A problem that I have with apps/req.c is that it is hardly a good reference
for how to use the API calls.
I think, ideally, that all of openssl.cnf should be entirely an artifact of
the apps, but there are (still, I think) things that can only by constructing
some openssl.cnf configuration and
On 12/22/2021 1:33 PM, Philip Prindeville wrote:
> Should supporting openssl.cnf be part of the library API, or
> externally handled in the command-line utility where it then passes in
> the values extracted from that file?
I don't know how openssl.cnf factors into CSR creation with existing
> On Dec 22, 2021, at 2:18 PM, Jordan Brown
> wrote:
>
> On 12/22/2021 11:45 AM, David von Oheimb wrote:
>> Yet beware that a general-purpose library function that has (at least) the
>> flexibility offered by that app would need a non-trivial set of parameters.
>>
>
> I suspect that it
On 12/22/2021 11:45 AM, David von Oheimb wrote:
>
> Yet beware that a general-purpose library function that has (at least)
> the flexibility offered by that app would need a non-trivial set of
> parameters.
>
I suspect that it would end up looking a lot like the existing API.
There might be a
@Philip,
it should not be hard to copy the core code from apps/req.c and cut out
all parts not needed for generating a PKCS#10 CSR (including its
self-signature).
Yet beware that a general-purpose library function that has (at least)
the flexibility offered by that app would need a non
@Philip,
it should not be hard to copy the core code from apps/req.c and cut out
all parts not needed for generating a PKCS#10 CSR (including its
self-signature).
Yet beware that a general-purpose library function that has (at least)
the flexibility offered by that app would need a non
Hi Erwann and Stephen,
We solved the problem about generating a PKCS#10 from a embedded
processor. Some configurations in the signature generation coprocessor
were wrong.
Your hints helps to discover it.
Tnakyou very much
Giordano
2011/8/5 Dr. Stephen Henson st...@openssl.org:
On Fri, Aug 05
Bounjour Erwann,
I tried your command, but I got an error:
C:\OpenSSL-Win32\binopenssl rsautl -in example.der.sig -inkey
example.key -pubin -verify -hexdump –raw
Loading 'screen' into random state - done
unable to load Public Key
I read the PKCS#1, PKCS#8, PKCS#7 and PKCS#10 and now I have
have to create the necessary files, extracted from the
request (since it is self-signed).
I read the PKCS#1, PKCS#8, PKCS#7 and PKCS#10 and now I have an better
idea from PKI, but I'm still a begginer in these contents.
Could you tell-me how to make the example.key and example.der.sig
On Fri, Aug 05, 2011, Erwann ABALEA wrote:
Bonjour Giordano
Let's start with your example file: example.der.
Extract the contained public key:
openssl req -pubkey -inform D -in example.der -noout example.key
Now we'll extract the signature block.
Start by ASN1-parse your file:
Dear
I got your mail from XCA, that is a very nice app. I work with
embedded systems and need to generate a PKCS#10 with a very limited
device, a MSP430F5438 from Texas Instruments plus a co-processor that
implemente the RSA and SHA-1 algorithms (VaultIC).
We got a DER file from internet, we
Hi people, I have a problem in in certifications in low level issue,
but I think it is the best place to solve,
I need to generate a PKCS#10 with a very limited device, a MSP430F5438
from Texas Instruments plus a co-processor that implement the RSA and
SHA-1 algorithms.
The coprocessor generate
Hodie pr. Non. Aug. MMXI, Giordano Bruno scripsit:
Hi people, I have a problem in in certifications in low level issue,
but I think it is the best place to solve,
I need to generate a PKCS#10 with a very limited device, a MSP430F5438
from Texas Instruments plus a co-processor that implement
to solve,
I need to generate a PKCS#10 with a very limited device, a MSP430F5438
from Texas Instruments plus a co-processor that implement the RSA and
SHA-1 algorithms.
The coprocessor generate the key pair, as shown below. I used the
private key generate to sign the part in the of the CSR message
Bonjour,
Hodie pr. Non. Aug. MMXI, Giordano Bruno scripsit:
Thank you for reply,
I didn't understand what you mean with this sequence (02, padding, DER
sequence with hash OID and value). Can you explain?
The hash of our der file (without the first header, the signature
header and the
Hello everyone, I want to create a CSR PKCS#10 using open-ssl libs in C, but I
really don't know how to do and which functions are available (I assume that it
is possible, because the .exe provides this service).
Could anyone help me or give me some information to be able to do that ?
Thank
On Fri, May 14, 2010, jis...@free.fr wrote:
Hello everyone, I want to create a CSR PKCS#10 using open-ssl libs in C, but
I really don't know how to do and which functions are available (I assume
that it is possible, because the .exe provides this service).
Could anyone help me or give me
Thank you very much, I'll take a look !
Regards,
Jiss
- Mail Original -
De: Dr. Stephen Henson st...@openssl.org
À: openssl-users@openssl.org
Envoyé: Vendredi 14 Mai 2010 17h38:55 GMT +01:00 Amsterdam / Berlin / Berne /
Rome / Stockholm / Vienne
Objet: Re: coding PKCS#10
On Fri, May
that engine?
Again the documentation provides some information on this., so my answer is yes.
Thanks
From: Patrick Patterson ppatter...@carillonis.com
To: openssl-users@openssl.org
Sent: Thursday, June 4, 2009 8:41:24 PM
Subject: Re: Newbie: PKCS#10 request
Hello Experts,
I request your expert opinion in generating a PKCS#10 CSR;
I have generated my RSA 1024 private public key pair in the HSM. The HSM
exposes the keys as handles.
I am seeing that OpenSSL is raising the CSR (-new) but it generates the RSA key
pair. In my case, i already have
Hi Raj:
On June 4, 2009 12:58:02 pm Raj wrote:
Hello Experts,
I request your expert opinion in generating a PKCS#10 CSR;
I have generated my RSA 1024 private public key pair in the HSM. The HSM
exposes the keys as handles.
First question: Do you have OpenSSL patched to use that particular
Hello,
I'm very new to openssl. I wanted to create a CSR PKCS#10 tried the
following command:
openssl req -config openssl.cnf -new -x509 -days 1001 -key private/cakey.pem
-out certs/ca.cert
and I got the following error:
3809286:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG
On Thu, Apr 27, 2006, K Vu (sent by Nabble.com) wrote:
Hello,
I'm very new to openssl. I wanted to create a CSR PKCS#10 tried the
following command:
openssl req -config openssl.cnf -new -x509 -days 1001 -key private/cakey.pem
-out certs/ca.cert
and I got the following error
Hi,
what can I do to convert a SPKAC request into a PKCS#10 ? After that
will I be able to generate a SPKAC certificate from PKCS#10 request ?
Best regards,
Ivander Greco Júnior
__
OpenSSL Project
what can I do to convert a SPKAC request into a PKCS#10 ? After that
will I be able to generate a SPKAC certificate from PKCS#10 request ?
You can't.
SPKAC is a signed pubkey and challenge. PKCS10 is a different
format of self-signed object. You'd have to have the private
key present
Ok, I understand you. But can I generate a PKCS#10 whithout signing ? I
verified the SPKAC' signature as a first step.
Thanks for your help,
Ivander Greco Júnior.
Em Seg, 2005-12-19 às 10:18 -0800, Michael Sierchio escreveu:
what can I do to convert a SPKAC request into a PKCS#10
Hi again,
shouldn't it be?
static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef};
instead of
static int ext_nid_list[] = { NID_ms_ext_req, NID_ext_req, NID_undef};
I guess it was a typo.
regards,
aleix
On Fri, 10 Sep 2004 22:29:10 +0200, Dr. Stephen Henson
[EMAIL PROTECTED]
Well, this is great.
Thank you very much!
regards,
aleix
On Fri, 10 Sep 2004 22:29:10 +0200, Dr. Stephen Henson
[EMAIL PROTECTED] wrote:
I've just fixed OpenSSL to check for the PKCS#9 extension request first and
only use MS if its not found.
This will be in the next stable snapshot.
On Fri, Sep 10, 2004, Aleix Conchillo Flaque wrote:
Hi,
I've asn1parsed the request file. Displaying the request with MS
certutil.exe utility, I thought that there where two extensionRequest
attributes.
But parsing the request, I've seen this:
455:d=4 hl=2 l= 10 prim: OBJECT
Does anyone know what to do with a PKCS#10 cert request?
Oblio
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
this is very basic.
pkcs#10 is the standard request format.
under normal circumstances, the client ( person who requests a certificate)
sends a pkcs#10 to the ca and the ca signs this request.
in openssl this is done with
openssl ca -in thePKCS#10.pem -out theCert.pem,
using different options
with?
This really isn't very straight forward, and I can use all the help I can get.
Thanks,
Oblio
At 11/7/2002 09:52 PM +0100, you wrote:
this is very basic.
pkcs#10 is the standard request format.
under normal circumstances, the client ( person who requests a certificate)
sends a pkcs#10 to the ca
and be as specific as you can with
your question and you'll be more likely to get help.
-Bob
-Original Message-
From: Oblio [mailto:subscriber;locustcreek.com]
Sent: Thursday, November 07, 2002 4:38 PM
To: [EMAIL PROTECTED]
Subject: Re: PKCS#10?
Ok, I know it's very basic, it's just
I can get.
Thanks,
Oblio
At 11/7/2002 09:52 PM +0100, you wrote:
this is very basic.
pkcs#10 is the standard request format.
under normal circumstances, the client ( person who requests a certificate)
sends a pkcs#10 to the ca and the ca signs this request.
in openssl this is done
How do I sign a certificate created in PKCS#10?
Thanks,
Oblio
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
Hi
Obviously I can't sign the request when I don't have the private key.
So the (maybe stupid) question is:
Is it at all possible somehow to make a PKCS#10 without a private key?
Sorry maybe I'm stupid but why can't sign request ?
Are you using RSA or memory smartcard ?
The problem
]
Subject: RE: Making PKCS#10 request without a private key
I'm trying to make a PKCS#10, without having access to the RSA
private key.
The keypair is generated in a smartcard so I only have access to
the public
key.
Normally when I generate a PKCS#10 (when I also have access to the private
key
Hi,
The quick version:
Is it possible to extract the public key from a PKCS#10 using openssl?
More detailed description of my problem:
I would like to issue certificates using openSSL and support both Netscape
and IE browsers.
When using Netscape as browser, my cgi script creates a file named
38 matches
Mail list logo