[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: Re: Creating a x509 request with Whirlpool
From: Davi Tozoni <davi () kryptus ! com>
Date: 2010-06-28 14:24:32
Message-ID: AANLkTinisOWr2rxNmmksTxJQDlYi46gK3I5oQLqEkd28 () mail ! gmail ! com
[Download RAW message or body]
Sorry, I should give more details.
First of all, I don't know if all I've done is correctly. Basically, I made
up my own OID, so I can use it in my application. If you want to do this
too, here is the easy steps:
1. In crypto/objects/objects.txt, I added:
ecdsa-with-Specified 5 : ecdsa-with-whirlpool
pkcs1 15 : RSA-whirlpool : whirlpoolWithRSAEncryption
2. In crypto/objects/obj_xref.txt, I added:
whirlpoolWithRSAEncryption whirlpool rsaEncryption
ecdsa_with_whirlpool whirlpool X9_62_id_ecPublicKey
3. In crypto/ec/ec_pmeth.c, in function "static int pkey_ec_ctrl()", I added
NID_whirlpool in the if clause after "case EVP_PKEY_CTRL_MD:"
I have modified other source codes, but I don't think they have worked. Any
problem or suggestion, tell me!
2010/6/28 Jakob Bohm <jb-openssl@wisemo.com>
> So did you make up your own OID, or your own ASN structure or did you
> find the right OID somewhere so the rest of us can use it?
>
>
> On 28-06-2010 13:33, Davi Tozoni wrote:
>
>> Hi,
>> Thank you for the information. I modified some source codes in OpenSSL
>> and achieve what I was looking for.
>>
>> 2010/6/7 Dr. Stephen Henson <steve@openssl.org <mailto:steve@openssl.org
>> >>
>>
>>
>> On Mon, Jun 07, 2010, Davi Tozoni wrote:
>>
>> > Hello,
>> >
>> > I was experimenting OpenSSL 1.0.0 and I needed to create a
>> request that must
>> > be signed with Whirlpool hash algorithm. However, when I used the
>> command:
>> >
>> > openssl req -whirlpool -newkey rsa:1024 -keyout key.pem -out
>> req.pem
>> >
>> > It didn't work. The error message was:
>> > 3078702728:error:0606B06E:digital envelope
>> routines:EVP_SignFinal:wrong
>> > public key type:p_sign.c:125:
>> > 3078702728:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP
>> > lib:a_sign.c:279:
>> >
>> > I wish to know if the fact that whirlpool can't work for x509
>> requests is a
>> > decision of openssl developers or there is another reason.
>> Perhaps I am not
>> > using it correctly.
>> >
>> > PS: I am trying to hack openssl source code to find where I could
>> include
>> > changes that would allow to use whirlpool. Do you have any hint?
>> >
>>
>> In order to use a digest for signature purposes it has to have an
>> appropriate
>> object identifier (OID) defined. For example sha1WithRSAEncryption
>> for SHA1
>> and RSA. You can't just make one up it has to be standardised, there
>> is no OID
>> in OpenSSL corresponding to whirlpool with RSA and you get that
>> error as a
>> result.
>>
>> Steve.
>> --
>> Dr Stephen N. Henson. OpenSSL project core developer.
>> Commercial tech support now available see: http://www.openssl.org
>> ______________________________________________________________________
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing List openssl-users@openssl.org
>> <mailto:openssl-users@openssl.org>
>>
>> Automated List Manager majordomo@openssl.org
>> <mailto:majordomo@openssl.org>
>>
>>
>>
>>
>>
>> --
>> Davi Tozoni
>> Engenharia
>> KRYPTUS Engenharia Criptográfica
>> (19) 88140530
>> www.kryptus.com <http://www.kryptus.com>
>>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majordomo@openssl.org
>
--
Davi Tozoni
Engenharia
KRYPTUS Engenharia Criptográfica
(19) 88140530
www.kryptus.com
[Attachment #3 (text/html)]
Sorry, I should give more details.<br><br>First of all, I don't know if all \
I've done is correctly. Basically, I made up my own OID, so I can use it in my \
application. If you want to do this too, here is the easy steps:<br> <br>1. In \
crypto/objects/objects.txt, I added:<br> ecdsa-with-Specified 5 : \
ecdsa-with-whirlpool<br> pkcs1 15 : RSA-whirlpool : \
whirlpoolWithRSAEncryption<br><br>2. In crypto/objects/obj_xref.txt, I added:<br> \
whirlpoolWithRSAEncryption whirlpool rsaEncryption<br> ecdsa_with_whirlpool \
whirlpool X9_62_id_ecPublicKey<br><br>3. In crypto/ec/ec_pmeth.c, in function \
"static int pkey_ec_ctrl()", I added NID_whirlpool in the if clause after \
"case EVP_PKEY_CTRL_MD:"<br> <br>I have modified other source codes, but I \
don't think they have worked. Any problem or suggestion, tell me!<br><br><div \
class="gmail_quote">2010/6/28 Jakob Bohm <span dir="ltr"><<a \
href="mailto:jb-openssl@wisemo.com">jb-openssl@wisemo.com</a>></span><br> \
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); \
margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">So did you make up your own OID, or \
your own ASN structure or did you<br> find the right OID somewhere so the rest of us \
can use it?<div class="im"><br> <br>
On 28-06-2010 13:33, Davi Tozoni wrote:<br>
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, \
204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im"> Hi,<br>
Thank you for the information. I modified some source codes in OpenSSL<br>
and achieve what I was looking for.<br>
<br></div>
2010/6/7 Dr. Stephen Henson <<a href="mailto:steve@openssl.org" \
target="_blank">steve@openssl.org</a> <mailto:<a href="mailto:steve@openssl.org" \
target="_blank">steve@openssl.org</a>>><div><div></div><div class="h5"> <br>
<br>
On Mon, Jun 07, 2010, Davi Tozoni wrote:<br>
<br>
> Hello,<br>
><br>
> I was experimenting OpenSSL 1.0.0 and I needed to create a<br>
request that must<br>
> be signed with Whirlpool hash algorithm. However, when I used the<br>
command:<br>
><br>
> openssl req -whirlpool -newkey rsa:1024 -keyout key.pem -out req.pem<br>
><br>
> It didn't work. The error message was:<br>
> 3078702728:error:0606B06E:digital envelope<br>
routines:EVP_SignFinal:wrong<br>
> public key type:p_sign.c:125:<br>
> 3078702728:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP<br>
> lib:a_sign.c:279:<br>
><br>
> I wish to know if the fact that whirlpool can't work for x509<br>
requests is a<br>
> decision of openssl developers or there is another reason.<br>
Perhaps I am not<br>
> using it correctly.<br>
><br>
> PS: I am trying to hack openssl source code to find where I could<br>
include<br>
> changes that would allow to use whirlpool. Do you have any hint?<br>
><br>
<br>
In order to use a digest for signature purposes it has to have an<br>
appropriate<br>
object identifier (OID) defined. For example sha1WithRSAEncryption<br>
for SHA1<br>
and RSA. You can't just make one up it has to be standardised, there<br>
is no OID<br>
in OpenSSL corresponding to whirlpool with RSA and you get that<br>
error as a<br>
result.<br>
<br>
Steve.<br>
--<br>
Dr Stephen N. Henson. OpenSSL project core developer.<br>
Commercial tech support now available see: <a href="http://www.openssl.org" \
target="_blank">http://www.openssl.org</a><br> \
______________________________________________________________________<br> OpenSSL \
Project <a href="http://www.openssl.org" \
target="_blank">http://www.openssl.org</a><br> User Support Mailing List <a \
href="mailto:openssl-users@openssl.org" \
target="_blank">openssl-users@openssl.org</a><br></div></div> <mailto:<a \
href="mailto:openssl-users@openssl.org" \
target="_blank">openssl-users@openssl.org</a>><div class="im"><br> Automated List \
Manager <a href="mailto:majordomo@openssl.org" \
target="_blank">majordomo@openssl.org</a><br></div> <mailto:<a \
href="mailto:majordomo@openssl.org" target="_blank">majordomo@openssl.org</a>><div \
class="im"><br> <br>
<br>
<br>
<br>
--<br>
Davi Tozoni<br>
Engenharia<br>
KRYPTUS Engenharia Criptográfica<br>
(19) 88140530<br>
</div><a href="http://www.kryptus.com" target="_blank">www.kryptus.com</a> <<a \
href="http://www.kryptus.com" target="_blank">http://www.kryptus.com</a>><br> \
</blockquote><div><div></div><div class="h5"> <br>
______________________________________________________________________<br>
OpenSSL Project <a href="http://www.openssl.org" \
target="_blank">http://www.openssl.org</a><br> User Support Mailing List \
<a href="mailto:openssl-users@openssl.org" \
target="_blank">openssl-users@openssl.org</a><br> Automated List Manager \
<a href="mailto:majordomo@openssl.org" target="_blank">majordomo@openssl.org</a><br> \
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Davi \
Tozoni<br>Engenharia<br>KRYPTUS Engenharia Criptográfica<br>(19) 88140530<br><a \
href="http://www.kryptus.com">www.kryptus.com</a><br>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic