Re: The crypto library and it's usage

[Vadim Fedukovich]

Dear Chris,

authentication methods and protocols were researched for years.

The method described is an easy one and probably could be implemented fast.
However, one better start from requirements before any coding.
For example: server is not authenticated here so man-in-the-middle
is allowed by design

regards,
Vadim

On Mon, Feb 16, 2004 at 06:48:26PM +1100, Chris Nolan wrote:
> Hi all,
> 
> I'm working on building a client-server setup for an application
> involving Smartcards. I have a library for Smartcard access on the
> Windows side and was hoping to do the following for authentication:
> 
> 1. Using a certificate that contains the client's public encryption key,
> send a PKCS7 message to the client.
> 2. Get the client to send me a hash of the decrypted content.
> 
> The problem is, wrapping my head around what to call and in what order
> on the server side. The man pages are good, but don't really give me
> much insight as to the structure of the API.
> 
> Can anyone point me in the direction of some examples on how to do this?
> The reason I want to use PKCS7 is because the library on the client side
> is already setup to do this with a single C function call.
> 
> Regards,
> 
> Chris
> 
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: The crypto library and it's usage

[Vadim Fedukovich]

On Mon, Feb 16, 2004 at 10:40:36PM +1100, Chris Nolan wrote:
> Hello Vadim!
> 
> On Mon, 2004-02-16 at 21:28, Vadim Fedukovich wrote:
> > Dear Chris,
> > 
> > authentication methods and protocols were researched for years.
> > 
> > The method described is an easy one and probably could be implemented fast.
> > However, one better start from requirements before any coding.
> > For example: server is not authenticated here so man-in-the-middle
> > is allowed by design
> 
> Firstly, thanks for your reply! :-)
> 
> The public key will be verified against a root CA. The public keys used
> are all issued by a health organisation that is part of the federal
> government of Australia.

this would unlikely stop the Trudy from pretending to be the server for
a legitimate user and the user for the real server.
He could pass a PKCS7 Enveloped from server to user and pass the hash back,
isnt it?

Maybe the hardware used and watched could stop this in case of
properly controlled environment but it would definitely go over public network.

Please consider to use SSL (client certificates) as well as
well-known solutions from "authentication" chapter
of some good crypto textbook

Anyway, please consider requirements (threads) first, implementation next.

> I'm a final-year software engineering student, so I can totally
> understand and agree with your statement regarding man-in-the-middle
> attacks and starting with requirements(the person-in-the-middle is named
> Trudy according to Andy S Tanenbaum). 
> 
> My reason behind selecting this authentication method is that the user
> will already have needed to enter two passwords - one to access their
> cryptography store (I have no choice here - the API used to access the
> authentication tokens is provided by the government body in question)
> and another to access the private keys on their token (for signing and
> decryption). Avoiding a third password actually makes sense in this
> case, as many of the target audience would have a tendancy to have very
> similar (if not identical) passwords across all domains.

this would unlikely help to avoid Trudy as outlined

> I'm doing some tinkering at this point. I can't use the provided API on
> my chosen server platform (Linux) or any other platform as it relies on
> the excellent SQLite which uses database-level locking. As the server
> software is required to service 100s of concurrent sessions, the very
> coarse-grained locking (and thus low concurrency is inappropriate).

yes, it is important that your solution would do the job and provide
a reasonable level of performance. It might be no less important
to foil the threads according to security requirements

You are not required to publish all the details but you'd better
to have them documented first

regards,
Vadim

> After I am done with this project, I intend to contribute to the OpenSSL
> documentation, so any help that anyone gives me will not be wasted on my
> small brain. :-)
> 
> Regards,
> 
> Chris
> > 
> > regards,
> > Vadim
> > 
> > On Mon, Feb 16, 2004 at 06:48:26PM +1100, Chris Nolan wrote:
> > > Hi all,
> > > 
> > > I'm working on building a client-server setup for an application
> > > involving Smartcards. I have a library for Smartcard access on the
> > > Windows side and was hoping to do the following for authentication:
> > > 
> > > 1. Using a certificate that contains the client's public encryption key,
> > > send a PKCS7 message to the client.
> > > 2. Get the client to send me a hash of the decrypted content.
> > > 
> > > The problem is, wrapping my head around what to call and in what order
> > > on the server side. The man pages are good, but don't really give me
> > > much insight as to the structure of the API.
> > > 
> > > Can anyone point me in the direction of some examples on how to do this?
> > > The reason I want to use PKCS7 is because the library on the client side
> > > is already setup to do this with a single C function call.
> > > 
> > > Regards,
> > > 
> > > Chris
> > > 
> > > __
> > > OpenSSL Project http://www.openssl.org
> > > User Support Mailing List[EMAIL PROTECTED]
> > > Automated List Manager   [EMAIL PROTECTED]
> > __
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List 

Re: Regarding all the spam...

[Vadim Fedukovich]

On Tue, Mar 02, 2004 at 11:47:43AM -0600, Scott Lamb wrote:
> 
> On Feb 24, 2004, at 9:55 AM, Rich Salz wrote:
> 
> >> I think I misunderstood that question.  I honestly don't know what we
> >> would lose.  Maybe a sense of openness.
> >
> > In the past -- at least, say, 2-3 years ago -- we had a couple of
> > anonymous posters who made very worthwhile contributions.  Haven't
> > seen that recently.  Also, it used to be in the spirit of crypto
> > open source (cypherpunkcs, etc) to allow anon posting because
> > of the whoele ethos thing.
> 
> I think there's a huge distinction to be made between disallowing 
> anonymous posting and disallowing non-moderated posting by non-members. 
> You can easily register a hotmail account or whatever and join the 
> mailing list anonymously. In fact, anonymity has _nothing_ to do with 
> whether you are a member of the mailing list or not.

a hotmail account might be considered a handy tool but it hardly could be
regarded as anonymous.

Please take a look at mixmaster.sf.net (the tool)
and network of remailers running around. There was mixmaster protocol
ietf draft published recently

It is not quite clear whether there's a chance to both accept mail from
remailers and kill the junk

regards,
Vadim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: verifying a decryption

[Vadim Fedukovich]

openssl at schwebbman.com wrote:
I am working on writing a program that performs encryption uses 
triple-DES. I am reading(decrypting) and writing(encrypting) a linked 
list to a file. The program will read and write the individual 
structures that make up the linked list using OpenSSL. The problem that 
I am running into, is that I cannot figure out a way to check to ensure 
that the data that is being decrypted, is actually being decrypted 
properly. In other words, if I write out my linked list, encrypting each 
structure as I write it I end up with a file that is encrypted. If I 
edit the file using a binary file editor(emacs), and I try and run the 
decryption program, the output to the screen is human readable, until it 
hits the point where I made changes in the encrypted file. Is there a 
way to stop the decryption once the data is deemed to be "bad".

thank you.
David Schwartz wrote:
 > Reply:
 >
 > There are any number of ways to do this. A very simple way is to add a
 > checksum field to the decrypted data and encrypt it along with the data.
 > When you decrypt the data, decrypt the checksum field along with it
and then
 > compute the checksum of the data (less the checksum field itself) and
verify
 > it against the decrypted checksum field. If they don't match, reject the
 > data.
 >
 >   DS
Please let me say first it was an interesting question
and a great reply.
There was even better case: rc4 encryption (XOR-based one)
of authorisation data. It was easy to flip the the right bit
resulting in "paid" status with everything else decrypted just fine.
Yes, the problem as desribed could be handled by
message-authenticating codes. It might be better to verify integrity
of ciphertext instead of cleartext.
For details, please consider to take a look at
http://attic.cashcow.dk/mail-archive.cashcow.dk/msg00857.html
and the paper mentioned there.
Some research papers are known on encrypt-and-authenticate
as a primitive operation, in case someone dont mind to write new code
regards,
Vadim
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: randomness handling in OpenSSL

[Vadim Fedukovich]

> 
> Some well known applications use SSLeay with an uninitialized random
> number generator. SSLeay interally adds data such as the time and pid
> to the PRNG. Unless the machine in question happens to have /dev/random,
> that results in a ridiculously insecure system -- as everybody should
> know since Netscape's disaster four years ago. 

> The randfile.c functions could also have a better interface. There
> should be a function RAND_init() which would take a filename or NULL
> (so as to use the default file .rand), place a lock on that file, read
> the data, add them to the PRNG and imediately write the current state
> back and then release the lock.

There's a nice random() library at Counterpane one can use instead of
SSLeay's one.

> An application would have to call that function on startup and on
> exit. If the .rand (or other) file does not exist, RAND_init() would
> have to read data from system ressources to initialize the PRNG.

There's a method (function call) to gather random state in the system 
continuously.

> Comments?

Personally I'm waiting for a local team to make statements on
"reasonable business risk" using SSLeay/OpenSSL.

Vadim Fedukovich
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [ssl-users] How to use X509 example?

[Vadim Fedukovich]

Yuriy,

as I mentioned already in private email, "ssleay ca" program
is designed for creating (signing, issuing) certificates.

yours,
Vadim

> Hello there!
>I want to use example program X509 (\apps\x509) for creating
> certificate. How to do it? What files I must to have before (and if yes,
> how to prepare them)? What command line I must to use?
> 
> Thanks.
> 
> --
> Regards,
>Yuriy Stul
> Tashilon Ltd.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Fetching password-protected web-pages using https

[Vadim Fedukovich]

> 
> On Mon, Jan 25, 1999 at 01:11:19PM +, Vadim Fedukovich wrote:
> 
> > > I want to fetch pages that are username+password protected,
> > > i.e. "https://username:password@server/page".  I can't find how to
...
> Thanks.  With this info I can use a sample client to connect to a
> site, and then serve the data it gives me to Netscape using a sample
> server to se what should be replied.

Niklas, there's no authentication in s_server other than SSL with 
client certificates. You need Apache.

Vadim Fedukovich
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: ASN.1 encoding questions

[Vadim Fedukovich]

Steve,

there can be V2 CRLs in BCI (BrandCRLIndentifier) Distribution
message, encoded as PKCS7 Signed Data container. One can look at
http://www.mastercard.com/ca

Unfortunately I didnt parse that message with SETREF and 
didn't complain yet; my fault. It is a sequence with CRLs that
failed to decode :(

Vadim Fedukovich

...
> Do you (or anyone else for that matter) happen to have an example of a
> CRL with extensions you could send me? It would really help if I have
> something to test this on. I currently don't have any sample V2 CRLs.
> 
> Steve.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Diffie-Hellman Documentation

[Vadim Fedukovich]

Hello Wayne,

why don't you just look at source?

With DH one usualy want to generate a shared secret given his private 
key and someone else's public key; this can be done with 
DH_compute_key(). The first param is a char[] buffer to place
the secret generated to, public key next, private key to pickup
from the last parameter. See dh_key.c and dhtest.c for details.

Vadim Fedukovich

> I want to use the Diffie-Hellman part in OpenSSL, but I can't find a
> relevant documentation in the "openssl-0.9.1c\doc" directory.  Anyone
> who knows could please lend me a hand?  Thank you in advance.
> 
> Regards,
> Wayne
> [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Length In Bits Of Shared Secret Key Generated Using Diffie-Hellman

[Vadim Fedukovich]

> 
> Hi,
> 
> I have a doubt here regarding the length in bits for shared secret key
> generated using Diffie-Hellman, hope someone could kindly clear my doubt
> :)
> 
> In "DH *DH_generate_parameters(int prime_len, int generator, void
> *callback, char *cb_arg)", the first argument is the length in bits for
> the prime number to be generated in order for subsequent calculation of
> the shared secret key.  I have a doubt here.  Let say I want to generate
> a 128 bits (16 bytes) shared secret key, so I pass the value 128 to the

You can't specify the length you want the shared secret to be generated.
In fact, you can't specify nothing for shared secret except to negotiate
with your party which DH keypair to choose if you and/or your party
have not the only one. However you are free to use low-order 128 bits
of the secret generated in your application.

The shared secret is calculated as your party's public DH key power 
your secret DH key. Your party will calculate the same with your
public key and his private key.

Vadim Fedukovich
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Cisco IPSEC certs & keys

[Vadim Fedukovich]

On Fri, Feb 11, 2000 at 04:43:48PM -0800, [EMAIL PROTECTED] wrote:
> 
> I'm configuring a few cisco routers to do IKE for our VPN's. Works great
> with pre-shared keys, but for scalability purposes I'd like to use
> certificates, which requires the use of a CA. But the ciscos store keys
> and certificates in a format I'm not familiar with and was wondering if
> anyone had any idea.

> Date: Mon, 31 Jan 2000 21:23:59 -0800
> From: John Muller <[EMAIL PROTECTED]>
> 
> Cisco Systems announces open Simple Certificate Enrollment Protocol
> to support the secure issuance of digital certificates to network
> devices and users
> http://www.cisco.com/warp/public/cc/cisco/mkt/security/tech/scep_wp.htm

In short, ciscos are required to store private keys and are supposed
to fetch certs and crls from ca with LDAP or SCEP query.

> Here's an example certificate grabbed from
> 
>http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/scprt4/scinter.htm
> certificate ca 3051DF7169BEE31B821DFE4B3A338E5F

I believe this is MD5 of the (whole) ca cert

>   30820182 3082012C A0030201 02021030 51DF7169 BEE31B82 1DFE4B3A 338E5F30 

Is asn1parse capable to BER-decode? It may be "PKI message" from 3.2 clause

>   ...
>   B1D2F817 3F7B
>   quit

What is this "quit"?

Hope that help a bit,
Vadim
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL and SET

[Vadim Fedukovich]

On Fri, Jan 28, 2000 at 03:18:25PM +0100, Radovan Semancik wrote:
> hello!
> 
> I'm interested in SET (Secure Electronic Transactions) protocol support
> in OpenSSL.
> 
> Is there such a best? Is there plan to add SET implementation to
> OpenSSL?
> Is there any other open SET implementations?

There's SETREF developed by Terisa one can get from Mastercard or Visa,
for free. At least it was the case couple of years ago.
SETREF was distributed, yes, without crypto.
I consider SETREF to be free enough, look the license terms for details.

However, tiny code was published to check RSA signature with SSLeay
for SETREF and it works for me.

Almost nothing resulted so no progress that way..

hope it helps,
Vadim
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

dublicates

[Vadim Fedukovich]

Hello,

dublicates are generated by public.guangzhou.gd.cn
and I dont know whom to contact there.

Please let us do something right instead of just complyning
"I have dublicates" back to the list driving traffic up.

One might want to blacklist this host on primary list server.

Thank all for yur patience,
Vadim

There are headers from old message that was on the list already:

Received: by en5.engelschall.com (Sendmail 8.9.2) for openssl-users-L
id OAA12639; Thu, 9 Mar 2000 14:50:14 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for
+<[EMAIL PROTECTED]>
from public.guangzhou.gd.cn id OAA12628; Thu, 9 Mar 2000 14:50:04 +0100
+(MET)
Received: from public.guangzhou.gd.cn([127.0.0.1]) by
+public.guangzhou.gd.cn(JetMail 2.3.2.5)
with SMTP id /aimcque/jmail.rcv/7/jma38c7f46e; Thu,  9 Mar 2000 13:47:55+-
Received: from opensource.ee.ethz.ch([129.132.7.153]) by
+public.guangzhou.gd.cn(JetMail 2.3.2.5)
with SMTP id /aimcque/jmail.rcv/4/jm2138c2b99e; Sun,  5 Mar 2000
+19:39:13 -
Received: by en5.engelschall.com (Sendmail 8.9.2) for openssl-users-L
id LAA04029; Sun, 5 Mar 2000 11:16:36 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for
+<[EMAIL PROTECTED]>
from www.positive.ee id LAA04024; Sun, 5 Mar 2000 11:16:31 +0100 (MET)

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

public.guangzhou.gd.cn

[Vadim Fedukovich]

Hello,

there's lots of old messages coming back to the list (example attached).
Does someone know how to fix it?

Regards,
Vadim
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: CRLS........

[Vadim Fedukovich]

On Wed, Apr 05, 2000 at 01:38:14AM -0400, Michael Harvey wrote:
> Be Nice ,..I am new
> 
> I Need Help with setting up CRL's
> I run a small www site for a special group
> I set up a Self signed CA
> 
> My Problem...
> each client has a cert that is checked
> How do create a Proper crl cert
> I tried. but they still can log in
> 
> or MSIE says "cannot determine the validity of this certificate because
>   it cannot locate a valid certificate revocation list"

It doesnt matter at all what MSIE says about CRLs for the purpose of
access control based on client certificates.

You might want to implement a logic like "allow access to some web area
to clients who knows private keys and have certificates signed by my CA".
Now, you probably find it's hard to revoke such a logic.

Solution is using client certificates as authentification and authorise
clients as the next, explicit step. Seems some coding is required here.
mod_auth_mysql would be an example, yes, one of examples

Hope this helps,
Vadim
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: How to encrypt and sign a file?

[Vadim Fedukovich]

On Wed, Apr 12, 2000 at 02:10:10PM -0500, Grebelsky, Konstantin wrote:
> I guess my first impression of sign.c was incorrect...
> What it does is create a signature for some data is this correct? So if I
> have to store the signature in the file I just have to append it, correct?

A well-known solution is to use "PKCS7 Signed Data".
You can put your file as contentInfo.content and signatue produced with
EVP_SignFinal() as signerInfos.SignerInfo.encryptedDigest.
Alternatively, to run EVP_Sign*() stuff on der-encoded authenticatedAttributes

> Basically I am trying to pass a file to a client, but client needs to be
> able to verify that the file is from me...

Using PKCS7 here will result in signatures verifiable with other tools
(not openssl-only).

> Also how can I encrypt the file
> before signing it?

Well, there's another one PKCS7, Envelped Data

Regards,
Vadim
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: non-hierarchical trust model?

[Vadim Fedukovich]

On Sun, May 07, 2000 at 09:51:06AM -0700, Claus Assmann wrote:
> Is there a "simple" way to achieve a non-hierarchical trust model
> within TLS?
> 
> The X.509 certificates currently allow only for one signature, right?
> If this is wrong, how can several CAs sign a certificate?

Signatures are expected to be basis for "authorize for XX"-class decisions
and PMI extensions might become an agreed way to do it.

[John Muller]
> New edition of the X.509 standard for Public Key Infrastructure and
> Privilege Management Infrastructure
> http://www.itu.int/ITU-T/itu-t_news/sg7_x509_press.htm

Regards,
Vadim

 PGP signature

Re: Version history

[Vadim Fedukovich]

On Thu, May 11, 2000 at 04:20:12PM +0200, Alexander 'Alfe' Fetke wrote:
> On Mon, 8 May 2000, Bill Klein wrote:
> 
> > Does anybody know where I can find the OpenSSL version
> > history. For example, if I wanted to know what has changed
> > between 0.9.5 and 0.9.5a where would I look. Can't seem to
> > find it on the site but I'm sure it's buried under there
> > somewhere. :)

CVS is a good tool to maintain software revisions and producing
diff files between any 2 revisions.
As a last resort, one can pickup 0.9.5 and 0.9.5a, put to own CVS
and generate a diff file.

> i did not see any reply to the question, but i was interested in an answer
> as well.

regards,
Vadim
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: libcrypto: Saving sensitive data on an Internet-connected computer.

[Vadim Fedukovich]

On Thu, Jun 22, 2000 at 11:55:12PM -0400, Steve Sobol wrote:
> ...
> I am most worried about people being able to get access to the
> database in the event root is compromised. (This is a Linux box that I
> am
> dealing with). After I sent my original question, I decided that the
> only 
> safe way to deal with this problem is to have the program that does the 
> decryption offline.
 
Well, "the only" sounds too strong. The secret sharing technique known
and one can use concept of "honest and strong majority" of database
share-holders. Probably one can get long-lived secrets with shares
re-calculations using periodic update based on "sharing the zero value"
to mix everything.

Regards,
Vadim
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

PKCS7_sign() and detached

[Vadim Fedukovich]

Hi,

is there a good reason to PKCS7_set_detached(,1) after
pushing data into p7bio? Is it Ok to set it before
PKCS7_dataInit()?

A memory-based BIO seems not required to hold to-be-signed
in this case but still is created affecting memory usage.

please comment,
Vadim


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: ATT: Robert Sandilands! (was Re: client authentication)

[Vadim Fedukovich]

Hi Albert,

On Mon, 31 Jul 2000, Albert Serra wrote:
> 
> a) The functions with "verify" in them is there to tell the server or
> client where the public keys and the CA's public keys are for verifying
> the other's keys. Those keys and the symbolic links associated with them
> is pretty important.

"directory-based" lookup method of Openssl use symbolic links
constructed as a hash of subject name from certificate or
issuer name from CRL. Any reason to name this a callback?

> b) verifiy is a callback function
> 
> For example:
> 
> int verify(int ok,X509_STORE_CTX *ctx)
> {
> printf ("Verify called\n");
> return 1;
> }

This callback will always return "Happy with the certificate in question",
no matter what. Good for debugging.

> c) int verify_callback(int ok,  X509_STORE_CTX *ctx)
> {
> 
> char buf[256];
> X509 *err_cert;
> int err,depth;
> 
> err_cert=X509_STORE_CTX_get_current_cert(ctx);
> err=X509_STORE_CTX_get_error(ctx);
> depth=  X509_STORE_CTX_get_error_depth(ctx);
> 
> return ok;
> 
> }

This callback can be used to print notes on certificate to-be-evaluated.
 
> According to answer a) what I have to add in the verify function. I use b)
> and for me it works, but I don't know if it does what it has to do.

Do you need to reject some certificates presented?
Expired, issued by another one CA, having something unexpected in
subject's name for example.

hope this helps,
Vadim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

example on secretBag in pkcs12 wanted

[Vadim Fedukovich]

Hi,

just hard to guess it..any example floating around?

thank you,
Vadim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: R: Generate a cert with certenr3.dll

[Vadim Fedukovich]

Hi Rosario,

if you need understanding, use specifications and source code.
Unix is almost always to be a synonym.

hope this will not mean OS war,
Vadim

On Fri, 1 Sep 2000, Rosario Riccio wrote:

> Hi...
> 
> Thanks very very much, especially to Arnaud De Timmerman: finally I've
> obtained a good cert for IE and OE using xenroll.dll instead of
> certenr3.dll.
> 
> And now. a new question!?!?
> 
> Someone could help me with understanding of the cryptic sequence defining
> certificate's scopes?
> 
> > request = xenroll.CreatePKCS10(DN, "1.3.6.1.5.5.7.3.2")
>---^^
> ^^-
> 
> Where can I find some documentation on this?
> 
> 
> Thanks to all
> 
> Rosario
> 
> 
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
> 

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Embedded private key

[Vadim Fedukovich]

Hi Andrew,

including private key into application binary means no protection
for that key other that "you should not reverse.." shrink-wrap.
Besides, private keys are best to be used generated by end-users,
to let them trust that keys. Please consider to review your
application's general design

best wishes,
Vadim

On Sat, 29 Jul 2000, Andrew Barnes wrote:

> I want to embed the private key in my application. 
> The openssl x509 -c -infile will not conver the
> private key.  How can I get the private ley in a form
> to embed in an application?
> 
> A code sample would be great.
> 
> Thanks in advance.
> Andrew Barnes P.Eng
> 
> __
> Do You Yahoo!?
> Kick off your party with Yahoo! Invites.
> http://invites.yahoo.com/
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
> 

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Making OpenSSL trust my own CA

[Vadim Fedukovich]

On Sat, 9 Sep 2000, Charles Walker wrote:

> I have written some client code which uses OpenSSL plus libwww to
> retrieve files from a server.  In the environment where this thing runs,
> we don't really care about authenticating the server, so we want to use
> a self signed certificate or make up our own little certificate
> authority.  We only want to use the server certificate as a means for
> sending the server's public key to the client.
> 
> When I run this application, somewhere down in OpenSSL it is deciding
> that the certificate is not trusted.  It seems to have some sort of
> store of trusted CA's, or something like that.  

Yes, a directory with funny "hash" names soft-linked to files
holding CA certificates.

> I need a way to call something in OpenSSL to tell OpenSSL that our own
> little certificate authority is trusted.  Does anybody know what I need
> to do?

Fast easy way would be to specify name of the file with your CA
certificate inside:
SSL_CTX_load_verify_locations(ctx, file, NULL)

hope it helps,
Vadim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Wildcard certificates.

[Vadim Fedukovich]

On Wed, 13 Sep 2000, Chan, Moses wrote:

> Folks, 
> 
> Could somebody tell me how to generate free wildcard certificates?
> Can I do this in OpenSSL?

One of use of wilcard certificate is "security proxy".

One should remember by doing this one effectively voids trust
in server validation provided by SSL.

It might be acceptable for personal use, when someone doing it
understand what exactly it means and willing to live without
verification.

Yes, one can issue a certificate with common name = *
using openssl

please think twice,
Vadim


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: certificate verification

[Vadim Fedukovich]

On Wed, 11 Oct 2000, Adam Wiggins wrote:

> 
> Greetings,
> 
>I am writing a client/server app in which the client needs to validate
> that the server it is connecting to is actually who it claims to be.
> The server is using a self-signed certificate.  The logic would
> (hopefully) be along the lines of:
> 
> 1. establish an SSL connection to a server
> 2. get their certificate

you might want to take a look at SSL specs to learn what exactly "get"
means.  it's not "login: " query!
dont reinvent the wheel with "garbage" (later)

> 3. verify that it matches the certificate I have stored locally
> 4. if not, break the connection, otherwise proceed
> 
>Esentially what I want to do is strcmp() the certificate I receive
> with my local one, but of course that's incredibly easy to spoof.
> 
>Currently the only option I can see is to generate some garbage data on
> the server side, encrypt that with the private key, send both the garbage
> and the encrypted garbage (signature) to the client, then have the client
> decrypt those with the public key and make sure they match.

one is not required to send the "garbage". if the other side can decrypt
and use to keep talking, that's enough to prove holding right private key

>This seems like something that would be built into the SSL negotiation,
> however there are a huge list of functions, most of which are undocumented.
> I can't seem to figure which one(s) I would want to use.
> 
>There is a bunch of stuff related to tracing back "trusted" certificates,
> but I really only want one certificate to be valid, one that I include
> in my code as a static string.

most likely you mean some criteria while writing "valid" and that
list of conditions not always the same for different people/projects.

that's the reason for "bunch of stuff" implemented

>Any tips much appreciated.

most likely X509_cmp() will be good to ensure "certificate is the same"

good luck,
Vadim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: SSL + VirtualHost in Apache 1.3.x

[Vadim Fedukovich]

On Fri, 13 Oct 2000, Poetsch, Michael wrote:

> Hello Apache user community,

Michael,

this is not exactly apache list, anyway:

> does anybody know if it is possible to configure multiple virtual hosts with
> different SSL certificates? Basically it should be possible to include all
> SSL related directives in a  ...  section?

yes, one can include several virtual hosts in apache config

> Would that work?

One should realize virtual hosts depends on processing "Host: "
HTTP header, which is available only after SSL handshake.
This means one can run some restricted set of virtual hosts whose
names match "wildcarded" server certificate.
box1.company.com, box2.company.com and certificate for "*.company.com"
would be an example. Beware features of IE on processing wildcarded
certificates.

good luck,
Vadim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: SSL + VirtualHost in Apache 1.3.x

[Vadim Fedukovich]

On Fri, 13 Oct 2000, Norman Mackey wrote:

> Shouldn't it be possible to configure Apache/OpenSSL to
> handle name-based virtual hosting using TLS?  Apparently

Norman,

I believe it was made clear already. The only point to add
is a recent RFC on "Upgrade to TLS".

> ARIN thinks so, since they've adopted a policy of not
> issuing IPs for virtual hosts anymore.

You still can tell them exactly why you need different IPs
for different https:// hosts. Hope you are not thinking
to get a server certificate issued for "*.com" instead.

> I'm desperately searching for the instructions to do so,
> assuming it is indeed possible, and I would be eternally 
> grateful if someone could point me to any.

All you need is to push that "Upgrade" implementation
into popular browsers base :)   and Apache. Well, I believe
the latter is quite doable

best wishes,
Vadim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Looking for an HTTPS client for NT C/C++

[Vadim Fedukovich]

On Fri, 24 Nov 2000, Deepak Taneja wrote:

> Hello
>  i'm getting problem in compiling Diffle hellman algorithm . please help
> me that what should be done . i mean which file is  to be compiled as there i'm
> tring to compile p1024.c . there is BN_BL_CTX struc is missing . If anyone has
> compile please tell me the procedure . i'll be very thankfull as i need it
> urgntly

OS? compiler? Any problem building openssl library?

> And also what algo is to use to generate Public and private key

Good PRNG for DH private key, modulo exponentiation for public one.
Besides, one need to choose or generate "DH parameters".

good luck,
Vadim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Alternative solutions to OpenSSL & 40 bit keys

[Vadim Fedukovich]

On Mon, 4 Dec 2000 [EMAIL PROTECTED] wrote:

> A developer among our team has informed us that OpenSSL
> cannot generate 40 bit keys (48 bit is the bare minimum).
> Is this true?

Which exactly algorithm do you mean?

An example: freeswan (.org) choose to drop support
for the weak cipher (DES) completely at price breaking specifications.

> We need a good library for SSL communications under VC6.

OpenSSL is good enough to buld applications featuring strong
protocols and siphers, if the team mentioned interested
exactly in this instead of VC6 as primary goal.

> I haven't spent too much time with OpenSSL myself but from
> the looks of it, the documentation is poor. I don't want to bother
> wasting my time trying to gather the information that I (and the
> rest of our team) needs. Our company has no objection in
> purchasing something that will ease our development.

Using 40-bit keys for major symmetric algoritms is exactly
waste of time and fooling customers.

> Would any among you recommend a suitable alternative to OpenSSL
> and state the reasons why the recommendation.
> Would any among you say that OpenSSL is the best solution
> (if the statement on my first line above is not true).

40 bits for RSA is nonsence.

> Many thanks,
>
> Angelo

please think twice,
Vadim


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: How to make a CA signed certificate (in code)

[Vadim Fedukovich]

Kim,

since X.509 certificate is somethingToBeSigned and signature over that
once can use X509_sign() to do it. Probably you mean certify_cert()
and, yes, lots of parameters there to specify certificate content.

Regards,
Vadim

On Fri, 16 Feb 2001, Hellan,Kim KHE wrote:

> Hi
>
> I'm trying to make a CA signed certificate. I already have composed/loaded
> all of the following "parts" for the certificate:
>
> EVP_PKEY* pCAKey; /* CA private key */
> X509*  pCACert;   /* CA root certificate */
> X509_NAME* pX509Subject;  /* Certificate subject */
> EVP_PKEY* pPubKey;/* Certificate public key */
> STACK_OF(X509_EXTENSION)* pExtensions;/* X509v3 extensions */
> unsigned long ulNoDaysValid;  /* Valid_from is the current time */
> unsigned long ulCertSerialNo;
>
> Now I "just" need to combine all this into a certificate. I have looked at
> the CA/X509 apps, but its a bit confusing since they contain a lot of code
> that I don't really need, since I have all the "parts" ready and I don't use
> a config file. I also looked at the X509_Certify() function, but it has so
> many arguments and some of them I don't event know what are.
>
> I would really appreciate if someone could help me how to get the last bit
> of the way, composing and signing the certificate.
> Any hints are welcome!
>
> TIA
> Kim Hellan
> KMD / KMD-CA
> http://www.kmd-ca.dk
> Mailto:[EMAIL PROTECTED]
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: SV: How to make a CA signed certificate (in code)

[Vadim Fedukovich]

On Wed, 21 Feb 2001, Hellan,Kim KHE wrote:

> Hi Vadim
>
> Maybe this is a stupid question, but to make a CA signed certificate do you
> then first have to make a selfsigned certificate and then get the CA to sign
> that certificate?

To sign something, a private (rsa) key is required only and X509_sign()
will do that. One should fill details into cert_info of X509 before
signing and specify hash algorithm.

> As far as I can see, this is how certify_cert() works.

One can pickup subject's public key and name from the self-signed
certificate as an option.

> But anyway, do you have any hints about what I should do to get from X.509
> "parts" I already have loaded to a self-signed or CA-signed certificate.

The difference is issuer name and private key used for signing

regards,
Vadim

>
> Any help appreciated!
>
> TIA
> Kim Hellan
>
> Fra: Vadim Fedukovich [mailto:[EMAIL PROTECTED]]
> Emne: Re: How to make a CA signed certificate (in code)
>
> since X.509 certificate is somethingToBeSigned and signature over that
> once can use X509_sign() to do it. Probably you mean certify_cert()
> and, yes, lots of parameters there to specify certificate content.
>



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: X509_REQ_to_X509 has a bug ?

[Vadim Fedukovich]

Andras,

you may want to handle private key some other way, namely
dont free() it.

hope this helps,
Vadim

On Wed, 18 Apr 2001 [EMAIL PROTECTED] wrote:

>
> Hi all.
> I've made a function, which takes as params an x509 certificate request,
> the ca's private key, and certificate, and makes a signed certificate.
> First I convert the x509_req structure to x509 with X509_REQ_to_X509, and
> after that I sign the certificate, set the extensions, etc., and finally
> clean up the memory.
>
> The problem is the following. When my function is invocated second time,
> the program crashes at the calling of X509_REQ_to_X509.
> Does  X509_REQ_to_X509 has some bugs ?
>
>
> Here is the code:
>
> X509 *sign_certificate(X509_REQ *request, X509 *ca_certificate, RSA
> *ca_private_key, int days, int prupose)
> {
> X509 *certificate=NULL;
> EVP_PKEY *pkey = NULL;
> X509_EXTENSION *extension = NULL;
> if ((request !=NULL) && (ca_certificate !=NULL) &&
> (ca_private_key!=NULL))
> {
> EVP_PKEY_assign_RSA(pkey, ca_private_key);
> certificate=X509_REQ_to_X509(request, days, pkey);
> X509_sign(certificate,pkey,EVP_md5());
> X509_set_issuer_name(certificate,
> X509_get_subject_name(ca_certificate));
> if (prupose == SIGNATURE)
> {
> extension = X509V3_EXT_conf_nid(NULL, NULL,
> NID_key_usage, "digitalSignature");
> X509_add_ext(certificate,extension,-1);
> extension = X509V3_EXT_conf_nid(NULL, NULL,
> NID_key_usage, "nonRepudiation");
> X509_add_ext(certificate,extension,-1);
> }
> else //prupose = encryption
> {
> extension = X509V3_EXT_conf_nid(NULL, NULL,
> NID_key_usage, "keyEncipherment");
> X509_add_ext(certificate,extension,-1);
> extension = X509V3_EXT_conf_nid(NULL, NULL,
> NID_key_usage, "nonRepudiation");
> X509_add_ext(certificate,extension,-1);
> }
> X509_EXTENSION_free(extension);
> EVP_PKEY_free(pkey);
> }
> return(certificate);
> }
>
> Thank you.
> Andras
> __
> OpenSSL Project http://www.openssl.org User Support Mailing List
> [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
>


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: does s_server accept PUT command?

[Vadim Fedukovich]

Patric,

an apache module from http://www.webdav.org may fit your
test environment (if used with mod_ssl or apache_ssl).
Described behaviour is likely covered by rfc2518 (WEBDAV),
section 8.7.1
Please note PUT method have nothing to do with this list.

good luck,
Vadim

On Mon, 30 Apr 2001, Patrick Li wrote:

> I developed a SSL client adapter program and need to get some tool to test
> it out.
> s_server is great as it supports HTTP GET but in order to complete my test,
> I need a tool to support PUT as well.
>
> I am thinking of doing a PUT (send a file to a server) and then a GET
> (retrieve the same file from the server).  By comparing the file sent and
> the file received, I know the sending and receiving big chuck of data are
> working.
>
> I don't have much of choices right? It is either I modify s_server to
> support PUT or install mod_ssl.
> Anyone has other idea?
>
> Thanks
> Patrick
>
> - Original Message -
> From: Richard Levitte - VMS Whacker <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Sunday, April 29, 2001 11:52 PM
> Subject: Re: does s_server accept PUT command?
>
>
> > From: "Patrick Li" <[EMAIL PROTECTED]>
> >
> > pcwli> Does the s_server only supports the GET HTTP command when
> > pcwli> running with -WWW option?  I tried with PUT HTTP command and it
> > pcwli> is not working.  I check the source code in apps/s_server and
> > pcwli> it does not have code to handle any HTTP command except GET.
> >
> > s_server is just a test tool!  If you want t full-blown HTTP server,
> > use Apache with mod_ssl or something equally suitable.
> >
> > --
> > Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
> > Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
> > Redakteur@Stacken   \  SWEDEN   \ or +46-709-50 36 10
> > Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
> > Member of the OpenSSL development team: http://www.openssl.org/
> > Software Engineer, Celo Communications: http://www.celocom.com/
> >
> > Unsolicited commercial email is subject to an archival fee of $400.
> > See  for more info.
> > __
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List[EMAIL PROTECTED]
> > Automated List Manager   [EMAIL PROTECTED]
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Embedded SSL and randomness

[Vadim Fedukovich]

Lee,

unpredictable random numbers required for ssl client to set
pre-master secret, client key exchange message, rsa mode.
One can run a "reverse" solution with SSL client on a web server.
Unfortunately this breaks HTTPS. However, you still have
a secure solution and a CA in business :)

would this fit your environment? "gather initial entropy" step?
please be cautious and think twice before actually going this route.

-vf

On Fri, 4 May 2001, Lee Webber wrote:

> At 04:10 PM 5/4/01 +0300, Andreas Bäck wrote:
>
> >The core question is what [it] takes to port it to an embeded system.
>
> FWIW: my number one worry about porting SSL to an embedded system is where
> I get my entropy.  Because my company sells embedded OS's to end
> developers, I need a general solution if possible.
>
> So where does the randomness come from on startup?  No users, no mouse or
> keyboard input, no unpredictable thread activity...  I can get a little
> randomness from clock skew, if I'm willing to wait forever to gather it.  I
> can get some more from arrival of network packets -- except that by the
> time network packets start arriving I'd better already be seeded.
>
> That leaves two possibilities, external sources (including unused sound
> cards) and the Intel 81x chipset.  Both of these have the drawback that no
> one solution is always available.
>
> Finally, I can start the system out insecure, have it train up to
> sufficient entropy, and then store the entropy for future use.
>
> The above is all I've been able to find on the Internet.  Have I missed
> anything?
>
>
> **
> This email, and any files transmitted with it, are confidential
> and intended solely for the use of the individual or entity to
> whom they are addressed. If you have received this email
> in error please advise [EMAIL PROTECTED]
> **
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Embedded SSL and randomness

[Vadim Fedukovich]

On Fri, 4 May 2001, Dilkie, Lee wrote:

> It is critical to get the initial seed with as much entropy as possible

yes, it's traditional way to keep openssl' PRNG happy.
However, "a random" inside "server hello" is sent in clear
and it may be appropriate to use low-quality clock-based source here.
One can outsource "SSL client" role out of embedded system
to let the other party generate premaster secret.

-vf


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: PKCS#7 signed and enveloped message padding question

[Vadim Fedukovich]

On Mon, 9 Jul 2001, Alexander op de Weegh wrote:

> Hi all,
> I have padding question.
> I am using the following code for creating a PKCS#7
> signed and enveloped message:
>
> X509 *signer, *recipient;
> RSA *signkey;
> p7 = PKCS7_new();
> PKCS7_set_type(p7, NID_pkcs7_signedAndEnveloped);
> PKCS7_add_certificate(p7, signer);
> PKCS7_add_certificate(p7, recipient);
> pkey = EVP_PKEY_new();
> EVP_PKEY_assign_RSA(pkey, signkey);
> si = PKCS7_add_signature(p7, signer, pkey, EVP_md5());
> ri = PKCS7_add_recipient(p7, recipient);
> PKCS7_set_cipher(p7, EVP_des_ede3_cbc());
> p7bio = PKCS7_dataInit(p7, NULL);
> BIO_write(data, datalen);
> PKCS7_dataFinal(p7, p7bio);

I was capable to decode plaintext and verify the hash using
the code attached, linked against 0.9.6b

> After doing this, I write the PKCS#7 message as PEM, send it to another
> machine and decode it there. I get an error, saying the no valid padding is
> found.

What was the code that says that? Any more details on the error?

> Which is quite logical, if you ask me, since the data that is
> encrypted using 3DES is not padded at all. So, I add padding and then do the
> BIO_write(). Then the other machine, complaints about an invalid signature.
> Which is also logical, because the receiver decrypts the data, removes the
> padding and then calculates the hash and compares it with the signature.
> But, on the sender's side, the signature is calculated including the
> padding!
>
> Help! What should I do?

Hope this code could be useful.
Please remember to read http://eprint.iacr.org/2001/045/ps.gz
before choosing SignedAndEnveloped, Signed-inside-Enveloped or friends.

regards,
Vadim


/* PKCS7 Signed And Enveloped basic operations
 */

#include 
#include 
#include 

#include 
#include 
#include 
#include 

int main() {
  PKCS7 *enc, *dec;
  BIO *p7bio, *fl;
  EVP_CIPHER *cph;
  PKCS7_SIGNER_INFO *si;
  PKCS7_RECIP_INFO *ri;
  X509 *recpt, *signer;
  EVP_PKEY *dec_key, *sig_key;
  int sz, res;
#define BIG 10*1024
  unsigned char *p, bf[BIG], *src = "Some data", decoded[BIG];

  OpenSSL_add_all_algorithms();
  ERR_load_crypto_strings();
  // init PRNG!

  fl = BIO_new_file("recpt.cert", "r");
  recpt = PEM_read_bio_X509(fl, NULL, NULL, NULL);
  BIO_free(fl);
  assert(recpt != NULL);

  fl = BIO_new_file("recpt.key", "r");
  dec_key=PEM_read_bio_PrivateKey(fl, NULL, NULL, NULL);
  BIO_free(fl);
  assert(recpt != NULL);

  fl = BIO_new_file("signer.key", "r");
  sig_key=PEM_read_bio_PrivateKey(fl, NULL, NULL, NULL);
  BIO_free(fl);
  assert(sig_key != NULL);

  fl = BIO_new_file("signer.cert", "r");
  signer = PEM_read_bio_X509(fl, NULL, NULL, NULL);
  BIO_free(fl);
  assert(signer != NULL);

  // prepare an PKCS7
  enc = PKCS7_new();
  assert(enc != NULL);

  res = PKCS7_set_type(enc, NID_pkcs7_signedAndEnveloped);

  PKCS7_content_new(enc, NID_pkcs7_data);

  cph = EVP_des_ede3_cbc();
  res = PKCS7_set_cipher(enc, cph);
  ri = PKCS7_add_recipient(enc, recpt);
  assert(ri != NULL);

  si = PKCS7_add_signature(enc, signer, sig_key, EVP_sha1());
  assert(si != NULL);

  p7bio = PKCS7_dataInit(enc, NULL);
  sz = BIO_write(p7bio, src, strlen(src));
  assert(sz != 0);
  BIO_flush(p7bio);
  res = PKCS7_dataFinal(enc, p7bio);
  assert(res != 0);

  // DER-encode
  p = bf;
  sz = i2d_PKCS7(enc, &p);

  // output/input encoded PKCS7

  // decode
  p = bf;
  dec = d2i_PKCS7(NULL, &p, sz);
  p7bio = PKCS7_dataDecode(dec, dec_key, NULL, recpt);
  assert(p7bio != NULL);

  sz = BIO_read(p7bio, decoded, BIG);

  if(sz == strlen(src))
printf("Length Ok\n");

  if(!strncmp(src, decoded, sz))
printf("Data Ok\n");

  // actually, scan signers instead
  si = sk_PKCS7_SIGNER_INFO_value(dec->d.signed_and_enveloped->signer_info, 0);
  assert(si != NULL);

  // try to match calculated and decrypted digests
  // one should verify certificate(s) as well.
  res = PKCS7_signatureVerify(p7bio, dec, si, signer);
  if(res == 1)
printf("Signature Ok\n");

  return 0;
}

Re: PKCS#7 enveloped message problem

[Vadim Fedukovich]

On Fri, 3 Aug 2001, Frank Geck wrote:

> I have the same issue. I used the openssl rand -out randfile 1024.  this created
> the random bit file.  I pointed RANDFILE to this file and get the same error
> PRNG not seeded.
>
> By the response below do I take it that the supplied enc.c program is wrong and
> we need to add RAND_seed()?

..or patch kernel to get random device.

I'd rather say it's a bit lazy code. Yes, me guilty as well while making
some examples. Everything is Ok there regarding PKCS7.
The only point is one could consider to use OAEP for new development.
Still everyone is *required* to care his PRNG himself to do
any crypto for production. Point is openssl code will read random device
available on some OS including linux and freebsd resulting in
such an example program running there.

have fun with never-ending "seed your PRNG!" story,
Vadim


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Corrected: Redhat 7.1/openssl0.9.6b

[Vadim Fedukovich]

On Mon, 13 Aug 2001 [EMAIL PROTECTED] wrote:

> I am trying to install openssl-0.9.6b onto a Linux REDHAT 7.1 server.
> This is my first install of openssl-0.9.6b on REDHAT 7.1 .  ON REDHAT 6.4
> openssl-0.9.6b works just fine.
>
> All seems to go fine with install and creating key/csr/crt files.

however here's plaintext response on 443 port for some reason
use logfile(s) of the listener

> when testing for operation with the command:
>
> openssl s_client -debug -state -connect localhost:443 -ssl3
>
> The following output is recieved:
>
> CONNECTED(0003)
>
> SSL_connect:before/connect initialization
>
> write to 08154620 [0815E3D8] (90 bytes => 90 (0x5A))
>
>  - 16 03 00 00 55 01 00 00-51 03 00 3b 74 1b 19 f3   U...Q..;t...
>
> 0010 - 69 21 6d 34 cf 24 61 d0-c4 89 d1 f4 cd ee e4 e6   i!m4.$a.
>
> 0020 - c1 f4 fc 9c b8 e5 d7 5b-55 83 ca 00 00 2a 00 16   ...[U*..
>
> 0030 - 00 13 00 0a 00 66 00 07-00 05 00 04 00 65 00 64   .f...e.d
>
> 0040 - 00 63 00 62 00 61 00 60-00 15 00 12 00 09 00 14   .c.b.a.`
>
> 0050 - 00 11 00 08 00 06 00 03-01.
>
> 005a - 
>
> SSL_connect:SSLv3 write client hello A
>
> read from 08154620 [08159BC8] (5 bytes => 5 (0x5))
>
>  - 3c 21 44 4f 43
> write to 08154620 [08163C60] (7 bytes => 7 (0x7))
>
>  - 15 21 44 00 02 02 28  .!D...(
>
> SSL3 alert write:fatal:handshake failure
>
> SSL_connect:error in SSLv3 read server hello A
>
> 22796:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
> number:s3_pkt.c:
> 279:
>
> When testing with the command:
>
> openssl s_client -debug -state -connect localhost:443 -ssl2
>
> The following output is received (the command hangs after presenting the
> last line)
>
> CONNECTED(0003)
> SSL_connect:before/connect initialization
> write to 08164348 [0815B511] (51 bytes => 51 (0x33))
>  - 80 31 01 00 02 00 18 00-00 00 10 07 00 c0 05 00   .1..
> 0010 - 80 03 00 80 01 00 80 08-00 80 06 00 40 04 00 80   @...
> 0020 - 02 00 80 84 7f 3f 80 d3-f2 f9 c9 e4 18 85 0c a0   .?..
> 0030 - 9e 1e fb  ...
> SSL_connect:SSLv2 write client hello A
>
>
> Any assistance will be greatly appreciated..
>
> Tim Blanchette
> 
> Technical Operation/Web Development
> Christensen Computer Company
> www.cccsoft.com
>
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: PKCS7 verification between CryptoAPI & OpenSSL

[Vadim Fedukovich]

On Wed, 15 Aug 2001, Khassaia, Amir wrote:

>
> Hi,
> I've encountered the following problem:
> I generate PKCS#7 detached & signed data using CryptSignMessage() in
> CryptoAPI and try to verify it using OpenSSL but I get an OpenSSL Error:
> {error:2107106C:PKCS7 routines:PKCS7_signatureVerify:unable to fi
> nd message digest}.

There are Authenticated Attributes in SignerInfo and no message digest
attribute or something wrong with it.

> I tried using PKCS7_dataVerify() and PKCS7_signatureVerify() invoked for
> each signer certificate in the PKCS#7 object. PKCS7_DataVerify() finds the
> certifcate status valid before invoking PKCS7_signatureVerify() and failing
> as stated above...

It is PKCS7_signatureVerify() that will try to
PKCS7_digest_from_attributes().

> CryptoAPI manages to verify its own PKCS#7 data however, is this due to the

:)

> byte ordering of signatures which some other people have been refering to
> over the past or did I miss something fundamental ?

Here's good news: pkcs7 specifications are public.
pkcs7 data sample could help to see details.

Regards,
Vadim


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: RSA Digital Signature questions

[Vadim Fedukovich]

hi Kim,

On Tue, 28 Aug 2001, Hellan,Kim KHE wrote:

> I'm looking for an example of a "RSA Digital Signature Using Hash Function"
> (text followed by the signature).

Probably the most relevant data structure is PKCS7 Signed.

> Does anyone know where to find a more technical description of such a
> signature (like the ASN.1 syntax) ?

One could pickup PKCS7 and PKCS1 specifications from RSA website.

Regards,
Vadim

> Does anyone have a sample of such a signature including the public key to
> verify it ?
>
> And finally..
> What OpenSSL functions can verify such a signature and extract the text?
>
> Thanks,
> Kim Hellan
> KMD / KMD-CA
> http://www.kmd-ca.dk
> Mailto:[EMAIL PROTECTED]
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: PEM stored in memory, not in file

[Vadim Fedukovich]

On Mon, 27 Aug 2001, Arno Puder wrote:

>
> Hi,
>
> certificates and private keys are usually stored in PEM-formatted files
> and are loaded using the functions SSL_CTX_use_certificate_file() and
> SSL_CTX_use_PrivateKey_file().
>
> If I want to hard code the keys in my application, such as
>
> char* certificate = "-BEGIN CERTIFICATE-"
> "MIIC1...";
>
> is there an API that I can use in this case to initialize the keys?

It's great idea to hard-code a certificate. However, one should
think twice before doing that with private keys.
Wonderful "strings" tool available effectively voiding attempts
to keep private keys private in such an environment.
Another (light-weight) crypto technique could suit it easier providing
the same (low) level of assurance. There may be a chance to do
some protocol and keep secrets outside executables. Communications
are cheap and ubiquitous nowdays..

Regards,
Vadim


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: X.509 Encoding of DH Public Key

[Vadim Fedukovich]

On Fri, 31 Aug 2001, Mark Kilfoil wrote:

> Someone had this exact question a month ago, and I find myself with
> the same problem..  There were no responses, so I'm hoping it just
> got lost in the shuffle.
>
> The original message was:
>
> > I am attempting to have a C++ client do a Diffie Hellman key exchange
> > with a server written in java. I generate the keys using openssl's
> > DH_generate_key function and need to send the public key across the
> > wire to my java server.
> >
> > My java server needs this key to be X.509 encoded so I can pass the
> > byte stream into a X509EncodedKeySpec constructor. What is the best way
> > to perform this encoding?

"X.509 encoding" applies to certificate, not for DH public key.
The latter is actually one (big) number and this may be the reason
nobody bothers to design an ASN.1 encoding.

> Anyone have an answer?  (I need this rather urgently, so I would
> appreciate any help..)

One could figure out how exactly the other end want to get DH public key.
Well, given DH parameters were choosen or negotiated already.

Regards,
Vadim

> Thanks!
>
> MK
> --
> Mark Kilfoil, Senior Programmer/Analyst
> ASG Technologies (506) 460-5400 ext 212
> <[EMAIL PROTECTED]>
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: try to help me X509_get_version

[Vadim Fedukovich]

On Thu, 6 Sep 2001, Zulkiffli Mohd Nur wrote:

>
> hello.
>
>
>
> i have a problem how to read version and serial number from certificate.

X509_get_version() will return a long that could be printed using %ld
specification.

>
> just now i have a certificate.
>
>
>
> the code like this
>
>
>
> #include 
> #include 
> #include 
>
>
>
>
> main()
> {
>X509 *x;
>FILE *fp;
>EVP_PKEY *  pkey;
>
>long version;
>   char * s;
>
>
>
>
>if ((fp=fopen("C:\\CryptoWeb\\backup 492001\\Haizad.crt","r")) != NULL)
>{
>   x=X509_new();
>   if (PEM_read_X509(fp,&x,NULL,NULL)!=NULL)
>  printf("\nReading success!\n");
>else
>
>{
> printf ("\nError reading certificate!");
>exit (1);
>   }
>   printf("\nCertificate value: %s",x);
>  version = X509_NAME_oneline(X509_get_version(x), NULL,NULL);
>  printf ("\nVersion:  %s\n",version);
>
>
>   s = X509_NAME_oneline(X509_get_subject_name(x),NULL,NULL);
>   printf("\nSUBJECT NAME:  %s\n",s);
>   s = X509_NAME_oneline(X509_get_issuer_name(x),NULL,NULL);
>   printf("\nISSUER NAME:  %s\n",s);
>
>
>
>   /* Get public key - eay */
>   pkey=X509_get_pubkey(x);
>   if (pkey == NULL) {
>printf ("\nPublic key error!");
>exit (1);
>   }
>
>   if (pkey == NULL) {
> printf ("\nPublic key is NULL!");
>exit (1);
>   }
>   else
>printf ("Public key found!");
>
>
>
>   printf("\nPublic key:");
>   RSA_print_fp(stdout,pkey->pkey.rsa,0);
>
>
>
>   X509_free(x);
>   fclose(fp);
>}
>else
>   perror("ERROR, haizad.crt");
>
>
>
> }
>
> this code have some error.
>
> can you help me give any example.
>
> please reply as soon as possible.
>
> thank you
>
>
>
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Cross Certification

[Vadim Fedukovich]

On Mon, 22 Oct 2001, Ravi Prakash B.V. wrote:

> Dear All,
>
> I do not receive any reply for this.
> Any pointers will be appreciated.

What is the application that could benefit from cross certification?
Alternatively, what is the logic that requires cross certification?

thank you,
Vadim

> Ravi Prakash B.V.
>
>
>
> "Ravi Prakash B.V." wrote:
> >
> > Dear all,
> >
> > I want to establish cross certification between two different independent
> > CAs. How is it possible?
> >
> > Any pointers/links/docs for the above.
> >
> > Thanks in Advance,
> > Ravi Prakash B.V.
> >
> > __
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List[EMAIL PROTECTED]
> > Automated List Manager   [EMAIL PROTECTED]
>
> --
> I am NOMAD!

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

interface for passing OAEP padding parameter

[Vadim Fedukovich]

Dear openssl team,

what is the best way to specify OAEP parameter for RSA operations?
Currently, RSA_eay_public_encrypt() and RSA_eay_private_decrypt()
will always pass NULL to RSA_padding_add_PKCS1_OAEP() and
RSA_padding_check_PKCS1_OAEP() respectively.

thank you,
Vadim
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: rsa signature values

[Vadim Fedukovich]

Bill,

one good way to get this resolved is to outline ISO signature,
namely data format, digest and padding used as well as other
relevant details. A signature example (and the key used to make it)
could also help.

What is "intermediate signature"?

regards,
Vadim

On Mon, 8 Oct 2001 [EMAIL PROTECTED] wrote:

> Hi,
>
> I am attempting to utilise the OpenSSL RSA functionality to verify UN
> standard Edifact files with AUTACK messages containing a signature which has
> been generated using the SHA-1 digest. Also I need to produce a
> corresponding outgoing AUTACK with an embedded signature attached to the Ack
> or Nak message.
>
> I have been able to sign and verify locally using the SSL software but my
> problem is the intermediate signature does not match that expected by the
> 3rd parties we deal with. Indeed they do not match examples given by the
> Edifact documentation in the worked examples. I get the expected digest
> values but the RSA  generated signature is completely different.
>
> The Edifact documentation says the RSA verification should comply with
> ISO9796-1. I can find no mention of ISO standards at all in the release so
> maybe you can confirm whether or not this might be the problem.
>
> Thanks in advance,
>
>
>
> Bill Cotton
>
>
> _
> Notice to recipient:
> This e-mail is meant for only the intended recipient of the transmission,
> and may be a communication privileged by law. If you received this e-mail in
> error, any review, use, dissemination, distribution, or copying of this
> e-mail is strictly prohibited.
>
> When addressed to our clients any opinions or advice contained in this
> internet e-mail are subject to the terms and conditions expressed in any
> applicable governing terms of business or client engagement letter issued by
> Bank of America.
>
> Both Bank of America, N.A and Banc of America Securities Limited are
> regulated by The Securities and Futures Authority.
> _
>
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

ASN.1 encoding of negative integers

[Vadim Fedukovich]

hi,

what are the rules or known-good examples of negative number encoding?
I'm trying to encode -2 as part of currency-amount-power sequence
and Peter Gutmann's dumpasn1 tool shows it as -254.

Any problem regarding negative number handling at the code attached?
Hope it's good enough to drive debugger

thank you,
Vadim

   0 30   11: SEQUENCE {
   2 022:   INTEGER 840
   6 022:   INTEGER 735
  10 021:   INTEGER -254

: Warning: Integer has a negative value
:   }


/* ASN.1 handling code (c) Vadim Fedukovich 2001
 * work-in-progress; please use for bug hunting only 
 */

#include 
#include 

typedef enum {CURRENCY_USD=840} CurrencyCode;

struct set_CurrencyAmount_st {
  ASN1_INTEGER *code;
  ASN1_INTEGER *amount;
  ASN1_INTEGER *power;
};
typedef struct set_CurrencyAmount_st SET_CurrencyAmount;

ASN1_SEQUENCE(SET_CurrencyAmount) = {
  ASN1_SIMPLE(SET_CurrencyAmount, code, ASN1_INTEGER),
  ASN1_SIMPLE(SET_CurrencyAmount, amount, ASN1_INTEGER),
  ASN1_SIMPLE(SET_CurrencyAmount, power, ASN1_INTEGER)
} ASN1_SEQUENCE_END(SET_CurrencyAmount)

IMPLEMENT_ASN1_FUNCTIONS(SET_CurrencyAmount)

#define SZ 2048
int main() {
  SET_CurrencyAmount *amt;
  int sz, amount = 735;  // 7 dollars 35 cents, power -2
  unsigned char buff[SZ], *pp;

  amt = SET_CurrencyAmount_new();

  ASN1_INTEGER_set(amt->code, (long)CURRENCY_USD);
  ASN1_INTEGER_set(amt->amount, (long)amount);
  ASN1_INTEGER_set(amt->power, -2L);
  
  pp = buff;
  sz = i2d_SET_CurrencyAmount(amt, &pp);
  fwrite(buff, sz, 1, stderr);

  return 0;
}



amt
Description: Binary data

RE: Apache mod-ssl: VirtualHost and certificates

[Vadim Fedukovich]

hi,

this will work for unique port numbers only.
Here's no chance to run a bunch of standard-SSL virtual hosts
on one single 443 port and I guess it was the question.
One could do that on different IP numbers

regards,
Vadim

On Fri, 30 Nov 2001, Amol Natu wrote:

> Hi Shlomi
>
> You would need to include certificate related directives under the section
> defined for each virtual host within the httpd.conf.
> e.g:
>
> 
> Port 'port_number'
> ServerName server_name
> SSLCertificateFile /location/certificate_file_name
> SSLCertificateKeyFile /location/key_file_name
> SSLCertificateChainFile /location/certchain_file_name
> SSLCipherSuite
> ...
> ..
> 
>
>
> Regards
> Amol
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Shlomi
> Sent: Friday, November 30, 2001 2:00 AM
> To: [EMAIL PROTECTED]
> Subject: Apache mod-ssl: VirtualHost and certificates
>
>
> Hi all,
>
> Is someone know if there is a way to use a certificate for each domain on a
> server which configured to use VirtualHost (a single IP for all of the
> domains) ?
>
> I am trying to configure Apache (mod-ssl) to use a certificate for each
> VirtualHost but without success.
>
> Each VirtualHost needs a private key and a certificate, but the browser
> receives the main certificate for all of the domains.
> How can I set it to send the relevant certificate for each domain ?
>
>
> Thank you in advance,
>
> Shlomi.
>
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: ssl-cert-HOWTO.txt for review

[Vadim Fedukovich]

Andrew,

openssl is rather "mixer" than "generator" or random data.
No deterministic (ok, stable) program can make something random.
To make a random secret one need some input unavailable to attacker.
/dev/random is "internal" enough and could be quite a good one.

regards,
Vadim

On Mon, 3 Dec 2001, Andrew Finnell wrote:

>   If openssl can generate random data and spit it out in a file then
> why use a file to begin with? Can't openssl ( tool ) just generate its
> random data internally and use that? I think that's a lot safer than
> spitting it out to a file and prevents less problems with the random data
> getting deleted/viewed.
>
> - Andrew
>
> -
> Andrew T. Finnell
> Software Engineer
> eSecurity Inc
> (321) 394-2485
>
>
> > -Original Message-
> > From: Marcus Redivo [mailto:[EMAIL PROTECTED]]
> > Sent: Saturday, December 01, 2001 7:14 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: ssl-cert-HOWTO.txt for review
> >
> >
> > Hello Fiel,
> >
> > Thanks for the comments.
> >
> > At 10:45 AM 12/1/01 -0800, Fiel Cabral wrote:
> >
> > >My suggestion is to include info about the RANDFILE
> > >variable. I set RANDFILE=$HOME/.rnd in my environment
> > >and in the configuration file (the default value:
> > $ENV::HOME/.rnd). If
> > >.rnd doesn't exist, I just copy a file to it (usually a
> > binary file or
> > >a random-looking log file).
> >
> > I did not mention the RANDFILE, and in fact left it out of
> > the example configuration, because I was under the impression
> > that if I had /dev/*random I did not need it.
> >
> > If this is not true, could someone please correct me? Thanks.
> >
> > Now, the RANDFILE candidate. Using a binary or a log is
> > nowhere near random enough. Fortunately, openssl has a
> > command to create a better random file:
> >
> > # openssl rand -out $HOME/.rnd 1024
> >
> > (Don't send the output to your console unless you add the
> > -base64 switch, unless you like abstract art... ;) )
> >
> > BTW, I'm on the list now.
> >
> > Marcus Redivo
> >
> > The Binary Tool Foundry
> > PO Box 2087 Stn Main
> > Sidney BC Canada
> > mailto:[EMAIL PROTECTED]
> > http://www.binarytool.com
> >
> >
> > __
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List[EMAIL PROTECTED]
> > Automated List Manager   [EMAIL PROTECTED]
> >
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Intermediate signing certs

[Vadim Fedukovich]

On Mon, 10 Dec 2001, Bear Giles wrote:

> > Would this be a hassle if you have a root CA with a lot of intermediate
> > signers?  That means that you have to store/locate all possible intermediate
> > signers to evaluate a couple of end user certificates.
>
> This is why PKCS12 (iirc) provides a mechanism to provide intermediate
> certs with the final cert.  The CA should have a suitable chain for its
> own certs, and it can return the extra certs with everything that it
> signs.

This likely applies to PKCS7 Signed structure.

> This doesn't help you when presented a naked cert by a stranger - you
> still have to locate those intermediate certs - but at that point you
> have more problems than just finding the intermediate certs.  What does
> it mean to have a full cert chain if the root is a self-signed cert by
> "Bob's Bait Shop and Certificate Authority?"

Any parseable certificate presented by a strager is good enough to
use that public key to send email encrypted to *his* private key.
At least if there's no chance for man-in-the-middle.

Probably you are talking about verification that stranger is authorized
by some big guy to pay..it's completely different issue. Yes, one need
(root) certificate of that big guy and intermed certs to verify the chain.

> You could decide to ignore any cert that's not from a major CA (which
> would make the stockholders of Verisign very happy), but that misses
> the point.  An individual cert by Verisign really says very little about
> the person, a cert signed by a small college for its students for
> internal use may be rock solid.

One could care about CA certificates related to his business, either
well-known or private ones used to verify access to local resources.

> On a related note, is there documentation on how to set up a "well-
> behaved" certs and PKCS12 bags?  I couldn't find anything the last
> time I checked, but maybe something has come out since then.

Any problem with PKCS12 specifications published by RSA Labs?
What is "well-behaved" ?

-vf

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Intermediate signing certs

[Vadim Fedukovich]

On Tue, 11 Dec 2001, Tat Sing Kong wrote:

>
> That's me told then, so to authenticate a certificate you need the whole
> "chain" of certs going from the cert to authenticate all the way to a
> trusted CA.

It's unlikely just authentication is of any practical use;
authorization is and risk of failure to consider.

In case of sending encrypted mail to a stranger: would one care
authentication at all? One could just use public key from certificate
presented and the message could be just lost in case of bad key.
Yes, one should exclude main-in-the-middle and create message content
to be useful by a stranger. One could also care whether exactly this
stranger was here already. It's unlikely any CA could be useful here.

> The application I am writing is presented with certs to authenicate from an
> external source, and the configuration has to hold a "pool" of trusted certs
> so you can check the certificates presented.  It appears that this "pool"
> has to basically have every possible signer in it.  I was kind of hoping
> that I could get away with only a couple of trusted CA's; and traverse the
> certificate hierarchy to these roots.  Hold on, I can't do that because
> without the intermediate signer certs how can I figure out who signed them?
>
> Got it now.
>
> Tat.
>
> > > > Would this be a hassle if you have a root CA with a lot of
> > intermediate
> > > > signers?  That means that you have to store/locate all
> > possible intermediate
> > > > signers to evaluate a couple of end user certificates.
> > >
> > > This is why PKCS12 (iirc) provides a mechanism to provide intermediate
> > > certs with the final cert.  The CA should have a suitable chain for its
> > > own certs, and it can return the extra certs with everything that it
> > > signs.
> >
> > This likely applies to PKCS7 Signed structure.
> >
> > > This doesn't help you when presented a naked cert by a stranger - you
> > > still have to locate those intermediate certs - but at that point you
> > > have more problems than just finding the intermediate certs.  What does
> > > it mean to have a full cert chain if the root is a self-signed cert by
> > > "Bob's Bait Shop and Certificate Authority?"
> >
> > Any parseable certificate presented by a strager is good enough to
> > use that public key to send email encrypted to *his* private key.
> > At least if there's no chance for man-in-the-middle.
> >
> > Probably you are talking about verification that stranger is authorized
> > by some big guy to pay..it's completely different issue. Yes, one need
> > (root) certificate of that big guy and intermed certs to verify the chain.
> >
> > > You could decide to ignore any cert that's not from a major CA (which
> > > would make the stockholders of Verisign very happy), but that misses
> > > the point.  An individual cert by Verisign really says very little about
> > > the person, a cert signed by a small college for its students for
> > > internal use may be rock solid.
> >
> > One could care about CA certificates related to his business, either
> > well-known or private ones used to verify access to local resources.
> >
> > > On a related note, is there documentation on how to set up a "well-
> > > behaved" certs and PKCS12 bags?  I couldn't find anything the last
> > > time I checked, but maybe something has come out since then.
> >
> > Any problem with PKCS12 specifications published by RSA Labs?
> > What is "well-behaved" ?
> >
> > -vf
>
>
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: PKCS1 Compliant

[Vadim Fedukovich]

On Thu, 13 Dec 2001, Tony Vo wrote:

> Hello,
>
>   Is OpenSSL PKCS1 compliant?  I've noticed that in the function
> for padding type 2 that the first byte (octet) is 0x00 followed by 0x02
> for the second byte (octet).  Is this correct?  According to the PKCS1
> specification, the first byte (octet) should be 0x02.  Please help.

According to specification, version 1.5, file pkcs-1.ps.gz available
from RSA Labs site, first byte is 0. Please take a look at 8.1 clause,
"Encryption-block formatting". Well, Block Type byte could be 2.

Regards,
Vadim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

bss_file.c included on windows

[Vadim Fedukovich]

Dear Openssl team,

what is the reason behind
   #ifdef WINDOWS #include "bss_file.c"
at apps/apps.c and other places?

It looks fine to exclude that while cross-compilation
from gcc to mingw32. I was able to run tests (manually, not full set yet)
on win98 with executables produced by gcc-3.0.2 and binutils-2.11.2.
Tools were build on linux for cross-compiling, i586-pc-mingw32 target,
mingw-runtime-1.2, w32api-1.2. To build openssl:
  set path to cross-tools
  ./Configure no-asm -DCURSOR_SHOWING -lwsock32 -lgdi32 -Llibpath Mingw32

regards,
Vadim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: m*n type of password protection...

[Vadim Fedukovich]

On Thu, 20 Dec 2001, Richard Levitte - VMS Whacker wrote:

> There are devoices out there (I'm thinking of nCipher boxes, but I bet
> there are others) where you can protect something (in the nCipher
> case, the admin card) with n password, of which any m (m <= n) are
> required to unlock the encrypted "something".
>
> I've heard of two technologies, but have no docs and do not really
> know what to search for.  The first is to have m*n (or whatever the
> formula would be) copies of "something", protected with all the
> different needed permutations of the passwords.  My gut feeling is
> that this method sucks.  The second method involves some clever
> splitting of "something" and some kind of protection of each part.
>
> If there's anyone who knows more or can point me in the right
> direction, I'd appreciate it.

There's "secret sharing" technique often based on system of linear
equations. One could solve that given enough equations (shares).
LaGrange formula is used to recover the secret.
Related techniques are calculating multiplication of two secrets
available as shares and doing modular inverse.
Equations are good for "any k of n originally distributed share" logic
and some research was done on alternative access structures.

> My goal is to apply whatever I come up with on usual PEM-formatted RSA
> keys, and possibly to insert code in OpenSSL for this.

One could apply this sharing to secret exponent for key storage
and recover it before using such a key. Alternatively, one could
run a protocol by share holders to do power modulo operation
using their shares without revealing them and combining results.
One could generate a key in shares running another protocol with
no single cpu handling the whole key.

There are a couple of flavours of sharing technique, some of them
suggesting bling trusting share holders and some allowing to detect
and locate invalid shares. A nice "share refresh" protocol was
suggested: sharing zero value and adding shares of zero to "old" shares
resulting in "new" shares set that would recover the same key (secret).

Using secret-sharing technique with DH is the easiest idea.
RSA and DSA could be implemented as well.

Papers/Authors/URLs list might be rather long. I do remember a paper
of Boneh and Franklin on key-share generation and there was ITTS project
with nice pointers to read futher. "Alternative" secret exponent
calculation code suitable for key-share generator was here on this list
a year ago and no errors was found since that. Please use it for OpenSSL
if it fits somewhere.

One will likely need to come up with suitable (agreed?) format for
such a shares. CRT numbers are probably irrelevant for shares of
RSA key and two other numbers (share index and number of shares)
should be saved for a basic sharing scheme.

hope this helps,
Vadim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Apache and SSL

[Vadim Fedukovich]

On Sat, 22 Dec 2001, Mike Brandonisio wrote:

> Hi,
>
> I wanted to post an answer to a problem I had with Apache and SSL. It took
> some time to figure this one out but here it is:
>
> PROBLEM:
> When I installed Apache and setup a virtual server for my test web site the
> standard HTTP requests worked fine and port 80 requests work fine. However
> when I would enable SSL on the Test Web Site It would act like the HTTP:80
> and HTTPS:443 were switched.
>
> When I'd hit the server with http://192.168.0.60 I get an error saying that
> the I am trying to talk to the server in an ssl enabled port try https. I
> thought that http was port-80. So I try https and is gives me an error could
> not connect to host. I try  https://192.168.0.60:80 it makes an ssl
> connection. Now here is the odd part I try  http://192.168.0.60:443 and it
> makes non-secure connection. To summarize it looked like the server is
> talking ssl on port80 and plain talk on port443.
>
> RESOLUTION: (newbie brain fart)
> It turns out that you can only have 1 virtual server respond to 1 port.
> Previously I had SSL enabled on a single virtual server that was set to
> respond to port 80. To have a web site respond to HTTP:80 and HTTPS:443 you
> need two virtual servers both responding to the same IP and both using the
> same path for their root. Then set virtual server 1 to respond to HTTP:80
> and virtual server 2 to respond to HTTPS:443. Enable SSL on virtual server 2
> as well.

It's unlikely one would want to set the same path for ssl and plain-tcp
apache virtual servers. SSL is used to transport sensitive information
and giving that out over tcp would be security problem at site design
level.

> I guess I was confused by my past experience with IIS servers. There you
> have one server that you enable SSL on.
>
> I hope this helps some else on the list as it helped me.

I should say this stuff is apache-specific and apache is not the only one
project that could be compiled with openssl. Please consider another
mailing list (I guess mod_ssl -users).

best wishes,
Vadim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: 101-OpenSSL question..

[Vadim Fedukovich]

On Mon, 24 Dec 2001 [EMAIL PROTECTED] wrote:

>
> Hi expert guys,..   :)
>
> I'm starting a class project which requires handling a packet after
> encryption it, and before transmi it to the IP layer. I want to to add a
> header and modify the current IP address of the packet.
>
> The steps -- in summery -- are as follow:
>
> **
> 1- Packet encryption. (I have nothing to do with it)
> --
> 2- My work:
>   Get a packet.
>   Add my own header information to it.
>   Modify the IP address.
>   Pass it to the next layer.
> --
> 3- Send it to TCP/IP layer for transmit  (I have nothing to do with it too)

Theese 3 steps could be done with IPSec, tunnel (subnet-to-subnet) mode.
Please consider to install FreeSWAN to handle IP packets.

good luck,
Vadim

>
> **
>
> So I need your help to step me in the first step of this project, I
> need to know from where to start. I download the OpenSSL project, and I
> found 1500 files ,,!!!
>
> So would you mind pointing me out to the files that I should start
> modifying and playing with.
>
> Any information is valuable to me and appreciated  :)
>
> Thanks alot.
>
> Dave.
>
>
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: 3DES-CBC questoins

[Vadim Fedukovich]

On Wed, 9 Jan 2002, Andrew wrote:

> Well let's see if I can explain this a little better. How does 3DES
> work? Apparently my co-worked took the final encrypted text, XOR'ed it with
> the original message and obtained a key. Now he claims that he can decrypt
> any message with that key.

Did you ask him to do the show? I doubt he can. Something like this
may happen if:
- using the same key for handling all message instead of generating
  fresh random one   and
- using stream cipher like RC4.

yours,
Vadim

> Now this may be wrong, does it mean he can
> decrypt the original message then? I though 3DES was 168-bits strong, but if
> the three 56-bit keys are just xor'ed then it doesn't seem to be a linear
> encryption.
> Also he xor'ed the original message with the final encrypted message,
> this produced a key. Now he also xor'ed all three of the des keys together.
> When compared the keys were the same. This is strange because it seems to me
> then that all you need to know is the x'ored equavalent of all three of the
> 3des keys. Pretend I have no clue what I'm talking about and try to example
> how 3des works ;-) I'm not sure what other information you are looking for.
> I'm just asking how the semantics of 3DES work and why it's strong than DES.
> I know that is it, but why.
>
> Thanks!
>
> -
> Andrew
> ActiveSol.net
> [EMAIL PROTECTED]
> - Original Message -
> From: "David Tonhofer, m-plify S.A." <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; "Andrew" <[EMAIL PROTECTED]>
> Sent: Wednesday, January 09, 2002 12:46 PM
> Subject: Re: 3DES-CBC questoins
>
>
> >
> >
> > --On Wednesday, January 09, 2002 12:26 PM -0500 Andrew
> > <[EMAIL PROTECTED]> wrote:
> >
> > > A coworked has brought up a question that I cant answer and I am hoping
> > > somewhere here could. With 3des you encrypt the data with the first key,
> > > decrypt with the second and encrypt with the 3rd to get the encryprted
> > > message.
> >
> > Yes..
> >
> > > He xor'ed the plain text with the encrypted message and obtained
> > > a key.
> >
> > Well, does this mean that the message was only 56 bit long? As the DES
> > stream is essentially random (I think), this would be a way of obtaining a
> > random number.
> >
> > > He then could use that key to decrypt any other message.
> >
> > What does that mean? He can't.
> >
> > > Now I
> > > know that if you know the plain text than you can get the key but the
> > > point was how is 3des any stronger than des if you only need one key to
> > > decrypt the message.
> >
> > You can't. 3DES is definitely stronger.
> >
> > > Also it appears the key he found was only 56-bits,
> > > or maybe this is a mistake. So I guess the question is, if you only need
> > > one key to decrypt a 3des encrypted message then how is it strong.
> > > Thanks!
> > > -
> > > Andrew
> > > ActiveSol.net
> > > [EMAIL PROTECTED]
> >
> >
> > There is not enough information for a meaningful answer...
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: PKCS7 SignedAndEnveloped problems

[Vadim Fedukovich]

On 10 Jan 2002, Aleix Conchillo wrote:

> Hi,
>
>   I am trying to create a PKCS7 SignedAndEnveloped. I get the idea
> from the enc.c and dec.c files in crypto/pkcs7 directory. As it is and
> enveloped pkcs7 i need to add a recepient. And as it is signed, i need to set
> the signers. The problem i have is with the signers, if i use function
> PKCS7_add_signer like this
>
>   PKCS7_SIGNER_INFO* signer = PKCS7_SIGNER_INFO_new();
>   PKCS7_SIGNER_INFO_set(signer, cert, pkey, EVP_sha1());
>   PKCS7_add_signer(p7, signer);
>
> the recipient of the pkcs7 is unable to verify the pkcs7 data. Otherwise, if i use:
>
>   PKCS7_add_signature(p7, cert, pkey, EVP_sha1());
>   PKCS7_add_certificate(p7, cert);
>
> works as supposed. Any one can tell what am i doing wrong with PKCS7_add_signer?
>
>   Any help would be really appreciated.

Recipient may be missing signer' certificate. It would be better
to make it report the reason for verification failure.

yours,
Vadim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: HTTPS Post

[Vadim Fedukovich]

On Wed, 9 Jan 2002, Scott Frazor wrote:

> Can anyone give me a rough idea on how to prepare and send a https POST via
> openssl?  I know how to open a socket and connect SSL, but I'm missing
> something when it comes to sending a HTTPS POST and RECEIVING the response.
> I'm not sure if I'm asking the question right.  Any ideas?

w3c-libwww would handle HTTP just fine

good luck,
Vadim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [Fwd: update on signed-and-enveloped]

[Vadim Fedukovich]

On Fri, 11 Jan 2002, Frank Geck wrote:

> Thanks, I was already using a variant of this code.  The issue seemed to
> be openssl 0.9.6b, went to version c and it worked.
>
> The current issue I have is how can I make the buffer that will hold the
> decoded data dynamic instead of static (i.e. no BIG, use malloc).  What
> size to I make it instead of just big?  Any part of the bio data
> structure once PKCS7_dataDecode has been called that can tell me how big
> to make the buffer so that when I do: BIO_read(p7bio, buf, data_len), I
> know how big to make data len?

The very 1st step with pkcs7 would be parsing and an OCTET STRING
should be allocated to hold encrypted data. One could use this size
as an estimate.

yours,
Vadim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Getting RSA key as an encrypted and B64 encoded string

[Vadim Fedukovich]

On Mon, 21 Jan 2002, Hellan,Kim KHE wrote:

> Hi
>
> I have an RSA private key in a EVP_PKEY structure.
> I need to get the RSA "blob" out of the EVP_PKEY, encrypt it
> (EVP_des_ede3_cbc) and Base64 encode it.
> Basically I need something like what the PEM_write_PrivateKey() function
> does, except my destination is memory, not a file and I don't want the PEM
> header/footer.
> I'm sure this can easily be done using the right OpenSSL function, but which
> one?

PEM_ASN1_write_bio() to memory-type BIO may fit

> And also.at some point I need to put the encrypted, encoded RSA key back
> into an EVP_PKEY structure?

PEM_ASN1_read_bio()

good luck,
Vadim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

SSL PLUS solution vs. openssl

[Vadim Fedukovich]

Dear Certicom,

why it was stated "posting of source code is required on OpenSSL" at
http://www.certicom.com/products/ssl_plus/g/ssl/020119_2_v1_chart.html ?

-vf
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Kannel and Openssl

[Vadim Fedukovich]

On Mon, 4 Mar 2002, Wilhelm Farrugia wrote:

>
> Dear all,
>
> I am trying to use openssl with kannel are there any implications that I
> should know about?
>
> Does any one has some details about the issue ?
>
> Thank you,
> Wilhelm Farrugia

Oleg Taranov did something with kannel and openssl and release it.
Hope a search engine could help

good luck,
Vadim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: boolean default true

[Vadim Fedukovich]

On Thu, 7 Mar 2002, Dr S N Henson wrote:

> Vadim Fedukovich wrote:
> >
> > Hello,
> >
> > would this construct
> >
> > ASN1_SEQUENCE(SomeTypeDefinition) = {
> >   ASN1_IMP(, someFieldName, ASN1_FBOOLEAN, N)
> >
> > be fine for "someFieldName [N] BOOLEAN DEFAULT FALSE" in ASN.1?
> > Should one use ASN1_IMP_OPT() instead?
> >
>
> You should always use OPT with the ASN1_FBOOLEAN and ASN1_TBOOLEAN.
>
> The actual type is just applying a specific interpretation when the
> field is absent or taking the default value. For example in the
> ASN1_FBOOLEAN case it means that if the boolean value is set to FALSE it
> will not be encoded and if the field is absent it will be represented as
> FALSE.

Yes, this is exactly what I'm looking for

> You don't have to use the ASN1_FBOOLEAN and ASN1_TBOOLEAN types as long
> as you interpret and set the value appropriately.
>
> Using them does have a disadvantage in that some encoders might
> incorrectly not omit a field having the default value. This would mean
> that decoding and reencoding the structure would not produce the same
> result.
>
> Steve.

many thanx for advise and for powerful ASN1 code,
Vadim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: secure mailinglists

[Vadim Fedukovich]

On Thu, 7 Mar 2002, Damian Hesse wrote:

> Hi everybody,
>
> we have set up our own CA and generated for everybody
> user certificates for secure communication. It really works
> fine.
>
> The task: now we want to set up mailinglists (server side)
> like "[EMAIL PROTECTED]" where some users of our company and
> some from a customer should be able to write signed and
> encryted emails and everybody on the list should be able to
> read it.
>
> The question is how should this be done? The only solution I can
> imagine is to generate a certificate for the list and send the p12-file
> to everybody on the list. But does it really work with all mail
> programs, because for example: user A send an encrypted mail to
> [EMAIL PROTECTED] which is expanded to user B, but its not originally
> encrypted for B...

Some more cases are described in RFC 2634

> Whats the best way solving such a mailinglist problem? What is
> your experience and solution? I am sure I not the only one beeing
> confronted with such a task (hope :-).

List of expected mail readers and list of their features
would help to choose the solution

good luck,
Vadim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: intermediate level CA certificates, chains

[Vadim Fedukovich]

On Fri, 8 Mar 2002, Martin Witzel wrote:

>
> Hi,
>
> I have two questions about certificate chains.
>
> a.) Can an openssl intermediate CA create certificates which contain the
> certificate
>   of an intermediate level signing CA _and_ the certificate(s) of
> higher level CAs,
>   i.e. a certificate chain with more than one certificate?

Making chains is unlikely a CA business, one could try
tuning webserver instead

> b) I have set up an intermediate level CA and signed a certificate request
> from some
> other requester (not openssl). I only see the intermediate level CA
> certificate, not
> the intermediate level CA cert + the root CA cert stacked in one cert
> as a certificate
> chain when I use this certificate in an SSL connection. However, I
> expected to see
> a certificate chain.

With openssl-based webserer, one could send a chain from server cert
to root (if CA certificates are available for webserver) accompanied by
just any other certs specified for SSL_CTX_use_certificate_chain_file()

> 1) If it is possible to create such a stacked cert at all, I must have
> goofed with the
>  intermediate level CA cert. It should already contain the root CA cert
> together
>  with its own cert, right?
>
> 2) The steps I took are, somewhat abbreviated:
> Create root CA key and cert
>genrsa -out cakey.pem
>req -new -key cakey.pem -out cakey.csr
>req -in cakey.csr -key cakey.pem -x509 -out cacert.pem
>
> Generate 2nd level CA key
>genrsa -out cakey2.pem
>req -new -key cakey2.pem -out cakey2.csr
>req -in cakey2.csr -cert cacert.pem -keyfile cakey.pem -out cacert2.pem
>
> Was there an error in the steps so far which caused the root certificate in
> the
> intermediate level CA to be omitted?
>
> 3. Now sign a self-signed client certificate request which BTW was not
> created with openssl.
> Replace the root key and cert file in the CA with the intermediate CA
> level file versions
>cakey2.pem and cacert2.pem which I have created above. Then use the
> command
> ca -ss_cert client.csr  -out clientcert.crt -policy policy_anything
>
> As mentioned, when the SSL server receives this client cert, I do not see
> that there is
> anything else but the intermediate level CA cert in it, no root cert
> included.
>
> Any clues?  Thank you, Martin

You didnt specify webserver so it's hard to guess tuning technique

good luck,
Vadim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Off-Topic: Wildcard Certificates

[Vadim Fedukovich]

On Tue, 12 Mar 2002, Philipp [iso-8859-1] Gühring wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi,
>
> I read somewhere, that wildcard certificates are generally possible.
> (With the exception that not every implementation might like it)
>
> What about a certificate for *.com, *.org or *.net ?

At least one "SSL proxy" package was designed with just "*"
certificate in mind and it worked, if one tell his browser
to accept that.

> I guess, I will have to try, whether any of the certificate authorities
> accepts a certificate request like that.
> I think some of them look through the wildcard requests manually ...
>
> Many greetings,
> - --
> ~ Philipp Gühring  [EMAIL PROTECTED]
> ~ http://www.livingxml.net/   ICQ UIN: 6588261
> ~ 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE8jn03lqQ+F+0wB3oRAvJEAJ474RbyF1Cgjafyn+CBFnpB/JXcbwCglk99
> bRAFLGJLCjNKpLjC0EhxZLc=
> =b1n8
> -END PGP SIGNATURE-
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: PKCS7, getting list of recipients

[Vadim Fedukovich]

On Thu, 14 Mar 2002, Frank Geck wrote:

> Vadim,
> Is that because those members in the structure are not propulated?  What
> is the issuer info?  Is this the common name of the recipients?  I don't
> think so.  This is just the serial number of the cert and the issuer so you
> could if you had all the certs on each machine find all the reciepients certs
> and get the common name from there, right?
>
> Thanks,
>
> Frank
>

exactly, it's up to lookup function to search for certificate having
issuer name and serial number (PKCS7_ISSUER_AND_SERIAL type).
One could get recipient' CN from certificate subject name and only
issuer name is available from recipient info.

regards,
Vadim

> Vadim Fedukovich wrote:
>
> > On Wed, 13 Mar 2002, Frank Geck wrote:
> >
> > > How would I get a list of the recipients from a PKCS7 message?  I have
> > > read it in and it's a signed enveloped and I have decoded it and I see
> > > that there is a STACKOF(PKCS7_RECIP_INFO), any function calls to return
> > > this to me in a text format? The common name from the cert is fine as I
> > > see the PKCS7_RECIP_INFO contains a X509 cert.
> > >
> > > Thanks,
> > >
> > > Frank
> >
> > Here's a STACK_OF(PKCS7_RECIP_INFO) and one could
> > for(i=0;jrecipientinfo);i++) {
> >   ri = sk_value(p7->recipientinfo,i)
> >   printsometest(ri)
> > }
> >
> > One could access issuer info and cert serial number from recipient info,
> > not recipient' certificate.
> >
> > hope this helps,
> > Vadim
> >
> > __
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List[EMAIL PROTECTED]
> > Automated List Manager   [EMAIL PROTECTED]
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: WebCT with SSL

[Vadim Fedukovich]

Carlos,

DBM (keep users in the database) method was specified in .htaccess and
apache was build without DBM. This have nothing to do with SSL.
You could either re-build httpd or specify another way to handle
web users list.

hope this helps,
Vadim


On Wed, 20 Mar 2002, Carlos Alberto Pelaez wrote:

> Hello dear friends. I try to configure WebCT with SSL and all it´s ok,
> but i found a problem.WebCT use a validation form with .htaccess . When
> i try to log in a site of the web site, appear this error:
>
> Invalid command ´AuthDBMUserFile´, perhaps mis-spelled or defined by a
> module not included in the server configuration.
>
> What can make with this ?
> Thank´s for your help and sorry by my english
>
>CAPA
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Prevent apache from giving out server cert?

[Vadim Fedukovich]

On Thu, 18 Apr 2002, Joern Sierwald wrote:

> At 10:19 18.04.2002 +0200, you wrote:
> >Hi,
> >
> >Is it possible to prevent apache from automatically giving out its server
> >certificate to everyone that is connecting to the server?
> >I want apache to only allow access to thoose that already have the
> >certificate installed in their clients.
> >It will be a form of access control.
> >
> >I need this functionality since only a few applications will ever access
> >this virtual host. The clients will come from a wide range of IP-adresses
> >(not predictable) so I cant stop access that way.
> >I also would like to avoid client certificates.
> >
> >Regards,
> >Tobbe
> >
> >__
> >OpenSSL Project http://www.openssl.org
> >User Support Mailing List[EMAIL PROTECTED]
> >Automated List Manager   [EMAIL PROTECTED]
>
> I think you make a basic mistake here: You assume that the client NEEDS the
> server certificate to
> make a connection. That is not true. The Client can, if he chooses to,
> ignore the server's signature
> and therefore not need the server's certificate.

Client need server public key, part of certificate.
Well, client could ignore SSL and talk in plaintext

> So, even if an (enemy) client does not have the server's cert - he can
> still connect. Is that what you want?
>
> Jörn
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Creating password-protected certs.

[Vadim Fedukovich]

On Tue, 30 Apr 2002, Richard Levitte - VMS Whacker wrote:

> In message <[EMAIL PROTECTED]> on Mon, 29 Apr 2002 
>12:22:32 -0700 (PDT), Tim Jones <[EMAIL PROTECTED]> said:
>
> t0psecret> I'm trying to create password-protected client certs
> t0psecret> with OpenSSL and ssl.ca-0.1.tar.gz.  Is this what
> t0psecret> "export password" refers to (when creating the key),
> t0psecret> or is there another way?  I'm not sure whether the
> t0psecret> export password is a permanent password for the cert
> t0psecret> or just a one-time password used to import the .p12
> t0psecret> file.
> t0psecret>
> t0psecret> If it's the former, it seems as though Window strips
> t0psecret> this password when I import the cert, because I'm only
> t0psecret> asked for it the one time when importing. Is there any
> t0psecret> way around this?
>
> You're mixing up certificate and private key.  The password will
> protect the private key.  The certificate is (or should be) filled
> with public information only, and therefore doesn't require any
> password protection.

PKCS12 also specify mac-based integrity check that use another one
password and may be usefull for certificate. Yes, one could ignore
integrity check while parsing pkcs12 data.

just a note,
Vadim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Secret sharing & partial signature

[Vadim Fedukovich]

On Mon, 13 May 2002, Rakeshbabu Bobba wrote:

> here is the link
>
>  http://crypto.stanford.edu/~dabo/ITTC/dist-files/ittc-1.0.tar.gz
>
> rakesh
>
> On 13 May 2002, Aleix Conchillo wrote:
>
> > On Mon, 2002-05-13 at 19:34, Rakeshbabu Bobba wrote:
> > > you might want to take a look at IITC project of Dan Boneh at stanford, it
> > > might be the one you are looking for.

ITTS is about generating key-shares of private keys and using them
in shares. However, one better look at the source code.

yours,
Vadim

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: p7-signedData : ordering authenticatedAttributes (or not).

[Vadim Fedukovich]

On Wed, 15 May 2002, FRISCH Laurent FTRD/DTL/ISS wrote:

> Something bothers me with the authenticatedAttributes field in PKCS#7. It is
> defined in SignerInfo by "authenticatedAttributes [0] IMPLICIT Attributes",
> Attributes being a "SET OF attributes". This means that you should order
> attributes in the SET OF when signing ('cuz you have to DER-encode them).
> ok.

PKCS may be considered a moving target. AuthenticatedAttributes are
defined to be a SEQUENCE in Secure Electronic Transactions

> Yet, in openssl (pk7_doit.c, in PKCS7_signatureVerify, see after), one can
> see that explicitly no ordering is asked (IS_SEQUENCE flag).
>
> When can a bug happen ? Hmmm. Tricky. Probably never happen in real life.
> Still, theoretically...

Some SET software is available already

-vf

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Certification chain problem

[Vadim Fedukovich]

On Thu, 16 May 2002, [ISO-8859-1] Martinez Bernardo · Maria Elena wrote:

> Benoit,
>
> You have a Client Certificate from Verisign and you can't use it to sign a
> new certificate.

Nothing could stop a programmer from using such a private key to sign
other certificates.

However, an application aware of Basic Constraints extension would fail
to validate such a certificate, if/when tracing it from well-known
Verisign root.

> You need a CA certificate, which it is the type of certificate that it's
> able to sign. To obtain this kind of certificate from Verisign, you have to
> buy "Verisign On Site" product (I think that's the product name), and you
> will become a Certification Authority.
>
> But better, create your own Certification Authority with Openssl.
>
> Regards,
> Elena
>
>
> > -Mensaje original-
> > De: Benoit Goarin [SMTP:[EMAIL PROTECTED]]
> > Enviado el: jueves 16 de mayo de 2002 16:11
> > Para:   [EMAIL PROTECTED]
> > Asunto: Certification chain problem
> >
> > Hello
> >
> > Here is my problem
> >
> > I have a Verisign signed certificate (certifiacate A) and want to create
> > certificates which will be signed by it.
> > I create a pair certificate (certifiacate B) private key and send the
> > certificate (B) to a server
> > But when it signes the certifiacate with its private key (A) and returns
> > it
> > to client, windows tells me that the certificate seems to be damaged
> >
> > Here are some lines of my code :
> >
> >
> > First, I create the pair :
> >
> > int sn, rsaSize;
> > RSA * rsa;
> > X509_NAME * name;
> >
> > sn=1; // numéo de série
> > rsaSize=1024; // taille de la clé
> >
> > // création des objets certificat et clés
> > m_pX509 = X509_new();
> > m_pKey = EVP_PKEY_new();
> >
> > // génération de la paire de clés RSA et assignation à la structure
> > EVP_PKEY
> > rsa = RSA_generate_key(rsaSize, RSA_F4, NULL, NULL);
> >
> > EVP_PKEY_assign_RSA(m_pKey, rsa);
> >
> > // on fixe la version, le numéro de série et la période de validité
> > X509_set_version(m_pX509,3);
> > ASN1_INTEGER_set(X509_get_serialNumber(m_pX509), sn);
> > X509_gmtime_adj(X509_get_notBefore(m_pX509), 0);
> > X509_gmtime_adj(X509_get_notAfter(m_pX509), (long)60*60*24*nbDays);
> >
> > // on assigne la clé publique au certificat
> > X509_set_pubkey(m_pX509, m_pKey);
> >
> > // on organise les informations sur le créateur du certificat
> > name = X509_get_subject_name(m_pX509);
> > X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (unsigned
> > char*)"FR",
> > -1, -1, 0);
> > X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (unsigned
> > char*)"La
> > Deuxieme Tete (L2T)", -1, -1, 0);
> > X509_NAME_add_entry_by_txt(name, "Email", MBSTRING_ASC, (unsigned
> > char*)"[EMAIL PROTECTED]", -1, -1, 0);
> > X509_set_issuer_name(m_pX509, name);
> >
> >
> > Then I send the certificate to the server and do this :
> >
> > X509_sign(m_pX509, pKey, EVP_md5());
> >
> > pKey is the private key read with
> > PEM_read_PrivateKey(fp_key, &m_pKey, NULL, NULL);
> >
> >
> > It's a nigtmare I don't know what to do
> > please help me
> >
> >
> > Benoît Goarin
> >
> > __
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List[EMAIL PROTECTED]
> > Automated List Manager   [EMAIL PROTECTED]
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: URGENT: PKCS8 format to be used with java

[Vadim Fedukovich]

On Fri, 17 May 2002, Haikel wrote:

> Hi,
>
> I'have generated keys in pkcs8 format with java and openssl. The thing
> that was not expected is the difference of the two files structure.  The

why not? it's encrypted private key.
Yes, one should expect them to be the same after decryption

> two files I generated look like that:

would you expect someone to read that base64-encoded encrypted data?

> The file generated with java
>
> -BEGIN ENCRYPTED PRIVATE KEY-
> MIICrTAnBgoqhkiG9w0BDAEDMBkEFLHA2SGrNrwcUsFrxFftTdvpff0kAgEFBIICgCe/dqz6Z4Qn
>
> .
> bp2JoA19vvY9/z762P4hGSHJWQA4ltQVzvGXScVQ+KpobwU9YH5Qs4JGBPEO7b1L/ONpz+jBj+hF
>
> ykCw3uM=
> -END ENCRYPTED PRIVATE KEY-
>
> The file genrated with openssl
>
> -BEGIN ENCRYPTED PRIVATE KEY-
> MIICoTAbBgkqhkiG9w0BBQMwDgQIXNLEC6mo9bwCAggABIICgIEW1x+WeSW2K2BV
> .
> qWJ4VA95CfBeJbL9bjnbPog7A5qvhXmxV6rLDfwNyvzEbz2YkLWMDZp5io8Sp1TN
> fd/VfTQ=
> -END ENCRYPTED PRIVATE KEY-
>
>
> As you can see the lines have not the same length.
>
> Can anyone, tell me why the two files are different and If it's possible
> to use openssl PKCS8 keys with java.
>
> Thanks
> Haikel MEJRI
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Timestamping with openssl

[Vadim Fedukovich]

On Sat, 25 May 2002, Averroes wrote:

> Hi All,
>
> Perhaps someone has the answer?
>
> I want to sign a file (provided by a requester) with some information
> like : hash+timestamp, then, transforms this signed file in PKCS7 structure
> for sending back to the requester.
>
> Any help will be appreciated.

This looks like "detached signature" PKCS7 with "signing time" and
"message digest" on authenticated atributes list.

Please note lots of papers available on timestamping techniques.
One may want to include references to ajacent hashes as a proof

hope this helps,
Vadim

>
> Regards
>
> #---
> Averroes
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: SV: Format of RSA public key ?

[Vadim Fedukovich]

On Thu, May 30, 2002 at 08:59:59AM +0200, Hellan,Kim KHE wrote:
> Hi Vadim
> 
> I should have been more specific.
> I know it is modulus and public exponent, but what I'm looking for is some OpenSSL 
>function to load this key into a EVP_PKEY structure.
> 
> Any ideas?

d2i_RSAPublicKey() and EVP_PKEY_assign_RSA() should work

hope this helps,
Vadim

> 
> Thanks,
> Kim
> 
> 
> -Oprindelig meddelelse-
> Fra: Vadim Fedukovich [mailto:[EMAIL PROTECTED]]
> Sendt: 29. maj 2002 17:03
> Til: OpenSSL Users
> Emne: Re: Format of RSA public key ?
> 
> 
> hi Kim,
> 
> On Wed, 29 May 2002, Hellan,Kim KHE wrote:
> 
> > Hi
> >
> > When I use OpenSSL to extract 1024 bit RSA public keys to a binary file, I get a 
>162 byte file with the following ASN.1 structure:
> >
> > 0:d=0  hl=3 l= 159 cons: SEQUENCE
> > 3:d=1  hl=2 l=  13 cons: SEQUENCE
> > 5:d=2  hl=2 l=   9 prim: OBJECT:rsaEncryption
> >16:d=2  hl=2 l=   0 prim: NULL
> >18:d=1  hl=3 l= 141 prim: BIT STRING
> >
> > These public keys can easily be loaded in OpenSSL.
> >
> > I now have to support some 1024 RSA public keys with a different structure. The 
>binary blob containing the public key is only 140 bytes and the ASN.1 structure looks 
>like this:
> >
> > 0:d=0  hl=3 l= 137 cons: SEQUENCE
> > 3:d=1  hl=3 l= 129 prim: INTEGER   
>:80622FB09CAD2A75E84A00E2613FF1B52ED2382C6274E45364C140FE6639F437E07A135D824D99FEAE0C8BBF1782960AA9FF38C67373C41BD8DDB341754F78823BC3321581D5EF5349F5DAAD46B3B954CA9742280528DAABFC7B23229AF04FFDBE733E0AE310C3466224FC1A9628FF14F6ED
> 
> this is modulus
> 
> >   135:d=1  hl=2 l=   3 prim: INTEGER   :010001
> 
> ..and public exponent
> 
> good luck,
> Vadim
> 
> >
> > Does anyone know how to handle this "format" in OpenSSL. How do I load these 
>public keys ?
> >
> > Thanks,
> > Kim Hellan
> > KMD / KMD-CA
> > http://www.kmd-ca.dk
> > Mailto:[EMAIL PROTECTED]
> >
> > __
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List[EMAIL PROTECTED]
> > Automated List Manager   [EMAIL PROTECTED]
> >
> 
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: SV: Format of RSA public key ?

[Vadim Fedukovich]

On Thu, May 30, 2002 at 02:09:38PM +0200, Hellan,Kim KHE wrote:
> Hi Vadim
> 
> Great!
> It works fine. When I got your mail I was just getting ready to test this function.
> This public key I have loaded, shall be used to verify a signature.
> I have the signature as a 128 byte binary blob.
> 
> I have been looking at the RSA_public_decrypt() function, but I'm not quite sure how 
>it works.
> How can I verify a signature without specifying what was signed in the first place?

Public key is normally used to recover the digest of something-to-be-signed
and memcmp() it to another one. That is, one need a hash of a document,
not necessary the document.

hope this fits,
Vadim

> 
> Thanks for all your help,
> Kim
> 
> -Oprindelig meddelelse-
> Fra: Vadim Fedukovich [mailto:[EMAIL PROTECTED]]
> Sendt: 30. maj 2002 12:15
> Til: [EMAIL PROTECTED]
> Emne: Re: Format of RSA public key ?
> 
> 
> On Thu, May 30, 2002 at 08:59:59AM +0200, Hellan,Kim KHE wrote:
> > Hi Vadim
> > 
> > I should have been more specific.
> > I know it is modulus and public exponent, but what I'm looking for is some OpenSSL 
>function to load this key into a EVP_PKEY structure.
> > 
> > Any ideas?
> 
> d2i_RSAPublicKey() and EVP_PKEY_assign_RSA() should work
> 
> hope this helps,
> Vadim
> 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: SV: Format of RSA public key ?

[Vadim Fedukovich]

On Thu, May 30, 2002 at 03:35:51PM +0200, Hellan,Kim KHE wrote:
>...
> > I have been looking at the RSA_public_decrypt() function, but I'm not quite sure 
>how it works.
> > How can I verify a signature without specifying what was signed in the first place?
> 
> >Public key is normally used to recover the digest of
> >something-to-be->signed and memcmp() it to another one.
> >That is, one need a hash of a document,
> >not necessary the document.
> 
> I have looked in the rsautl application, and there they seem to use 
>RSA_public_decrypt() to verify a signature.

Actually, to recover the hash to be memcmp() later

> I have tried to use this function and it does work somehow (not sure exactly what it 
>does though). If I change one bit in the binary blob, the verification 
>(RSA_public_decrypt) fails.

Given ciphertext change, padding check would fail on plaintext recovered.
Well, padding check is a required step while signature verification

> RSA_public_decrypt() does return 35 bytes of something that I don't know what is. 
>Maybe a hash and some information about the hash algorithm?
> I don't know how to "decode" this returned binary blob?

One should know signature details. It's hard to guess what is 35-bytes-size
object. It's not SHA1 or MD5 value. My best guess is 36-bytes-long SHA1+MD5
hash specified for SSL client authentication.

How that signature was created?

hope this makes some progress,
Vadim
> 
> TIA,
> Kim
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: PKI with Open Source "openssl"

[Vadim Fedukovich]

On Mon, Jun 03, 2002 at 11:17:40PM +, Franck Martin wrote:
> Read your web site,
> 
> Sorry other, if my e-mail is slightly off-topic but I think for a global
> trusted e-mail system, we need some special certificates and I just want
> to check if medracen is offering them...
> 
> Needs some info, what exactly is a gold certificate?

Let me guess: it's something of pure gold issued for
any marketing department to acknowledge excellence in doing their job
:-)

> I think you are missing some examples, may be you should produce a set
> of sample certificates in a openssl -text output so we can see how the
> various fields look like and the x509 extensions look like... btw, you
> can link to the SSL Certificates HOW-TO on www.tldp.org (self-promotion)
> to give people a total openssl solution and explanation...
> 
> Also the fuzzy titles are well fuzzy. I don't know if I should wear my
> glasses or not... Just teasing you...
> 
> The all in one certificate, is it a *.domainname.com certificate, or
> does it allow to sign other certificates in the sub domain?
> 
> I'm curious about the gold certificate to know if I can use it to
> generate certifcates for every e-mail accounts my organisation use? If
> it is true, then that's what we all need, and especially me.
> 
> I found out that most certificates sites hide the technical matter
> behind the salesman speech, and us administrators in charge of security
> do not know what we are really bying because all the technicalites have
> gone... Please add a "for the expert" link on each certifcate type to
> describe exactly what is given...
> 
> Finally, Kabylie is in Algeria and everybody knows that Algeria is not
> known for its stability... You should say something about that on your
> web site to proove that we can trust your company...

Personally, I'm quite sure modular division and multiplication
can be pretty stable anywhere on the globe regardless of um, country
hosting CPU doing that

just a view,
Vadim

> 
> Cheers.
> [EMAIL PROTECTED]
> 
> On Mon, 2002-06-03 at 08:20, Averroes wrote:
> 
> Hi All,
> 
> A good experiment of all openssl's options
> is at Medracen Website, this site is just for testing
> purpose, It is a just simulation describing how to implement
> PKI solution with Open Source software.
> 
> URL: http://www.medracen.net/
> 
> To get your 30 days free Digital Signature Certificate go
> to URL:
> 
>  http://www.medracen.net/pki.php?url=helium
> 
> Comments and suggestions are welcome.
> 
> Thanks you
> 
> Regards
> 
> #-
> Averroes
> 
> 
> 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Naina announce (was: [ANNOUNCE] OpenSSL 0.9.1 beta 1 released)

[Vadim Fedukovich]

hi list,

Naina library may be considered an ASN.1 test; it handles some
Secure Electronic Transactions messages.
http://www.unity.net/~vf/naina_r1.tgz

It works with 0.9.7-beta-1, on linux, gcc 2.9.5

It could be great to include SET-specific objects into openssl;
patch is there inside

regards,
Vadim

On Sun, Jun 02, 2002 at 11:46:25PM +0200, Lutz Jaenicke wrote:
> The first beta release of OpenSSL 0.9.7 is now available from the
> OpenSSL FTP site ftp://ftp.openssl.org/source/>. Quite a lot
> of code changed between the 0.9.6 release and the 0.9.7 release, so
> a series of 3 or 4 beta releases is planned before the final release.
> 
> To make sure that it will work correctly, please test this version
> (especially on less common platforms), and report any problems to
> <[EMAIL PROTECTED]>.
> Application developers that use OpenSSL to provide cryptographic
> routines or SSL/TLS support are kindly requested to test their
> software against this new release to make sure that necessary adaptions
> can be made.
> 
> Changes between 0.9.6x and 0.9.7 include:
> 
>   o New library section OCSP.
>   o Complete rewrite of ASN1 code.
>   o CRL checking in verify code and openssl utility.
>   o Extension copying in 'ca' utility.
>   o Flexible display options in 'ca' utility.
>   o Provisional support for international characters with UTF8.
>   o Support for external crypto devices ('engine') is no longer
> a separate distribution.
>   o New elliptic curve library section.
>   o New AES (Rijndael) library section.
>   o Change DES API to clean up the namespace (some applications link also
> against libdes providing similar functions having the same name).
> Provide macros for backward compatibility (will be removed in the
> future).
>   o Unifiy handling of cryptographic algorithms (software and
> engine) to be available via EVP routines for asymmetric and
> symmetric ciphers.
>   o NCONF: new configuration handling routines.
>   o Change API to use more 'const' modifiers to improve error checking
> and help optimizers.
>   o Finally remove references to RSAref.
>   o Reworked parts of the BIGNUM code.
>   o Support for new engines: Broadcom ubsec, Accelerated Encryption
> Processing, IBM 4758.
>   o PRNG: query at more locations for a random device, automatic query for
> EGD style random sources at several locations.
>   o SSL/TLS: allow optional cipher choice according to server's preference.
>   o SSL/TLS: allow server to explicitly set new session ids.
>   o SSL/TLS: support Kerberos cipher suites (RFC2712).
>   o SSL/TLS: allow more precise control of renegotiations and sessions.
>   o SSL/TLS: add callback to retrieve SSL/TLS messages.
>   o SSL/TLS: add draft AES ciphersuites (disabled unless explicitly requested).
> 
> --
> Lutz Jaenicke   [EMAIL PROTECTED]
> OpenSSL Project http://www.openssl.org/~jaenicke/
> __
> OpenSSL Project http://www.openssl.org
> Development Mailing List   [EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Naina announce (was: [ANNOUNCE] OpenSSL 0.9.1 beta 1 released)

[Vadim Fedukovich]

On Wed, Jun 05, 2002 at 08:42:10AM +0200, Lutz Jaenicke wrote:
> On Wed, Jun 05, 2002 at 03:35:31AM +0300, Vadim Fedukovich wrote:
> > hi list,
> > 
> > Naina library may be considered an ASN.1 test; it handles some
> > Secure Electronic Transactions messages.
> > http://www.unity.net/~vf/naina_r1.tgz
> > 
> > It works with 0.9.7-beta-1, on linux, gcc 2.9.5
> > 
> > It could be great to include SET-specific objects into openssl;
> > patch is there inside
> 
> * Would you please just submit the patch with the additional OIDs into
>   [EMAIL PROTECTED]? I however won't promise that it will make it
>   into 0.9.7, which is already in feature freeze (depends on the actual
>   submission).

just sent it

> * Do you have a homepage for your project, for which we can add a link?

Thank you, not yet. Actually, not much to show at this point,
merchant-wallet interface is the only working stuff.
I guess the most popular content could be screenshots included in the package

yours,
Vadim

> 
> Best regards,
>   Lutz
> -- 
> Lutz Jaenicke [EMAIL PROTECTED]
> http://www.aet.TU-Cottbus.DE/personen/jaenicke/
> BTU Cottbus, Allgemeine Elektrotechnik
> Universitaetsplatz 3-4, D-03044 Cottbus
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Need root certificates...

[Vadim Fedukovich]

On Fri, Jun 07, 2002 at 12:38:00AM -0700, Brian Doyle wrote:
> Does anyone know where I can get the latest VeriSign root certificate (that
> expires in 2028) in PEM format?  It seems to be impossible to get it from
> their website in anything other than some script to install it into a web
> browser.

Would you like someone to generate a keypair and cert and give it to you?
One must talk to Verisign

> Anyone know if there's a central trusted repository for all the popular root
> CA's primary (self-signed) certificates?
> 
> Thanks,
> 
> Brian Doyle
> Balance Software, Inc.
> 
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Is it possible/appropriate to add a timestamp (RFC 3161) to a PKCS#7?

[Vadim Fedukovich]

On Thu, Jun 06, 2002 at 05:17:48PM -0700, Bob Steele wrote:
> 
> This might be a nonsensical question, and if so it 
> wouldn't be my first foolish question here:
> 
> Is it possible or appropriate to add a timestamp object
> (RFC 3161) to a PKCS#7 signature during the signature's
> creation? 

This should be defined by business logic and/or risk management rules.
No problem at software-writing level.

> It is *not* possible for me to make the timestamp the signed data
> portion, since I'm already creating signatures on external
> detached data. 
> 
> What I was wondering is if it was possible to add the timestamp
> at the same level as the certificates, much as you add additional
> certificates (for a complete signing chain) to a PKCS#7?

Maybe, another one SignerInfo part of PKCS7?
Made by time-stamping key to confirm signed-data was shown to
signer at that time. Adding another one SignerInfo would not break
validity of any previous one

> Alternately, If there is another PKI data structure that could
> incorporate
> both a PKCS#7 and a RFC 3161 timestamp, could you please suggest it
> to me?

One may want to time-stamp the whole "pkcs7 signed" to confirm
(unverified) signature was shown to the second signer at that time

good luck,
Vadim

> Thanks for any and all help.
> 
> - Bob
> 
> 
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [ANNOUNCE] OpenSSL 0.9.7 beta 2 released

[Vadim Fedukovich]

On Sun, Jun 16, 2002 at 01:55:48PM +0200, Lutz Jaenicke wrote:
> The second beta release of OpenSSL 0.9.7 is now available from the
> OpenSSL FTP site ftp://ftp.openssl.org/source/>. Quite a lot
> of code changed between the 0.9.6 release and the 0.9.7 release, so
> a series of 3 or 4 beta releases is planned before the final release.
> 
> To make sure that it will work correctly, please test this version
> (especially on less common platforms), and report any problems to
> <[EMAIL PROTECTED]>.
> Application developers that use OpenSSL to provide cryptographic
> routines or SSL/TLS support are kindly requested to test their
> software against this new release to make sure that necessary adaptions
> can be made.

Naina library was build with beta2 without applying SET objects patch, thanx.
It was tested to generate certificates once again.

Also, CCA and merchant were tested to run registration and sale sessions
(accept the order only) with a well-known wallet,
using certificates just generated.

> Changes between 0.9.6x and 0.9.7 include:
> 
>   o New library section OCSP.
>   o Complete rewrite of ASN1 code.
>   o CRL checking in verify code and openssl utility.
>   o Extension copying in 'ca' utility.
>   o Flexible display options in 'ca' utility.
>   o Provisional support for international characters with UTF8.
>   o Support for external crypto devices ('engine') is no longer
> a separate distribution.
>   o New elliptic curve library section.
>   o New AES (Rijndael) library section.
>   o Change DES API to clean up the namespace (some applications link also
> against libdes providing similar functions having the same name).
> Provide macros for backward compatibility (will be removed in the
> future).
>   o Unifiy handling of cryptographic algorithms (software and
> engine) to be available via EVP routines for asymmetric and
> symmetric ciphers.
>   o NCONF: new configuration handling routines.
>   o Change API to use more 'const' modifiers to improve error checking
> and help optimizers.
>   o Finally remove references to RSAref.
>   o Reworked parts of the BIGNUM code.
>   o Support for new engines: Broadcom ubsec, Accelerated Encryption
> Processing, IBM 4758.
>   o Extended and corrected OID (object identifier) table.
>   o PRNG: query at more locations for a random device, automatic query for
> EGD style random sources at several locations.
>   o SSL/TLS: allow optional cipher choice according to server's preference.
>   o SSL/TLS: allow server to explicitly set new session ids.
>   o SSL/TLS: support Kerberos cipher suites (RFC2712).
>   o SSL/TLS: allow more precise control of renegotiations and sessions.
>   o SSL/TLS: add callback to retrieve SSL/TLS messages.
>   o SSL/TLS: add draft AES ciphersuites (disabled unless explicitly requested).
> 
> --
> Lutz Jaenicke   [EMAIL PROTECTED]
> OpenSSL Project http://www.openssl.org/~jaenicke/
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]

-- 
Naina library: http://www.unity.net/~vf/naina_r1.tgz
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: DH: problem with DH_compute_key

[Vadim Fedukovich]

On Tue, Jun 18, 2002 at 05:30:45PM +0200, julien Bournelle wrote:
> Hi all,
> 
>  I have a little pb and after a little search on google I didn't find any
> interesting help :-( 
> 
> This is my pb: i try to get a session key by DH and when I compute keys I
> didn't obtain the same session key.

No wonder,
one should call DH_generate_parameters() once to use the same modulus

> 
> This is the code :
> 
> "
> 
> #define PRIME_LEN 64
> #define GENERATOR 5
> 
> ...
> 
> DH *dh_mn;
> DH *dh_ha;
> char *key;
> char *key3;
> int dh_errors;
> 
> dh_mn = DH_generate_parameters(PRIME_LEN, GENERATOR, NULL, NULL);
> 
> DH_check(dh_mn, &dh_errors);
> 
> DH_generate_key(dh_mn);
> 
> dh_ha = DH_generate_parameters(PRIME_LEN, GENERATOR, NULL, NULL);
> 
> DH_check(dh_ha, &dh_errors);
> 
> DH_generate_key(dh_ha);
> 
> key = malloc(DH_size(dh_ha));
> key3 = malloc(DH_size(dh_mn));
> 
> DH_compute_key(key, dh_ha->pub_key, dh_mn);
> 
> DH_compute_key(key3, dh_mn->pub_key, dh_ha);
> "
> 
> and key is always different from key3...
> dh_errors = 0 
> 
> 
> thanks
> 
> [EMAIL PROTECTED]
> 
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]

-- 
Naina library: http://www.unity.net/~vf/naina_r1.tgz
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Generating certificates

[Vadim Fedukovich]

On Mon, Jun 24, 2002 at 09:13:44AM +0200, Martin Sjögren wrote:
> On Thu, Jun 20, 2002 at 11:51:42AM -0500, Pisano, Ed wrote:
> > Martin,
> > I solved this by creating openssl.cnf files that contain the information
> > that is gathered interactively by CA.pl.  I then modified the openssl.exe
> > command invocations in CA.pl to add command line flags and information
> > regarding the location of the created openssl.cnf file.
> 
> Ah, but you see, what I wanted to do was to do this from _within_ my
> application, with no stupid system or popen calls, making it slightly more
> platform independent. It's too bad there is no documentation on how to
> generate certificates and things like that using libssl.

Source is available; any problem reading that?  Anyway, one can:
 - X509_new()
 - set data to be signed, including fresh public key
 - apply some private key on DER encoding of that data
 - output

Maybe, one could use Naina as one more certificate handling HOWTO

> 
> Regards,
> Martin
> 
> -- 
> Martin Sj?gren
>   [EMAIL PROTECTED]  ICQ : 41245059
>   Phone: +46 (0)31 7710870   Cell: +46 (0)739 169191
>   GPG key: http://www.strakt.com/~martin/gpg.html
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]

-- 
Naina library: http://www.unity.net/~vf/naina_r1.tgz
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

unixreview: Anne Carasik on openssl

[Vadim Fedukovich]

Dear Mr. Casad,

UnixReview published Anne Carasik' article on openssl recently.
It should be great for LEGO fan or someone studying history of alcohol.
However, this article (at least) give wrong advise and show
lack of writer competence. To illustrate it:

- using "-rand /dev/urandom" while RSA key generation will try to read
the whole device in and would never stop. One just cant generate
RSA keypair with this option

- DSA is listed as digest algorithm in Ref.2

- it was said that "DSA uses Diffie-Hellman for key exchange" under
"Public Key Generation and Tools"

- it was suggested to use GnuPG for public-key operations instead of
openssl suitable for illustration only. However, author didnt bother
to show howto sign X.509 certificates and Secure Electronic Transactions
messages with GnuPG.

I'm sure errors list could grow fast and easy. What is UnixReview
policy on publishing follow-ups?

- Forwarded message from Brian Hatch <[EMAIL PROTECTED]> -

Date: Wed, 26 Jun 2002 14:00:59 -0700
From: Brian Hatch <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: OpenSSL article at unixreview


There's an intro OpenSSL article at www.unixreview.com that
folks might want to peruse.

- End forwarded message -

--
Naina library: http://www.unity.net/~vf/naina_r1.tgz
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: help needed regarding RSA key generation.

[Vadim Fedukovich]

On Wed, Jun 26, 2002 at 07:35:59PM -0500, Manish Ramesh Chablani wrote:
> Hi,
> 
>   I am new to openSSL. I want to use openSSL to provide cryptographic 
> functions like (key generation, encryption with public key, signing with private 
> key, MD5 calculation) i.e. basically I want to use OpenSSL's Crypto library. I 
> am trying to add authentication/security in MPI implementation.
>   I am having problems getting started. For example how do I generate a 
> RSA public key, private key pair from within my C program.
>   I looked at the API for rsa, its given below
> RSA *RSA_generate_key(int num, unsigned long e,
>void (*callback)(int,int,void *), void *cb_arg);
> 
> but I dont want to decide the args to be passed to this API. I just want to 
> generate random rsa key pair.

would you like it of random size? Or maybe 1024-bits?

> 
> Please help.
> 
> Also if you can point me to some documentation or brief tutorial on using the 
> crypto library it will be great. 
> 
> Thanks,
> Manish
> 
> -
> 
> Manish Chablani,
> Graduate Student,
> Computer Science Department, 
> Indiana University
> -
> 
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: help needed regarding RSA key generation.

[Vadim Fedukovich]

On Thu, Jun 27, 2002 at 12:06:01PM -0500, Manish Ramesh Chablani wrote:
> 
> 
> 
> 
> On Thu, 27 Jun 2002, Vadim Fedukovich wrote:
> 
> > On Wed, Jun 26, 2002 at 07:35:59PM -0500, Manish Ramesh Chablani wrote:
> > > Hi,
> > >
> > >   I am new to openSSL. I want to use openSSL to provide cryptographic
> > > functions like (key generation, encryption with public key, signing with private
> > > key, MD5 calculation) i.e. basically I want to use OpenSSL's Crypto library. I
> > > am trying to add authentication/security in MPI implementation.
> > >   I am having problems getting started. For example how do I generate a
> > > RSA public key, private key pair from within my C program.
> > >   I looked at the API for rsa, its given below
> > > RSA *RSA_generate_key(int num, unsigned long e,
> > >void (*callback)(int,int,void *), void *cb_arg);
> > >
> > > but I dont want to decide the args to be passed to this API. I just want to
> > > generate random rsa key pair.
> >
> > would you like it of random size? Or maybe 1024-bits?
> 
> 
> I would like 1024 bits for first argument. But what should I pass as
> remaining arguments ?

man page is available on this function

> Also do I have to set up random seed before I
> generate keys ?

sure. This may be done automatically on some platforms.
Still, it's always Ok to care about randomness before generating RSA keys

> 
> Thanks,
> Manish
> 
> 
> >
> > >
> > > Please help.
> > >
> > > Also if you can point me to some documentation or brief tutorial on using the
> > > crypto library it will be great.
> > >
> > > Thanks,
> > > Manish
> > >
> > > -
> > >
> > > Manish Chablani,
> > > Graduate Student,
> > > Computer Science Department,
> > > Indiana University
> > > -
> > >
> > > __
> > > OpenSSL Project http://www.openssl.org
> > > User Support Mailing List[EMAIL PROTECTED]
> > > Automated List Manager   [EMAIL PROTECTED]
> > __
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List[EMAIL PROTECTED]
> > Automated List Manager   [EMAIL PROTECTED]
> >

-- 
Naina library: http://www.unity.net/~vf/naina_r1.tgz
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Fingerprint

[Vadim Fedukovich]

On Sat, Jun 29, 2002 at 10:41:34PM +0200, davide wrote:
> On Fri, 28 Jun 2002 09:15:40 +0300
> Vadim Fedukovich <[EMAIL PROTECTED]> wrote:
> 
> > On Thu, Jun 27, 2002 at 11:14:09PM +0200, davide wrote:
> > > Hi,
> > > How could I get a fingerprint from a RSA key?
> > 
> > DER-encode RSA public key and apply SHA1 on it,
> > output that 20 bytes as "%02x".
> 
> OK for apply SHA1, but I don't know (and cannot find doc)
> how to DER-encode RSA public key, could anyone help me?

It was done as

X509_PUBKEY *pk;
ASN1_OCTET_STRING *oc;
oc = ASN1_item_pack(pk, ASN1_ITEM_rptr(X509_PUBKEY), NULL);

regards,
Vadim
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: PKCS7 file size issue

[Vadim Fedukovich]

On Tue, Jul 02, 2002 at 09:15:02PM -0400, Frank Geck wrote:
> I was wondering if someone could tell me real quick if this makes any
> sense.  I'm using the pkcs7 libraries ( not the command line interface)
> provided by openssl to sign a file and save the output to a file. The
> input file is 25,600 but the output is 36,227.  I tried another file
> 779,264 and the output file was 1,056,821, does this make sense?

could it be base64?

> 
> Thanks,
> 
> Frank
> [EMAIL PROTECTED]
> 
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]

-- 
Naina library: http://www.unity.net/~vf/naina_r1.tgz
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: PKCS7 file size issue

[Vadim Fedukovich]

On Wed, Jul 03, 2002 at 08:01:39AM -0400, Frank Geck wrote:
> Vadim,
> Yea I believe it is being base64 bit encoded.  Is there another
> way/better way to do this?

I'd say base64 is unlikely required, unless it's S/MIME.
SHA-1 or some other hash could be calculated over any binary data
to make/check signatures. Ciphers could handle binary data
exactly as text-like.

Naina only use base64 to encode cardholder's CN

good luck,
Vadim

> 
> Thanks,
> 
> Frank
> 
> Vadim Fedukovich wrote:
> 
> > On Tue, Jul 02, 2002 at 09:15:02PM -0400, Frank Geck wrote:
> > > I was wondering if someone could tell me real quick if this makes any
> > > sense.  I'm using the pkcs7 libraries ( not the command line interface)
> > > provided by openssl to sign a file and save the output to a file. The
> > > input file is 25,600 but the output is 36,227.  I tried another file
> > > 779,264 and the output file was 1,056,821, does this make sense?
> >
> > could it be base64?
> >
> > >
> > > Thanks,
> > >
> > > Frank
> > > [EMAIL PROTECTED]
> > >
> > > __
> > > OpenSSL Project http://www.openssl.org
> > > User Support Mailing List[EMAIL PROTECTED]
> > > Automated List Manager   [EMAIL PROTECTED]
> >
> > --
> > Naina library: http://www.unity.net/~vf/naina_r1.tgz
> > __
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List[EMAIL PROTECTED]
> > Automated List Manager   [EMAIL PROTECTED]

-- 
Naina library: http://www.unity.net/~vf/naina_r1.tgz
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: streaming/unstreaming an RSA key

[Vadim Fedukovich]

On Wed, Jul 03, 2002 at 02:58:45PM +0200, Judith Retief wrote:
> 
>   I have to encrypt and decrypt an RSA key using symmetrical encryption,
> using RC4 or one of the other symmetrical encryption APIs. I'm working in C.
> 
> 
>   But I assume I can't just give the RSA key struct to the encryption
> algorithm as input data; its members are BIGNUM pointers so the structure
> has dynamic data that is not part of the struct footprint. I need to stream
> the RSA struct into a continious memory byte buffer to give to the
> encryption algorithm, and after decrypting this stream I need to build up
> the RSA key struct from it. 
> 
>   Are there standard functions available for these streaming functions? Or
> do I have to pull apart the pem_asn1_write/read() functions and implement my
> own? Am I guaranteed that the internal structure of the RSA struct will
> remain the same?

It is ASN.1 and DER that are here to guarantee encoded data will be
restored on any platform

> 
>   Regards, 
>  Judith
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]

-- 
Naina library: http://www.unity.net/~vf/naina_r1.tgz
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Speaking of shared secrets [was: Re: The big number multiplication code]

[Vadim Fedukovich]

On Mon, Jul 08, 2002 at 06:43:06PM +0200, Richard Levitte - VMS Whacker wrote:
> In message <[EMAIL PROTECTED]> on Fri, 5 Jul 2002 18:45:12 +0300, 
>Vadim Fedukovich <[EMAIL PROTECTED]> said:
> 
> vf> see a program attached for details. It handles numbers of 1024 bit range
> vf> doing Shamir secret sharing.
> 
> Secret sharing is something I've been pondering implementing in
> OpenSSL for a while now, on and off.  Too bad your snipet of code is
> licensed under the GPL, that makes it unusable to be included in
> OpenSSL, if you'd be inclined that way.

I'd be happy this code to be integrated into openssl and will do my best
to maintain it. Besides, I was typing too fast and forget to mention
openssl in the source, so I should at least to say sorry now.

Please find attached another code, to get shares of product of two secrets
available in shares only. That is, avoiding recovery from shares
for doing multiplication.

Please note GRR technique of multiplication is not the same as
that of Boneh and Franklin (that is likely used in ITTS code).
In GRR, product of shares is shared again.

> Anyhow, I'm not going to discuss licenses, that's not the purpose of
> this letter.  Instead, I'd like to discuss protocol and usability.
> 
> Shamir's method is beautiful and really easy to understand with a
> certain minimum of mathematical knowledge.  However, it doesn't give
> any hint on how to protect the shares (understandably, of course).
> To use it as a part of OpenSSL, and especially as part of the openssl
> application (as well as other applications based on OpenSSL), one
> needs to collect the shares in one place, one way or the other.

I'd say, share-holders need to run a networked protocol to calculate
something or just recover original secret. They own their hardware.
Probably, the concern is cheating to break such a protocol.

> I'm imagining the following scenario:
> 
> - We implement the shared secret PEM file, with the identity "SHAMIR
>   SHARED SECRET", which would contain an ASN.1 blob (for which we'd
>   need to define a module) containing the prime p (assuming we use
>   modular arithmetics for the calculations), the small number x (the x
>   coordinate of the point that is your share) and the share itself.
>   This would then be protected the same way we currently protect
>   private keys.  This part is actually rather easy.

Yes, sure. I was asking one day whether there's any standards activity
in secret-sharing, to interop right from the start.

> - I get involved in a sensitive project where shared secrets are used
>   for protection.  The implementation I see right now is that each
>   participant inserts his or her diskette, tells the software what the
>   name of the file on that diskette is and gives a password when
>   prompted for it...

One could keep SSL links from client doing sharing or recovery
to set of servers (share-holders)

> The last part is somewhat of a problem, security-wise.  I mean, when I
> play with my own software, use my own private key protected
> appropriately, running on my laptop that isn't connected to anything
> and that has been checked for trojans, viruses and whatever, I feel
> rather safe signing some document, removing the diskette and
> reconnecting to the net in some fashion (no, I don't usually do things
> in quite such a paranoid fashion.  My laptop is secure enough and
> checked enough for my use).  However, sticking that same diskette on
> another system and giving it a password, when I'm not entirely certain
> there's no stealth program listening to the keyborad input and
> secretly taking a backup of my diskette, isn't something I would do
> without a lot of guarantees, and then I would still be suspicious.
> 
> Is there any scheme that would make the use of shared secrets a bit
> safer, or will this simply come down to each participant's trust in
> the system where the shared secret is used?

There are lots of papers on verifiable secret sharing. GRR mentioned
in the code attached and Pedersen-91, just to name a few.
Personally, I came across commitments first with "encrypted open books"
idea from Cypherpunks manifesto. There's an extensive survey by
Douglas Stinson and Ruizhong Wei, unfortunately a bit old.
Also, there's a great page by Helger Lipmaa. And I'm sure
there may be better pointers. Also, ResearchIndex is a great tool.

In short, it could be not easy to chose something best to implement.

> For perfect safety (as closely as you can get to it), hardware devices
> like nCipher (who uses some kind of shared secret for the admin cards
> in the nForec boxes, I believe) are of course the option.  However, I
> don't have the funds for that,

Re: Speaking of shared secrets [was: Re: The big number multiplication code]

[Vadim Fedukovich]

On Mon, Jul 08, 2002 at 03:05:49PM -0400, Rich Salz wrote:
> > I did some work on a project a while back that might be relevant to your 
> > search:
> > 
> > http://crypto.stanford.edu/~dabo/ITTC/
> 
> This work is way cool.  (At a previous company I had some email 
> exchanges with Dan :)
> 
> One interesting application would be to integrate it into BIND so that 
> you could secure share/transfer DNSSEC zone information.  (Bind9 is 
> based on openssl.)

Could you be more specific on "secure" definition here?

As I see it, bind process currently just sends out public keys
and signatures.

One might want it to accept public keys after some voting
and/or to make signatures by quorum of zone name servers.

What is appropriate mailing list to discuss this stuff?

regards,
Vadim

>   /r$
> 
> 
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Speaking of shared secrets

[Vadim Fedukovich]

On Sun, Jul 14, 2002 at 11:56:19AM +0100, Ben Laurie wrote:
> Richard Levitte - VMS Whacker wrote:
> > In message <[EMAIL PROTECTED]> on Tue, 9 Jul 2002 11:43:04 
>+0300, Vadim Fedukovich <[EMAIL PROTECTED]> said:
> > 
> > vf> please consider to include this code into distribution
> > 
> > Thanks and forgive me for being a nuisance...
> > 
> 
> Errr...
> 
> a) This should be on openssl-dev

This discussion was started on -users. Anyway, I'm ready to re-send it
to -dev, in case b) is clear already

> b) its still GPLed - what did I miss?

GPL was replaced in the most advanced variant (get shares of product)
on July, 9. Yes, GPL is still mentioned, as diff output.
Any problem with this?

sorry for confusion,
Vadim
 
> 
> Cheers,
> 
> Ben.
> 
> -- 
> http://www.apache-ssl.org/ben.html   http://www.thebunker.net/
> 
> "There is no limit to what a man can do or how far he can go if he
> doesn't mind who gets the credit." - Robert Woodruff

-- 
Naina library: http://www.unity.net/~vf/naina_r1.tgz
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: How to support Wrong Format Certificate

[Vadim Fedukovich]

On Tue, Jul 30, 2002 at 03:27:40PM +0800, Stone Shi wrote:
> Hello, all
> 
>   I installed Apache+mod_ssl+OpenSSL as HTTPS Server, and I must make the
> server support the Wrong Format Certificate(See in attechment).
>   How can I do? 

I could see nothing wrong with this certificate.
DER encoding is good enough; one could make it PEM easily if required

>   private key in following format
> 
> typedef struct {
>   unsigned int bits; 
>   unsigned char modulus[128];
>   unsigned char publicExponent[128];
>   unsigned char exponent[128]; 
>   unsigned char prime[2][64]; 
>   unsigned char primeExponent[2][64];
>   unsigned char coefficient[64];
> } R_RSA_PRIVATE_KEY;

Maybe, private key was saved as
  write(, just_another_one_encoding, sizeof(R_RSA_PRIVATE_KEY))
If so, one could read() it back and set a EVP_PKEY.
It's still unclean how exactly numbers were broken into unsigned chars,
BN_bin2bn() may be handy to set EVP_PKEY RSA components.

hope this helps,
Vadim
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]