x509

Openssl: certificate verification fails when CApath argument is used in SSL_CTX_load_verify_locations API

断了今生、忘了曾经 提交于 2019-12-07 09:38:37
问题 I am trying to establish a TLS connection to a server machine. I have created the root CA certificate and the server certificate using openssl CLI commands. I created the server certificate with common name same as its IP address. The common name of the root CA certificate is the FQDN of the server. I am using openssl library APIs to establish connection to the server. I am using the API int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath) for setting the CA

Inter-convertability of asymmetric key containers (eg: X.509, PGP, OpenSSH)

孤人 提交于 2019-12-07 08:19:02
问题 Are asymmetrical cryptographic keys fundamentally inter-convertible between the major key container formats? For example, can I convert an X.509 key file into a PGP or OpenGPG key file? And--assuming the answer is yes--is it "security neutral" to keep one key pair in whatever format and convert into whichever container file format is needed for the occasion? I'm getting a little tired of maintaining so many key pairs for X.509, OpenGPG, and SSH, when they're all RSA at the heart. 回答1: Yes and

How is the CSR signature constructed?

|▌冷眼眸甩不掉的悲伤 提交于 2019-12-07 03:58:29
I am trying to generate a CSR (Certificate Signing Request) in an embedded device. I have implemented some OpenSSL functions in one embedded device. Unfortunately I only have a few functions available. So far I've been able to generate an RSA private key and now I need to generate the CSR. My library does NOT have any of the functions such as X509_REQ_new() , X509_REQ_get_subject_name() etc. Therefore I'm building the CSR by means of creating a DER file directly. The CSR in DER format is decoded as follows: ASN1 Sequence Version Subject(s) name(s) Type of encryption Modulus & Exponent (from my

Java - How to decode a Base64 encoded Certificate

跟風遠走 提交于 2019-12-07 03:19:49
问题 Below is my requirement: Program will have an xml file as input with 3 tags: , and . All these data are Base64 encoded. Note: Program is using BC jars Program needs to decode them and verify the data for its authenticity using the signature and certificate Verified data should be Base64 decoded and written into another file Below is my code which tries to decode the certificate: public void executeTask(InputStream arg0, OutputStream arg1) throws SomeException{ try{ BufferedReader br = null;

How do you add a subjectNameAlt extension to X509_REQ?

北城以北 提交于 2019-12-06 23:50:44
问题 I am creating a CSR which is going to be processed by my server. It needs to set the subjectNameAlt so that the server can process it. I've searched far and wide, and have only found how to do it with normal X509 certs, not X509_REQ. How can I do this (with C and OpenSSL. I.e. I need the equivalent of X509_get_ext_d2i but for X509_REQ )? 回答1: Programmatically Have a look at the demos/x509/mkreq.c file that comes with OpenSSL. It creates a request and adds an email address as an alternative

unable to extract public key from x509 cert

只谈情不闲聊 提交于 2019-12-06 14:53:09
问题 Here's my code: import java.security.PublicKey; import java.security.spec.InvalidKeySpecException; import java.io.UnsupportedEncodingException; import java.security.NoSuchAlgorithmException; import java.security.spec.X509EncodedKeySpec; import java.security.KeyFactory; class LoadKey { public static void main(String[] args) throws InvalidKeySpecException, UnsupportedEncodingException, NoSuchAlgorithmException { String cert = "-----BEGIN CERTIFICATE-----\n" +

OpenSSL not enough data

孤街浪徒 提交于 2019-12-06 14:22:27
I've generated a self signed certificate using Adobe X, and exported a pfx file (for my private key) along with a .cer file (for the certificate). I then try to collect the certificate, along with the key, but for some reason, OpenSSL is giving the error OpenSSL::X509::CertificateError: not enough data Here is my code require 'openssl' CERTFILE = "test.cer" RSAKEYFILE = "test.pfx" # Open certificate files cert = OpenSSL::X509::Certificate.new(File.read CERTFILE) key = OpenSSL::PKey::RSA.new(File.read RSAKEYFILE ) My certificate was generated using Adobe X reader, and is a self-signed

Client program to validate server certificate returned by SSL_get_peer_certificate?

那年仲夏 提交于 2019-12-06 14:13:55
问题 I have a SSL/TLS client program using OpenSSL in C++ programming language. I am looking for methods to validate server certificate ( X509 ) returned by SSL_get_peer_certificate function call. Also, I have my own CA certificate loaded using SSL_CTX_load_verify_locations function. The CA certified the server certificate. I am able to make SSL session to my server. Now, i want to validate server certificate received during SSL handshake using my own CA. I couldn't find a way to do it in C or C++

How can I compare public keys in .NET?

痴心易碎 提交于 2019-12-06 12:59:19
问题 I've got an X509Certificate2 containing a public key. I've got an RSACryptoServiceProvider (which came from calling SignedXml.CheckSignatureReturningKey), also containing a public key. I want to find out if one came from the other. How can I compare the two? 回答1: You can compare the PublicKey property of signing certificates in the SignedXml.KeyIfo with signing key output from SignedXml.CheckSignatureReturningKey. This C# extension method does the job for me: public static bool

Read alternative name from certificate

家住魔仙堡 提交于 2019-12-06 12:35:42
问题 I want to write a code that read the User Principal Name from the Other names under Subject Alternative name from a certificate. I have an X509Certificate. I did (certificate is X509Certificate object): Collection san = certificate.getSubjectAlternativeNames() How can I get the User principal name? Thanks! 回答1: Found it http://svn.eparapher.com/trunk/org.eparapher.core/src/main/java/org/eparapher/core/crypto/cert/CertificateInfo.java 来源: https://stackoverflow.com/questions/11961913/read
订阅 x509