Cant get openssl x509 to work as documented

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Cant get openssl x509 to work as documented

Robert Moskowitz
I had a frustrating day.  I looked at the documentation at:

https://www.openssl.org/docs/man1.0.2/apps/x509.html

My Fedora24 reports that I am at version 1.0.2k

I made the following comand:

openssl x509 -req -days 3650 -extensions v3_intermediate_ca -inform $format\
  -in $dir/csr/intermediate.csr.$format -outform $format -out
$dir/certs/intermediate.cert.$format\
-CAkeyform $format -CAkey $cadir/private/ca.key.$format -CAform $format\
  -CA $cadir/certs/ca.cert.$format

Where format=der and got that der is an invalid option.  Plus the 'help'
reported:

Note that -CAkeyform is invalid and that -CAkey can only be PEM.

Even when I used my pem CA key, I still got errors.  -config is not an
option, where does this command get the config file from? -extensions
says it looks to the config file for that label!

SHA256 is not listed as a valid hash.

usage: x509 args
  -inform arg     - input format - default PEM (one of DER, NET or PEM)
  -outform arg    - output format - default PEM (one of DER, NET or PEM)
  -keyform arg    - private key format - default PEM
  -CAform arg     - CA format - default PEM
  -CAkeyform arg  - CA key format - default PEM
  -in arg         - input file - default stdin
  -out arg        - output file - default stdout
  -passin arg     - private key password source
  -serial         - print serial number value
  -subject_hash   - print subject hash value
  -subject_hash_old   - print old-style (MD5) subject hash value
  -issuer_hash    - print issuer hash value
  -issuer_hash_old    - print old-style (MD5) issuer hash value
  -hash           - synonym for -subject_hash
  -subject        - print subject DN
  -issuer         - print issuer DN
  -email          - print email address(es)
  -startdate      - notBefore field
  -enddate        - notAfter field
  -purpose        - print out certificate purposes
  -dates          - both Before and After dates
  -modulus        - print the RSA key modulus
  -pubkey         - output the public key
  -fingerprint    - print the certificate fingerprint
  -alias          - output certificate alias
  -noout          - no certificate output
  -ocspid         - print OCSP hash values for the subject name and
public key
  -ocsp_uri       - print OCSP Responder URL(s)
  -trustout       - output a "trusted" certificate
  -clrtrust       - clear all trusted purposes
  -clrreject      - clear all rejected purposes
  -addtrust arg   - trust certificate for a given purpose
  -addreject arg  - reject certificate for a given purpose
  -setalias arg   - set certificate alias
  -days arg       - How long till expiry of a signed certificate - def
30 days
  -checkend arg   - check whether the cert expires in the next arg seconds
                    exit 1 if so, 0 if not
  -signkey arg    - self sign cert with arg
  -x509toreq      - output a certification request object
  -req            - input is a certificate request, sign and output.
  -CA arg         - set the CA certificate, must be PEM format.
  -CAkey arg      - set the CA key, must be PEM format
                    missing, it is assumed to be in the CA file.
  -CAcreateserial - create serial number file if it does not exist
  -CAserial arg   - serial file
  -set_serial     - serial number to use
  -text           - print the certificate in text form
  -C              - print out C code forms
  -<dgst>         - digest to use, see openssl dgst -h output for list
  -extfile        - configuration file with X509V3 extensions to add
  -extensions     - section from config file with X509V3 extensions to add
  -clrext         - delete extensions before signing and input certificate
  -nameopt arg    - various certificate name options
  -engine e       - use engine e, possibly a hardware device.
  -certopt arg    - various certificate text options
  -checkhost host - check certificate matches "host"
  -checkemail email - check certificate matches "email"
  -checkip ipaddr - check certificate matches "ipaddr"


So it looks like for now, I cannot make a guide that easily supports DER
or PEM.  DER really seems to be an issue how to make.

My searching has come up pretty empty.  No instructions out there.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Cant get openssl x509 to work as documented

Viktor Dukhovni

> On Aug 21, 2017, at 9:02 PM, Robert Moskowitz <[hidden email]> wrote:
>
> openssl x509 -req -days 3650 -extensions v3_intermediate_ca -inform $format\
> -in $dir/csr/intermediate.csr.$format -outform $format -out $dir/certs/intermediate.cert.$format\
> -CAkeyform $format -CAkey $cadir/private/ca.key.$format -CAform $format\
> -CA $cadir/certs/ca.cert.$format
>
> Where format=der and got that der is an invalid option.  Plus the 'help' reported:

It is trivial to convert a PEM certificate to DER, just pipe the output through
"openssl x509 -outform DER".  Mind you this is often the wrong thing to do, because
the DER form of an X.509 certificate holds *exactly* one certificate, while users
often need a certificate *chain*, that also includes the requisite intermediate
certificates.  With PEM, the certificate file can just all the certificates back
to back.  With DER only the EE certificate appears in the file.

While PKCS#7 can hold a bunch of certificates in DER form, it is not typically
used a certificate chain file by any applications, and IIRC there's no indication
of which of the certificates is the end-entity certificate in a PKCS#7 file.

The only widely used DER form for chains is PKCS#12 which holds the private
key as well as the certificate chain, and has a mandatory passphrase.  I use
PKCS#12 (instead of JKS) for Java TLS server applications, set the file
access mode to 0600, and since there's no point in prompting batch applications
for a passphrase, set the passphrase to "umask 077", since that's the only
effective protection for the private key.

It is not clear that PKCS#12 is compellingly more compact than PEM, the only
reason I use it is that Java supports JKS and PKCS#12, but not PEM.

> Note that -CAkeyform is invalid and that -CAkey can only be PEM.

As explained before, the API for DER PrivateKey objects does not
support passwords, and the CLI does not have a way to indicate
the use PKCS8PrivateKey instead.  The PrivateKey interface can
read only unencrypted PKCS#8 in PEM form.

> Even when I used my pem CA key, I still got errors.  -config is
> not an option, where does this command get the config file from?
> -extensions says it looks to the config file for that label!

The config file for "x509 -req" is specified with "-extfile ...".

>
> SHA256 is not listed as a valid hash.

Many more X.509 digest algorithms are supported in this context
than (sadly) are listed in the manpage.  Perhaps there should
be a command that lists all supported x.509 hash algorithms,
and the documentation for commands that take any of the
supported algorithms can just refer the reader to the output
of that command.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Cant get openssl x509 to work as documented

OpenSSL - User mailing list

>  > SHA256 is not listed as a valid hash.
   
>    Many more X.509 digest algorithms are supported in this context
>    than (sadly) are listed in the manpage.  Perhaps there should
>   be a command that lists all supported x.509 hash algorithms,
>    and the documentation for commands that take any of the
 >   supported algorithms can just refer the reader to the output
 >   of that command.
   
Fixed in 1.1.0 and later; “list—digest-algorithms” command.  And the manpages should say things like “any supported digest” and such.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Cant get openssl x509 to work as documented

Viktor Dukhovni

> On Aug 22, 2017, at 10:53 AM, Salz, Rich via openssl-users <[hidden email]> wrote:
>
> Fixed in 1.1.0 and later; “list—digest-algorithms” command.

For the record: "openssl list -digest-algorithms", the "ndash" above
is a typo of some sort...

It is not clear to me how to get a list of digest algorithms that have
ASN.1 OIDs for certificate signing.  Are all the digests listed with
this command suitable for such use?

The "NOTES" section of EVP_SignInit(3) says:

   https://www.openssl.org/docs/manmaster/man3/EVP_SignInit.html

       Due to the link between message digests and public key algorithms
       the correct digest algorithm must be used with the correct public
       key type. A list of algorithms and associated public key algorithms
       appears in EVP_DigestInit(3).

while for EVP_DigestSignInit(3) we have:

   https://www.openssl.org/docs/manmaster/man3/EVP_DigestSignInit.html

       In previous versions of OpenSSL there was a link between message
       digest types and public key algorithms. This meant that "clone"
       digests such as EVP_dss1() needed to be used to sign using SHA1
       and DSA. This is no longer necessary and the use of clone digest
       is now discouraged.

and finally in EVP_DigestInit(3):

    https://www.openssl.org/docs/manmaster/man3/EVP_DigestInit.html

       EVP_MD_pkey_type() returns the NID of the public key signing algorithm
       associated with this digest. For example EVP_sha1() is associated with
       RSA so this will return NID_sha1WithRSAEncryption. Since digests and
       signature algorithms are no longer linked this function is only
       retained for compatibility reasons.

       EVP_md2(), EVP_md5(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
       EVP_sha384(), EVP_sha512(), EVP_mdc2(), EVP_ripemd160(),
       EVP_blake2b_512(), and EVP_blake2s_256() return EVP_MD structures for
       the MD2, MD5, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2, RIPEMD160,
       BLAKE2b-512, and BLAKE2s-256 digest algorithms respectively.

So it is not particularly clear which combinations public key and digest
algorithms are supported for signing.

In crypto/ec/ec_pmeth.c we have:

    case EVP_PKEY_CTRL_MD:
        if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
            ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
            return 0;
        }

so with ECDSA we only support SHA1 and the SHA2 family of digests.
Similar code for DSA in crypto/dsa/dsa_pmeth.c

    case EVP_PKEY_CTRL_MD:
        if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_dsa &&
            EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA &&
            EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
            DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
            return 0;
        }

In crypto/rsa/rsa_pmeth.c we have:

        /* List of all supported RSA digests */
        case NID_sha1:
        case NID_sha224:
        case NID_sha256:
        case NID_sha384:
        case NID_sha512:
        case NID_md5:
        case NID_md5_sha1:
        case NID_md2:
        case NID_md4:
        case NID_mdc2:
        case NID_ripemd160:
            return 1;

So for RSA we have SHA1/SHA2/MD5/MD2/MD4/MDC2/RIPEMD160 (with
special handling of PSS I'm not going into).

> And the manpages should say things like “any supported digest” and such.

The picture is a lot more complex I'm sorry to say...

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Cant get openssl x509 to work as documented

Robert Moskowitz
In reply to this post by OpenSSL - User mailing list


On 08/22/2017 10:53 AM, Salz, Rich via openssl-users wrote:

>>   > SHA256 is not listed as a valid hash.
>      
>>     Many more X.509 digest algorithms are supported in this context
>>     than (sadly) are listed in the manpage.  Perhaps there should
>>    be a command that lists all supported x.509 hash algorithms,
>>     and the documentation for commands that take any of the
>   >   supported algorithms can just refer the reader to the output
>   >   of that command.
>      
> Fixed in 1.1.0 and later; “list—digest-algorithms” command.  And the manpages should say things like “any supported digest” and such.
>
I was going by:

https://www.openssl.org/docs/man1.0.2/apps/x509.html

Which has a very short list.  And not SHA256.

Bob

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Cant get openssl x509 to work as documented

OpenSSL - User mailing list
In reply to this post by Viktor Dukhovni

    > And the manpages should say things like “any supported digest” and such.
   
    The picture is a lot more complex I'm sorry to say...

You’re right.  Thanks.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Cant get openssl x509 to work as documented

Robert Moskowitz
In reply to this post by Robert Moskowitz
Want to continue this thread but with new information.  I built a
Fedora-arm 26 system (on a Cubieboard2) and it has openssl version 1.1.0f

I built my DER root cert (and private key) no problem.

I built my DER Intermediate cert private key and CSR no problem.

For the following command:

sn=8
format=der
dir=/root/ca3
cadir=/root/ca3

openssl x509 -req -days 3650 -extfile $cadir/openssl-root.cnf
-extensions v3_intermediate_ca\
  -sha256 -set_serial 0x$(openssl rand -hex $sn)\
  -inform $format -in $dir/csr/intermediate.csr.$format\
  -outform $format -out $dir/certs/intermediate.cert.$format\
  -CAkeyform $format -CAkey $cadir/private/ca.key.$format\
  -CAform $format -CA $cadir/certs/ca.cert.$format

I built this reading:

https://www.openssl.org/docs/man1.1.0/apps/x509.html

This generates:

3069592528:error:0906D06C:PEM routines:PEM_read_bio:no start
line:crypto/pem/pem_lib.c:691:Expecting: CERTIFICATE REQUEST

The man page above has CAkeyform and CAform in the summary, but no
details below.  I am ASSUMEing DER is now supported.

for -sha256, I finally figured out that -[digest] is how the the man
presents which hash to use.

Why does this command use -extfile and not -config?  Is it because ALL
that is taken from config is -extensions?  Confusing to the casual user.

But why the error?

And yes, I know I can convert a PEM cert to DER, but I would also have
to convert the private key, and maintain duo structures in places.  
Would RATHER have a parallel setup.  Of course there is the challenge of
the cert chain that Viktor earlier explained.  OCSP? :)

Bob

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Cant get openssl x509 to work as documented

Robert Moskowitz
In reply to this post by Viktor Dukhovni
Viktor,

Thank you for this in-depth explanation.

I have talked to a number of large potential customers where certs are
important but they are highly constrained.  This includes the auto
sector with ECUs that are really pressed to the wall (like on the engine
block and already running at 130C!)

A PEM ECDSA private key file (not passworded) is 241 bytes.  The DER
equivalent is 121 bytes.  Even if we follow the ANIMA model that allows
both the iDevID and lDevID certs to use the same key (shudder), a 120
bytes of secure store savings is a big issue. Otherwise we double this
storage cost.   Ed25519 should be smaller, as the public key is 32
bytes, not the 64 of P256.  But I don't like that they used SHA512 for
Ed25519 rather than SPAKE128 (they used SPAKE256 for Ed488).

And then there is the cert store in regular storage, plus whatever
support (like chains) needed.  As I think more of this, 802.1AR-2009
only expects to device to have its iDevID cert, not also the cert chain
to the root.  It never has to verify its cert, the manufacturer stuffed
it in at built time into read only memory with an expiry date of
forever.  It is the lDevID part that ANIMA is building into a complex
bootstrap process that I don't totally agree with.  And NETCONF is doing
their flavor of it.  Sigh.

The IETF CORE wg is looking at this too.

I have to munch on this problem a lot more.

Bob

On 08/22/2017 10:19 AM, Viktor Dukhovni wrote:

>> On Aug 21, 2017, at 9:02 PM, Robert Moskowitz <[hidden email]> wrote:
>>
>> openssl x509 -req -days 3650 -extensions v3_intermediate_ca -inform $format\
>> -in $dir/csr/intermediate.csr.$format -outform $format -out $dir/certs/intermediate.cert.$format\
>> -CAkeyform $format -CAkey $cadir/private/ca.key.$format -CAform $format\
>> -CA $cadir/certs/ca.cert.$format
>>
>> Where format=der and got that der is an invalid option.  Plus the 'help' reported:
> It is trivial to convert a PEM certificate to DER, just pipe the output through
> "openssl x509 -outform DER".  Mind you this is often the wrong thing to do, because
> the DER form of an X.509 certificate holds *exactly* one certificate, while users
> often need a certificate *chain*, that also includes the requisite intermediate
> certificates.  With PEM, the certificate file can just all the certificates back
> to back.  With DER only the EE certificate appears in the file.
>
> While PKCS#7 can hold a bunch of certificates in DER form, it is not typically
> used a certificate chain file by any applications, and IIRC there's no indication
> of which of the certificates is the end-entity certificate in a PKCS#7 file.
>
> The only widely used DER form for chains is PKCS#12 which holds the private
> key as well as the certificate chain, and has a mandatory passphrase.  I use
> PKCS#12 (instead of JKS) for Java TLS server applications, set the file
> access mode to 0600, and since there's no point in prompting batch applications
> for a passphrase, set the passphrase to "umask 077", since that's the only
> effective protection for the private key.
>
> It is not clear that PKCS#12 is compellingly more compact than PEM, the only
> reason I use it is that Java supports JKS and PKCS#12, but not PEM.
>
>> Note that -CAkeyform is invalid and that -CAkey can only be PEM.
> As explained before, the API for DER PrivateKey objects does not
> support passwords, and the CLI does not have a way to indicate
> the use PKCS8PrivateKey instead.  The PrivateKey interface can
> read only unencrypted PKCS#8 in PEM form.
>
>> Even when I used my pem CA key, I still got errors.  -config is
>> not an option, where does this command get the config file from?
>> -extensions says it looks to the config file for that label!
> The config file for "x509 -req" is specified with "-extfile ...".
>
>> SHA256 is not listed as a valid hash.
> Many more X.509 digest algorithms are supported in this context
> than (sadly) are listed in the manpage.  Perhaps there should
> be a command that lists all supported x.509 hash algorithms,
> and the documentation for commands that take any of the
> supported algorithms can just refer the reader to the output
> of that command.
>

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Cant get openssl x509 to work as documented

Jakob Bohm-7
In reply to this post by Robert Moskowitz
On 22/08/2017 22:26, Robert Moskowitz wrote:

> Want to continue this thread but with new information.  I built a
> Fedora-arm 26 system (on a Cubieboard2) and it has openssl version 1.1.0f
>
> I built my DER root cert (and private key) no problem.
>
> I built my DER Intermediate cert private key and CSR no problem.
>
> For the following command:
>
> sn=8
> format=der
> dir=/root/ca3
> cadir=/root/ca3
>
> openssl x509 -req -days 3650 -extfile $cadir/openssl-root.cnf
> -extensions v3_intermediate_ca\
>  -sha256 -set_serial 0x$(openssl rand -hex $sn)\
>  -inform $format -in $dir/csr/intermediate.csr.$format\
>  -outform $format -out $dir/certs/intermediate.cert.$format\
>  -CAkeyform $format -CAkey $cadir/private/ca.key.$format\
>  -CAform $format -CA $cadir/certs/ca.cert.$format
>
> I built this reading:
>
> https://www.openssl.org/docs/man1.1.0/apps/x509.html
>
> This generates:
>
> 3069592528:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:crypto/pem/pem_lib.c:691:Expecting: CERTIFICATE REQUEST
>
> The man page above has CAkeyform and CAform in the summary, but no
> details below.  I am ASSUMEing DER is now supported.
>
> for -sha256, I finally figured out that -[digest] is how the the man
> presents which hash to use.
>
> Why does this command use -extfile and not -config?  Is it because ALL
> that is taken from config is -extensions?  Confusing to the casual user.
>
> But why the error?
>
> And yes, I know I can convert a PEM cert to DER, but I would also have
> to convert the private key, and maintain duo structures in places. 
> Would RATHER have a parallel setup.  Of course there is the challenge
> of the cert chain that Viktor earlier explained. OCSP? :)
>
>
I don't think you have to pass all the various formats as PEM just
because you pass one of them as such.  After all, there are separate
-XXXform style options for most of them.

For example, you could store the CA private key in the encryption-
supporting PEM format on the plentyful memory of the SD card, while
using the more compact DER format for certificates and CSRs stored
on embedded controllers (ECUs, dashboard displays etc.).

Where OpenSSL bugs prevent use of DER for a file, it can be converted
on the fly, storing the converted file in RAM (using tmpfs or similar).


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Cant get openssl x509 to work as documented

Robert Moskowitz


On 08/23/2017 03:52 PM, Jakob Bohm wrote:

> On 22/08/2017 22:26, Robert Moskowitz wrote:
>> Want to continue this thread but with new information.  I built a
>> Fedora-arm 26 system (on a Cubieboard2) and it has openssl version
>> 1.1.0f
>>
>> I built my DER root cert (and private key) no problem.
>>
>> I built my DER Intermediate cert private key and CSR no problem.
>>
>> For the following command:
>>
>> sn=8
>> format=der
>> dir=/root/ca3
>> cadir=/root/ca3
>>
>> openssl x509 -req -days 3650 -extfile $cadir/openssl-root.cnf
>> -extensions v3_intermediate_ca\
>>  -sha256 -set_serial 0x$(openssl rand -hex $sn)\
>>  -inform $format -in $dir/csr/intermediate.csr.$format\
>>  -outform $format -out $dir/certs/intermediate.cert.$format\
>>  -CAkeyform $format -CAkey $cadir/private/ca.key.$format\
>>  -CAform $format -CA $cadir/certs/ca.cert.$format
>>
>> I built this reading:
>>
>> https://www.openssl.org/docs/man1.1.0/apps/x509.html
>>
>> This generates:
>>
>> 3069592528:error:0906D06C:PEM routines:PEM_read_bio:no start
>> line:crypto/pem/pem_lib.c:691:Expecting: CERTIFICATE REQUEST
>>
>> The man page above has CAkeyform and CAform in the summary, but no
>> details below.  I am ASSUMEing DER is now supported.
>>
>> for -sha256, I finally figured out that -[digest] is how the the man
>> presents which hash to use.
>>
>> Why does this command use -extfile and not -config?  Is it because
>> ALL that is taken from config is -extensions?  Confusing to the
>> casual user.
>>
>> But why the error?
>>
>> And yes, I know I can convert a PEM cert to DER, but I would also
>> have to convert the private key, and maintain duo structures in
>> places.  Would RATHER have a parallel setup.  Of course there is the
>> challenge of the cert chain that Viktor earlier explained. OCSP? :)
>>
>>
> I don't think you have to pass all the various formats as PEM just
> because you pass one of them as such.  After all, there are separate
> -XXXform style options for most of them.
>
> For example, you could store the CA private key in the encryption-
> supporting PEM format on the plentyful memory of the SD card, while
> using the more compact DER format for certificates and CSRs stored
> on embedded controllers (ECUs, dashboard displays etc.).
>
> Where OpenSSL bugs prevent use of DER for a file, it can be converted
> on the fly, storing the converted file in RAM (using tmpfs or similar).

I know this is an option, and if I can't get this working, then I have
to punt.

I am considering to make the Root and Intermediate files all PEM, and
only the EE is DER.

Should get to that tomorrow.  I would rather establish that what I tried
above is just still not allowed, or it is a bug.

Bob

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Cant get openssl x509 to work as documented

Robert Moskowitz
In reply to this post by Jakob Bohm-7
Jakob,

You make a good point.  In fact, after some reflection, there is
probably no reason for the device to store more than the 96 bytes of
keyvalue in secure store.  If some format is needed to use the key, that
can be done at that time.  This is for the case where the device
supports only one algorithm.

I know that the current practice is crypto agility, but IoT,
particularly automotive IoT, will select and live with one for a
generation of product.  When the next best thing is selected, then that
will be used, but not retrofitted.  I hope that soon, I will be able to
push Ed25519; I am concerned about the computational cost, though (still
not clear why SHA512 and not SHAKE128).  Meanwhile P256 is what is fielded.

Bob

On 08/23/2017 03:52 PM, Jakob Bohm wrote:

> On 22/08/2017 22:26, Robert Moskowitz wrote:
>> Want to continue this thread but with new information.  I built a
>> Fedora-arm 26 system (on a Cubieboard2) and it has openssl version
>> 1.1.0f
>>
>> I built my DER root cert (and private key) no problem.
>>
>> I built my DER Intermediate cert private key and CSR no problem.
>>
>> For the following command:
>>
>> sn=8
>> format=der
>> dir=/root/ca3
>> cadir=/root/ca3
>>
>> openssl x509 -req -days 3650 -extfile $cadir/openssl-root.cnf
>> -extensions v3_intermediate_ca\
>>  -sha256 -set_serial 0x$(openssl rand -hex $sn)\
>>  -inform $format -in $dir/csr/intermediate.csr.$format\
>>  -outform $format -out $dir/certs/intermediate.cert.$format\
>>  -CAkeyform $format -CAkey $cadir/private/ca.key.$format\
>>  -CAform $format -CA $cadir/certs/ca.cert.$format
>>
>> I built this reading:
>>
>> https://www.openssl.org/docs/man1.1.0/apps/x509.html
>>
>> This generates:
>>
>> 3069592528:error:0906D06C:PEM routines:PEM_read_bio:no start
>> line:crypto/pem/pem_lib.c:691:Expecting: CERTIFICATE REQUEST
>>
>> The man page above has CAkeyform and CAform in the summary, but no
>> details below.  I am ASSUMEing DER is now supported.
>>
>> for -sha256, I finally figured out that -[digest] is how the the man
>> presents which hash to use.
>>
>> Why does this command use -extfile and not -config?  Is it because
>> ALL that is taken from config is -extensions?  Confusing to the
>> casual user.
>>
>> But why the error?
>>
>> And yes, I know I can convert a PEM cert to DER, but I would also
>> have to convert the private key, and maintain duo structures in
>> places.  Would RATHER have a parallel setup.  Of course there is the
>> challenge of the cert chain that Viktor earlier explained. OCSP? :)
>>
>>
> I don't think you have to pass all the various formats as PEM just
> because you pass one of them as such.  After all, there are separate
> -XXXform style options for most of them.
>
> For example, you could store the CA private key in the encryption-
> supporting PEM format on the plentyful memory of the SD card, while
> using the more compact DER format for certificates and CSRs stored
> on embedded controllers (ECUs, dashboard displays etc.).
>
> Where OpenSSL bugs prevent use of DER for a file, it can be converted
> on the fly, storing the converted file in RAM (using tmpfs or similar).
>
>
> Enjoy
>
> Jakob

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users