unique_subject in openssl 1.0.0
Hello, I am having a problem while trying to create more than one certificate with the same DN but differente keys and usage. I read in many places that I should just use unique_subject = no in config file for this to work. However, I am still getting no good results and the error TXT_DB error number 2 remains. Is there a problem with this in openssl 1.0.0? or am I doing it wrong? Thanks, -- Davi Tozoni Engenharia KRYPTUS Engenharia Criptográfica (19) 88140530 www.kryptus.com
Re: Creating a x509 request with Whirlpool
Hi, Thank you for the information. I modified some source codes in OpenSSL and achieve what I was looking for. 2010/6/7 Dr. Stephen Henson st...@openssl.org On Mon, Jun 07, 2010, Davi Tozoni wrote: Hello, I was experimenting OpenSSL 1.0.0 and I needed to create a request that must be signed with Whirlpool hash algorithm. However, when I used the command: openssl req -whirlpool -newkey rsa:1024 -keyout key.pem -out req.pem It didn't work. The error message was: 3078702728:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type:p_sign.c:125: 3078702728:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP lib:a_sign.c:279: I wish to know if the fact that whirlpool can't work for x509 requests is a decision of openssl developers or there is another reason. Perhaps I am not using it correctly. PS: I am trying to hack openssl source code to find where I could include changes that would allow to use whirlpool. Do you have any hint? In order to use a digest for signature purposes it has to have an appropriate object identifier (OID) defined. For example sha1WithRSAEncryption for SHA1 and RSA. You can't just make one up it has to be standardised, there is no OID in OpenSSL corresponding to whirlpool with RSA and you get that error as a result. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Davi Tozoni Engenharia KRYPTUS Engenharia Criptográfica (19) 88140530 www.kryptus.com
Re: Creating a x509 request with Whirlpool
Sorry, I should give more details. First of all, I don't know if all I've done is correctly. Basically, I made up my own OID, so I can use it in my application. If you want to do this too, here is the easy steps: 1. In crypto/objects/objects.txt, I added: ecdsa-with-Specified 5: ecdsa-with-whirlpool pkcs1 15: RSA-whirlpool : whirlpoolWithRSAEncryption 2. In crypto/objects/obj_xref.txt, I added: whirlpoolWithRSAEncryption whirlpool rsaEncryption ecdsa_with_whirlpool whirlpool X9_62_id_ecPublicKey 3. In crypto/ec/ec_pmeth.c, in function static int pkey_ec_ctrl(), I added NID_whirlpool in the if clause after case EVP_PKEY_CTRL_MD: I have modified other source codes, but I don't think they have worked. Any problem or suggestion, tell me! 2010/6/28 Jakob Bohm jb-open...@wisemo.com So did you make up your own OID, or your own ASN structure or did you find the right OID somewhere so the rest of us can use it? On 28-06-2010 13:33, Davi Tozoni wrote: Hi, Thank you for the information. I modified some source codes in OpenSSL and achieve what I was looking for. 2010/6/7 Dr. Stephen Henson st...@openssl.org mailto:st...@openssl.org On Mon, Jun 07, 2010, Davi Tozoni wrote: Hello, I was experimenting OpenSSL 1.0.0 and I needed to create a request that must be signed with Whirlpool hash algorithm. However, when I used the command: openssl req -whirlpool -newkey rsa:1024 -keyout key.pem -out req.pem It didn't work. The error message was: 3078702728:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type:p_sign.c:125: 3078702728:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP lib:a_sign.c:279: I wish to know if the fact that whirlpool can't work for x509 requests is a decision of openssl developers or there is another reason. Perhaps I am not using it correctly. PS: I am trying to hack openssl source code to find where I could include changes that would allow to use whirlpool. Do you have any hint? In order to use a digest for signature purposes it has to have an appropriate object identifier (OID) defined. For example sha1WithRSAEncryption for SHA1 and RSA. You can't just make one up it has to be standardised, there is no OID in OpenSSL corresponding to whirlpool with RSA and you get that error as a result. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org mailto:openssl-users@openssl.org Automated List Manager majord...@openssl.org mailto:majord...@openssl.org -- Davi Tozoni Engenharia KRYPTUS Engenharia Criptográfica (19) 88140530 www.kryptus.com http://www.kryptus.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Davi Tozoni Engenharia KRYPTUS Engenharia Criptográfica (19) 88140530 www.kryptus.com
Creating a x509 request with Whirlpool
Hello, I was experimenting OpenSSL 1.0.0 and I needed to create a request that must be signed with Whirlpool hash algorithm. However, when I used the command: openssl req -whirlpool -newkey rsa:1024 -keyout key.pem -out req.pem It didn't work. The error message was: 3078702728:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type:p_sign.c:125: 3078702728:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP lib:a_sign.c:279: I wish to know if the fact that whirlpool can't work for x509 requests is a decision of openssl developers or there is another reason. Perhaps I am not using it correctly. PS: I am trying to hack openssl source code to find where I could include changes that would allow to use whirlpool. Do you have any hint? Thanks! -- Davi Tozoni Engenharia KRYPTUS Engenharia Criptográfica (19) 88140530 www.kryptus.com