDayOf,XDAYOF) //XDAYOF is CHOICE }ASN1_CHOICE_END(DAYS) ASN1_SEQUENCE(TIME_PERIOD) = { ASN1_EXP_OPT(TIME_PERIOD,timesOfDay,DAYTIMEBAND,0) //is CHOICE ASN1_EXP_OPT(TIME_PERIOD,days,DAYS,1) //is CHOICE ASN1_EXP_OPT(TIME_PERIOD,weeks,WEEKS,2) //is CHOICE ASN1_EXP_OPT(TIME_PERIOD,months,MONTHS,3) //is CHOICE ASN1_IMP_SET_OF_OPT(TIME_PERIOD,years,ASN1_INTEGER,4) }ASN1_SEQUENCE_END(TIME_PERIOD) ASN1_SEQUENCE(TIME_ABSOLUTE) = { ASN1_IMP_OPT(TIME_ABSOLUTE,startTime,ASN1_GENERALIZEDTIME,0) ASN1_IMP_OPT(TIME_ABSOLUTE,endTime,ANS1_GENERALIZEDTIME,1) }ASN1_SEQUENCE_END(TIME_ABSOLUTE) ASN1_CHOICE(TIME) = { ASN1_SIMPLE(TIME,value.absolute,TIME_ABSOLUTE) ASN1_SIMPLE(TIME,value.periodic,TIME_PERIOD) }ASN1_CHOICE_END(TIME) ASN1_SEQUENCE(TIME_SPECIFICATION) = { ASN1_EXP(TIME_SPECIFICATION,time,TIME) ASN1_SIMPLE(TIME_SPECIFICATION,notThisTime,ASN1_BOOLEAN) ASN1_OPT(TIME_SPECIFICATION,timeZone,TIMEZONE) }ASN1_SEQUENCE_END(TIME_SPECIFICATION) IMPLEMENT_ASN1_FUNCTION(TIME_ABSOLUTE) IMPLEMENT_ASN1_FUNCTION(TIME) IMPLEMENT_ASN1_FUNCTION(TIME_SPECIFICATION) IMPLEMENT_ASN1_DUP_FUNCTION(TIME_ABSOLUTE) IMPLEMENT_ASN1_DUP_FUNCTION(TIME) IMPLEMENT_ASN1_DUP_FUNCTION(TIME_SPECIFICATION) -- Daniel Diaz Sanchez Telecommunication Engineer Researcher / Teaching Assistant Dep. Ing. Telemática Universidad Carlos III de Madrid Av. Universidad, 30 28911 Leganés (Madrid/Spain) Tel: (+34) 91-624-8817, Fax: -8749 Web: www.it.uc3m.es/dds web: http://www.it.uc3m.es/pervasive A toolkit for attribute certificates: http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml Mail: dds[at].it.uc3m.es Skype: dds.it.uc3m.es -$ -Mensaje original- -$ De: [EMAIL PROTECTED] [mailto:owner-openssl- -$ [EMAIL PROTECTED] En nombre de Peter Sylvester -$ Enviado el: martes, 17 de octubre de 2006 12:40 -$ Para: openssl-users@openssl.org -$ Asunto: Re: Compiler error ASN1 -$ -$ Daniel Diaz Sanchez wrote: -$ Hello to everybody, -$ I have a problem when implementing a simple structure using -$ OpenSSL -$ Asn1. This is the problem: -$ -$ When I try to implement this data structure: -$ -$ A ::= SEQUENCE { -$ b -$ CHOICE { -$ b1 INTEGER, -$ b2 INTEGER}, -$ -$ The previous is ambiguous. use for example b2 [0] INTEGER -$ Also, the given syntax does not say whether you are in global -$ environment of EXPLICIT or IMPLICIT tagging. It seems -$ that you assume IMPLICIT -$ -$ -$ a1 BOOLEAN, -$ a2 INTEGER OPTIONAL, -$ a3 [0] INTEGER OPTIONAL, -$ a4 [1] INTEGER -$ } -$ -$ I do it in the following way: -$ -$ /* .h */ -$ typedef struct B_st -$ { -$ int type ; -$ union { -$ ASN1_INTEGER *b1; -$ ASN1_INTEGER *b2; -$ }value; -$ }B; -$ -$ typedef struct A_st -$ { -$ B *b; -$ ASN1_BOOLEAN *a1
RE: Compiler error ASN1
I'm sorry, I have noticed some errors. I will check them. -- Daniel Diaz Sanchez Telecommunication Engineer Researcher / Teaching Assistant Dep. Ing. Telemática Universidad Carlos III de Madrid Av. Universidad, 30 28911 Leganés (Madrid/Spain) Tel: (+34) 91-624-8817, Fax: -8749 Web: www.it.uc3m.es/dds web: http://www.it.uc3m.es/pervasive A toolkit for attribute certificates: http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml Mail: dds[at].it.uc3m.es Skype: dds.it.uc3m.es -$ -Mensaje original- -$ De: [EMAIL PROTECTED] [mailto:owner-openssl- -$ [EMAIL PROTECTED] En nombre de Daniel Diaz Sanchez -$ Enviado el: martes, 17 de octubre de 2006 13:03 -$ Para: openssl-users@openssl.org -$ Asunto: RE: Compiler error ASN1 -$ -$ Thanks for your reply, -$ -$ I'm in an implicit TAGS environment: -$ -$ AttributeCertificateDefinitions {joint-iso-itu-t ds(5) module(1) -$attributeCertificateDefinitions(32) 5} DEFINITIONS IMPLICIT TAGS ::= -$ BEGIN -$ -$ What I really want to implement is this extension, but I obtain an error -$ in -$ the first asn1 structure, have a look to the implementation -$ -$ error C2059: syntax error : '}' -$ -$ timeSpecification EXTENSION ::= { -$SYNTAX TimeSpecification -$IDENTIFIED BY id-ce-timeSpecification -$ } -$ -$ TimeSpecification ::= SEQUENCE { -$time -$ CHOICE {absolute -$SEQUENCE {startTime [0] GeneralizedTime OPTIONAL, -$ endTime[1] GeneralizedTime OPTIONAL}, -$ periodic SET OF Period}, -$notThisTime BOOLEAN DEFAULT FALSE, -$timeZone TimeZone OPTIONAL -$ } -$ -$ Period ::= SEQUENCE { -$timesOfDay [0] SET SIZE (1..MAX) OF DayTimeBand OPTIONAL, -$days -$ [1] CHOICE {intDay SET OF INTEGER, -$ bitDay -$ BIT STRING {sunday(0), monday(1), tuesday(2), -$ wednesday(3), -$ thursday(4), friday(5), saturday(6)}, -$ dayOf XDayOf} OPTIONAL, -$weeks -$ [2] CHOICE {allWeeks NULL, -$ intWeek SET OF INTEGER, -$ bitWeek -$ BIT STRING {week1(0), week2(1), week3(2), week4(3), -$ week5(4)} -$} OPTIONAL, -$months -$ [3] CHOICE {allMonths NULL, -$ intMonth SET OF INTEGER, -$ bitMonth -$ BIT STRING {january(0), february(1), march(2), -$ april(3), -$ may(4), june(5), july(6), august(7), -$ september(8), october(9), november(10), -$ december(11)}} OPTIONAL, -$years [4] SET OF INTEGER(1000..MAX) OPTIONAL -$ } -$ -$ XDayOf ::= CHOICE { -$first [1] NamedDay, -$second [2] NamedDay, -$third [3] NamedDay, -$fourth [4] NamedDay, -$fifth [5] NamedDay -$ } -$ -$ NamedDay ::= CHOICE { -$intNamedDays -$ ENUMERATED {sunday(1), monday(2), tuesday(3), wednesday(4), -$ thursday(5), -$ friday(6), saturday(7)}, -$bitNamedDays -$ BIT STRING {sunday(0), monday(1), tuesday(2), wednesday(3), -$ thursday(4), -$ friday(5), saturday(6)} -$ } -$ -$ DayTimeBand ::= SEQUENCE { -$startDayTime [0] DayTime DEFAULT {hour 0}, -$endDayTime[1] DayTime DEFAULT {hour 23, minute 59, second 59} -$ } -$ -$ DayTime ::= SEQUENCE { -$hour[0] INTEGER(0..23), -$minute [1] INTEGER(0..59) DEFAULT 0, -$second [2] INTEGER(0..59) DEFAULT 0 -$ } -$ -$ TimeZone ::= INTEGER(-12..12) -$ -$ -$ -$ My implementation is in the following way, the places where I obtain the -$ error are marked with C2059 -$ -$ /* .h */ -$ -$ typedef struct NAMEDDAY_st -$ { -$ int type; -$ union{ -$ ASN1_ENUMERATED *intNamedDays; -$ ASN1_BIT_STRING *bitNamedDays; -$ }value; -$ }NAMEDDAY; -$ -$ typedef struct XDAYOF_st -$ { -$ int type; -$ union{ -$ NAMEDDAY *first; -$ NAMEDDAY *second; -$ NAMEDDAY *third; -$ NAMEDDAY *fourth; -$ NAMEDDAY *fifth; -$ }value; -$ }XDAYOF; -$ -$ typedef struct DAYTIME_st -$ { -$ ASN1_INTEGER *hour; -$ ASN1_INTEGER *minute; -$ ASN1_INTEGER *second; -$ }DAYTIME; -$ -$ typedef struct DAYTIMEBAND_st -$ { -$ DAYTIME *startDayTime; -$ DAYTIME *endDayTime; -$ }DAYTIMEBAND; -$ -$ typedef struct DAYS_st -$ { -$ int type; -$ union{ -$ STACK_OF(ASN1_INTEGER) *intDay; -$ ASN1_BIT_STRING *bitDay; -$ XDAYOF *dayOf; -$ }value; -$ }DAYS
ITU X509/ RFC 3281 Attribute Certificates API Beta
Hello, Some source code to generate attribute certificates using OpenSSL can be found at: http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml It has been tested with some versions of OpenSSL and works with all of them including the latest release 0.9.8d. I hope you will find it useful, Regards, -- Daniel Diaz Sanchez Telecommunication Engineer Researcher / Teaching Assistant Dep. Ing. Telemática Universidad Carlos III de Madrid Av. Universidad, 30 28911 Leganés (Madrid/Spain) Tel: (+34) 91-624-8817, Fax: -8749 Web: http://www.it.uc3m.es/dds web: http://www.it.uc3m.es/pervasive Mail: dds[at].it.uc3m.es Skype: dds.it.uc3m.es __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Plataforms
If you need OpenSSL for windows Mobile 2003 visit: http://rubinstein.gast.it.uc3m.es/research/dds/ we are working in Windows mobile 5.0 and also in Symbian. Regards -- Daniel Diaz Sanchez Telecommunication Engineer Researcher / Teaching Assistant Dep. Ing. Telemática Universidad Carlos III de Madrid Av. Universidad, 30 28911 Leganés (Madrid/Spain) Tel: (+34) 91-624-8817, Fax: -8749 Web: www.it.uc3m.es/dds web: http://www.it.uc3m.es/pervasive Mail: dds[at].it.uc3m.es Skype: dds.it.uc3m.es De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Eduardo Luiz Enviado el: lunes, 09 de octubre de 2006 6:45 Para: openssl-users@openssl.org Asunto: Plataforms Does anybody knows if exists any implementation of openSSL on the following plataforms: Symbian Brew Windows CE Java ME If it exists, can you send me it or say to me where i can get? Thanks! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: open ssl configuration with .net
Hello, Have a look to http://sourceforge.net/projects/openssl-net This link was submitted to the OpenSSL list by Frank Laub on 03/19/2006 Bye Dani -- Daniel Diaz Sanchez Telecommunication Engineer Researcher / Teaching Assistant Dep. Ing. Telemática Universidad Carlos III de Madrid Av. Universidad, 30 28911 Leganés (Madrid/Spain) Tel: (+34) 91-624-8817, Fax: -8749 Web: www.it.uc3m.es/dds web: http://www.it.uc3m.es/pervasive Mail: dds[at].it.uc3m.es Skype: dds.it.uc3m.es -$ -Mensaje original- -$ De: [EMAIL PROTECTED] [mailto:owner-openssl- -$ [EMAIL PROTECTED] En nombre de bhanu_rao -$ Enviado el: lunes, 09 de octubre de 2006 7:11 -$ Para: openssl-users@openssl.org -$ Asunto: Re: open ssl configuration with .net -$ -$ -$ Hi all, -$ Havent recieve any reply,why? -$ I earilar also send some querry but nobody answer that time also, -$ So please give me some answer or tell me place where I get those -$ answers. -$ -$ -$ -$ bhanu_rao wrote: -$ -$ Hi friends, -$ -$Can any body tell me ,how can we configure the openssl with .net -$ web -$ applications. -$ -$ Thanks in Advance!!! -$ -$ -$ -$ -$ -- -$ View this message in context: http://www.nabble.com/open-ssl- -$ configuration-with-.net-tf2395392.html#a6711779 -$ Sent from the OpenSSL - User mailing list archive at Nabble.com. -$ -$ __ -$ OpenSSL Project http://www.openssl.org -$ User Support Mailing Listopenssl-users@openssl.org -$ Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RV: Attribute Certificate with OpenSSL?
of the necessary structures: * int X509AC_set_GENERAL_NAME_name(GENERAL_NAMES *gens, X509_NAME *name) Introduce a X509_NAME into a GENERAL_NAMES structure. int X509AC_set_baseCertID_name(X509AC_ISSUER_SERIAL *bci, X509_NAME *name) Introduce a X509_NAME into a BaseCertId structure. int X509AC_set_baseCertID_serial(X509AC_ISSUER_SERIAL *bci, ASN1_INTEGER *serial) Introduce the serial number into a BaseCertId structure. int X509AC_set_baseCertID_issuerUniqueID(X509AC_ISSUER_SERIAL *bci, ASN1_BIT_STRING *uid) Introduce a unique id into a BaseCertId structure. Attribute functions *** X509_ATTRIBUTE * X509AC_get_attr( X509AC *a, int idx ) Get the X509_ATTRIBUTE that occupies the position idx in the stack. int X509AC_add_attribute_by_NID(X509AC *a, int nid, int atrtype, void *value) Create and add an attribute based in its NID. int X509AC_add_attribute(X509AC *a, X509_ATTRIBUTE *attr) int X509AC_add_X509_ATTRIBUTE(X509AC *a, X509_ATTRIBUTE *attr) Add an attribute to the stack in the attribute certificate. ASN1_TYPE *X509AC_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx) Get a pointer to the ASN1_TYPE structure of the first attribute value of the attribute placed in the position idx. void *X509AC_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, void *data) Get a pointer to the data of the first attribute value of the attribute placed in the position idx. int X509AC_get_attributecount(X509AC *a) Get the attribute count present in a attribute certificate. Extensions: *** int X509AC_add_extension(X509AC *a, X509_EXTENSION *ex, int loc) Add a X509_EXTENSION to the certificate X509_EXTENSION stack. Signature * int X509AC_sign_rsa(X509AC *a, RSA *rsa, EVP_MD *md) int X509AC_sign_pkey(X509AC *a, EVP_PKEY *pkey, EVP_MD *md) These functions sign the attribute certificate using a RSA key or a EVP_PKEY. Presentation void X509AC_print(X509AC *ac) Prints to stdout the information present in a attribute certificate. int GENERAL_NAMES_print(FILE *out, GENERAL_NAMES *gens) int GENERAL_NAME_print(FILE *out, GENERAL_NAME *gen) Other: ** int X509AC_X509_NAME_dup(X509_NAME **xn, X509_NAME *name) -- Daniel Diaz Sanchez Telecommunication Engineer Researcher / Teaching Assistant Dep. Ing. Telemática Universidad Carlos III de Madrid Av. Universidad, 30 28911 Leganés (Madrid/Spain) Tel: (+34) 91-624-8817, Fax: -8749 Web: www.it.uc3m.es/dds web: http://www.it.uc3m.es/pervasive Mail: dds[at].it.uc3m.es Skype: dds.it.uc3m.es -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Mouse Enviado el: jueves, 14 de septiembre de 2006 15:49 Para: openssl-users@openssl.org Asunto: RE: Attribute Certificate with OpenSSL? First - thank you! At least it was something. I went through the Web sit and the code distro itself. Web site shows how to use their command x509AT. Great. There's no AT-related README though, no documentation, no edits or patch-format changes. Thus hard to figure out the scope of changes involved. The Web page states that it is beta code. References to Lopez and Montenegro pages are dead. I.e. dead unmaintained project. So OpenSSL did not pick the Attribute Certificate extensions that Lopez and Montenegro added? Is there an alternative distro supporting AT? Is there (official?) work going on on (cleanly :-) adding support for Attribute Certs to OpenSSL? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Saurabh Arora Sent: Wednesday, September 13, 2006 17:58 To: openssl-users@openssl.org Subject: Re: Attribute Certificate with OpenSSL? On 9/14/06, Mouse [EMAIL PROTECTED] wrote: Did anybody use OpenSSL successfully for creating and processing Attribute Certificates? very much .. chek dis link.. http://openpmi.sourceforge.net/ Is there any helpful HOWTO or TFM? download openssl distro(patched to support AC) frm d same link. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Attribute Certificate with OpenSSL?
Hello, I developed a beta API code for OpenSSL that may help you. Find enclosed a pdf document with the description. Tell me if you are interested or anybody wants to help me to improve it. Take into account that is a very very beta code. Apart from that, Jose Antonio Montenegro and Javier Lopez from Malaga University have been working on authorization for a very long time with very good results. I think that OpenPMI is not an unmaintained project. Try to contact the authors through http://www.lcc.uma.es/LCC?-f=indexlang.lcc-l=english Regards, Daniel -- Daniel Diaz Sanchez Telecommunication Engineer Researcher / Teaching Assistant Dep. Ing. Telemática Universidad Carlos III de Madrid Av. Universidad, 30 28911 Leganés (Madrid/Spain) Tel: (+34) 91-624-8817, Fax: -8749 Web: www.it.uc3m.es/dds web: http://www.it.uc3m.es/pervasive Mail: dds[at].it.uc3m.es Skype: dds.it.uc3m.es -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Mouse Enviado el: jueves, 14 de septiembre de 2006 15:49 Para: openssl-users@openssl.org Asunto: RE: Attribute Certificate with OpenSSL? First - thank you! At least it was something. I went through the Web sit and the code distro itself. Web site shows how to use their command x509AT. Great. There's no AT-related README though, no documentation, no edits or patch-format changes. Thus hard to figure out the scope of changes involved. The Web page states that it is beta code. References to Lopez and Montenegro pages are dead. I.e. dead unmaintained project. So OpenSSL did not pick the Attribute Certificate extensions that Lopez and Montenegro added? Is there an alternative distro supporting AT? Is there (official?) work going on on (cleanly :-) adding support for Attribute Certs to OpenSSL? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Saurabh Arora Sent: Wednesday, September 13, 2006 17:58 To: openssl-users@openssl.org Subject: Re: Attribute Certificate with OpenSSL? On 9/14/06, Mouse [EMAIL PROTECTED] wrote: Did anybody use OpenSSL successfully for creating and processing Attribute Certificates? very much .. chek dis link.. http://openpmi.sourceforge.net/ Is there any helpful HOWTO or TFM? download openssl distro(patched to support AC) frm d same link. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] Attribute Certificates APIs.pdf Description: Adobe PDF document
RE: 3rd time request... PLEASE help! Phone cert creation
Hi, CryptoAPI is the security API of Microsoft. If you are using a Pocket PC or SmartPhone you can use a subset of functions of that API (that is completely supported on NT). You can have a look to openssl-dev and will find a message from me giving support to build OpenSSL for Pocket PC or Windows Mobile 2003 with full access to the openssl.exe application by using a console on the device (a little difficult to use with the Soft Input Panel but ok to have openssl everywhere). For your concrete problem may you can ask in a Motorola forum or to anybody who knows flex operating system (the one from Motorola). Daniel Díaz [EMAIL PROTECTED] De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de David Templar Enviado el: martes, 12 de julio de 2005 20:01 Para: openssl-users@openssl.org Asunto: Re: 3rd time request... PLEASE help! Phone cert creation Thanks, it does help a bit... could you tell me about the cryptoapi program? But I will say that it is not a smartphone. It uses standard motorola software and its jce package All I really need to do is convert my standard certs to the motman.crt file I had attached. I have tried everything else - including using the windows sdk to create certificates. Importing certificates on motorola can only be done by manually placing the certificate in the x509 directory - hence the need to be able to generate a certificate that complies with the format. The reason why I am posting here is because openssl (I have been using for many years) comes with cert creation abilities - it has helped me for many years with PC java! Also, I was hoping I would be able to ask many crypto experts on the forum! RGDS David Pablo J Royo wrote: I suppose this is not the right forum to ask for Smartphone issues.Anyway, here:http://www.jacco2.dds.nl/networking/crtimprt.htmlmay be you could find a way to do what you need , a little idea or maybesomething more.He explains how to import a *personal* certificate and a CA certificate on aPocketPC, running Windows Mobile 2003.I have tryed the same on a Windows 2002 Smartphone and it doesn't work, butI think it could work on windows Mobile 2003, becuse it worked in myPocketPC PDA.You could also try to use a little CryptoAPI program for that. Again ,Isuspect this is not the right forum ;-).Hope this helps- Original Message -From: David Templar [EMAIL PROTECTED]To: openssl-users@openssl.orgSent: Tuesday, July 12, 2005 5:49 PMSubject: 3rd time request... PLEASE help! Phone cert creation Hi all,I am really stuck and have tried all I can - I really need your help togenerate a software publishing certificate and its root cert to installon motorola phones.I am enclosing a copy of an already existing cert on the phone. Itappears to be a V4 x509 cert - I could be wrong though. The phone doesnot seem to accept any certificates I have currently generated. Someonesaid to delete the first 2 octets, using that I can read the file now,but how do I generate a certificate like it?? The certificate is calledmotman.crt, but I have attached it as motman.txt as the openssly postingdoes not allow .crt extensions.The certificate I have enclosed is new to me, and myself as well asothers are having a problem working out what it is...Please tell me how to create my own certificates like it either usingopenssl or any other tool.Your help is really needed and appreciated - even if you cannot help,please tell me where I can get some help...Thanks in advance,David 0, ©0,[1]' [1][1][1]0 *?H?÷0y1 0 U [1]US10 U Illinois10 U Libertyville10 U Motorola Inc1 0 U PCS10 U Motorola Java CA400‑03082107Z18082107Z01 0 U [1]US10 U Illinois10 U Libertyville10 U Motorola Inc1 0 U PCS1!0 U Manufacturer Domain 40-10,0 *?H?÷ ,0,[1],©ºAJ^ÇòÑ-,øæ=2 ѽv¨#pË ¿T9×~.(Ø[EMAIL PROTECTED](ãL¥_,ì?á7?=CÏ:¶Ø¦åvñ¨s?wì!¯`[1]2ÂT©õ˹yøíSÞä%ôB [EMAIL PROTECTED]r';µ46wëȪq?³Sr[êe¡Þ± /¬qyâÿEýBo‑«ò?gçùsͺ§.of]iïÏÐ8O¤a,ÁâZ×ZMá¡[1]YùÅTs\G 1~71#¸æß?.éÃÕìÕ'+ ÉÇ .Ù-s :Ðfg¿h´ÙÛAP-²¸§¼fýzQmQbåÆpA¯?#o»Sþã»Ïø¶fôêïfí®iqKlò«½¨*O 5,vÝhq?BZß¿O,ºmÓU~?fupþÏ0G¹-ÀfåJ4à,æ/[1]Îòú ¤è»f~1½TϧþÇQÜ,°m?õ÷Z?°)ú ¡®9¢³Hµ®_ÎL9¯kãna¹W½ÚêGÛ Ù²»è0¥K0ûñyl:¿Ã-_¿b0__OpenSSL Project http://www.openssl.orgUser Support Mailing List openssl-users@openssl.orgAutomated List Manager [EMAIL PROTECTED]