help with x.509 extrensions

classic Classic list List threaded Threaded
33 messages Options
12
Reply | Threaded
Open this post in threaded view
|

help with x.509 extrensions

Oil Supply
I have been working on trying to add extenstions to a CA certificate
and coming up short. I read through doc/openssl.txt, as well as the
man pages for openssl, ca, and req. I also searched google and the
list archives. Maybe I am just dense. I don't believe I need to write
any code. I don't care about pretty printing. I am using openssl
0.9.8b. The error message is below.

[root@developer ev_certs]# openssl req -outform PEM -new -newkey
rsa:2048 -config /root/ev_certs/ca.txt -out cacert.pem -x509
Error Loading extension section v3_ca
11263:error:22097081:X509 V3 routines:DO_EXT_NCONF:unknown
extension:v3_conf.c:129:
11263:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in
extension:v3_conf.c:93:name=fooname, value=this is a block of text

I have been able to add the extension to the DN successfully, but it
doesn't belong there. My config file is below.

What am I missing? Thanks.




oid_section = new_oids
[ new_oids ]
#This is the extension to add
fooname=2.2.2.2
[ ca ]
default_ca = CA_default # The default ca section
[ CA_default ]
dir = /root/ev_certs/CA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
                                        # several ctificates with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
                                        # must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha1 # which md to use.
preserve = no # keep passed DN ordering
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 2048
default_md = sha1
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
 input_password = secret
 output_password = secret
string_mask = MASK:0x2002
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = GB
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Berkshire
localityName = Locality Name (eg, city)
localityName_default = Newbury
0.organizationName = Organization Name (eg, company)
0.organizationName_default = My Company Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
basicConstraints=CA:FALSE
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
#This is the extension I want to add
fooname=this is a block of text
basicConstraints = CA:true
keyUsage = cRLSign, keyCertSign
[ crl_ext ]
authorityKeyIdentifier=keyid:always,issuer:always
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: help with x.509 extrensions

Patrick Patterson-3
Hi there;

On July 14, 2008 11:36:34 am Oil Supply wrote:
> I have been working on trying to add extenstions to a CA certificate
> and coming up short. I read through doc/openssl.txt, as well as the
> man pages for openssl, ca, and req. I also searched google and the
> list archives. Maybe I am just dense. I don't believe I need to write
> any code. I don't care about pretty printing. I am using openssl
> 0.9.8b. The error message is below.
>
<snip>
> #This is the extension I want to add
> fooname=this is a block of text
> basicConstraints = CA:true
> keyUsage = cRLSign, keyCertSign
> [ crl_ext ]
> authorityKeyIdentifier=keyid:always,issuer:always

What is fooname? What is the encoding? An extension is represented (in the
simplest form), as an OID (that identifies which extension it is, and a value
that is encoded as per the RFC (or other document) rules for that extension.

So, for instance, if fooname is an extension that corresponds to the
OID '1.2.3.4', and it is of value UTF8String, then I think that the right way
to encode it could be:

1.2.3.4 = UTF8:This is a block of text

I've not tried the above, and Stephen or one of the others can give you a
better answer than I, but I hope that gets you started in the right
direction.

One thing - DO NOT pull an OID out of thin air... register your OID properly
with IANA.

As an aside - populating certificates with "Private Extensions" is usually
a "VERY BAD IDEA", since 100% of the applications that you try to use them
with will, at the best, ignore the value, thus rendering the purpose of
putting it in the certificate moot, or, at worst, try and interpret it, and
crash.

If you are just putting in extra text, I would suggest writing this text into
the Subscriber agreement, or writing it into the CP, and referencing it
indirectly via the certificatePolicy standard extension.

Have fun.

--
Patrick Patterson
President and Chief PKI Architect,
Carillon Information Security Inc.
http://www.carillon.ca
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: help with x.509 extrensions

Oil Supply
On Mon, Jul 14, 2008 at 1:51 PM, Patrick Patterson
<[hidden email]> wrote:

> <snip>
>> #This is the extension I want to add
>> fooname=this is a block of text
>> basicConstraints = CA:true
>> keyUsage = cRLSign, keyCertSign
>> [ crl_ext ]
>> authorityKeyIdentifier=keyid:always,issuer:always
>
> What is fooname? What is the encoding? An extension is represented (in the
> simplest form), as an OID (that identifies which extension it is, and a value
> that is encoded as per the RFC (or other document) rules for that extension.
>
> So, for instance, if fooname is an extension that corresponds to the
> OID '1.2.3.4', and it is of value UTF8String, then I think that the right way
> to encode it could be: 1.2.3.4 = UTF8:This is a block of text

Hi Pat. According to the docs and what I read, this should just "work". :)

In this case, fooname is just a string. I am starting simple to get
the syntax down, then I will tackle other types. So I am not trying
anything fancy. I did try your suggestion if trying using the bare OID
 but got the same error.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Prime number generation on FreeBSD-sparc64

Yuliya Shulman
Hello!

Hello!

We're trying to use OpenSSL on FreeBSD-sparc64 and it goes into infinite
loop while generating a prime number - the number generated is never
prime, so it goes back for more and more. Has anyone had that problem?
How did you solve it?

Thank you,
Yuliya

P.S. Yes, I've read that FAQ about sparc 64. Unfortunately, not
supporting this platform is not an option and -m32 flag is not supported
by GCC on it, either. :(

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: help with x.509 extrensions

Dr. Stephen Henson
In reply to this post by Oil Supply
On Mon, Jul 14, 2008, Oil Supply wrote:

> On Mon, Jul 14, 2008 at 1:51 PM, Patrick Patterson
> <[hidden email]> wrote:
> > <snip>
> >> #This is the extension I want to add
> >> fooname=this is a block of text
> >> basicConstraints = CA:true
> >> keyUsage = cRLSign, keyCertSign
> >> [ crl_ext ]
> >> authorityKeyIdentifier=keyid:always,issuer:always
> >
> > What is fooname? What is the encoding? An extension is represented (in the
> > simplest form), as an OID (that identifies which extension it is, and a value
> > that is encoded as per the RFC (or other document) rules for that extension.
> >
> > So, for instance, if fooname is an extension that corresponds to the
> > OID '1.2.3.4', and it is of value UTF8String, then I think that the right way
> > to encode it could be: 1.2.3.4 = UTF8:This is a block of text
>
> Hi Pat. According to the docs and what I read, this should just "work". :)
>

Well whatever docs they are it wont ;-)

OpenSSL has no idea how to process "fooname" or the value.

> In this case, fooname is just a string. I am starting simple to get
> the syntax down, then I will tackle other types. So I am not trying
> anything fancy. I did try your suggestion if trying using the bare OID
>  but got the same error.

The correct syntax for that example is:

1.2.3.4 = ASN1:UTF8:This is a block of text

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: help with x.509 extrensions

Patrick Patterson-3
On July 14, 2008 03:35:22 pm Dr. Stephen Henson wrote:

> On Mon, Jul 14, 2008, Oil Supply wrote:
> > On Mon, Jul 14, 2008 at 1:51 PM, Patrick Patterson
> >
> > <[hidden email]> wrote:
> > > <snip>
> > >
> > >> #This is the extension I want to add
> > >> fooname=this is a block of text
> > >> basicConstraints = CA:true
> > >> keyUsage = cRLSign, keyCertSign
> > >> [ crl_ext ]
> > >> authorityKeyIdentifier=keyid:always,issuer:always
> > >
> > > What is fooname? What is the encoding? An extension is represented (in
> > > the simplest form), as an OID (that identifies which extension it is,
> > > and a value that is encoded as per the RFC (or other document) rules
> > > for that extension.
> > >
> > > So, for instance, if fooname is an extension that corresponds to the
> > > OID '1.2.3.4', and it is of value UTF8String, then I think that the
> > > right way to encode it could be: 1.2.3.4 = UTF8:This is a block of text
> >
> > Hi Pat. According to the docs and what I read, this should just "work".
> > :)
>
> Well whatever docs they are it wont ;-)
>
> OpenSSL has no idea how to process "fooname" or the value.
>
> > In this case, fooname is just a string. I am starting simple to get
> > the syntax down, then I will tackle other types. So I am not trying
> > anything fancy. I did try your suggestion if trying using the bare OID
> >  but got the same error.
>
> The correct syntax for that example is:
>
> 1.2.3.4 = ASN1:UTF8:This is a block of text
>
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> OpenSSL project core developer and freelance consultant.
> Homepage: http://www.drh-consultancy.demon.co.uk
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]



--
Patrick Patterson
President and Chief PKI Architect,
Carillon Information Security Inc.
http://www.carillon.ca
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: help with x.509 extrensions

Oil Supply
In reply to this post by Dr. Stephen Henson
Thanks Dr. Henson,

So that leaves me with some more questions.

What is the new_oids section supposed to be used for? Because it looks
like I just add a name=oid and then for simple strings, add the
extension as name=<whatever> the man pages refer to this as well. That
is my confusion.

My initial try at this syntax "1.2.3.4 = ASN1:UTF8:This is a block of
text" failed my first time (before I posted for help) because I didn't
add the ASN1, but even that attempt was more of a shot in the dark.

Anyway, I corrected it and it works and I can try some other sequences.

Oil


On Mon, Jul 14, 2008 at 3:35 PM, Dr. Stephen Henson <[hidden email]> wrote:

> On Mon, Jul 14, 2008, Oil Supply wrote:
>
>> On Mon, Jul 14, 2008 at 1:51 PM, Patrick Patterson
>> <[hidden email]> wrote:
>> > <snip>
>> >> #This is the extension I want to add
>> >> fooname=this is a block of text
>> >> basicConstraints = CA:true
>> >> keyUsage = cRLSign, keyCertSign
>> >> [ crl_ext ]
>> >> authorityKeyIdentifier=keyid:always,issuer:always
>> >
>> > What is fooname? What is the encoding? An extension is represented (in the
>> > simplest form), as an OID (that identifies which extension it is, and a value
>> > that is encoded as per the RFC (or other document) rules for that extension.
>> >
>> > So, for instance, if fooname is an extension that corresponds to the
>> > OID '1.2.3.4', and it is of value UTF8String, then I think that the right way
>> > to encode it could be: 1.2.3.4 = UTF8:This is a block of text
>>
>> Hi Pat. According to the docs and what I read, this should just "work". :)
>>
>
> Well whatever docs they are it wont ;-)
>
> OpenSSL has no idea how to process "fooname" or the value.
>
>> In this case, fooname is just a string. I am starting simple to get
>> the syntax down, then I will tackle other types. So I am not trying
>> anything fancy. I did try your suggestion if trying using the bare OID
>>  but got the same error.
>
> The correct syntax for that example is:
>
> 1.2.3.4 = ASN1:UTF8:This is a block of text
>
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> OpenSSL project core developer and freelance consultant.
> Homepage: http://www.drh-consultancy.demon.co.uk
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: help with x.509 extrensions

Dr. Stephen Henson
On Mon, Jul 14, 2008, Oil Supply wrote:

> Thanks Dr. Henson,
>
> So that leaves me with some more questions.
>
> What is the new_oids section supposed to be used for? Because it looks
> like I just add a name=oid and then for simple strings, add the
> extension as name=<whatever> the man pages refer to this as well. That
> is my confusion.
>

That should work but it wont result in "name" being displayed on things like
browsers: only OpenSSL will now about the mapping between name and the OID.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: help with x.509 extrensions

Oil Supply
>> What is the new_oids section supposed to be used for? Because it looks
>> like I just add a name=oid and then for simple strings, add the
>> extension as name=<whatever> the man pages refer to this as well. That
>> is my confusion.
>>
>
> That should work but it wont result in "name" being displayed on things like
> browsers: only OpenSSL will now about the mapping between name and the OID.Thanks again, Dr. Henson.

Ok, so to add an extension to a certificate so that the human name
"fooname" will be displayed in a browser or by openssl x509 command, I
need to write some routines to encode the name and what-not. And that
is explained in doc/openssl.txt in the source tree?

Do you, by you, I mean anyone on the list, think having the human
readable name in the certificate is a requirement?

Oil
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: help with x.509 extrensions

Patrick Patterson-3
On July 15, 2008 10:38:45 am Oil Supply wrote:

> >> What is the new_oids section supposed to be used for? Because it looks
> >> like I just add a name=oid and then for simple strings, add the
> >> extension as name=<whatever> the man pages refer to this as well. That
> >> is my confusion.
> >
> > That should work but it wont result in "name" being displayed on things
> > like browsers: only OpenSSL will now about the mapping between name and
> > the OID.Thanks again, Dr. Henson.
>
> Ok, so to add an extension to a certificate so that the human name
> "fooname" will be displayed in a browser or by openssl x509 command, I
> need to write some routines to encode the name and what-not. And that
> is explained in doc/openssl.txt in the source tree?
>
No - you need to have it incorporated in an RFC or other standard that
browsers and Certificate processing routines implement.

All you encode in the certificate is an OID and a value - the way that a
program knows how to interpret and display it is built into the logic of the
program, based on the definition a the standard.

> Do you, by you, I mean anyone on the list, think having the human
> readable name in the certificate is a requirement?
>
If you are including a value in there that is meant to be read by a person,
then yes. If you are including a value in there that is meant to be
interpretted and acted upon by a Relying Party computer program, then no -
but then, as I said in my previous message, if you include a private
extension, the chances of either of these being possible with a
non-proprietary client is approximately nil. If your certificates are only
ever being used by a proprietary client in a closed community, then feel free
to add Private Extensions. If not, then it would probably be better to find a
way to express what you want to convey using one of the standard extensions.

Have fun.


--
Patrick Patterson
President and Chief PKI Architect,
Carillon Information Security Inc.
http://www.carillon.ca
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: help with x.509 extrensions

Oil Supply
> If you are including a value in there that is meant to be read by a person,
> then yes. If you are including a value in there that is meant to be
> interpretted and acted upon by a Relying Party computer program, then no -
> but then, as I said in my previous message, if you include a private
> extension, the chances of either of these being possible with a
> non-proprietary client is approximately nil. If your certificates are only
> ever being used by a proprietary client in a closed community, then feel free
> to add Private Extensions. If not, then it would probably be better to find a
> way to express what you want to convey using one of the standard extensions.

ah, now that clears things up. Thanks Patrick.

I am toying with the efficacy to use certificate attributes to make
application decisions (access control, look and feel, etc), so yes, a
private, closed system.

My idea, not a new one by any means, is to separate user provisioning
from application logic. I want to have an authoritative source of the
user and their role, and based on that, the application does something
special. I know there are probably easier ways to do this like assign
a user a role in the app, but I may want to have the user access
multiple apps and using a certificate seems like a good option. I will
certainly use the standard options where I can. I am reading through
the IETF PKIX docs even as we speak.

Oil
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: help with x.509 extrensions

Patrick Patterson-3
On July 15, 2008 10:57:21 am you wrote:

> > If you are including a value in there that is meant to be read by a
> > person, then yes. If you are including a value in there that is meant to
> > be interpretted and acted upon by a Relying Party computer program, then
> > no - but then, as I said in my previous message, if you include a private
> > extension, the chances of either of these being possible with a
> > non-proprietary client is approximately nil. If your certificates are
> > only ever being used by a proprietary client in a closed community, then
> > feel free to add Private Extensions. If not, then it would probably be
> > better to find a way to express what you want to convey using one of the
> > standard extensions.
>
> ah, now that clears things up. Thanks Patrick.
>
> I am toying with the efficacy to use certificate attributes to make
> application decisions (access control, look and feel, etc), so yes, a
> private, closed system.
>
The main problem with doing this is scalability - every time your user changes
preferences, they will need to go through the process to get a new
certificate. Every time they move jobs, or change access rights, they will
need a new certificate. This means that you need to revoke the old one, and
somehow issue them a new one. Setting this up in a manner that actually has
the certificates mean something is non-trivial. If you don't care about
having trusted certificates, then I would strongly suggest doing your
identity management another way - PKI is notoriously user-unfriendly. If you
do care about having trusted certificates, then I strongly encourage you to
de-couple identity and access management. The current state of the art for
doing this, BTW, is Identity federation... you may want to take a look at it
instead of shoehorning things into certificates that were never meant to go
there (For the purists on the list - yes, there are attribute certificates,
but I have yet to see anyone actually using them :)

> My idea, not a new one by any means, is to separate user provisioning
> from application logic. I want to have an authoritative source of the
> user and their role, and based on that, the application does something
> special. I know there are probably easier ways to do this like assign
> a user a role in the app, but I may want to have the user access
> multiple apps and using a certificate seems like a good option. I will
> certainly use the standard options where I can. I am reading through
> the IETF PKIX docs even as we speak.
>
Sounds like what you really want is N-0 user Federation. SAML2.0 or WS-Fed
will both do what you want - and if you implement it using Cardspace (active
requestor profile) you should be able to get it to work relatively
painlessly.

Have fun.

--
Patrick Patterson
President and Chief PKI Architect,
Carillon Information Security Inc.
http://www.carillon.ca
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: help with x.509 extrensions

Kyle Hamilton
In reply to this post by Oil Supply
On Tue, Jul 15, 2008 at 7:57 AM, Oil Supply <[hidden email]> wrote:

>> If you are including a value in there that is meant to be read by a person,
>> then yes. If you are including a value in there that is meant to be
>> interpretted and acted upon by a Relying Party computer program, then no -
>> but then, as I said in my previous message, if you include a private
>> extension, the chances of either of these being possible with a
>> non-proprietary client is approximately nil. If your certificates are only
>> ever being used by a proprietary client in a closed community, then feel free
>> to add Private Extensions. If not, then it would probably be better to find a
>> way to express what you want to convey using one of the standard extensions.
>
> ah, now that clears things up. Thanks Patrick.
>
> I am toying with the efficacy to use certificate attributes to make
> application decisions (access control, look and feel, etc), so yes, a
> private, closed system.

There's actually a type of certificate out there that is called an
"Attribute Certificate" that can provide access-control rights.  You
might want to look into this -- generally, the CA would in this case
be the authenticator (either Active Directory, or Kerberos, or
something that provides centralized user authentication) which issues
certificates with relatively-short times, revoked whenever the user
logs out or otherwise changes some security attribute (such as group
membership).

> My idea, not a new one by any means, is to separate user provisioning
> from application logic. I want to have an authoritative source of the
> user and their role, and based on that, the application does something
> special. I know there are probably easier ways to do this like assign
> a user a role in the app, but I may want to have the user access
> multiple apps and using a certificate seems like a good option. I will
> certainly use the standard options where I can. I am reading through
> the IETF PKIX docs even as we speak.

I should mention that Lotus Domino has been doing this for nearly 20
years.  If it had a lower cost-of-entry (currently it's around $35,000
for a single server, plus licenses to run Notes clients, plus client
licenses for Notes clients to access the Domino server) I'd recommend
it as a potentially-viable approach.

Alas, it's not.

-Kyle H
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: help with x.509 extrensions (OFFTOPIC)

Patrick Patterson-3
Hi Kyle;

On July 15, 2008 02:22:59 pm Kyle Hamilton wrote:
> I should mention that Lotus Domino has been doing this for nearly 20
> years.  If it had a lower cost-of-entry (currently it's around $35,000
> for a single server, plus licenses to run Notes clients, plus client
> licenses for Notes clients to access the Domino server) I'd recommend
> it as a potentially-viable approach.
>

You may want to take a look at Lotus Foundations (http://www.nitix.com) - I'm
sure that they are selling that for a lot less than 35K, and I know it
includes a bunch of client licenses.

Have fun.

--
Patrick Patterson
President and Chief PKI Architect,
Carillon Information Security Inc.
http://www.carillon.ca
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: help with x.509 extrensions

Oil Supply
In reply to this post by Kyle Hamilton
Thanks Kyle. I am going to look at this and Patrick's suggestions for
SAML and WS-Fed. They seem to be viable options.

On Tue, Jul 15, 2008 at 2:22 PM, Kyle Hamilton <[hidden email]> wrote:

> On Tue, Jul 15, 2008 at 7:57 AM, Oil Supply <[hidden email]> wrote:
>>> If you are including a value in there that is meant to be read by a person,
>>> then yes. If you are including a value in there that is meant to be
>>> interpretted and acted upon by a Relying Party computer program, then no -
>>> but then, as I said in my previous message, if you include a private
>>> extension, the chances of either of these being possible with a
>>> non-proprietary client is approximately nil. If your certificates are only
>>> ever being used by a proprietary client in a closed community, then feel free
>>> to add Private Extensions. If not, then it would probably be better to find a
>>> way to express what you want to convey using one of the standard extensions.
>>
>> ah, now that clears things up. Thanks Patrick.
>>
>> I am toying with the efficacy to use certificate attributes to make
>> application decisions (access control, look and feel, etc), so yes, a
>> private, closed system.
>
> There's actually a type of certificate out there that is called an
> "Attribute Certificate" that can provide access-control rights.  You
> might want to look into this -- generally, the CA would in this case
> be the authenticator (either Active Directory, or Kerberos, or
> something that provides centralized user authentication) which issues
> certificates with relatively-short times, revoked whenever the user
> logs out or otherwise changes some security attribute (such as group
> membership).
>
>> My idea, not a new one by any means, is to separate user provisioning
>> from application logic. I want to have an authoritative source of the
>> user and their role, and based on that, the application does something
>> special. I know there are probably easier ways to do this like assign
>> a user a role in the app, but I may want to have the user access
>> multiple apps and using a certificate seems like a good option. I will
>> certainly use the standard options where I can. I am reading through
>> the IETF PKIX docs even as we speak.
>
> I should mention that Lotus Domino has been doing this for nearly 20
> years.  If it had a lower cost-of-entry (currently it's around $35,000
> for a single server, plus licenses to run Notes clients, plus client
> licenses for Notes clients to access the Domino server) I'd recommend
> it as a potentially-viable approach.
>
> Alas, it's not.
>
> -Kyle H
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Prime number generation on FreeBSD-sparc64

Ted Mittelstaedt
In reply to this post by Yuliya Shulman


> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]]On Behalf Of Yuliya Shulman
> Sent: Monday, July 14, 2008 12:03 PM
> To: [hidden email]
> Subject: Prime number generation on FreeBSD-sparc64
>
>
> Hello!
>
> Hello!
>
> We're trying to use OpenSSL on FreeBSD-sparc64 and it goes into infinite
> loop while generating a prime number - the number generated is never
> prime, so it goes back for more and more. Has anyone had that problem?
> How did you solve it?
>
> Thank you,
> Yuliya
>
> P.S. Yes, I've read that FAQ about sparc 64. Unfortunately, not
> supporting this platform is not an option and -m32 flag is not supported
> by GCC on it, either. :(

I believe the correct flag for 32 bit on a Sparc for gcc is
-mv8 and -mv7, not -m32.  The V8 Sparc chip is a 32 bit chip
so if gcc is generating 64 bit code with this flag that's
a bug that should be reported to gcc.  See more:

http://www.osnews.com/story/6136/SPARC_Optimizations_With_GCC/page1/

I don't know, of course, if 32 bit binaries generated this
way could even run.

Why exactly are you trying to generate primes with OpenSSL?  It's much
faster to just download the table of primes from someplace like
http://primes.utm.edu/lists/small/millions/ and pack this with
your application.

Ted

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Prime number generation on FreeBSD-sparc64

Yuliya Shulman
Thank you so much for providing the article and the flags! V8 worked, at
least with the limited functionality we're using!

I know there are lists of prime numbers as well as known algorithms. We
don't generate primes for our own use; OpenSSL does. We're using
RSA_generate_key() - a function in rsa_depr.c

In turn, it uses:
RSA_generate_key_ex() in rsa_gen.c
rsa_builtin_keygen() in rsa_gen.c
BN_generate_prime_ex() in prime.c
BN_is_prime_fasttest_ex() in bn_prime.c

As for downloading a list of primes - I briefly toyed with the idea in
moments of desperation (this code is not easy to debug, to put it
mildly), but unfortunately, having a list of codes in one's program
makes it very easy to break them.

Thank you so much again!
Yuliya

-----Original Message-----

I believe the correct flag for 32 bit on a Sparc for gcc is
-mv8 and -mv7, not -m32.  The V8 Sparc chip is a 32 bit chip
so if gcc is generating 64 bit code with this flag that's
a bug that should be reported to gcc.  See more:

http://www.osnews.com/story/6136/SPARC_Optimizations_With_GCC/page1/

I don't know, of course, if 32 bit binaries generated this
way could even run.

Why exactly are you trying to generate primes with OpenSSL?  It's much
faster to just download the table of primes from someplace like
http://primes.utm.edu/lists/small/millions/ and pack this with
your application.

Ted


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Prime number generation on FreeBSD-sparc64

Ted Mittelstaedt


> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]]On Behalf Of Yuliya Shulman
> Sent: Wednesday, July 16, 2008 9:29 AM
> To: [hidden email]
> Subject: RE: Prime number generation on FreeBSD-sparc64
>
>
> Thank you so much for providing the article and the flags! V8 worked, at
> least with the limited functionality we're using!
>
> I know there are lists of prime numbers as well as known algorithms. We
> don't generate primes for our own use; OpenSSL does. We're using
> RSA_generate_key() - a function in rsa_depr.c
>
> In turn, it uses:
> RSA_generate_key_ex() in rsa_gen.c
> rsa_builtin_keygen() in rsa_gen.c
> BN_generate_prime_ex() in prime.c
> BN_is_prime_fasttest_ex() in bn_prime.c
>
> As for downloading a list of primes - I briefly toyed with the idea in
> moments of desperation (this code is not easy to debug, to put it
> mildly), but unfortunately, having a list of codes in one's program
> makes it very easy to break them.
>

Ah, but isn't every prime your program generates somewhere on
one of those lists of primes?  Thus an attacker does already have
a list of codes... ;-)

Be aware of 2 things in dealing with prime generation from
OpenSSL:

The prime generation routine cannot generate small primes.
To see what I mean you can try generating a prime with 1 bit
of length, 2 bits of length, 3 bits of length, etc.  You should
therefore range check any input you
send to these routines to insure that the primes you want
are not under 64 bits in length

The routine doesen't guarentee the numbers it generates is prime.
It only guarentees that it will NOT pass a number to you that
is NOT prime.  Basically, you have a 99.5% (or better depending
on who you talk to) chance that any given number you get is prime.

If you are using the primes as part of crypto key generation
they are sufficient for this.

If you are using them for some kind of scientific proof or
some such, you really need to scrap all of this and replace it
with a prime generation routine.

Ted
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Prime number generation on FreeBSD-sparc64

Yuliya Shulman
Yes, I understand the list of prime numbers is known; unfortunately, I
can only implement the solutions my management agrees with. This code
path is used for login authentication and has been used for a while, so
I guess everybody thinks it's OK to use it.

Unfortunately, I also spoke too soon. I had a hack in the code I forgot
about. When I removed it, the program still hanged, regardless of
whether I was using v7 or v8 flags. They don't build 32-bit executables,
do they? Is there anything else I could try?

Thanks,
Yuliya

-----Original Message-----

Ah, but isn't every prime your program generates somewhere on
one of those lists of primes?  Thus an attacker does already have
a list of codes... ;-)

Be aware of 2 things in dealing with prime generation from
OpenSSL:

The prime generation routine cannot generate small primes.
To see what I mean you can try generating a prime with 1 bit
of length, 2 bits of length, 3 bits of length, etc.  You should
therefore range check any input you
send to these routines to insure that the primes you want
are not under 64 bits in length

The routine doesen't guarentee the numbers it generates is prime.
It only guarentees that it will NOT pass a number to you that
is NOT prime.  Basically, you have a 99.5% (or better depending
on who you talk to) chance that any given number you get is prime.

If you are using the primes as part of crypto key generation
they are sufficient for this.

If you are using them for some kind of scientific proof or
some such, you really need to scrap all of this and replace it
with a prime generation routine.

Ted

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Prime number generation on FreeBSD-sparc64

Victor Duchovni
On Thu, Jul 17, 2008 at 09:27:26AM -0500, Yuliya Shulman wrote:

> Yes, I understand the list of prime numbers is known; unfortunately, I
> can only implement the solutions my management agrees with. This code
> path is used for login authentication and has been used for a while, so
> I guess everybody thinks it's OK to use it.

What "list" of primes is "known"? Are you using OpenSSL to generate 1024-bit
or larger RSA keys? If so the list of ~512-bit large prime is certainly
not "known".

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
12