Digital Certificates

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Digital Certificates

Niraj Sorathiya

Hello,

Actually I have developed one algorithm like RSA so how can I use my algorithm with OPENSSL to secure Tcp/ip connections.

Sorry if you  don't understand my questions, I am totally new to the  these topics.

-Niraj

On 19-Nov-2014 1:08 PM, "Amir Reda" <[hidden email]> wrote:
sorry sir what do you mean by your question

On Wed, Nov 19, 2014 at 9:02 AM, Niraj Sorathiya <[hidden email]> wrote:
Hello Everyone,

Where we are executing these client.cc,server.cc,client.h,server.h,certificate.cpp files ? 

As i want to make my own Digital Certificate using my own algorithm i was not understanding where to execute these files.

Thankyou.

Regards,
Niraj.


On Wed, Nov 19, 2014 at 12:12 AM, Scott Neugroschl <[hidden email]> wrote:

That looks like a debugger message, not an actual error from the code.

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Amir Reda
Sent: Tuesday, November 18, 2014 10:29 AM
To: [hidden email]
Subject: sign problem

 

dear all i made an application a client server the client send a certificate request and server reply with the certificate and it creates a encrypted shared key and some data and sign the digest of the shared key and data

my problem is

1- in SignDigest() in  EVP_DigestSignFinal(mdctx, NULL, signlen); function return an error No source available for "EVP_PKEY_sign() at 0xb7ede098" 

i don't know the reason for this error it should return the length of the sign only????

then i reserve a location in memory with this size

please help me



--

Warmest regards and best wishes for a good health,urs sincerely
mero





--
Warmest regards and best wishes for a good health,urs sincerely
mero
Reply | Threaded
Open this post in threaded view
|

RE: Digital Certificates

Salz, Rich
> I have developed one algorithm like RSA so how can I use my algorithm with OPENSSL to secure Tcp/ip connections.

Adding new algorithms to openssl is not trivial.  It's also not really documented.  Good luck!

For what it's worth, developing your own crypto algorithms is generally a bad idea, unless it is a learning exercise.  A free opinion, worth what you paid for it :)


:��I"Ϯ��r�m���� (���Z+�K�+����1���x ��h���[�z�(���Z+� ��f�y������f���h��)z{,���
Reply | Threaded
Open this post in threaded view
|

Digital Certificates

Niraj Sorathiya

Hi,

Thanks for your suggestion..

If, I want to use my own  algorithm instead of rsa or sha1 in the  digital certificates,  is it possible ? 
if yes then how ? 
And it is like a learning exercise for me.

Regards,
Niraj.

On 19-Nov-2014 9:28 PM, "Salz, Rich" <[hidden email]> wrote:
> I have developed one algorithm like RSA so how can I use my algorithm with OPENSSL to secure Tcp/ip connections.

Adding new algorithms to openssl is not trivial.  It's also not really documented.  Good luck!

For what it's worth, developing your own crypto algorithms is generally a bad idea, unless it is a learning exercise.  A free opinion, worth what you paid for it :)


Reply | Threaded
Open this post in threaded view
|

RE: Digital Certificates

Salz, Rich
> If, I want to use my own  algorithm instead of rsa or sha1 in the  digital certificates,  is it possible ? 
> if yes then how ? 

I thought I answered this.  It is hard work, it is not documented, you're on your own.
:��I"Ϯ��r�m���� (���Z+�K�+����1���x ��h���[�z�(���Z+� ��f�y������f���h��)z{,���
Reply | Threaded
Open this post in threaded view
|

RE: Digital Certificates

Scott Neugroschl-2
Even assuming he figures out how to tis his algorithm into Openssl, how would he even being to specify his custom algorithm in the cert?  Wouldn't he have to define his own OID for the algorithm?

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Salz, Rich
Sent: Thursday, November 20, 2014 7:32 AM
To: [hidden email]
Subject: RE: Digital Certificates

> If, I want to use my own  algorithm instead of rsa or sha1 in the 
> digital certificates,  is it possible ? if yes then how ?

I thought I answered this.  It is hard work, it is not documented, you're on your own.

   H  7  m    
)z{,   RǫJ i  Lj)b   )z{,    )z{,    h  ^t   Ƨj      &  ^  %  
:��I"Ϯ��r�m���� (���Z+�K�+����1���x ��h���[�z�(���Z+� ��f�y������f���h��)z{,���
Reply | Threaded
Open this post in threaded view
|

Digital Certificates

Niraj Sorathiya
In reply to this post by Salz, Rich

Hi,

Any API or software tool can help me ?    

-Niraj

On 20-Nov-2014 9:06 PM, "Salz, Rich" <[hidden email]> wrote:
> If, I want to use my own  algorithm instead of rsa or sha1 in the  digital certificates,  is it possible ? 
> if yes then how ? 

I thought I answered this.  It is hard work, it is not documented, you're on your own.
Reply | Threaded
Open this post in threaded view
|

Re: Digital Certificates

Viktor Dukhovni
On Thu, Nov 20, 2014 at 10:42:01PM +0530, Niraj Sorathiya wrote:

> Any API or software tool can help me ?

NO.  And likely you're not even asking the right question.  If you
really wish to pursue this line of inquiry, post a detailed
description of your algorithm, and why you want to extend OpenSSL
to support it.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Digital Certificates

Dr. Stephen Henson
In reply to this post by Salz, Rich
On Thu, Nov 20, 2014, Salz, Rich wrote:

> > If, I want to use my own  algorithm instead of rsa or sha1 in the  digital certificates,  is it possible ? 
> > if yes then how ? 
>
> I thought I answered this.  It is hard work, it is not documented, you're on your own.

I agree with the "hard work" opinion ;-)

This can be done and one ENGINE for gost does in fact implement new public key
algorithms which aren't part of OpenSSL.

In outline you do something like this...

1. Write ASN.1 modules for public key and private key formats and (if
relevant) parameters. Write translation functions to convert from ASN.1 to
and from EVP_PKEY structures. Optionally include printing functions. Make
an EVP_PKEY_ASN1_METHOD based on these.

2. Write cryptographic functions to generate parameters (if required), private
keys, sign and verify. Adding appropriate controls and string based controls
will make the algorith usable from the openssl utility. Wrap the lot in an
EVP_PKEY_METHOD.

3. Place the two methods in a ENGINE so it loads and registers them.

4. Test extensively using the pkey, pkeyutl, genpkey and pkeyparam utilities.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Digital Certificates

Salz, Rich
In reply to this post by Scott Neugroschl-2
> Even assuming he figures out how to tis his algorithm into Openssl, how
> would he even being to specify his custom algorithm in the cert?  Wouldn't
> he have to define his own OID for the algorithm?

Yup.    Getting an OID arc is pretty easy: http://www.alvestrand.no/objectid/1.3.6.1.4.1.html

--  
Principal Security Engineer, Akamai Technologies
IM: [hidden email] Twitter: RichSalz
:��I"Ϯ��r�m���� (���Z+�K�+����1���x ��h���[�z�(���Z+� ��f�y������f���h��)z{,���
Reply | Threaded
Open this post in threaded view
|

Digital Certificates

Niraj Sorathiya

Hi ,

Thankyou all and thankyou Stephen for giving me some hope for my idea :)
But truly speaking I didn't get your steps. I don't know anything about Digital Certificates , but I have started working on this.

I am referring books like openssl cookbook and network security with openssl  by Pravin,Matt and John which is out of date.We have any other stuff to refer ?

Stephen I have one idea, instead going for complicated rsa like algorithm of mine if I write a simple algorithm  which inverts bits only i.e NOT cipher.
Can you  give me detail steps
( i.e how many c program files I'll need  and where I need to copy them to use it  with Digital Certificates) 
for how  can I use  this simple   NOT cipher  with Digital Certificates  instead  of  using rsa.

Please  Stephen help for this if possible.

Regards,
Niraj.







> Even assuming he figures out how to tis his algorithm into Openssl, how
> would he even being to specify his custom algorithm in the cert?  Wouldn't
> he have to define his own OID for the algorithm?

Yup.    Getting an OID arc is pretty easy: http://www.alvestrand.no/objectid/1.3.6.1.4.1.html

--
Principal Security Engineer, Akamai Technologies
IM: [hidden email] Twitter: RichSalz