Smartcard Authentication

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Smartcard Authentication

Sven Löschner-2
Hello,

At the moment I have a site, where a user can login with a certificate I
create and give to him. No problems so far.

But now I want two things:

1.

I would like to write the certificate on a Smartcard, so the user can insert
this smartcard and tip a PIN to authenticate on the server, instead of the
file-based-variant above.

I read a few websites, e.g. about the OpenSC-project, but I don't know, how
to solve my problem.


2.

The second one is a little bit easier, I hope. It would be nice to control
all the certificates via web interfaces, so I would not have to do
everything on the console :-) .

A few month ago, I have seen a page, where the administrator could easily
insert all the User-Data into a web-based formular, and create the
certificates this way, but I don't remember the site-address :-(.



I hope someone can help me, or give me some hints to solve my problems.


P.S.: Especially the first one should work on Mozilla AND IE, because I
often read about Mozilla-only-solutions.....



Sven

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: is any documentation for programmers?

Marek.Marcola
Hello,

> i want to encrypt and decrypt strings, now i'm using the ecb
encryption
> of openssl/aes.h
> and it looks the encrypted block length depends on the key, or the
> encrypted msg has an \0 in.
In AES encryption/decryption block size is always 16 bytes and not
depends on key size.
Key size for AES256 is 32 bytes, for AES192 24 bytes and for AES128 16 bytes.
If you want to use AES in ecb mode You can use  AES_ecb_encrypt()
(witch simply use AES_encrypt()/AES_decrypt()).
First parameter of this function (in) have to be pointer to 16 bytes of
data to decrypt/encrypt, second parameter is pointer to encrypted/decrypted
result of 16 bytes length.

> i have to know the length of the block to base64 encode it.
Always 16 bytes.

> So if i encrypt my "utopia" test string
You encrypt "utopia" + 10 random bytes at end of buffer - if You use AES_ecb_encrypt().
For proper encryption you should use padding in this situation.

> with unsigned char
> key[32]="bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb";
> strlen(encryptedmsg) returns 11 while if i use 32byte of "a" unsigned
> char strlen(encryptedmsg); returns 16.
You can not check length of encrypted data with strlen().
For AES block size is 16 bytes.

> Does really depends the blocksize on password,
No, not depends,

> or strlen is not a good way to know the blocksize?
Is not good way for this.

Of course all this is true if you use AES_ecb_encrypt().
It is only my guess.

Best regards,
--
Marek Marcola <[hidden email]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: is any documentation for programmers?

cy pher
Thanks for the answers, you helped me lot!
Thank you.

CyPher

On Fri, 21 Apr 2006 21:06:04 +0200, "Marek Marcola"
<[hidden email]> said:

> Hello,
>
> > i want to encrypt and decrypt strings, now i'm using the ecb
> encryption
> > of openssl/aes.h
> > and it looks the encrypted block length depends on the key, or the
> > encrypted msg has an \0 in.
> In AES encryption/decryption block size is always 16 bytes and not
> depends on key size.
> Key size for AES256 is 32 bytes, for AES192 24 bytes and for AES128 16
> bytes.
> If you want to use AES in ecb mode You can use  AES_ecb_encrypt()
> (witch simply use AES_encrypt()/AES_decrypt()).
> First parameter of this function (in) have to be pointer to 16 bytes of
> data to decrypt/encrypt, second parameter is pointer to
> encrypted/decrypted
> result of 16 bytes length.
>
> > i have to know the length of the block to base64 encode it.
> Always 16 bytes.
>
> > So if i encrypt my "utopia" test string
> You encrypt "utopia" + 10 random bytes at end of buffer - if You use
> AES_ecb_encrypt().
> For proper encryption you should use padding in this situation.
>
> > with unsigned char
> > key[32]="bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb";
> > strlen(encryptedmsg) returns 11 while if i use 32byte of "a" unsigned
> > char strlen(encryptedmsg); returns 16.
> You can not check length of encrypted data with strlen().
> For AES block size is 16 bytes.
>
> > Does really depends the blocksize on password,
> No, not depends,
>
> > or strlen is not a good way to know the blocksize?
> Is not good way for this.
>
> Of course all this is true if you use AES_ecb_encrypt().
> It is only my guess.
>
> Best regards,
> --
> Marek Marcola <[hidden email]>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
--
  cy pher
  [hidden email]

--
http://www.fastmail.fm - The professional email service

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Smartcard Authentication

So Gerald
In reply to this post by Sven Löschner-2
A1:Nothing to do because the Windows would do it automaticaly by a "CSP"
A2:Search in MSDN with the keyword "make a PKCS#10 request"

 
2006/4/22, Sven Löschner <[hidden email]>:
Hello,

At the moment I have a site, where a user can login with a certificate I
create and give to him. No problems so far.

But now I want two things:

1.

I would like to write the certificate on a Smartcard, so the user can insert
this smartcard and tip a PIN to authenticate on the server, instead of the
file-based-variant above.

I read a few websites, e.g. about the OpenSC-project, but I don't know, how
to solve my problem.


2.

The second one is a little bit easier, I hope. It would be nice to control
all the certificates via web interfaces, so I would not have to do
everything on the console :-) .

A few month ago, I have seen a page, where the administrator could easily
insert all the User-Data into a web-based formular, and create the
certificates this way, but I don't remember the site-address :-(.



I hope someone can help me, or give me some hints to solve my problems.


P.S.: Especially the first one should work on Mozilla AND IE, because I
often read about Mozilla-only-solutions.....



Sven

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                     [hidden email]
Automated List Manager                           [hidden email]