RE: Attribute Certificate with OpenSSL?
Your API looks good - perhaps your code combined with x509AT from Univ. of
Malaga can provide the complete coverage?
And yes - I'd like to take a look at your code (assuming it's under GPL, or
OpenSSL license). I'll check with my bosses to see if they'd approve "more
active" participation.
Thank you!
Regards,
Uri
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Daniel
> Diaz Sanchez
> Sent: Thursday, September 14, 2006 10:00
> To: openssl-users@openssl.org
> Subject: RE: Attribute Certificate with OpenSSL?
>
> Hello,
>
> I developed a beta API code for OpenSSL that may help you.
> Find enclosed a pdf document with the description. Tell me if
> you are interested or anybody wants to help me to improve it.
> Take into account that is a very very beta code.
>
> Apart from that, Jose Antonio Montenegro and Javier Lopez
> from Malaga University have been working on authorization for
> a very long time with very good results. I think that OpenPMI
> is not an unmaintained project.
>
> Try to contact the authors through
>
> http://www.lcc.uma.es/LCC?-f=indexlang.lcc&-l=english
>
>
> Regards,
>
> Daniel
>
> --
> Daniel Diaz Sanchez
> Telecommunication Engineer
> Researcher / Teaching Assistant
>
> Dep. Ing. Telemática
> Universidad Carlos III de Madrid
> Av. Universidad, 30
> 28911 Leganés (Madrid/Spain)
> Tel: (+34) 91-624-8817, Fax: -8749
> Web: www.it.uc3m.es/dds
> web: http://www.it.uc3m.es/pervasive
> Mail: dds[at].it.uc3m.es
> Skype: dds.it.uc3m.es
>
>
> -Mensaje original-
> De: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> En nombre de Mouse
> Enviado el: jueves, 14 de septiembre de 2006 15:49
> Para: openssl-users@openssl.org
> Asunto: RE: Attribute Certificate with OpenSSL?
>
> First - thank you! At least it was something.
>
> I went through the Web sit and the code distro itself.
>
> Web site shows how to use their command x509AT. Great.
> There's no AT-related README though, no documentation, no
> edits or patch-format changes. Thus hard to figure out the
> scope of changes involved.
> The Web page states that it is beta code. References to Lopez
> and Montenegro pages are dead. I.e. dead unmaintained project.
>
> So OpenSSL did not pick the Attribute Certificate extensions
> that Lopez and Montenegro added? Is there an alternative
> distro supporting AT? Is there
> ("official"?) work going on on (cleanly :-) adding support
> for Attribute Certs to OpenSSL?
>
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Saurabh Arora
> > Sent: Wednesday, September 13, 2006 17:58
> > To: openssl-users@openssl.org
> > Subject: Re: Attribute Certificate with OpenSSL?
> >
> > On 9/14/06, Mouse <[EMAIL PROTECTED]> wrote:
> > > Did anybody use OpenSSL successfully for creating and processing
> > > Attribute Certificates?
> >
> > very much .. chek dis link.. http://openpmi.sourceforge.net/
> >
> > > Is there any helpful HOWTO or TFM?
> >
> > download openssl distro(patched to support AC) frm d same link.
> >
> __
> > OpenSSL Project
> http://www.openssl.org
> > User Support Mailing List
> openssl-users@openssl.org
> > Automated List Manager
> > [EMAIL PROTECTED]
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager [EMAIL PROTECTED]
>
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Attribute Certificate with OpenSSL?
On 9/14/06, Mouse <[EMAIL PROTECTED]> wrote:
First - thank you! At least it was something.
I went through the Web sit and the code distro itself.
Web site shows how to use their command x509AT. Great.
There's no AT-related README though, no documentation, no edits or
patch-format changes. Thus hard to figure out the scope of changes involved.
welcome to the world of openssl
The Web page states that it is beta code. References to Lopez and Montenegro
pages are dead. I.e. dead unmaintained project.
hmm.. workin in my browser
So OpenSSL did not pick the Attribute Certificate extensions that Lopez and
Montenegro added? Is there an alternative distro supporting AT? Is there
("official"?) work going on on (cleanly :-) adding support for Attribute
Certs to OpenSSL?
this was d closest i came across..
i was to work on Attribute Certificate too but by then my job period
expired ( i wish i cud have), though i worked on X509 custom certs in
good detail and have written few HOWTO tutorials and articles on the
same. will ask my boss to upload for the community.
apart we can only request the community to keep contributing HowTo's ...
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
RE: Attribute Certificate with OpenSSL?
Hello,
I developed a beta API code for OpenSSL that may help you. Find enclosed a
pdf document with the description. Tell me if you are interested or anybody
wants to help me to improve it. Take into account that is a very very beta
code.
Apart from that, Jose Antonio Montenegro and Javier Lopez from Malaga
University have been working on authorization for a very long time with very
good results. I think that OpenPMI is not an unmaintained project.
Try to contact the authors through
http://www.lcc.uma.es/LCC?-f=indexlang.lcc&-l=english
Regards,
Daniel
--
Daniel Diaz Sanchez
Telecommunication Engineer
Researcher / Teaching Assistant
Dep. Ing. Telemática
Universidad Carlos III de Madrid
Av. Universidad, 30
28911 Leganés (Madrid/Spain)
Tel: (+34) 91-624-8817, Fax: -8749
Web: www.it.uc3m.es/dds
web: http://www.it.uc3m.es/pervasive
Mail: dds[at].it.uc3m.es
Skype: dds.it.uc3m.es
-Mensaje original-
De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
En nombre de Mouse
Enviado el: jueves, 14 de septiembre de 2006 15:49
Para: openssl-users@openssl.org
Asunto: RE: Attribute Certificate with OpenSSL?
First - thank you! At least it was something.
I went through the Web sit and the code distro itself.
Web site shows how to use their command x509AT. Great.
There's no AT-related README though, no documentation, no edits or
patch-format changes. Thus hard to figure out the scope of changes involved.
The Web page states that it is beta code. References to Lopez and Montenegro
pages are dead. I.e. dead unmaintained project.
So OpenSSL did not pick the Attribute Certificate extensions that Lopez and
Montenegro added? Is there an alternative distro supporting AT? Is there
("official"?) work going on on (cleanly :-) adding support for Attribute
Certs to OpenSSL?
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Saurabh Arora
> Sent: Wednesday, September 13, 2006 17:58
> To: openssl-users@openssl.org
> Subject: Re: Attribute Certificate with OpenSSL?
>
> On 9/14/06, Mouse <[EMAIL PROTECTED]> wrote:
> > Did anybody use OpenSSL successfully for creating and processing
> > Attribute Certificates?
>
> very much .. chek dis link.. http://openpmi.sourceforge.net/
>
> > Is there any helpful HOWTO or TFM?
>
> download openssl distro(patched to support AC) frm d same link.
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager
> [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Attribute Certificates APIs.pdf
Description: Adobe PDF document
RV: Attribute Certificate with OpenSSL?
rmation space. Depending on the version of
the certificate it will be inserted in v1Form or in v2From->issuer.
***General tools to fill up some of the necessary structures:
*
int X509AC_set_GENERAL_NAME_name(GENERAL_NAMES *gens, X509_NAME *name)
Introduce a X509_NAME into a GENERAL_NAMES structure.
int X509AC_set_baseCertID_name(X509AC_ISSUER_SERIAL *bci, X509_NAME *name)
Introduce a X509_NAME into a BaseCertId structure.
int X509AC_set_baseCertID_serial(X509AC_ISSUER_SERIAL *bci, ASN1_INTEGER
*serial)
Introduce the serial number into a BaseCertId structure.
int X509AC_set_baseCertID_issuerUniqueID(X509AC_ISSUER_SERIAL *bci,
ASN1_BIT_STRING *uid)
Introduce a unique id into a BaseCertId structure.
Attribute functions
***
X509_ATTRIBUTE * X509AC_get_attr( X509AC *a, int idx )
Get the X509_ATTRIBUTE that occupies the position idx in the stack.
int X509AC_add_attribute_by_NID(X509AC *a, int nid, int atrtype,
void *value)
Create and add an attribute based in its NID.
int X509AC_add_attribute(X509AC *a, X509_ATTRIBUTE *attr)
int X509AC_add_X509_ATTRIBUTE(X509AC *a, X509_ATTRIBUTE *attr)
Add an attribute to the stack in the attribute certificate.
ASN1_TYPE *X509AC_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
Get a pointer to the ASN1_TYPE structure of the first attribute value of the
attribute placed in the position idx.
void *X509AC_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int
atrtype, void *data)
Get a pointer to the data of the first attribute value of the attribute
placed in the position idx.
int X509AC_get_attributecount(X509AC *a)
Get the attribute count present in a attribute certificate.
Extensions:
***
int X509AC_add_extension(X509AC *a, X509_EXTENSION *ex, int loc)
Add a X509_EXTENSION to the certificate X509_EXTENSION stack.
Signature
*
int X509AC_sign_rsa(X509AC *a, RSA *rsa, EVP_MD *md)
int X509AC_sign_pkey(X509AC *a, EVP_PKEY *pkey, EVP_MD *md)
These functions sign the attribute certificate using a RSA key or a
EVP_PKEY.
Presentation
void X509AC_print(X509AC *ac)
Prints to stdout the information present in a attribute certificate.
int GENERAL_NAMES_print(FILE *out, GENERAL_NAMES *gens)
int GENERAL_NAME_print(FILE *out, GENERAL_NAME *gen)
Other:
**
int X509AC_X509_NAME_dup(X509_NAME **xn, X509_NAME *name)
--
Daniel Diaz Sanchez
Telecommunication Engineer
Researcher / Teaching Assistant
Dep. Ing. Telemática
Universidad Carlos III de Madrid
Av. Universidad, 30
28911 Leganés (Madrid/Spain)
Tel: (+34) 91-624-8817, Fax: -8749
Web: www.it.uc3m.es/dds
web: http://www.it.uc3m.es/pervasive
Mail: dds[at].it.uc3m.es
Skype: dds.it.uc3m.es
-Mensaje original-
De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
En nombre de Mouse
Enviado el: jueves, 14 de septiembre de 2006 15:49
Para: openssl-users@openssl.org
Asunto: RE: Attribute Certificate with OpenSSL?
First - thank you! At least it was something.
I went through the Web sit and the code distro itself.
Web site shows how to use their command x509AT. Great.
There's no AT-related README though, no documentation, no edits or
patch-format changes. Thus hard to figure out the scope of changes involved.
The Web page states that it is beta code. References to Lopez and Montenegro
pages are dead. I.e. dead unmaintained project.
So OpenSSL did not pick the Attribute Certificate extensions that Lopez and
Montenegro added? Is there an alternative distro supporting AT? Is there
("official"?) work going on on (cleanly :-) adding support for Attribute
Certs to OpenSSL?
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Saurabh Arora
> Sent: Wednesday, September 13, 2006 17:58
> To: openssl-users@openssl.org
> Subject: Re: Attribute Certificate with OpenSSL?
>
> On 9/14/06, Mouse <[EMAIL PROTECTED]> wrote:
> > Did anybody use OpenSSL successfully for creating and processing
> > Attribute Certificates?
>
> very much .. chek dis link.. http://openpmi.sourceforge.net/
>
> > Is there any helpful HOWTO or TFM?
>
> download openssl distro(patched to support AC) frm d same link.
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager
> [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
___
RE: Attribute Certificate with OpenSSL?
First - thank you! At least it was something.
I went through the Web sit and the code distro itself.
Web site shows how to use their command x509AT. Great.
There's no AT-related README though, no documentation, no edits or
patch-format changes. Thus hard to figure out the scope of changes involved.
The Web page states that it is beta code. References to Lopez and Montenegro
pages are dead. I.e. dead unmaintained project.
So OpenSSL did not pick the Attribute Certificate extensions that Lopez and
Montenegro added? Is there an alternative distro supporting AT? Is there
("official"?) work going on on (cleanly :-) adding support for Attribute
Certs to OpenSSL?
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Saurabh Arora
> Sent: Wednesday, September 13, 2006 17:58
> To: openssl-users@openssl.org
> Subject: Re: Attribute Certificate with OpenSSL?
>
> On 9/14/06, Mouse <[EMAIL PROTECTED]> wrote:
> > Did anybody use OpenSSL successfully for creating and processing
> > Attribute Certificates?
>
> very much .. chek dis link.. http://openpmi.sourceforge.net/
>
> > Is there any helpful HOWTO or TFM?
>
> download openssl distro(patched to support AC) frm d same link.
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager
> [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Attribute Certificate with OpenSSL?
On 9/14/06, Mouse <[EMAIL PROTECTED]> wrote: Did anybody use OpenSSL successfully for creating and processing Attribute Certificates? very much .. chek dis link.. http://openpmi.sourceforge.net/ Is there any helpful HOWTO or TFM? download openssl distro(patched to support AC) frm d same link. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Attribute Certificate with OpenSSL?
Did anybody use OpenSSL successfully for creating and processing Attribute Certificates? Is there any helpful HOWTO or TFM? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
