Re: Creating a x509 request with Whirlpool

2010-06-28 Thread Davi Tozoni 
Sorry, I should give more details.

First of all, I don't know if all I've done is correctly. Basically, I made
up my own OID, so I can use it in my application. If you want to do this
too, here is the easy steps:

1. In crypto/objects/objects.txt, I added:
 ecdsa-with-Specified 5: ecdsa-with-whirlpool
 pkcs1 15: RSA-whirlpool   : whirlpoolWithRSAEncryption

2. In crypto/objects/obj_xref.txt, I added:
whirlpoolWithRSAEncryption  whirlpool rsaEncryption
ecdsa_with_whirlpool  whirlpool X9_62_id_ecPublicKey

3. In crypto/ec/ec_pmeth.c, in function "static int pkey_ec_ctrl()", I added
NID_whirlpool in the if clause after "case EVP_PKEY_CTRL_MD:"

I have modified other source codes, but I don't think they have worked. Any
problem or suggestion, tell me!

2010/6/28 Jakob Bohm 

> So did you make up your own OID, or your own ASN structure or did you
> find the right OID somewhere so the rest of us can use it?
>
>
> On 28-06-2010 13:33, Davi Tozoni wrote:
>
>> Hi,
>>  Thank you for the information. I modified some source codes in OpenSSL
>> and achieve what I was looking for.
>>
>> 2010/6/7 Dr. Stephen Henson mailto:st...@openssl.org
>> >>
>>
>>
>>On Mon, Jun 07, 2010, Davi Tozoni wrote:
>>
>> > Hello,
>> >
>> > I was experimenting OpenSSL 1.0.0 and I needed to create a
>>request that must
>> > be signed with Whirlpool hash algorithm. However, when I used the
>>command:
>> >
>> >  openssl req -whirlpool -newkey rsa:1024 -keyout key.pem -out
>> req.pem
>> >
>> > It didn't work. The error message was:
>> > 3078702728:error:0606B06E:digital envelope
>>routines:EVP_SignFinal:wrong
>> > public key type:p_sign.c:125:
>> > 3078702728:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP
>> > lib:a_sign.c:279:
>> >
>> > I wish to know if the fact that whirlpool can't work for x509
>>requests is a
>> > decision of openssl developers or there is another reason.
>>Perhaps I am not
>> > using it correctly.
>> >
>> > PS: I am trying to hack openssl source code to find where I could
>>include
>> > changes that would allow to use whirlpool. Do you have any hint?
>> >
>>
>>In order to use a digest for signature purposes it has to have an
>>appropriate
>>object identifier (OID) defined. For example sha1WithRSAEncryption
>>for SHA1
>>and RSA. You can't just make one up it has to be standardised, there
>>is no OID
>>in OpenSSL corresponding to whirlpool with RSA and you get that
>>error as a
>>result.
>>
>>Steve.
>>--
>>Dr Stephen N. Henson. OpenSSL project core developer.
>>Commercial tech support now available see: http://www.openssl.org
>>__
>>OpenSSL Project http://www.openssl.org
>>User Support Mailing List openssl-users@openssl.org
>>
>>
>>Automated List Manager majord...@openssl.org
>>
>>
>>
>>
>>
>>
>> --
>> Davi Tozoni
>> Engenharia
>> KRYPTUS Engenharia Criptográfica
>> (19) 88140530
>> www.kryptus.com 
>>
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org
>



-- 
Davi Tozoni
Engenharia
KRYPTUS Engenharia Criptográfica
(19) 88140530
www.kryptus.com

Re: Creating a x509 request with Whirlpool

2010-06-28 Thread Jakob Bohm 

So did you make up your own OID, or your own ASN structure or did you
find the right OID somewhere so the rest of us can use it?

On 28-06-2010 13:33, Davi Tozoni wrote:

Hi,
  Thank you for the information. I modified some source codes in OpenSSL
and achieve what I was looking for.

2010/6/7 Dr. Stephen Henson mailto:st...@openssl.org>>

On Mon, Jun 07, 2010, Davi Tozoni wrote:

 > Hello,
 >
 > I was experimenting OpenSSL 1.0.0 and I needed to create a
request that must
 > be signed with Whirlpool hash algorithm. However, when I used the
command:
 >
 >  openssl req -whirlpool -newkey rsa:1024 -keyout key.pem -out req.pem
 >
 > It didn't work. The error message was:
 > 3078702728:error:0606B06E:digital envelope
routines:EVP_SignFinal:wrong
 > public key type:p_sign.c:125:
 > 3078702728:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP
 > lib:a_sign.c:279:
 >
 > I wish to know if the fact that whirlpool can't work for x509
requests is a
 > decision of openssl developers or there is another reason.
Perhaps I am not
 > using it correctly.
 >
 > PS: I am trying to hack openssl source code to find where I could
include
 > changes that would allow to use whirlpool. Do you have any hint?
 >

In order to use a digest for signature purposes it has to have an
appropriate
object identifier (OID) defined. For example sha1WithRSAEncryption
for SHA1
and RSA. You can't just make one up it has to be standardised, there
is no OID
in OpenSSL corresponding to whirlpool with RSA and you get that
error as a
result.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org

Automated List Manager majord...@openssl.org





--
Davi Tozoni
Engenharia
KRYPTUS Engenharia Criptográfica
(19) 88140530
www.kryptus.com 


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Creating a x509 request with Whirlpool

2010-06-28 Thread Davi Tozoni 
Hi,
 Thank you for the information. I modified some source codes in OpenSSL and
achieve what I was looking for.

2010/6/7 Dr. Stephen Henson 

> On Mon, Jun 07, 2010, Davi Tozoni wrote:
>
> > Hello,
> >
> > I was experimenting OpenSSL 1.0.0 and I needed to create a request that
> must
> > be signed with Whirlpool hash algorithm. However, when I used the
> command:
> >
> >  openssl req -whirlpool -newkey rsa:1024 -keyout key.pem -out req.pem
> >
> > It didn't work. The error message was:
> > 3078702728:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong
> > public key type:p_sign.c:125:
> > 3078702728:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP
> > lib:a_sign.c:279:
> >
> > I wish to know if the fact that whirlpool can't work for x509 requests is
> a
> > decision of openssl developers or there is another reason. Perhaps I am
> not
> > using it correctly.
> >
> > PS: I am trying to hack openssl source code to find where I could include
> > changes that would allow to use whirlpool. Do you have any hint?
> >
>
> In order to use a digest for signature purposes it has to have an
> appropriate
> object identifier (OID) defined. For example sha1WithRSAEncryption for SHA1
> and RSA. You can't just make one up it has to be standardised, there is no
> OID
> in OpenSSL corresponding to whirlpool with RSA and you get that error as a
> result.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org
>



-- 
Davi Tozoni
Engenharia
KRYPTUS Engenharia Criptográfica
(19) 88140530
www.kryptus.com

Re: Creating a x509 request with Whirlpool

2010-06-07 Thread Dr. Stephen Henson 
On Mon, Jun 07, 2010, Davi Tozoni wrote:

> Hello,
> 
> I was experimenting OpenSSL 1.0.0 and I needed to create a request that must
> be signed with Whirlpool hash algorithm. However, when I used the command:
> 
>  openssl req -whirlpool -newkey rsa:1024 -keyout key.pem -out req.pem
> 
> It didn't work. The error message was:
> 3078702728:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong
> public key type:p_sign.c:125:
> 3078702728:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP
> lib:a_sign.c:279:
> 
> I wish to know if the fact that whirlpool can't work for x509 requests is a
> decision of openssl developers or there is another reason. Perhaps I am not
> using it correctly.
> 
> PS: I am trying to hack openssl source code to find where I could include
> changes that would allow to use whirlpool. Do you have any hint?
> 

In order to use a digest for signature purposes it has to have an appropriate
object identifier (OID) defined. For example sha1WithRSAEncryption for SHA1
and RSA. You can't just make one up it has to be standardised, there is no OID
in OpenSSL corresponding to whirlpool with RSA and you get that error as a
result.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Creating a x509 request with Whirlpool

2010-06-07 Thread Davi Tozoni 
Hello,

I was experimenting OpenSSL 1.0.0 and I needed to create a request that must
be signed with Whirlpool hash algorithm. However, when I used the command:

 openssl req -whirlpool -newkey rsa:1024 -keyout key.pem -out req.pem

It didn't work. The error message was:
3078702728:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong
public key type:p_sign.c:125:
3078702728:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP
lib:a_sign.c:279:

I wish to know if the fact that whirlpool can't work for x509 requests is a
decision of openssl developers or there is another reason. Perhaps I am not
using it correctly.

PS: I am trying to hack openssl source code to find where I could include
changes that would allow to use whirlpool. Do you have any hint?

Thanks!
-- 
Davi Tozoni
Engenharia
KRYPTUS Engenharia Criptográfica
(19) 88140530
www.kryptus.com