Re: receiving fatal error from server
Server supports 1.3 If I do 127.0.1.1 in Firefox, I'm getting response. It's TLS 1.3 Regards. Lokesh. On Mon, Jul 15, 2024, 18:23 Alexandr Nedvedicky wrote: > Hello, > > I just took a look at the packet dump. The client hello > in packet dump is TLS 1.3 > > the alert sent by server is Alert Message TLS 1.2 > > could it be that server does not support TLS 1.3? > > better chance to better understand what's going on is to get > hands on the server and get some logs. > > may be someone else on mailing list will be able to take a look > and fill some details which I could miss. > > thanks and > regards > sasha > > > On Sat, Jul 13, 2024 at 12:58:07PM +0530, Lokesh Chakka wrote: > >Hi, > >Please find the attached capture file. > >I'm trying to craft a minimal custom client hello packet. I'm seeing > >that the contents of the entire packet are proper. But it seems some > >more data is missing. Can someone help me understand why the apache2 > > server(Ubuntu platform) is sending fatal error. > >Thanks & Regards > >-- > >Lokesh Chakka. > > >
receiving fatal error from server
Hi, Please find the attached capture file. I'm trying to craft a minimal custom client hello packet. I'm seeing that the contents of the entire packet are proper. But it seems some more data is missing. Can someone help me understand why the apache2 server(Ubuntu platform) is sending fatal error. Thanks & Regards -- Lokesh Chakka. client_hello.pcapng Description: Binary data
Re: secp256r1 65 byte key size in packet capture
Is there a way to have all those man pages installed in my system. I'm using Ubuntu 24. On Wed, Jun 19, 2024, 17:49 Matt Caswell wrote: > > > On 19/06/2024 12:14, Lokesh Chakka wrote: > > Now I need to explore C APIs for getting those keys as hex array. > > Could you please suggest any good references for beginners. > > You would need to first load the key from the file to create an EVP_PKEY > object. For example you could use the PEM_read_PUBKEY() function for > this. See: > > https://www.openssl.org/docs/man3.3/man3/PEM_read_PUBKEY.html > > Once you have the key as an EVP_PKEY object, you can get the raw > encoding as a char array in a format suitable for TLS using the > EVP_PKEY_get1_encoded_public_key() function. See: > > > https://www.openssl.org/docs/man3.3/man3/EVP_PKEY_get1_encoded_public_key.html > > Matt > > > > > > > Regards > > -- > > Lokesh Chakka. > > > > > > On Wed, Jun 19, 2024 at 4:21 PM Matt Caswell > <mailto:m...@openssl.org>> wrote: > > > > > > > > On 19/06/2024 09:15, Lokesh Chakka wrote: > > > hello, > > > > > > I'm trying to generate public/private keys with following > commands: > > > > > > openssl ecparam -name secp256r1 -genkey -out pvtkey.pem > > > openssl ec -in pvtkey.pem -pubout > > > > > > I'm seeing the sizeof private key as 164 bytes and public key as > > 124 bytes. > > > > > > In a wireshark capture( attached ), I'm seeing key length as 65 > > bytes. > > > > What you are doing is confusing. You have generated public/private > key > > pair for secp256r1 - but the wireshark capture you show seems to be > the > > key share from a TLSv1.3 handshake. TLSv1.3 key shares are ephemeral > so > > - you'll get a different key share every time. You don't need to > create > > a public/private key for this. OpenSSL does it for you. > > > > Anyway. Taking the key that you generated: > > > > -BEGIN PUBLIC KEY- > > MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVSmp4UnlQbzbe6eopByeEUzkmYHP > > GgaKvSt/xdAgvDp7FXKTpST8UM9LpF8f4JETOXgDDGvNlIDqVFo+T0hdtQ== > > -END PUBLIC KEY- > > > > This is just a PEM encoding of the real key (base 64 encoding of DER > > structured data in PEM headers). Not sure where you get 124 bytes > from, > > but you can look take a look at the actual key data like this: > > > > $ openssl pkey -in /tmp/key.pem -pubin -noout -text > > Public-Key: (256 bit) > > pub: > > 04:55:29:a9:e1:49:e5:41:bc:db:7b:a7:a8:a4:1c: > > 9e:11:4c:e4:99:81:cf:1a:06:8a:bd:2b:7f:c5:d0: > > 20:bc:3a:7b:15:72:93:a5:24:fc:50:cf:4b:a4:5f: > > 1f:e0:91:13:39:78:03:0c:6b:cd:94:80:ea:54:5a: > > 3e:4f:48:5d:b5 > > ASN1 OID: prime256v1 > > NIST CURVE: P-256 > > > > This shows you the 65 bytes of raw public key data contained within > the > > key file. > > > > This key is in "uncompressed" format (the 04 byte at the start > > indicates > > this). Since it is uncompressed we then get an x and a y value to > > indicate the point on the curve. Each of these are 32 bytes long (256 > > bits) - so this gives you 65 bytes in total. > > > > Matt > > > > > > > > > > > > Can someone help me understand why the difference? > > > > > > Thanks & Regards > > > -- > > > Lokesh Chakka. > > >
Re: secp256r1 65 byte key size in packet capture
Hi Matt, I'm trying to craft a client hello packet using a C program. I'm learning about these keys, openssl, TLS etc. So openssl ecparam -name secp256r1 -genkey -out pvtkey.pem openssl ec -in pvtkey.pem -pubout -out pubkey.pem openssl pkey -in pubkey.pem -pubin -noout -text will give me the 65 bytes. Understood. Thanks alot. Now I need to explore C APIs for getting those keys as hex array. Could you please suggest any good references for beginners. Regards -- Lokesh Chakka. On Wed, Jun 19, 2024 at 4:21 PM Matt Caswell wrote: > > > On 19/06/2024 09:15, Lokesh Chakka wrote: > > hello, > > > > I'm trying to generate public/private keys with following commands: > > > > openssl ecparam -name secp256r1 -genkey -out pvtkey.pem > > openssl ec -in pvtkey.pem -pubout > > > > I'm seeing the sizeof private key as 164 bytes and public key as 124 > bytes. > > > > In a wireshark capture( attached ), I'm seeing key length as 65 bytes. > > What you are doing is confusing. You have generated public/private key > pair for secp256r1 - but the wireshark capture you show seems to be the > key share from a TLSv1.3 handshake. TLSv1.3 key shares are ephemeral so > - you'll get a different key share every time. You don't need to create > a public/private key for this. OpenSSL does it for you. > > Anyway. Taking the key that you generated: > > -BEGIN PUBLIC KEY- > MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVSmp4UnlQbzbe6eopByeEUzkmYHP > GgaKvSt/xdAgvDp7FXKTpST8UM9LpF8f4JETOXgDDGvNlIDqVFo+T0hdtQ== > -END PUBLIC KEY- > > This is just a PEM encoding of the real key (base 64 encoding of DER > structured data in PEM headers). Not sure where you get 124 bytes from, > but you can look take a look at the actual key data like this: > > $ openssl pkey -in /tmp/key.pem -pubin -noout -text > Public-Key: (256 bit) > pub: > 04:55:29:a9:e1:49:e5:41:bc:db:7b:a7:a8:a4:1c: > 9e:11:4c:e4:99:81:cf:1a:06:8a:bd:2b:7f:c5:d0: > 20:bc:3a:7b:15:72:93:a5:24:fc:50:cf:4b:a4:5f: > 1f:e0:91:13:39:78:03:0c:6b:cd:94:80:ea:54:5a: > 3e:4f:48:5d:b5 > ASN1 OID: prime256v1 > NIST CURVE: P-256 > > This shows you the 65 bytes of raw public key data contained within the > key file. > > This key is in "uncompressed" format (the 04 byte at the start indicates > this). Since it is uncompressed we then get an x and a y value to > indicate the point on the curve. Each of these are 32 bytes long (256 > bits) - so this gives you 65 bytes in total. > > Matt > > > > > > > Can someone help me understand why the difference? > > > > Thanks & Regards > > -- > > Lokesh Chakka. >
Re: secp256r1 65 byte key size in packet capture
Understood. Thanks alot. But I'm still Not able to understand why it is 65 bytes in the key value. Thanks & Regards -- Lokesh Chakka. On Wed, Jun 19, 2024 at 3:03 PM Tomas Mraz wrote: > You need to do base64 decoding to find out the real size of the ASN.1 > encoded data. > > Tomas Mraz, OpenSSL > > On Wed, 2024-06-19 at 14:58 +0530, Lokesh Chakka wrote: > > hi, > > > > please check the following : > > > > = > > = > > $ openssl ecparam -name secp256r1 -genkey -out pvtkey.pem > > using curve name prime256v1 instead of secp256r1 > > $ cat pvtkey.pem > > -BEGIN EC PARAMETERS- > > BggqhkjOPQMBBw== > > -END EC PARAMETERS- > > -BEGIN EC PRIVATE KEY- > > MHcCAQEEIAXXAWUj/cUQT8pDLKp5r269mw58aTzr/hYAEXQZVQqUoAoGCCqGSM49 > > AwEHoUQDQgAEVSmp4UnlQbzbe6eopByeEUzkmYHPGgaKvSt/xdAgvDp7FXKTpST8 > > UM9LpF8f4JETOXgDDGvNlIDqVFo+T0hdtQ== > > -END EC PRIVATE KEY- > > $ openssl ec -in pvtkey.pem -pubout > > read EC key > > writing EC key > > -BEGIN PUBLIC KEY- > > MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVSmp4UnlQbzbe6eopByeEUzkmYHP > > GgaKvSt/xdAgvDp7FXKTpST8UM9LpF8f4JETOXgDDGvNlIDqVFo+T0hdtQ== > > -END PUBLIC KEY- > > ========= > > = > > > > sizeof private key is 164 bytes and the public key is 124 bytes. > > > > > > Thanks & Regards > > -- > > Lokesh Chakka. > > > > > > On Wed, Jun 19, 2024 at 2:28 PM Tomas Mraz wrote: > > > Hi Lokesh, > > > > > > I am not sure how do you count the sizes of 164 bytes and 124 bytes > > > for > > > the pem files. > > > > > > If I use -outform DER (and use -noout with the ecparam to avoid > > > outputting the params because the private key already contains info > > > about the params used) I see the following sizes for the DER > > > encoded > > > data: > > > > > > private key: 121 bytes > > > public key: 91 bytes > > > > > > Given both files contain information about the group used and other > > > ASN.1 encoding related stuff, and that the private key file > > > contains 32 > > > bytes of the private key but also the encoded uncompressed public > > > key > > > of 65 bytes, this is fully expected. > > > > > > Tomas Mraz, OpenSSL > > > > > > On Wed, 2024-06-19 at 13:45 +0530, Lokesh Chakka wrote: > > > > hello, > > > > > > > > I'm trying to generate public/private keys with following > > > > commands: > > > > > > > > openssl ecparam -name secp256r1 -genkey -out pvtkey.pem > > > > openssl ec -in pvtkey.pem -pubout > > > > > > > > I'm seeing the sizeof private key as 164 bytes and public key as > > > > 124 > > > > bytes. > > > > > > > > In a wireshark capture( attached ), I'm seeing key length as 65 > > > > bytes. > > > > > > > > Can someone help me understand why the difference? > > > > > > > > Thanks & Regards > > > > -- > > > > Lokesh Chakka. > > > > > -- > Tomáš Mráz, OpenSSL > >
Re: secp256r1 65 byte key size in packet capture
hi, please check the following : == $ openssl ecparam -name secp256r1 -genkey -out pvtkey.pem using curve name prime256v1 instead of secp256r1 $ cat pvtkey.pem -BEGIN EC PARAMETERS- BggqhkjOPQMBBw== -END EC PARAMETERS- -BEGIN EC PRIVATE KEY- MHcCAQEEIAXXAWUj/cUQT8pDLKp5r269mw58aTzr/hYAEXQZVQqUoAoGCCqGSM49 AwEHoUQDQgAEVSmp4UnlQbzbe6eopByeEUzkmYHPGgaKvSt/xdAgvDp7FXKTpST8 UM9LpF8f4JETOXgDDGvNlIDqVFo+T0hdtQ== -END EC PRIVATE KEY- $ openssl ec -in pvtkey.pem -pubout read EC key writing EC key -BEGIN PUBLIC KEY- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVSmp4UnlQbzbe6eopByeEUzkmYHP GgaKvSt/xdAgvDp7FXKTpST8UM9LpF8f4JETOXgDDGvNlIDqVFo+T0hdtQ== -END PUBLIC KEY- == sizeof private key is 164 bytes and the public key is 124 bytes. Thanks & Regards -- Lokesh Chakka. On Wed, Jun 19, 2024 at 2:28 PM Tomas Mraz wrote: > Hi Lokesh, > > I am not sure how do you count the sizes of 164 bytes and 124 bytes for > the pem files. > > If I use -outform DER (and use -noout with the ecparam to avoid > outputting the params because the private key already contains info > about the params used) I see the following sizes for the DER encoded > data: > > private key: 121 bytes > public key: 91 bytes > > Given both files contain information about the group used and other > ASN.1 encoding related stuff, and that the private key file contains 32 > bytes of the private key but also the encoded uncompressed public key > of 65 bytes, this is fully expected. > > Tomas Mraz, OpenSSL > > On Wed, 2024-06-19 at 13:45 +0530, Lokesh Chakka wrote: > > hello, > > > > I'm trying to generate public/private keys with following commands: > > > > openssl ecparam -name secp256r1 -genkey -out pvtkey.pem > > openssl ec -in pvtkey.pem -pubout > > > > I'm seeing the sizeof private key as 164 bytes and public key as 124 > > bytes. > > > > In a wireshark capture( attached ), I'm seeing key length as 65 > > bytes. > > > > Can someone help me understand why the difference? > > > > Thanks & Regards > > -- > > Lokesh Chakka. > > -- > Tomáš Mráz, OpenSSL > >
secp256r1 65 byte key size in packet capture
hello, I'm trying to generate public/private keys with following commands: openssl ecparam -name secp256r1 -genkey -out pvtkey.pem openssl ec -in pvtkey.pem -pubout I'm seeing the sizeof private key as 164 bytes and public key as 124 bytes. In a wireshark capture( attached ), I'm seeing key length as 65 bytes. Can someone help me understand why the difference? Thanks & Regards -- Lokesh Chakka.
