openssl pkcs#1 v2.1 x.509

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

openssl pkcs#1 v2.1 x.509

majorsoul
does openssl supports pkcs#1 v2.1?
can I create an x509 certificae using openssl with RSASSA-PSS keys?

Reply | Threaded
Open this post in threaded view
|

a question about loading private key and certificate to the ssl ctx

Chong Peng
guys:
 
usually, we use the following two apis to load key/certificate:
 
int SSL_CTX _use_certificate_file(SSL_CTX  *ctx, const char *file, int type);
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
this, if i understand right, requires a private key and certificate to be generate off line and saved in a disk file. if i have an embedded system that canot read from a disk or any other media, how can i input the key/certificate to the ssl context?
 
i noticed that there are other apis defined to input key/certificate to the ssl context, such as:
 
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
 
does this mean that i can  generate a certificate of type X509 and a private key of type EVP_PKEY in my code and then load them to the ssl context? if it is, how can i do that? what i am thinking is that each time when my embedded system bootup, i will generate a key/certificate (self signed) and load them to my ssl context. is this doable?
 
thanks in advance.
 
chong peng

 
Reply | Threaded
Open this post in threaded view
|

Re: openssl pkcs#1 v2.1 x.509

Dr. Stephen Henson
In reply to this post by majorsoul
On Thu, Jan 26, 2006, majorsoul (sent by Nabble.com) wrote:

>
> does openssl supports pkcs#1 v2.1?
> can I create an x509 certificae using openssl with RSASSA-PSS keys?
>

The padding algorithms are supported but some limitations in the RSA API mean
the padding functions have to be called manually.

PSS in certificates is not currently supported.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: openssl pkcs#1 v2.1 x.509

majorsoul
thanks!

can you also relate to this one:
http://www.nabble.com/x.509-question-t1008574.html

Thanks in advance