X509 certificate algorithm
Locked
 
|
I call these:
d2i_X509() X509_print_fp() which calls pkey_set_type() EVP_PKEY_asn1_find() and that call fails. I've traced the following error down to the rsaOAEP algorithm, which has a nid of 919. I've included both the openssl and dumpasn1 dump of the X509 certificate. Am I doing something wrong in openssl, or is there a problem with the certificate? I tried certificates from two vendors, and they both fail at the same point. X509_print_fp() gives Subject Public Key Info: Public Key Algorithm: rsaesOaep Unable to load Public Key 140243704706728:error:0609E09C:lib(6):func(158):reason(156):p_lib.c:239: 140243704706728:error:0B07706F:lib(11):func(119):reason(111):x_pubkey.c:155: ~~ dumpasn1 gives () 152 0: . . SEQUENCE {} 154 351: . . SEQUENCE { 158 74: . . . SEQUENCE { 160 9: . . . . OBJECT IDENTIFIER rsaOAEP (1 2 840 113549 1 1 7) : . . . . . (PKCS #1) 171 61: . . . . SEQUENCE { 173 11: . . . . . [0] { 175 9: . . . . . . SEQUENCE { 177 5: . . . . . . . OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) : . . . . . . . . (OIW) 184 0: . . . . . . . NULL : . . . . . . . } : . . . . . . } 186 24: . . . . . [1] { 188 22: . . . . . . SEQUENCE { 190 9: . . . . . . . OBJECT IDENTIFIER pkcs1-MGF (1 2 840 113549 1 1 8) : . . . . . . . . (PKCS #1) 201 9: . . . . . . . SEQUENCE { 203 5: . . . . . . . . OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) : . . . . . . . . . (OIW) 210 0: . . . . . . . . NULL : . . . . . . . . } : . . . . . . . } : . . . . . . } 212 20: . . . . . [2] { 214 18: . . . . . . SEQUENCE { 216 9: . . . . . . . OBJECT IDENTIFIER : . . . . . . . . rsaOAEP-pSpecified (1 2 840 113549 1 1 9) : . . . . . . . . (PKCS #1) 227 5: . . . . . . . OCTET STRING 54 43 50 41 00 TCPA. : . . . . . . . } : . . . . . . } : . . . . . } : . . . . } 234 271: . . . BIT STRING, encapsulates { 239 266: . . . . SEQUENCE { 243 257: . . . . . INTEGER : . . . . . . 00 FB FD F9 09 63 15 A4 .....c.. : . . . . . . 62 5F 79 C7 A9 E2 F8 FF b_y..... : . . . . . . B4 C9 68 2F 32 F0 D4 3A ..h/2..: : . . . . . . 78 AF A3 51 D1 95 DF E3 x..Q.... : . . . . . . 83 BE BF 74 D2 61 03 F6 ...t.a.. : . . . . . . 82 8C D6 3C C6 86 1A 73 ...<...s : . . . . . . 09 5A A5 9E 5D 1B D6 D8 .Z..]... : . . . . . . 72 50 BE 02 D7 0A 8B 8C rP...... : . . . . . . BC BF 92 CF 7D 25 62 E0 ....}%b. : . . . . . . D5 96 4D 04 96 95 83 24 ..M....$ : . . . . . . A5 23 1E 10 21 06 16 06 .#..!... : . . . . . . BF 33 99 F7 D1 F0 BF 18 .3...... : . . . . . . 7C B3 1E B6 D2 20 F6 DF |.... .. : . . . . . . 09 52 F5 2C 3E D0 2D 82 .R.,>.-. : . . . . . . D8 AB A6 6A 34 73 8E 9E ...j4s.. : . . . . . . D8 B7 7B 4B 5F DE 4B 9F ..{K_.K. : . . . . . . 31 4A 7D C4 EC 81 EC 23 1J}....# : . . . . . . 79 AD E4 78 DA 52 41 BB y..x.RA. : . . . . . . 03 6B 1A 3F 9C A6 E5 7F .k.?.... : . . . . . . 3F B9 62 03 55 01 E7 44 ?.b.U..D : . . . . . . C9 88 B5 90 A8 CE 3E E3 ......>. : . . . . . . 62 D2 34 56 E8 02 C2 F4 b.4V.... : . . . . . . 09 4E 58 71 32 29 D4 DF .NXq2).. : . . . . . . 05 8B 37 58 06 66 9A 91 ..7X.f.. : . . . . . . 1A 20 B2 3A 0A 5F 35 F2 . .:._5. : . . . . . . 9E 7A 39 79 EA 97 1D B0 .z9y.... : . . . . . . 39 2B AA 93 BB 94 8F 15 9+...... : . . . . . . 30 03 C5 38 28 53 1D 61 0..8(S.a : . . . . . . 3E EB AB 3B E7 98 96 A1 >..;.... : . . . . . . D2 35 0E 3D 37 26 F9 D0 .5.=7&.. : . . . . . . 93 05 99 B3 0C 4C B7 FA .....L.. : . . . . . . C4 36 BB 52 D1 B6 D5 9E .6.R.... : . . . . . . D7 . 504 3: . . . . . INTEGER 65537 : . . . . . } : . . . . } : . . . } -- Ken Goldman [hidden email] 914-784-7646 (863-7646) |
Re: X509 certificate algorithm
|
|
On Thu, Aug 16, 2012, Kenneth Goldman wrote:
> I call these: > > d2i_X509() > X509_print_fp() > > which calls > pkey_set_type() > EVP_PKEY_asn1_find() > and that call fails. > > I've traced the following error down to the rsaOAEP algorithm, which has a > nid of 919. I've included both the openssl and dumpasn1 dump of the > X509 certificate. Am I doing something wrong in openssl, or is there > a problem with the certificate? I tried certificates from two > vendors, and they both fail at the same point. > > Well the problem is that OpenSSL doesn't currently support OAEP certificates. I've never come across one so if you could send an example that would be useful. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
|
|
On 08/16/12 09:33, Dr. Stephen Henson wrote:
> On Thu, Aug 16, 2012, Kenneth Goldman wrote: > >> I call these: >> >> d2i_X509() >> X509_print_fp() >> >> which calls >> pkey_set_type() >> EVP_PKEY_asn1_find() >> and that call fails. >> >> I've traced the following error down to the rsaOAEP algorithm, which has a >> nid of 919. I've included both the openssl and dumpasn1 dump of the >> X509 certificate. Am I doing something wrong in openssl, or is there >> a problem with the certificate? I tried certificates from two >> vendors, and they both fail at the same point. >> >> > > Well the problem is that OpenSSL doesn't currently support OAEP certificates. > I've never come across one so if you could send an example that would be > useful. I'm back working with these certificates and find that it still fails with the latest openssl. Another user has apparently hit the same issue. https://github.com/openssl/openssl/pull/1441 Is there any chance of rsaOAEP being supported? These are TPM 1.2 endorsement key certificates and there are (unfortunately) 100M's of them shipped. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users |
«
Return to OpenSSL - User
|
1 view|%1 views
| Free forum by Nabble | Edit this page |