Solved it. If somebody else needs help, don't hesitate, please.
2009/7/14 Silviu VLASCEANU
> Hello,
>
> I want to add some new functionality to the crypto library in openssl and I
> need some help with the integration of the new code in the build system of
> openssl.
&g
Hello,
I want to add some new functionality to the crypto library in openssl and I
need some help with the integration of the new code in the build system of
openssl.
I intend to add some source code, in the "crypto" directory, as a new
subdirectory, say "extra". There will be the following files:
being
> > stored on the HSM), through the nCore API?
> > I am specifically interested by the actual data stream that I need to
> > provide to the HSM for it to sign.
> > The mechanism that I intend to use for signing is SHA1 - RSA.
> >
> > Thank you in advance fo
.
The mechanism that I intend to use for signing is SHA1 - RSA.
Thank you in advance for your help!
--
Silviu Vlasceanu
2008/9/11 Kyle Hamilton <[EMAIL PROTECTED]>
> If you're getting pronounced jitter on your client machines, I'd
> suggest two things:
>
> 1) install ntp clients on them, and
> 2) create your client certificates with a notBefore date of (now - 10m).
>
That's exactly what I did. In fact, I synchroni
Hello,
Sorry for the delay, I had some problem with... "delays" :).
I have carefully read all of the suggestions from Kyle and Patrick. However,
the serial issue was the most flagrant, definitely and I have immediately
defined one. Concerning the other suggestions (KU, EKU, AKI), I agree with
them
nks again!
2008/9/8 delcour.pierre <[EMAIL PROTECTED]>
> Silviu VLASCEANU wrote:
>
>> Hi,
>>
>> Sorry to bother again, but I still haven't found how to add the Authority
>> Key ID to a certificate, using openssl.
>> Please, I need some help with this. Th
Hi,
Sorry to bother again, but I still haven't found how to add the Authority
Key ID to a certificate, using openssl.
Please, I need some help with this. The details are below.
Thank you in advance,
--
Silviu
2008/9/3 Silviu VLASCEANU <[EMAIL PROTECTED]>
> Hello everybody,
>
Hello everybody,
I need to copy the Subject Key ID (SKID) from the CA certificate to the
Authority Key ID (AKID) of a new certificate.
I have extracted the SKID with
AUTHORITY_KEYID *akid = X509_get_ext_d2i(ca_cert,
NID_subject_key_identifier, NULL, NULL);
How can I "put" akid in an X509_EXTENSI
Thanks, David, that's exactly what I needed. I already found some examples,
but these are very clear as steps to create the cert.
One more question, though: how do you convert an RSA public key from an
(uint8_t *) type to the RSA type defined in OpenSSL (or to EVP_PKEY). I have
been googling on th
ve read my mind again: In a future revision of my application, I might
need to set the CA extension to true.
> -Kyle H
Thanks a lot for the suggestions, I will conform them.
Cheers,
>
>
> On Tue, Aug 19, 2008 at 3:54 AM, Silviu VLASCEANU
> <[EMAIL PROTECTED]> wrote:
> >
use I only need some help with using the library. If
I would have found a better strategy to make CSRs, I would have posted to
devel-openssl or IETF PKIX MLs. But I am not dealing with that...
Thanks again and I hope that I have been clear enough.
2008/8/19 David Schwartz <[EMAIL PROTECTED]>
To reformulate,
Is there a way to generate a certificate without a proof of possession?
Thanks.
2008/8/18 Silviu VLASCEANU <[EMAIL PROTECTED]>
> Hello,
>
> I am developing an application which also has some CA functions. The
> application knows the public key, KpC, of a
Hello,
I am developing an application which also has some CA functions. The
application knows the public key, KpC, of a client which has a priori proven
to this app the possession of KpC through an out-of-band mean. Therefore,
when the application "calls" the CA functionality to generate the clien
14 matches
Mail list logo