I m trying to merge key and certificate using pkcs12

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

I m trying to merge key and certificate using pkcs12

kalpesh07
hi,
I am trying to create digital signature for pdf document by openssl commands from php file.

I write these commands in php file
exec("openssl req -x509 -nodes -days 365 -subj '/C=In/ST=Mumbai/L=Maharashtra/CN=www.kalpesh.com'  -newkey rsa:1024 -keyout openssl_key.pem -out openssl_crt.pem");

exec("openssl pkcs12 -export -inkey openssl_key.pem -in openssl_crt.pem -out openssl_key_crt.p12 -name openssl_key_crt");

exec("openssl pkcs12 -in openssl_key_crt.p12 -out openssl_key_crt_enc.pem");

I successfully created openssl_key.pem and openssl_crt.pem files
But openssl_key_crt.p12 and openssl_key_crt_enc.pem comes blank.

Is there something wrong i am doing?
How should i create digital signature using openssl on the fly for users in my site.

Thanks.

Reply | Threaded
Open this post in threaded view
|

Re: I m trying to merge key and certificate using pkcs12

Victor Duchovni
On Fri, Feb 18, 2011 at 01:22:44AM -0800, kalpesh07 wrote:

>
> hi,
> I am trying to create digital signature for pdf document by openssl commands
> from php file.
>
> I write these two commands first in php file
> exec("openssl req -x509 -nodes -days 365 -subj
> '/C=In/ST=Mumbai/L=Maharashtra/CN=www.kalpesh.com'  -newkey rsa:1024 -keyout
> openssl_key.pem -out openssl_crt.pem");

This command should probably at the very least set a umask of 077 to
protect the key. Alternatively, it should encrypt the key. The key generation
step is usually best done separately from the generation of the self-signed
cert.

> exec("openssl pkcs12 -export -inkey openssl_key.pem -in openssl_crt.pem -out
> openssl_key_crt.p12 -name openssl_key_crt");

This command requires a pass-phrase to encrypt the PKCS#12 container.

> exec("openssl pkcs12 -in openssl_key_crt.p12 -out openssl_key_crt_enc.pem");
>
> I successfully created openssl_key.pem and openssl_crt.pem files
> But openssl_key_crt.p12 and openssl_key_crt_enc.pem comes blank.
>
> Is there something wrong i am doing?

Not providing all the required inputs to the pkcs12 commands.

> How should i create digital signature using openssl on the fly for users in
> my site.

Carefully and securely. What is the purpose of these digital signatures?

Why are signatures under a self-signed certificate any better than
no signatures? It seems that the real issue is at a higher level
than your difficulty with using the pkcs12 command. What is your
actual goal?

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]