Does openssl (9.0.9.7g or 0.9.8beta6) allow creating certs (signing
others' public keys) without havign their private keys presented to the signer? [For having to bring private key along with the public key sort fo defeats the whole purpse PKI.] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Uri wrote:
> Does openssl (9.0.9.7g or 0.9.8beta6) allow creating certs (signing > others' public keys) without havign their private keys presented to > the signer? > > [For having to bring private key along with the public key sort fo > defeats the whole purpse PKI.] You are totally right. Because of that CA's (including OpenSSL's ca command) usually work with a certificate request which contains the public key (as well as some other informations like the canonical name). Certificate requests can be generated with OpenSSL's req command. Hope it helps, Ted ;) |
In reply to this post by Mouse-2
> Does openssl (9.0.9.7g or 0.9.8beta6) allow creating certs (signing > others' public keys) without havign their private keys presented to the > signer? Of course, > [For having to bring private key along with the public key sort fo > defeats the whole purpse PKI.] Exactly. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
David Schwartz wrote:
>>Does openssl (9.0.9.7g or 0.9.8beta6) allow creating certs (signing >>others' public keys) without havign their private keys presented to the >>signer? >> >> > > Of course, > > But how??? Creating a certificate request ("req") with openssl seems to require that private key is included! How do I avoid it? How do I create a request that doesn't contain private key, and how do I sign it? Could you give me an example please? >>[For having to bring private key along with the public key sort fo >>defeats the whole purpse PKI.] >> >> > > Exactly. > > :-) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
In reply to this post by Bernhard Fröhlich-2
Bernhard Froehlich wrote:
> Uri wrote: > >> Does openssl (9.0.9.7g or 0.9.8beta6) allow creating certs (signing >> others' public keys) without havign their private keys presented to >> the signer? >> >> [For having to bring private key along with the public key sort fo >> defeats the whole purpse PKI.] > > > You are totally right. > > Because of that CA's (including OpenSSL's ca command) usually work > with a certificate request which contains the public key (as well as > some other informations like the canonical name). Certificate requests > can be generated with OpenSSL's req command. But how??? Could you give an example please (of [a] creating, and [b] signing a "req")? Thanks!! ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
> But how??? Could you give an example please (of [a] creating, and [b]
> signing a "req")? How is in the HOWTO (http://www.openssl.org/docs/HOWTO/) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Tan Eng Ten wrote:
>> But how??? Could you give an example please (of [a] creating, and [b] >> signing a "req")? > > > How is in the HOWTO (http://www.openssl.org/docs/HOWTO/) Or just use the Perl script that ships with OpenSSL called CA.pl (Required at least Perl 5.6.x to be installed). Thomas Hruska ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
In reply to this post by Mouse-2
On Sun, Jul 03, 2005, Uri wrote:
> But how??? > > Creating a certificate request ("req") with openssl seems to require > that private key is included! How do I avoid it? > > How do I create a request that doesn't contain private key, and how do I > sign it? Could you give me an example please? > What makes you think the private key is included? The private key needs to be *used* to sign the request but it is never included. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
In reply to this post by Tan Eng Ten
Tan Eng Ten wrote:
>> But how??? Could you give an example please (of [a] creating, and [b] >> signing a "req")? > > > How is in the HOWTO (http://www.openssl.org/docs/HOWTO/) Darn, I thought I explained the problem: openssl "req" seems to require private key of the cert requestor, which defeats the whole idea of PKI. Here's the excerpt of the HOWTO you're referring me to. It is not helpful, sorry - for the above reason (private key necessary). The certificate request is created like this: openssl req -new -key privkey.pem -out cert.csr ^^^^^^^^^^^^^^^^ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
In reply to this post by Dr. Stephen Henson
Dr. Stephen Henson wrote:
>On Sun, Jul 03, 2005, Uri wrote: > > > >>How do I create a request that doesn't contain private key, and how do I >>sign it? Could you give me an example please? >> >What makes you think the private key is included? > > The fact that Windows XP machine (into which I load the created cert) claims to now have the private key for it. >The private key needs to be *used* to sign the request but it is never included. > > Could you recommend a verification procedure for me, please? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
In reply to this post by Mouse-2
In message <[hidden email]> on Mon, 04 Jul 2005 00:00:20 -0400, Uri <[hidden email]> said:
urimobile> Tan Eng Ten wrote: urimobile> urimobile> >> But how??? Could you give an example please (of [a] urimobile> >> creating, and [b] signing a "req")? urimobile> > urimobile> > How is in the HOWTO (http://www.openssl.org/docs/HOWTO/) urimobile> urimobile> Darn, I thought I explained the problem: openssl "req" urimobile> seems to require private key of the cert requestor, which urimobile> defeats the whole idea of PKI. Here's the excerpt of the urimobile> HOWTO you're referring me to. It is not helpful, sorry - urimobile> for the above reason (private key necessary). urimobile> urimobile> The certificate request is created like this: urimobile> urimobile> openssl req -new -key privkey.pem -out cert.csr OpenSSL, as well as *any* other software that produces CSRs, requires that a private key be *used* to sign the CSR. That does not mean that the private key gets included in the CSR, just the signature. However, the *public* key gets included in the CSR. So you see, the private key, is necessary, but not for the reasons you seem to imagine. It looks to me like you need to read up on public key cryptography and how a X.509 PKI works. There are books on the subjects. Cheer, Richard ----- Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [hidden email] http://richard.levitte.org/ "When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up." -- C.S. Lewis ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
In reply to this post by Mouse-2
In message <[hidden email]> on Mon, 04 Jul 2005 00:03:50 -0400, Uri <[hidden email]> said:
urimobile> Dr. Stephen Henson wrote: urimobile> urimobile> >On Sun, Jul 03, 2005, Uri wrote: urimobile> > urimobile> >>How do I create a request that doesn't contain private urimobile> >>key, and how do I sign it? Could you give me an example urimobile> >>please? urimobile> >> urimobile> >What makes you think the private key is included? urimobile> urimobile> The fact that Windows XP machine (into which I load the urimobile> created cert) claims to now have the private key for it. Uhmmm, in a X.509 PKI, you need a key pair (private and public key) to have it work at all. In Windows, the computer stores them for you. Where did you think the private keys would be stored? In your head? Are you willing to remember and type 1024 or more bits (in whatever format)? Thought not... urimobile> >The private key needs to be *used* to sign the request but urimobile> >it is never included. urimobile> > urimobile> Could you recommend a verification procedure for me, urimobile> please? Look at the CSR you created with a ASN.1 dumper. OpenSSL contains one, and you can basically use it in any output OpenSSL produces: openssl asn1parse -in my-csr.pem -i Since you don't trust OpenSSL, I can also recommed dumpasn1. However, you need to convert your .pem file to pure binary (DER), so something like this gives you the correct output: openssl base64 -d < my-csr.pem | dumpasn1 - If you want further proof, read the standards! For CSRs, it is PKCS #10, which is reproduced in RFC 2986. Cheers, Richard P.S. I purposefully avoid to give you links. I interpret your level of trust as fairly low, so it seems to me it's better that you find things on your own. I encourage you to look around. If my interpretation is wrong, please tell me. ----- Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [hidden email] http://richard.levitte.org/ "When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up." -- C.S. Lewis ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
In reply to this post by Mouse-2
On Jul 4, 2005, at 12:00 AM, Uri wrote:
> Tan Eng Ten wrote: > >>> But how??? Could you give an example please (of [a] creating, and >>> [b] signing a "req")? >> >> >> How is in the HOWTO (http://www.openssl.org/docs/HOWTO/) > > > Darn, I thought I explained the problem: openssl "req" seems to > require private key of the cert requestor, which defeats the whole > idea of PKI. generate a keypair, and *I* create a certificate signing request (CSR). I send you the CSR (which doesn't contain my private key) and you use it to create a signed certificate which you send back to me. So yes, creating the CSR requires the private key, but the customer does that, not the CA. At least, that's my understanding; I haven't actually done this myself. Josh -- Joshua Juran Metamage Software Creations - Mac Software and Consulting http://www.metamage.com/ * Creation at the highest state of the art * |
In reply to this post by Mouse-2
Uri wrote:
> Does openssl (9.0.9.7g or 0.9.8beta6) allow creating certs (signing > others' public keys) without havign their private keys presented to the > signer? > > [For having to bring private key along with the public key sort fo > defeats the whole purpse PKI.] > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [hidden email] > Automated List Manager [hidden email] > > how to do it with OpenSSL? Ok. If you do not want the CA to create secret keys for the users, then every user has to create his/her own key pair (using "openssl genrsa" for example). Afterwards, a certificate request is generated and sent to the CA. This request contains the users (or servers, if you are doing server certificates) name and the public key, and it is signed with the secret key of the user (using "openssl req"). The CA makes sure that the request is ok and really belongs to the given user/server, and a certificate is created with the given name and publik key from the request (using "openssl ca"). Teh certificate is sent to the user (or server administrator), who then has both, the secret key and the certificate. Hmmm... pretty much all right now... Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [hidden email] A daily view on Internet Attacks https://www.ecsirt.net/sensornet ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
In reply to this post by Mouse-2
> Darn, I thought I explained the problem: openssl "req" seems to require
> private key of the cert requestor, which defeats the whole idea of PKI. No. IT is common practice for someone making a certificate request to prove that they have the private key. This is known as "proof of possession" and is a common practice. /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
In reply to this post by Richard Levitte - VMS Whacker
Richard Levitte - VMS Whacker wrote:
>>> >What makes you think the private key is included? >urimobile> >urimobile> The fact that Windows XP machine (into which I load the >urimobile> created cert) claims to now have the private key for it. > >Uhmmm, in a X.509 PKI, you need a key pair (private and public key) to >have it work at all. In Windows, the computer stores them for you. >Where did you think the private keys would be stored? In your head? >Are you willing to remember and type 1024 or more bits (in whatever >format)? Thought not... > > actual questions before jumping the gun with answers that are less than helpful. For example, you didn't seem to comprehend that CA's (self-signed) cert goes to the Windows box (which is a client and a member of the realm of this CA), and in addition to that - Windows box stores the server's cert, with who it corresponds. We are NOT talking about key pair that belongs to this Windows box (where private key is necessary). Now I've described it with plenty of details. And just in case, once again. The setup is: One server, several clients - among the clients is a Windows XP machine. All communications protected by IPsec, IKE authentication done via signed RSA public keys. One local CA based on OpenSSL-0.9.7g. CA's cert and server's cert were installed on Windows machine, so it could verify server's cert. NOW Windows box claims that it holds NOT ONLY the server's public key (which was expected), but ALSO the server's PRIVATE KEY. This combined with the fact that to create "req", one has to supply his private key, drove me to conclusion that somehow this demoCA is less than correct dealing with certs. [In case it matters, certs were passed to Windows in PKCS12 format] Also, here's an example of openssl-created "newreq.pem" on my box: -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,D002B0C9C6F377C7 wSqix6TJp........................................................... ......................................................................... .................................................tuJZYOyg== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE REQUEST----- MIIBqTCC................................ ................................................. ..................................FalOz -----END CERTIFICATE REQUEST----- Looks like it concatenates private key and the actual cert request together. I verified that if I edit the private key off, cert signing still works (which is good :-). >urimobile> >The private key needs to be *used* to sign the request but >urimobile> >it is never included. >urimobile> > >urimobile> Could you recommend a verification procedure for me, >urimobile> please? > >Look at the CSR you created with a ASN.1 dumper. OpenSSL contains >one, and you can basically use it in any output OpenSSL produces: > > openssl asn1parse -in my-csr.pem -i > > X.509 cert. >If my interpretation is wrong, please tell me. > > I think it is - but it is pointless to discuss it further. I thank you for the useful ASN.1 parsing example. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
In reply to this post by Mouse-2
On Mon, Jul 04, 2005, Uri wrote:
> Dr. Stephen Henson wrote: > > >On Sun, Jul 03, 2005, Uri wrote: > > > > > > > >>How do I create a request that doesn't contain private key, and how do I > >>sign it? Could you give me an example please? > >> > >What makes you think the private key is included? > > > > > > The fact that Windows XP machine (into which I load the created cert) > claims to now have the private key for it. > If you are importing the certificate via a PKCS#12 file then its that which will include the private key, not the request. PKCS#12 isn't an appropriate format to just import a certificate. You need to use PEM or DER form and an appropriate extension such as .crt. If this certificate is to be used in an SSL server you shouldn't import it anyway, just the root CA certificate is sufficient. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
In reply to this post by Mouse-2
In message <[hidden email]> on Mon, 04 Jul 2005 13:41:17 -0400, Uri <[hidden email]> said:
urimobile> Richard Levitte - VMS Whacker wrote: urimobile> urimobile> >>> >What makes you think the private key is included? urimobile> >urimobile> urimobile> >urimobile> The fact that Windows XP machine (into which I urimobile> >urimobile> load the created cert) claims to now have the urimobile> >urimobile> private key for it. urimobile> > urimobile> >Uhmmm, in a X.509 PKI, you need a key pair (private and urimobile> >public key) to have it work at all. In Windows, the urimobile> >computer stores them for you. Where did you think the urimobile> >private keys would be stored? In your head? Are you urimobile> >willing to remember and type 1024 or more bits (in urimobile> >whatever format)? Thought not... urimobile> > urimobile> Look, I'd be very obliged if you took the trouble to urimobile> understand the actual questions before jumping the gun with urimobile> answers that are less than helpful. Well, considering the small amount of facts you actually gave, you can't be surprised that I had to use my imagination to try to understand what you had done. Contrary to what you seem to think, it was less than obvious. Still, my appologies for the tone I used. It was needlessly harsh. urimobile> For example, you didn't seem to comprehend that CA's urimobile> (self-signed) cert goes to the Windows box (which is a urimobile> client and a member of the realm of this CA), and in urimobile> addition to that - Windows box stores the server's cert, urimobile> with who it corresponds. It's fine for any box to store or cache certificates of any kind. Certificates are public data, and only contain a public key. urimobile> We are NOT talking about key pair that belongs to this urimobile> Windows box (where private key is necessary). Now I've urimobile> described it with plenty of details. Nope: urimobile> NOW Windows box claims that it holds NOT ONLY the server's urimobile> public key (which was expected), but ALSO the server's urimobile> PRIVATE KEY. This is the first time you said that *another* device's private key ended up on your Windows box. And still, that can't happen because of a CSR, which is what you claimed was at fault. However, it seems you found something: urimobile> Also, here's an example of openssl-created "newreq.pem" on urimobile> my box: (I assume, BTW, that you used CA.pl here) urimobile> -----BEGIN RSA PRIVATE KEY----- urimobile> Proc-Type: 4,ENCRYPTED urimobile> DEK-Info: DES-EDE3-CBC,D002B0C9C6F377C7 urimobile> urimobile> wSqix6TJp........................................................... urimobile> ......................................................................... urimobile> .................................................tuJZYOyg== urimobile> -----END RSA PRIVATE KEY----- urimobile> -----BEGIN CERTIFICATE REQUEST----- urimobile> MIIBqTCC................................ urimobile> ................................................. urimobile> ..................................FalOz urimobile> -----END CERTIFICATE REQUEST----- urimobile> urimobile> Looks like it concatenates private key and the actual cert urimobile> request together. Yup. I was in disbelief, but just checked CA.pl (which I usually don't use), and saw this really happens. I'd call that a bug, that's not the way it should be, in my opinion (translated: that's completely f*cked!). urimobile> Thank you. It works. So now I'll need to dig up the exact urimobile> format of X.509 cert. The quickest way to find that information is by reading RFC3280. Cheers, Richard ----- Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [hidden email] http://richard.levitte.org/ "When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up." -- C.S. Lewis ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
In reply to this post by Dr. Stephen Henson
Dr. Stephen Henson wrote:
>PKCS#12 isn't an appropriate format to just import a certificate. You need >to use PEM or DER form and an appropriate extension such as .crt. > > I figured this out too late. PEM isn't accepted by Windows, but DER (luckily!) is, so now I'm just using DER. IPsec FAQ that guided me then, suggested that PKCS12 is the format for transferring certs to _Windows_... Now I know better. >If this certificate is to be used in an SSL server you shouldn't import it >anyway, just the root CA certificate is sufficient. > > True. As IPsec peers can exchange their certs automatically. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
On Mon, Jul 04, 2005, Uri wrote:
> Dr. Stephen Henson wrote: > > >PKCS#12 isn't an appropriate format to just import a certificate. You need > >to use PEM or DER form and an appropriate extension such as .crt. > > > > > I figured this out too late. PEM isn't accepted by Windows, but DER > (luckily!) is, so now I'm just using DER. > PEM should be accepted but its very picky about any extra data before the -----BEGIN CERTIFICATE----- line. > >If this certificate is to be used in an SSL server you shouldn't import it > >anyway, just the root CA certificate is sufficient. > > > > > True. As IPsec peers can exchange their certs automatically. > and I don't think Windows supports verification based just on server certificate. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Free forum by Nabble | Edit this page |