[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mozilla-crypto
Subject:    Re: How do I sign the result of crypto.generateCRMFRequest() with
From:       Bob Relyea <rrelyea () redhat ! com>
Date:       2005-10-28 16:41:02
Message-ID: 4362549E.4050001 () redhat ! com
[Download RAW message or body]

michael.steller@gmail.com wrote:
> Many thanks for this answer.
>
> So I quit my hope to use generateCRMFRequest() in conjunction with
> openssl. It's too hard for me to add CRMF support in openssl.
>
> Do you know which software can handle CRMF?
>
> _______________________________________________
> mozilla-crypto mailing list
> mozilla-crypto@mozilla.org
> http://mail.mozilla.org/listinfo/mozilla-crypto
>   
NSS has crmf support as a static library (libcrmf.a). It has a test tool 
(crmftest) which is used to test the library. It might make a good 
sample code if wanted to build your own. There is also a very old sample 
program (crmf-cgi) in the NSS cmd directly. I just verified that it does 
not comile (probably hasn't compiled in many years), but it might not be 
too much work to get it running again if you want  to give it a try. It 
works as a mini-CA accessed through a web server.

I quick look at the other tools in NSS seems to indicate they are using 
PKCS #10 (though adding crmf shouldn't be to hard since there is an NSS 
implementation for it).

Commercial products that I know handle CRMF include the old Netscape 
Certificate Server, the old iPlanet Certificate Server (I don't know if 
there is a modern Sun version of that product), and the Red Hat 
Certificate Server.

bob
_______________________________________________
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto
[prev in list] [next in list] [prev in thread] [next in thread]