OpenSSL with Luna SA

failed:eng_table.c:174: Any idea why this would be happening? Is it that the engine is just not implemented properly? Thanks, -- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. 613-608-9752 __ OpenSSL Project

Re: OpenSSL with Luna SA

seem to fix things either. May I ask which Luna product we have been able to use the engine with? Thanks, Bram On 12-02-01 7:58 AM, Mathias Tausig wrote: On 02/01/2012 12:59 PM, Bram Cymet wrote: Hi, I am attempting to use openssl with the Luna SA HSM. I am getting the following error

Re: Date format for X.509 certificate

! Matt -- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. 613-608-9752 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users

Engine Problems

[pkcs11_section] engine_id = pkcs11 dynamic_path = /usr/lib64/engines/engine_pkcs11.so MODULE_PATH = /usr/lib64/opensc-pkcs11.so init = 0 PIN = PINOFSMARTCARD Any idea why I am getting a conflicting engine id and how I can debug and fix this? Thanks, -- Bram Cymet Software Developer Canadian Bank Note Co

Re: Engine Problems

routines:MODULE_RUN:module initialization error:conf_mod.c:235:module=engines, value=engine_section, retcode=-1 Any idea why it would be doing that? Thanks, Bram On 11-04-05 7:24 AM, Bram Cymet wrote: Hi, When I try to load the opensc-engine with a config file I get: OPENSSL_CONF=/opt/cbnca

Re: Engine Problems

On 11-04-05 11:50 AM, Dr. Stephen Henson wrote: On Tue, Apr 05, 2011, Bram Cymet wrote: I added some debugging output to openssl and I have found that it is parsing the config file twice and attempting to load the engine twice. OPENSSL_CONF=/opt/cbnca/etc/cbn-openssl.conf ./apps/openssl

Config file being ignored

in the openssl command line interface then it works fine. Any idea what could be going on? Why would it seem to ignore my config. -- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. Cell: 613-608-9752 __ OpenSSL

Re: Config file being ignored

routines:MODULE_RUN:module initialization error:conf_mod.c:235:module=engines, value=engine_section, retcode=-1 error in engine On 11/09/2010 04:57 PM, Bram Cymet wrote: Hi, I have the following in my /etc/ssl/openssl.cnf file: openssl_conf= openssl_def [openssl_def] engines

Re: Config file being ignored

, retcode=-1 any idea why that would be happening? On 11/09/2010 05:28 PM, Bram Cymet wrote: Here is an example of what happens if I run it from the command line interface: openssl OpenSSL engine dynamic -pre SO_PATH:/usr/local/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre

RSA-PSS

RSA_padding_add_PKCS1_PSS with the hash that I computed is that correct? Thanks, -- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. Cell: 613-608-9752 __ OpenSSL Project http

Engine Problem

on? I am using openssl 1.0.0 Also on a side note if I use the command: OPENSSL_CONF=piv.conf openssl The OPENSSL_CONF variable is ignored and it just uses the default config file. Setting the config file like this on the command line used to work has something changed? Thanks, -- Bram Cymet

Re: Engine Problem

here: http://www.opensc-project.org/pipermail/opensc-devel/2010-April/013956.html On Oct 06, 2010 09:50 AM, Bram Cymet bcy...@cbnco.com wrote: Hi, I am trying to use engine_pkcs11 from opensc to talk to a smartcard. I am running into a few problems. My configuration looks like: openssl_conf

Re: Weird Validation Error

On 08/23/2010 06:19 PM, Bram Cymet wrote: Hi, Does any know of what would cause ctx-error to be set to 0 (X509_V_OK ) with a call to x509_verify_cert() that should result in X509_V_ERR_UNABLE_TO_GET_CRL. From the OpenSSL Source (x509_vfy.h) it looks like that would mean there were

Weird Validation Error

to figure out what these values are? Thanks, -- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. Cell: 613-608-9752 __ OpenSSL Project http://www.openssl.org User Support Mailing List

Re: Question about extensions

? Thanks, Bram On 2010-08-08, at 3:41 PM, Bram Cymet wrote: I have attempted a number of different command line commands. They are all similar to: openssl x509 -extfile req.conf -extensions client_cert -in bcymet-cert.pem -out test.pem openssl x509 -req -in req.pem -sha1 -extfile

Re: Question about extensions

Ok I see it now. The whole structure is there asn1parse just can't print out the GENERALSTRINGs I changed them to UTF8 and I was able to see everything. Thanks again, Bram On 2010-08-09, at 6:51 AM, Bram Cymet wrote: Ok I was able to get openssl to generate a cert. Now when I got

Re: Question about extensions

test.pem Can you give me an example of how to create the cert or a req with the extensions? Thanks, Bram On 2010-08-08, at 8:38 AM, Dr. Stephen Henson wrote: On Fri, Aug 06, 2010, Bram Cymet wrote: It complains about the client_cert section. Attached is the conf file. I am using

Re: Question about extensions

On 08/06/2010 01:18 PM, Dr. Stephen Henson wrote: On Fri, Aug 06, 2010, Bram Cymet wrote: On 08/06/2010 08:49 AM, Dr. Stephen Henson wrote: On Wed, Aug 04, 2010, Bram Cymet wrote: HI, Give a configuration like the following: subjectAltName=otherName:1.3.6.1.5.2.2

Error Loading Extension

Hi, I am trying to add extensions to a cert or a req and when I do I get: Error Loading extension section section Is there anyway that I can get more details into why it failed? Thanks, -- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. Cell: 613-608-9752

Question about extensions

that would be created. Thanks, -- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. Cell: 613-608-9752 __ OpenSSL Project http://www.openssl.org User Support Mailing List

Re: Question about extensions

To give more information: At present I don't care about the issuerAltName and I would like to be able to generate the octet string that would be needed. Thanks On 08/04/2010 03:08 PM, Bram Cymet wrote: HI, Give a configuration like the following: subjectAltName=otherName:1.3.6.1.5.2.2

Re: Question about extensions

would my best course of action be to use ASN1_generate_nconf to generate this OCTET String. Can someone give me an example of how to do this? On 08/04/2010 03:35 PM, Bram Cymet wrote: To give more information: At present I don't care about the issuerAltName and I would like to be able

Certificates For Kerberos

: otherName:1.3.6.1.5.2.2; It is the rest of it I am having a hard time figuring out. Any help would be great. Thanks, -- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. Cell: 613-608-9752 __ OpenSSL Project

Getting A Cert From A PIV Card

--type cert --label label --module /usr/lib64/opensc-pkcs11.so /tmp/encrypt.der and then use the cert to perform the encryption. I am wondering if there is a way to get openssl to pull the cert off the card and use it? Thanks, -- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. Cell

RSA-PSS

Hi, I have been able to use RSA-PSS to sign some data with OpenSSL. I am wondering if OpenSSL supports creating certs where the signature algorithm uses RSA-PSS. In other words, when viewing the properties of the cert you would get: Signature Algorithm: 1.2.840.113549.1.1.10 Thanks, -- Bram

Private Key Usage Period

Hi, I am wondering if with the latest version of Openssl it is possible to set the Private Key Usage Period extension and if so what is the format of the parameters? Thanks, -- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. Cell: 613-608-9752

Problem Building a Shared Object for Openssl

-DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DWHIRLPOOL_ASM   -c -o ts_asn1.o ts_asn1.c Any ideas as to what could be happening. I am using the latest openssl source. Thanks, Bram Cymet

PEM Encoding Issue

fine. Any ideas what could be going on? Thanks, -- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. Cell: 613-608-9752 __ OpenSSL Project http://www.openssl.org User Support Mailing

Re: Using pkcs12

-password pass: and there will be no password. -- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. Cell: 613-608-9752 __ OpenSSL Project http://www.openssl.org User Support Mailing List

ECDSA Encryption

Hi, Is it possible to use openssl to do ecdsa encryption/decryption and if so how? Or can someone recommend a linux command line tool that would? Thanks, -- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. Cell: 613-608-9752

Memory Paging

there is no way to get the decrypted data.. Thanks, -- Bram Cymet Software Developer Centre For Technological Innovation Canadian Bank Note Co. Ltd. Cell: 613-608-9752 __ OpenSSL Project http

MODULE_PATH

to the right piece of code? For example on the command line I would do: OpenSSL engine -t dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so \ -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD \ -pre MODULE_PATH:/usr/lib/opensc-pkcs11.so Any help would be great, -- Bram Cymet

Re: Muscle Card Problems

Bram Cymet wrote: I am using a new javacard with the musclecard applet. I have been able to generate and sign with 1024 bit keys but when I got to use 2048 bit keys I can only generate them not sign with them. I get the following error: 6068:error:8006C06D:lib(128):RSA_PRIV_ENC:msc invalid

Muscle Card Problems

Nov 4 07:29:12 2008 C-APDU: B0 36 04 01 05 00 03 01 00 00 R-APDU: 90 00 Time: 16 ms Thanks, -- Bram Cymet Software Developer Centre For Technological Innovation Canadian Bank Note Co. Ltd. Cell: 613-608-9752 __ OpenSSL