Linux version of Attribute certificate API

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Linux version of Attribute certificate API

Daniel Diaz Sanchez-2
Hello,

I have compiled the Attribute Certificate API on Linux and it is working
with OpenSSL 0.9.8a (I didn't check other versions)


The source can be downloaded at
http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml

There are 3 versions:

Version 0.1 (Windows only)
Version 0.1 (Linux/Windows) some minor changes to the Windows version (types
and casts). It should work in windows also.
Version 0.2 (Windows) Includes some bugfixes and new functions to assist the
issuing process. Those new functions can be personalized using callbacks.
New functions are not yet covered by documentation.


I will try to move version 0.2 to Linux and also to finish the verifier for
version 0.3 (if I have some spare time)

Regards,

Daniel
       


--
Daniel Diaz Sanchez
Telecommunication Engineer
Researcher / Teaching Assistant
 
Dep. Ing. Telemática
Universidad Carlos III de Madrid
Av. Universidad, 30
28911 Leganés (Madrid/Spain)
Tel: (+34) 91-624-6233, Fax: -8749

Web: www.it.uc3m.es/dds
web: http://www.it.uc3m.es/pervasive
A toolkit for attribute certificates:
http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml

Mail: dds[at].it.uc3m.es
Skype: dds.it.uc3m.es



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Linux version of Attribute certificate API

Daniel Diaz Sanchez-2
The library works also with last openSSL version. I send also a complete
trace of the execution with the last openSSL version on linux.


Regards,




         Pervasive Computing Laboratory

         --------- --------- ----------


This program is a test tool for attribute certificate wrapper
Create attribute certificate
Setting version to v2
Setting holder and issuer
Setting time validity
Setting the attributes
Printing the attribute certificate
----------------------------------

AC Version= v2,
Issuer Information
------------------


        ->name(GNs):DirName: /C=ES/ST=Madrid/L=Leganes/O=Universidad Carlos
III/CN=SoA/emailAddress=[hidden email]
        ->serial(INT):e3:1e:d2:8b:a0:60:53:2f:
        ->issuerUniqueID(INT):NULL
Holder Information
------------------

Holder BaseCertID:

        ->name(GNs):DirName: /C=es/ST=Madrid/L=Leganes/O=Universidad Carlos
III/CN=User/emailAddress=[hidden email]
        ->serial(INT):bd:a6:37:3d:db:9e:37:89:
        ->issuerUniqueID(INT):NULL
Validity
--------

Valid not before: 20070608185543Z
Valid not after: 20070615185543Z
Attribute information
---------------------
Number of attributes: 4

        Attribute Number: 0
        --------------------
        Attribute NID: 354 , Name: id-aca-authenticationInfo
        Service Authentication Information
        Attribute syntax SvceAuthInfo
        Consumed by the target application not the AC verifier
        Multiple values allowed : yes
        Values: 2
                Printing value: 0
                ------------------
                Ident information : Present
                DirName: /C=es/ST=Madrid/L=Leganes/O=Universidad Carlos
III/CN=User/emailAddress=[hidden email]
                Service information : Present
                DirName: /C=ES/ST=Madrid/L=Leganes/O=Universidad Carlos III
de Madrid/OU=Departamento Ingenieria Telematica/CN=Servicio de correo
electronico
                Auth Info : Not present
                Printing value: 1
                ------------------
                Ident information : Present
                DirName: /C=es/ST=Madrid/L=Leganes/O=Universidad Carlos
III/CN=User/emailAddress=[hidden email]
                Service information : Present
                DirName: /C=ES/ST=Madrid/L=Getafe/O=Universidad Carlos III
de Madrid/OU=Library/CN=Catalog
                Auth Info : Not present
        Attribute Number: 1
        --------------------
        Attribute NID: 355 , Name: id-aca-accessIdentity
        Access Identity
        Attribute syntax SvceAuthInfo without AuthInfo
        Consumed by the AC verifier to authorise
        Multiple values allowed : yes
        Values: 1
                Printing value: 0
                ------------------
                Ident information : Present
                DirName: /C=es/ST=Madrid/L=Leganes/O=Universidad Carlos
III/CN=User/emailAddress=[hidden email]
                Service information : Present
                DirName: /C=ES/ST=Madrid/L=Leganes/O=Universidad Carlos III
de Madrid/OU=Departamento Ingenieria Telematica/CN=Servicio de correo
electronico
                Auth Info : Not present... it should be not present!
        Attribute Number: 2
        --------------------
        Attribute NID: 356 , Name: id-aca-chargingIdentity
        Charging Identity
        Attribute syntax IetfAttrSyntax
        Consumed by the AC verifier to authorise
        Multiple values allowed : no
        Values: 1
                Printing value: 0
                ------------------
                Policy Authority information : Present
                DirName: /C=es/ST=Madrid/L=Leganes/O=Universidad Carlos
III/CN=User/emailAddress=[hidden email]
                Type of info :  V_ASN1_OCTET_STRING
       
0x530x6f0x6d0x650x200x640x610x740x610x200x740x6f0x200x610x640x640x200x740x6f
0x2e0x2e0x2e0x2e0x2e
        Attribute Number: 3
        --------------------
        Attribute NID: 400 , Name: role
        Role
        Attribute syntax RoleSyntax
        Consumed by the AC verifier
        Multiple values allowed : yes
        Values: 1
                Printing value: 0
                ------------------
                roleAuthority [Optional] : Present
               
                roleName [MUST|URN]:  URI:it.uc3m.es:administrator

Extensions:
------------
Number of extensions present : 1
        NID: 287, ac-auditEntity
        Critical: Yes
        Data:61:75:64:69:74:2d:69:6e:66:6f:

Signature:
------------
    Signature Algorithm: sha1WithRSAEncryption
        0e:40:4f:85:72:a2:15:ef:3c:f9:c3:54:74:64:bf:6e:e7:b3:
        14:21:70:22:50:fa:16:73:a7:dc:8c:8b:e8:41:1c:ae:90:df:
        6d:11:1f:24:1a:57:5c:b3:8f:ba:51:70:c3:fa:13:16:4a:30:
        3e:4b:63:dd:46:ae:f2:9e:47:01:b4:17:4b:00:26:9c:e4:5b:
        ef:f1:bc:72:63:a4:f1:bf:ec:7b:f0:27:76:4e:24:bb:63:06:
        3c:67:f4:bc:f3:62:ce:53:94:ad:41:4c:36:11:9c:21:a2:f7:
        e5:2d:7f:6c:6e:7b:e4:4b:ed:22:4f:de:80:d8:8c:61:20:ce:
        d0:c3

------------------------

AC Version= v2,
Issuer Information
------------------


        ->name(GNs):DirName: /C=ES/ST=Madrid/L=Leganes/O=Universidad Carlos
III/CN=SoA/emailAddress=[hidden email]
        ->serial(INT):e3:1e:d2:8b:a0:60:53:2f:
        ->issuerUniqueID(INT):NULL
Holder Information
------------------

Holder BaseCertID:

        ->name(GNs):DirName: /C=es/ST=Madrid/L=Leganes/O=Universidad Carlos
III/CN=User/emailAddress=[hidden email]
        ->serial(INT):bd:a6:37:3d:db:9e:37:89:
        ->issuerUniqueID(INT):NULL
Validity
--------

Valid not before: 20070608185543Z
Valid not after: 20070615185543Z
Attribute information
---------------------
Number of attributes: 4

        Attribute Number: 0
        --------------------
        Attribute NID: 354 , Name: id-aca-authenticationInfo
        Service Authentication Information
        Attribute syntax SvceAuthInfo
        Consumed by the target application not the AC verifier
        Multiple values allowed : yes
        Values: 2
                Printing value: 0
                ------------------
                Ident information : Present
                DirName: /C=es/ST=Madrid/L=Leganes/O=Universidad Carlos
III/CN=User/emailAddress=[hidden email]
                Service information : Present
                DirName: /C=ES/ST=Madrid/L=Getafe/O=Universidad Carlos III
de Madrid/OU=Library/CN=Catalog
                Auth Info : Not present
                Printing value: 1
                ------------------
                Ident information : Present
                DirName: /C=es/ST=Madrid/L=Leganes/O=Universidad Carlos
III/CN=User/emailAddress=[hidden email]
                Service information : Present
                DirName: /C=ES/ST=Madrid/L=Leganes/O=Universidad Carlos III
de Madrid/OU=Departamento Ingenieria Telematica/CN=Servicio de correo
electronico
                Auth Info : Not present
        Attribute Number: 1
        --------------------
        Attribute NID: 355 , Name: id-aca-accessIdentity
        Access Identity
        Attribute syntax SvceAuthInfo without AuthInfo
        Consumed by the AC verifier to authorise
        Multiple values allowed : yes
        Values: 1
                Printing value: 0
                ------------------
                Ident information : Present
                DirName: /C=es/ST=Madrid/L=Leganes/O=Universidad Carlos
III/CN=User/emailAddress=[hidden email]
                Service information : Present
                DirName: /C=ES/ST=Madrid/L=Leganes/O=Universidad Carlos III
de Madrid/OU=Departamento Ingenieria Telematica/CN=Servicio de correo
electronico
                Auth Info : Not present... it should be not present!
        Attribute Number: 2
        --------------------
        Attribute NID: 356 , Name: id-aca-chargingIdentity
        Charging Identity
        Attribute syntax IetfAttrSyntax
        Consumed by the AC verifier to authorise
        Multiple values allowed : no
        Values: 1
                Printing value: 0
                ------------------
                Policy Authority information : Present
                DirName: /C=es/ST=Madrid/L=Leganes/O=Universidad Carlos
III/CN=User/emailAddress=[hidden email]
                Type of info :  V_ASN1_OCTET_STRING
       
0x530x6f0x6d0x650x200x640x610x740x610x200x740x6f0x200x610x640x640x200x740x6f
0x2e0x2e0x2e0x2e0x2e
        Attribute Number: 3
        --------------------
        Attribute NID: 400 , Name: role
        Role
        Attribute syntax RoleSyntax
        Consumed by the AC verifier
        Multiple values allowed : yes
        Values: 1
                Printing value: 0
                ------------------
                roleAuthority [Optional] : Present
               
                roleName [MUST|URN]:  URI:it.uc3m.es:administrator

Extensions:
------------
Number of extensions present : 1
        NID: 287, ac-auditEntity
        Critical: Yes
        Data:61:75:64:69:74:2d:69:6e:66:6f:

Signature:
------------
    Signature Algorithm: sha1WithRSAEncryption
        0e:40:4f:85:72:a2:15:ef:3c:f9:c3:54:74:64:bf:6e:e7:b3:
        14:21:70:22:50:fa:16:73:a7:dc:8c:8b:e8:41:1c:ae:90:df:
        6d:11:1f:24:1a:57:5c:b3:8f:ba:51:70:c3:fa:13:16:4a:30:
        3e:4b:63:dd:46:ae:f2:9e:47:01:b4:17:4b:00:26:9c:e4:5b:
        ef:f1:bc:72:63:a4:f1:bf:ec:7b:f0:27:76:4e:24:bb:63:06:
        3c:67:f4:bc:f3:62:ce:53:94:ad:41:4c:36:11:9c:21:a2:f7:
        e5:2d:7f:6c:6e:7b:e4:4b:ed:22:4f:de:80:d8:8c:61:20:ce:
        d0:c3

------------------------


 -----Mensaje original-----
 De: [hidden email] [mailto:[hidden email]]
 En nombre de Daniel Diaz Sanchez
 Enviado el: viernes, 08 de junio de 2007 15:50
 Para: [hidden email]; [hidden email]
 Asunto: Linux version of Attribute certificate API
 
 Hello,
 
 I have compiled the Attribute Certificate API on Linux and it is working
 with OpenSSL 0.9.8a (I didn't check other versions)
 
 
 The source can be downloaded at
 http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml
 
 There are 3 versions:
 
 Version 0.1 (Windows only)
 Version 0.1 (Linux/Windows) some minor changes to the Windows version
 (types
 and casts). It should work in windows also.
 Version 0.2 (Windows) Includes some bugfixes and new functions to assist
 the
 issuing process. Those new functions can be personalized using
 callbacks.
 New functions are not yet covered by documentation.
 
 
 I will try to move version 0.2 to Linux and also to finish the verifier
 for
 version 0.3 (if I have some spare time)
 
 Regards,
 
 Daniel
 
 
 
 --
 Daniel Diaz Sanchez
 Telecommunication Engineer
 Researcher / Teaching Assistant
 
 Dep. Ing. Telemática
 Universidad Carlos III de Madrid
 Av. Universidad, 30
 28911 Leganés (Madrid/Spain)
 Tel: (+34) 91-624-6233, Fax: -8749
 
 Web: www.it.uc3m.es/dds
 web: http://www.it.uc3m.es/pervasive
 A toolkit for attribute certificates:
 http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml
 
 Mail: dds[at].it.uc3m.es
 Skype: dds.it.uc3m.es
 
 
 
 ______________________________________________________________________
 OpenSSL Project                                 http://www.openssl.org
 Development Mailing List                       [hidden email]
 Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Linux version of Attribute certificate API

Richard Levitte - VMS Whacker
In reply to this post by Daniel Diaz Sanchez-2
In message <010201c7a9d3$dea223b0$9be66b10$@uc3m.es> on Fri, 8 Jun 2007 15:49:43 +0200, "Daniel Diaz Sanchez" <[hidden email]> said:

dds> I have compiled the Attribute Certificate API on Linux and it is
dds> working with OpenSSL 0.9.8a (I didn't check other versions)

Oh, really cool.  I've taken it upon myself to have a look and make
sure to get ACs implemented in OpenSSL during the summer.  I've
allocated the first whole week of July to do it.  I'll get back to you
then.

Cheers,
Richard

--
Richard Levitte                         [hidden email]
                                        http://richard.levitte.org/

"When I became a man I put away childish things, including
 the fear of childishness and the desire to be very grown up."
                                                -- C.S. Lewis
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Linux version of Attribute certificate API

Richard Levitte - VMS Whacker
In reply to this post by Daniel Diaz Sanchez-2
Hey Daniel,

I'm going to start working on having ACs in OpenSSL this week
(starting tomorrow), and just downloaded v0.1 and v0.2.  Any chance
you have a verifier for me to look at?

Cheers,
Richard

In message <010201c7a9d3$dea223b0$9be66b10$@uc3m.es> on Fri, 8 Jun 2007 15:49:43 +0200, "Daniel Diaz Sanchez" <[hidden email]> said:

dds> Hello,
dds>
dds> I have compiled the Attribute Certificate API on Linux and it is working
dds> with OpenSSL 0.9.8a (I didn't check other versions)
dds>
dds>
dds> The source can be downloaded at
dds> http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml
dds>
dds> There are 3 versions:
dds>
dds> Version 0.1 (Windows only)
dds> Version 0.1 (Linux/Windows) some minor changes to the Windows version (types
dds> and casts). It should work in windows also.
dds> Version 0.2 (Windows) Includes some bugfixes and new functions to assist the
dds> issuing process. Those new functions can be personalized using callbacks.
dds> New functions are not yet covered by documentation.
dds>
dds>
dds> I will try to move version 0.2 to Linux and also to finish the verifier for
dds> version 0.3 (if I have some spare time)
dds>
dds> Regards,
dds>
dds> Daniel
dds>
dds>
dds>
dds> --
dds> Daniel Diaz Sanchez
dds> Telecommunication Engineer
dds> Researcher / Teaching Assistant
dds>  
dds> Dep. Ing. Telemática
dds> Universidad Carlos III de Madrid
dds> Av. Universidad, 30
dds> 28911 Leganés (Madrid/Spain)
dds> Tel: (+34) 91-624-6233, Fax: -8749
dds>
dds> Web: www.it.uc3m.es/dds
dds> web: http://www.it.uc3m.es/pervasive
dds> A toolkit for attribute certificates:
dds> http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml
dds>
dds> Mail: dds[at].it.uc3m.es
dds> Skype: dds.it.uc3m.es
dds>
dds>
dds>
dds> ______________________________________________________________________
dds> OpenSSL Project                                 http://www.openssl.org
dds> User Support Mailing List                    [hidden email]
dds> Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Linux version of Attribute certificate API

Daniel Diaz Sanchez-2
Hi,

The two versions of the attribute certificate API are more or less the
same, version 0.2 has some bug fixes but I didn’t check it in Linux (I
do not have spare time :). It also has an early version of an issuing
tool which issues certificates by registering callbacks. Callbacks are
used to provide the different certificate fields as subject, role,
extensions, privileges... and to sign the certificate, since the
private key might be inside a token or the role or privileges can be
provided by external engines (SoA - AA).

I was working on a verifier but I need to find it, I will check the CVS
of the department. My idea was to verify certificates by constructing
the entire chain of attribute certificates taking into account possible
delegations. The problem is that delegation makes the verifier
extremely complex since it might be necessary to verify multiple
chains, one for every delegation path with an associated identity
certificate chain.  I will try to find it but it is work-in-progress.

It will be better to develop a verifier without considering delegation
and let refinements (support for delegation) for later. What do you
think about it?

I can help you moving my implementation to OpenSSL, validating it in
Windows and Windows Mobile and also developing a simple verifier.

Regards,

Dani

Richard Levitte <[hidden email]> dijo:

> Hey Daniel,
>
> I'm going to start working on having ACs in OpenSSL this week
> (starting tomorrow), and just downloaded v0.1 and v0.2.  Any chance
> you have a verifier for me to look at?
>
> Cheers,
> Richard
>
> In message <010201c7a9d3$dea223b0$9be66b10$@uc3m.es> on Fri, 8 Jun
> 2007 15:49:43 +0200, "Daniel Diaz Sanchez" <[hidden email]> said:
>
> dds> Hello,
> dds>
> dds> I have compiled the Attribute Certificate API on Linux and it is working
> dds> with OpenSSL 0.9.8a (I didn't check other versions)
> dds>
> dds>
> dds> The source can be downloaded at
> dds> http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml
> dds>
> dds> There are 3 versions:
> dds>
> dds> Version 0.1 (Windows only)
> dds> Version 0.1 (Linux/Windows) some minor changes to the Windows
> version (types
> dds> and casts). It should work in windows also.
> dds> Version 0.2 (Windows) Includes some bugfixes and new functions
> to assist the
> dds> issuing process. Those new functions can be personalized using
> callbacks.
> dds> New functions are not yet covered by documentation.
> dds>
> dds>
> dds> I will try to move version 0.2 to Linux and also to finish the
> verifier for
> dds> version 0.3 (if I have some spare time)
> dds>
> dds> Regards,
> dds>
> dds> Daniel
> dds>
> dds>
> dds>
> dds> --
> dds> Daniel Diaz Sanchez
> dds> Telecommunication Engineer
> dds> Researcher / Teaching Assistant
> dds>
> dds> Dep. Ing. Telemática
> dds> Universidad Carlos III de Madrid
> dds> Av. Universidad, 30
> dds> 28911 Leganés (Madrid/Spain)
> dds> Tel: (+34) 91-624-6233, Fax: -8749
> dds>
> dds> Web: www.it.uc3m.es/dds
> dds> web: http://www.it.uc3m.es/pervasive
> dds> A toolkit for attribute certificates:
> dds> http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml
> dds>
> dds> Mail: dds[at].it.uc3m.es
> dds> Skype: dds.it.uc3m.es
> dds>
> dds>
> dds>
> dds> ______________________________________________________________________
> dds> OpenSSL Project                                 http://www.openssl.org
> dds> User Support Mailing List                    [hidden email]
> dds> Automated List Manager                           [hidden email]
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       [hidden email]
> Automated List Manager                           [hidden email]
>



--
----
DANIEL DIAZ SANCHEZ
WebCartero
Universidad Carlos III de Madrid



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]