Re: [openssl-users] Are double-quotes valid characters in certifcates/keys?

[Ajay Garg]

Thanks everyone for the quick and generous help !!
I am really thankful to everyone's time.


Thanks and Regards,
Ajay

On Tue, Apr 12, 2016 at 7:08 PM, Salz, Rich  wrote:
>
>> Except when you want more people (usually everybody) access to the CRT,
>> but few people (usually one or two trusted server
>> processes) access to the private KEY.
>>
>> Then using two different files will make a lot of sense.
>
> Oh yes, absolutely!  Don't give out the private kkey :)
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



-- 
Regards,
Ajay
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Are double-quotes valid characters in certifcates/keys?

[Salz, Rich]

> Except when you want more people (usually everybody) access to the CRT,
> but few people (usually one or two trusted server
> processes) access to the private KEY.
> 
> Then using two different files will make a lot of sense.

Oh yes, absolutely!  Don't give out the private kkey :)
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Are double-quotes valid characters in certifcates/keys?

[Jakob Bohm]

On 11/04/2016 18:57, Salz, Rich wrote:

You can merge the two files into one.   As long as they are in PEM format, it 
will just work.


Except when you want more people (usually everybody) access to
the CRT, but few people (usually one or two trusted server
processes) access to the private KEY.

Then using two different files will make a lot of sense.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Are double-quotes valid characters in certifcates/keys?

[Salz, Rich]

You can merge the two files into one.   As long as they are in PEM format, it 
will just work.

--  
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Are double-quotes valid characters in certifcates/keys?

[Ajay Garg]

Hi All.

Thanks for the help.

The certificate is a ".crt.pem".
Key is a ".key".

Anyhow, earlier I was thinking of saving the certificate+key in a
file, where double-quotes were delimiters.
But, I have rejected that idea; instead saving them in their respective files :)

So, the question becomes obsolete.


Anyhow, I am thanks (and sorry at the same time) for everyone's time.



Thanks and Regards,
Ajay

On Mon, Apr 11, 2016 at 8:56 PM, Viktor Dukhovni
 wrote:
> On Mon, Apr 11, 2016 at 10:01:33AM +0530, Ajay Garg wrote:
>
> [ Subject: Are double-quotes valid characters in certifcates/keys? ]
>
>> Could not find a definitive answer on google, so thought it would be
>> best to ask the experts :)
>
> The question is ill-formed.  Are you asking about allowed characters
> in some field of the underlying canonical ASN.1 DER form of a
> certificate, or about some particular encoding of the certificate
> (e.g. PEM)?
>
> If the former, X.509v3 certificates are complicated objects, which
> part of the certificate are you asking about?
>
> As for keys, in their ASN.1 DER encoding they are "binary" data,
> and all octets are a priori valid in a public key.  A public key
> algorithm that prohibits 0x22 seems unlikely.
>
> --
> Viktor.
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



-- 
Regards,
Ajay
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Are double-quotes valid characters in certifcates/keys?

[Viktor Dukhovni]

On Mon, Apr 11, 2016 at 10:01:33AM +0530, Ajay Garg wrote:

[ Subject: Are double-quotes valid characters in certifcates/keys? ]

> Could not find a definitive answer on google, so thought it would be
> best to ask the experts :)

The question is ill-formed.  Are you asking about allowed characters
in some field of the underlying canonical ASN.1 DER form of a
certificate, or about some particular encoding of the certificate
(e.g. PEM)?

If the former, X.509v3 certificates are complicated objects, which
part of the certificate are you asking about?

As for keys, in their ASN.1 DER encoding they are "binary" data,
and all octets are a priori valid in a public key.  A public key
algorithm that prohibits 0x22 seems unlikely.

-- 
Viktor.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Are double-quotes valid characters in certifcates/keys?

[Jeffrey Walton]

> Could not find a definitive answer on google, so thought it would be
> best to ask the experts :)

Its probably been discussed on the PKIX mailing list at some point
(http://mailarchive.ietf.org/arch/search/?email_list=pkix).

Keys don't use them. Certificates can use them based on the ASN.1 type.

However, I work on a C++ project, and the CA removed the CN we
requested. I'm guessing it was because of the "++" in the common name
(friendly name displayed to the user), which may have wreaked havoc on
some scripts. I've been waiting to see a BlackHat talk on it.

Jeff
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Are double-quotes valid characters in certifcates/keys?

[Ajay Garg]

Hi.

Could not find a definitive answer on google, so thought it would be
best to ask the experts :)


Thanks and Regards,
Ajay
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users