Generating certificate

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Generating certificate

puneet batura

Hi,
I am generating a self signed certificate for my application using rsa but i want to generate the certificate using ecc. This is what i am doing:

openssl genrsa -out MilitaryGpsKey.pem 2048

openssl req -new -x509 -key MilitaryGpsKey.pem -out MilitaryGpsCert.pem -days 365

now converting the format so tomcat use it:

openssl pkcs12 -export -in MilitaryGpsCert.pem -inkey MilitaryGpsKey.pem -out MilitaryGpsCert.p12 -name tomcat


i am using openssl-0.9.8a  version.  Please tell me how to generate a ecc key

Thanks
--
Regards,


Puneet Batura
Open Source Developer
Reply | Threaded
Open this post in threaded view
|

Re: Generating certificate

Luc Perthuis
puneet batura wrote:

>
> Hi,
> I am generating a self signed certificate for my application using rsa
> but i want to generate the certificate using ecc. This is what i am doing:
>
> openssl genrsa -out MilitaryGpsKey.pem 2048
>
> openssl req -new -x509 -key MilitaryGpsKey.pem -out
> MilitaryGpsCert.pem -days 365
>
> now converting the format so tomcat use it:
>
> openssl pkcs12 -export -in MilitaryGpsCert.pem -inkey
> MilitaryGpsKey.pem -out MilitaryGpsCert.p12 -name tomcat
>
>
> i am using openssl-0.9.8a  version.  Please tell me how to generate a
> ecc key
I am using the same version :

openssl version
OpenSSL 0.9.8a 11 Oct 2005

For a list of usable curves, just do :

openssl ecparam -list_curves

And chose one to pass it to -name parameter as above.

openssl ecparam -genkey -text -name c2pnb163v3
ASN1 OID: c2pnb163v3
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMAAw==
-----END EC PARAMETERS-----
Loading 'screen' into random state - done
-----BEGIN EC PRIVATE KEY-----
(...) [key value]
-----END EC PRIVATE KEY-----

Add -out file_name for ease of use ;-)

The rest of the procedure remains the same ...

>
> Thanks
> --
> Regards,
>
>
> Puneet Batura
> Open Source Developer



--
Regards,
Luc


luc.perthuis.vcf (410 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Generating certificate

puneet batura


On 5/11/06, Luc Perthuis <[hidden email]> wrote:
puneet batura wrote:

>
> Hi,
> I am generating a self signed certificate for my application using rsa
> but i want to generate the certificate using ecc. This is what i am doing:
>
> openssl genrsa -out MilitaryGpsKey.pem 2048
>
> openssl req -new -x509 -key MilitaryGpsKey.pem -out
> MilitaryGpsCert.pem -days 365
>
> now converting the format so tomcat use it:
>
> openssl pkcs12 -export -in MilitaryGpsCert.pem -inkey
> MilitaryGpsKey.pem -out MilitaryGpsCert.p12 -name tomcat
>
>
> i am using openssl-0.9.8a  version.  Please tell me how to generate a
> ecc key

I am using the same version :

openssl version
OpenSSL 0.9.8a 11 Oct 2005

For a list of usable curves, just do :

openssl ecparam -list_curves

When i ry to run the above command i get:
[root@localhost bin]# openssl ecparam -list_curves
openssl:Error: 'ecparam' is an invalid command.

Why so?
And chose one to pass it to -name parameter as above.

openssl ecparam -genkey -text -name c2pnb163v3
ASN1 OID: c2pnb163v3
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMAAw==
-----END EC PARAMETERS-----
Loading 'screen' into random state - done
-----BEGIN EC PRIVATE KEY-----
(...) [key value]
-----END EC PRIVATE KEY-----

Add -out file_name for ease of use ;-)

The rest of the procedure remains the same ...

>
> Thanks
> --
> Regards,
>
>
> Puneet Batura
> Open Source Developer



--
Regards,
Luc






--
Regards,


Puneet Batura
Open Source Developer
Reply | Threaded
Open this post in threaded view
|

Re: Generating certificate

Victor Duchovni
On Thu, May 11, 2006 at 11:19:08PM +0530, puneet batura wrote:

> >I am using the same version :
> >
> >openssl version
> >OpenSSL 0.9.8a 11 Oct 2005
> >
> >For a list of usable curves, just do :
> >
> >openssl ecparam -list_curves
>
>
> When i ry to run the above command i get:
> [root@localhost bin]# openssl ecparam -list_curves
> openssl:Error: 'ecparam' is an invalid command.
>
> Why so?

What does running "openssl version" report?

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Generating certificate

puneet batura


On 5/11/06, Victor Duchovni <[hidden email]> wrote:
On Thu, May 11, 2006 at 11:19:08PM +0530, puneet batura wrote:

> >I am using the same version :
> >
> >openssl version
> >OpenSSL 0.9.8a 11 Oct 2005
> >
> >For a list of usable curves, just do :
> >
> >openssl ecparam -list_curves
>
>
> When i ry to run the above command i get:
> [root@localhost bin]# openssl ecparam -list_curves
> openssl:Error: 'ecparam' is an invalid command.
>
> Why so?

What does running "openssl version" report?

[root@localhost miladmin]# openssl version
OpenSSL 0.9.8a 11 Oct 2005

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                     [hidden email]
Automated List Manager                           [hidden email]



--
Regards,


Puneet Batura
Open Source Developer
Reply | Threaded
Open this post in threaded view
|

Re: Generating certificate

Victor Duchovni
On Fri, May 12, 2006 at 01:23:23AM +0530, puneet batura wrote:

> On 5/11/06, Victor Duchovni <[hidden email]> wrote:
> >
> >On Thu, May 11, 2006 at 11:19:08PM +0530, puneet batura wrote:
> >
> >> >I am using the same version :
> >> >
> >> >openssl version
> >> >OpenSSL 0.9.8a 11 Oct 2005
> >> >
> >> >For a list of usable curves, just do :
> >> >
> >> >openssl ecparam -list_curves
> >>
> >>
> >> When i ry to run the above command i get:
> >> [root@localhost bin]# openssl ecparam -list_curves
> >> openssl:Error: 'ecparam' is an invalid command.
> >>
> >> Why so?
> >
> >What does running "openssl version" report?
>
>
> [root@localhost miladmin]# openssl version
> OpenSSL 0.9.8a 11 Oct 2005
>

O.K. What about "openssl version -a -v -b -o -f -p"?

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Generating certificate

puneet batura


On 5/12/06, Victor Duchovni <[hidden email]> wrote:
On Fri, May 12, 2006 at 01:23:23AM +0530, puneet batura wrote:

> On 5/11/06, Victor Duchovni <[hidden email]> wrote:
> >
> >On Thu, May 11, 2006 at 11:19:08PM +0530, puneet batura wrote:

> >
> >> >I am using the same version :
> >> >
> >> >openssl version
> >> >OpenSSL 0.9.8a 11 Oct 2005
> >> >
> >> >For a list of usable curves, just do :
> >> >
> >> >openssl ecparam -list_curves
> >>
> >>
> >> When i ry to run the above command i get:
> >> [root@localhost bin]# openssl ecparam -list_curves
> >> openssl:Error: 'ecparam' is an invalid command.
> >>
> >> Why so?
> >
> >What does running "openssl version" report?
>
>
> [root@localhost miladmin]# openssl version
> OpenSSL 0.9.8a 11 Oct 2005
>

O.K. What about "openssl version -a -v -b -o -f -p"?

 


[root@localhost miladmin]# openssl version -a -v -b -o -f -p
OpenSSL 0.9.8a 11 Oct 2005
built on: Sun Feb 12 03:25:32 EST 2006
platform: linux-elf
options:  bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -I/usr/kerberos/include -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=generic -fasynchronous-unwind-tables -Wa,--noexecstack -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
OPENSSLDIR: "/etc/pki/tls"
engines:  dynamic ibmca

 

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                     [hidden email]
Automated List Manager                           [hidden email]



--
Regards,


Puneet Batura
Open Source Developer