Thanks, David, that's exactly what I needed. I already found some examples,
but these are very clear as steps to create the cert.
One more question, though: how do you convert an RSA public key from an
(uint8_t *) type to the RSA type defined in OpenSSL (or to EVP_PKEY). I have
been googling on th
Kyle,
2008/8/19 Kyle Hamilton <[EMAIL PROTECTED]>
> What you're saying is this:
>
> 1) You know who the principal is (and therefore the CN to stick into
> your certificate), due to your pre-existing protocol.
> 2) You know what the public key is, also due to your pre-existing protocol.
> 3) You'v
> The only thing that I need is to certify the public key of
> the client by the server, therefore the common name and
> related infos are not used and have no meaning in this
> context. Moreover, the certification chain is local/private,
> so it does not involve interactions with external (public
What you're saying is this:
1) You know who the principal is (and therefore the CN to stick into
your certificate), due to your pre-existing protocol.
2) You know what the public key is, also due to your pre-existing protocol.
3) You've already verified the proof of possession of the private key
(
Silviu VLASCEANU wrote:
Hello,
I am developing an application which also has some CA functions. The
application knows the public key, KpC, of a client which has a priori
proven to this app the possession of KpC through an out-of-band mean.
Therefore, when the application "calls" the CA functi
Thanks for your answer, David. Let me explain some more of my problem.
The reason for not wanting to make a "usual" CSR is that my client is not
able to send the CSR to the server (CA) app. In fact, I am extending an
existing communication protocol, where I keep the already defined message
types a
Silviu Vlasceanu wrote:
> To reformulate,
> Is there a way to generate a certificate without a proof of possession?
> Thanks.
Absolutely. Just stuff all the fields that you want into the certificate and
sign it. Simply take the fields from wherever you have them rather than from
the CSR.
Yo
To reformulate,
Is there a way to generate a certificate without a proof of possession?
Thanks.
2008/8/18 Silviu VLASCEANU <[EMAIL PROTECTED]>
> Hello,
>
> I am developing an application which also has some CA functions. The
> application knows the public key, KpC, of a client which has a prior
Silviu Vlascaenu wrote:
> I am developing an application which also has some CA functions.
> The application knows the public key, KpC, of a client which has
> a priori proven to this app the possession of KpC through an
> out-of-band mean. Therefore, when the application "calls" the CA
> functio
Hello,
I am developing an application which also has some CA functions. The
application knows the public key, KpC, of a client which has a priori proven
to this app the possession of KpC through an out-of-band mean. Therefore,
when the application "calls" the CA functionality to generate the clien
10 matches
Mail list logo
