A problem that I have with apps/req.c is that it is hardly a good reference
for how to use the API calls.
I think, ideally, that all of openssl.cnf should be entirely an artifact of
the apps, but there are (still, I think) things that can only by constructing
some openssl.cnf configuration and se
On 12/22/2021 1:33 PM, Philip Prindeville wrote:
> Should supporting openssl.cnf be part of the library API, or
> externally handled in the command-line utility where it then passes in
> the values extracted from that file?
I don't know how openssl.cnf factors into CSR creation with existing
tool
> On Dec 22, 2021, at 2:18 PM, Jordan Brown
> wrote:
>
> On 12/22/2021 11:45 AM, David von Oheimb wrote:
>> Yet beware that a general-purpose library function that has (at least) the
>> flexibility offered by that app would need a non-trivial set of parameters.
>>
>
> I suspect that it wou
On 12/22/2021 11:45 AM, David von Oheimb wrote:
>
> Yet beware that a general-purpose library function that has (at least)
> the flexibility offered by that app would need a non-trivial set of
> parameters.
>
I suspect that it would end up looking a lot like the existing API.
There might be a few
@Philip,
it should not be hard to copy the core code from apps/req.c and cut out
all parts not needed for generating a PKCS#10 CSR (including its
self-signature).
Yet beware that a general-purpose library function that has (at least)
the flexibility offered by that app would need a non
@Philip,
it should not be hard to copy the core code from apps/req.c and cut out
all parts not needed for generating a PKCS#10 CSR (including its
self-signature).
Yet beware that a general-purpose library function that has (at least)
the flexibility offered by that app would need a non
Hi Erwann and Stephen,
We solved the problem about generating a PKCS#10 from a embedded
processor. Some configurations in the signature generation coprocessor
were wrong.
Your hints helps to discover it.
Tnakyou very much
Giordano
2011/8/5 Dr. Stephen Henson :
> On Fri, Aug 05, 2011, Erw
On Fri, Aug 05, 2011, Erwann ABALEA wrote:
> Bonjour Giordano
>
> Let's start with your example file: example.der.
>
> Extract the contained public key:
> openssl req -pubkey -inform D -in example.der -noout > example.key
>
> Now we'll extract the signature block.
>
> Start by ASN1-parse you
unable to load Public Key
You first have to create the necessary files, extracted from the
request (since it is self-signed).
> I read the PKCS#1, PKCS#8, PKCS#7 and PKCS#10 and now I have an better
> idea from PKI, but I'm still a begginer in these contents.
>
> Could you tell-me
Bounjour Erwann,
I tried your command, but I got an error:
C:\OpenSSL-Win32\bin>openssl rsautl -in example.der.sig -inkey
example.key -pubin -verify -hexdump –raw
Loading 'screen' into random state - done
unable to load Public Key
I read the PKCS#1, PKCS#8, PKCS#7 and PKCS#10 and
Bonjour,
Hodie pr. Non. Aug. MMXI, Giordano Bruno scripsit:
> Thank you for reply,
> I didn't understand what you mean with this sequence (02, padding, DER
> sequence with hash OID and value). Can you explain?
> The hash of our der file (without the first header, the signature
> header and the sig
lve,
>>
>> I need to generate a PKCS#10 with a very limited device, a MSP430F5438
>> from Texas Instruments plus a co-processor that implement the RSA and
>> SHA-1 algorithms.
>>
>> The coprocessor generate the key pair, as shown below. I used the
>> priv
Hodie pr. Non. Aug. MMXI, Giordano Bruno scripsit:
> Hi people, I have a problem in in certifications in low level issue,
> but I think it is the best place to solve,
>
> I need to generate a PKCS#10 with a very limited device, a MSP430F5438
> from Texas Instruments plus a co
Hi people, I have a problem in in certifications in low level issue,
but I think it is the best place to solve,
I need to generate a PKCS#10 with a very limited device, a MSP430F5438
from Texas Instruments plus a co-processor that implement the RSA and
SHA-1 algorithms.
The coprocessor generate
Dear
I got your mail from XCA, that is a very nice app. I work with
embedded systems and need to generate a PKCS#10 with a very limited
device, a MSP430F5438 from Texas Instruments plus a co-processor that
implemente the RSA and SHA-1 algorithms (VaultIC).
We got a DER file from internet, we
Thank you very much, I'll take a look !
Regards,
Jiss
- Mail Original -
De: "Dr. Stephen Henson"
À: openssl-users@openssl.org
Envoyé: Vendredi 14 Mai 2010 17h38:55 GMT +01:00 Amsterdam / Berlin / Berne /
Rome / Stockholm / Vienne
Objet: Re: coding PKCS#10
On Fri, Ma
On Fri, May 14, 2010, jis...@free.fr wrote:
> Hello everyone, I want to create a CSR PKCS#10 using open-ssl libs in C, but
> I really don't know how to do and which functions are available (I assume
> that it is possible, because the .exe provides this service).
>
> Cou
Hello everyone, I want to create a CSR PKCS#10 using open-ssl libs in C, but I
really don't know how to do and which functions are available (I assume that it
is possible, because the .exe provides this service).
Could anyone help me or give me some information to be able to do that ?
instantiates
that engine?
Again the documentation provides some information on this., so my answer is yes.
Thanks
From: Patrick Patterson
To: openssl-users@openssl.org
Sent: Thursday, June 4, 2009 8:41:24 PM
Subject: Re: Newbie: PKCS#10 request for an existing
Hi Raj:
On June 4, 2009 12:58:02 pm Raj wrote:
> Hello Experts,
>
> I request your expert opinion in generating a PKCS#10 CSR;
>
> I have generated my RSA 1024 private public key pair in the HSM. The HSM
> exposes the keys as handles.
>
First question: Do you have OpenSS
Hello Experts,
I request your expert opinion in generating a PKCS#10 CSR;
I have generated my RSA 1024 private public key pair in the HSM. The HSM
exposes the keys as handles.
I am seeing that OpenSSL is raising the CSR (-new) but it generates the RSA key
pair. In my case, i already have the
On Thu, Apr 27, 2006, K Vu (sent by Nabble.com) wrote:
>
> Hello,
>
> I'm very new to openssl. I wanted to create a CSR PKCS#10 & tried the
> following command:
>
> openssl req -config openssl.cnf -new -x509 -days 1001 -key private/cakey.pem
> -out certs/ca.
Hello,
I'm very new to openssl. I wanted to create a CSR PKCS#10 & tried the
following command:
openssl req -config openssl.cnf -new -x509 -days 1001 -key private/cakey.pem
-out certs/ca.cert
and I got the following error:
3809286:error:24064064:random number generator:SSLEAY_RAND_B
Ok, I understand you. But can I generate a PKCS#10 whithout signing ? I
verified the SPKAC' signature as a first step.
Thanks for your help,
Ivander Greco Júnior.
Em Seg, 2005-12-19 às 10:18 -0800, Michael Sierchio escreveu:
> > what can I do to convert a SPKAC request int
what can I do to convert a SPKAC request into a PKCS#10 ? After that
will I be able to generate a SPKAC certificate from PKCS#10 request ?
You can't.
SPKAC is a signed pubkey and challenge. PKCS10 is a different
format of self-signed object. You'd have to have the private
k
Hi,
what can I do to convert a SPKAC request into a PKCS#10 ? After that
will I be able to generate a SPKAC certificate from PKCS#10 request ?
Best regards,
Ivander Greco Júnior
__
OpenSSL Project
Hi again,
shouldn't it be?
static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef};
instead of
static int ext_nid_list[] = { NID_ms_ext_req, NID_ext_req, NID_undef};
I guess it was a typo.
regards,
aleix
On Fri, 10 Sep 2004 22:29:10 +0200, Dr. Stephen Henson
<[EMAIL PROTECTED]
Well, this is great.
Thank you very much!
regards,
aleix
On Fri, 10 Sep 2004 22:29:10 +0200, Dr. Stephen Henson
<[EMAIL PROTECTED]> wrote:
>
> I've just fixed OpenSSL to check for the PKCS#9 extension request first and
> only use MS if its not found.
>
> This will be in the next stable snap
On Fri, Sep 10, 2004, Aleix Conchillo Flaque wrote:
> Hi,
>
> I've asn1parsed the request file. Displaying the request with MS
> certutil.exe utility, I thought that there where two extensionRequest
> attributes.
>
> But parsing the request, I've seen this:
>
> 455:d=4 hl=2 l= 10 prim: OBJ
so, don't I need to distribute a public key to
> challenge the cert with?
>
> This really isn't very straight forward, and I can use all the help I can get.
>
> Thanks,
> Oblio
>
> At 11/7/2002 09:52 PM +0100, you wrote:
>> this is very basic.
>>
&
hat, if you have problems, try and be as specific as you can with
your question and you'll be more likely to get help.
-Bob
> -Original Message-
> From: Oblio [mailto:subscriber@;locustcreek.com]
> Sent: Thursday, November 07, 2002 4:38 PM
> To: [EMAIL PROTECTED]
> Sub
t I need to distribute a public key to
challenge the cert with?
This really isn't very straight forward, and I can use all the help I can get.
Thanks,
Oblio
At 11/7/2002 09:52 PM +0100, you wrote:
this is very basic.
pkcs#10 is the standard request format.
under normal circumstances, the cl
this is very basic.
pkcs#10 is the standard request format.
under normal circumstances, the client ( person who requests a certificate)
sends a pkcs#10 to the ca and the ca signs this request.
in openssl this is done with
openssl ca -in thePKCS#10.pem -out theCert.pem,
using different options
Does anyone know what to do with a PKCS#10 cert request?
Oblio
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
How do I sign a certificate created in PKCS#10?
Thanks,
Oblio
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
Hi
>> Obviously I can't sign the request when I don't have the private key.
>> So the (maybe stupid) question is:
>> Is it at all possible somehow to make a PKCS#10 without a private key?
>Sorry maybe I'm stupid but why can't sign request ?
>Are you
ECTED]
Subject: RE: Making PKCS#10 request without a private key
> I'm trying to make a PKCS#10, without having access to the RSA
> private key.
> The keypair is generated in a smartcard so I only have access to
> the public
> key.
>
> Normally when I generate a PKCS#10
I tested my own script with MS IE 4.x, and 5.x.
It surely works in IE 4.x, but 5.x it generates constants
size PKCS#10(590 byte). I just call createPKCS10 and, just
submit the return value of createPKCS10 and store it in a
file. Have you ever exprienced this strange thing?
How could you solve it
Hi,
The quick version:
Is it possible to extract the public key from a PKCS#10 using openssl?
More detailed description of my problem:
I would like to issue certificates using openSSL and support both Netscape
and IE browsers.
When using Netscape as browser, my cgi script creates a file named
39 matches
Mail list logo