Hello!
It _is_ possible to get cryptlib to work on the pocket pc platform. I have
implemented wtls (security layer in wap) for pocket pc based on cryptlib and
it works fine. I have not yet had the time to clean up the code in order to
fold it into the main distribution, but Pocket pc will probably eventually
be supported(?).
/Fredrik
> -----Original Message-----
> From: cryptlib-admin@mbsks.franken.de
> [mailto:cryptlib-admin@mbsks.franken.de]On Behalf Of Hans-Olof
> Hermansson
> Sent: den 19 februari 2002 09:44
> To: cryptlib@mbsks.franken.de
> Subject: [Cryptlib] Pocket PC VPN
>
>
> Hi,
> Does anybody know of any good way to make an encrypted
> connection from a GPRS enabled Pocket PC?
> Does Cryptlib support Pocket PC?
> Do you know of any other good VPN clients for Pocket
> PC?
>
> Thanks in advance
> Hans-Olof Hermansson
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Sports - Coverage of the 2002 Olympic Games
> http://sports.yahoo.com
>
> _______________________________________________
> Cryptlib mailing list
> Cryptlib@mbsks.franken.de
> Administration via Mail: cryptlib-request@mbsks.franken.de
From cryptlib@mbsks.franken.de Sat Feb 23 12:33:58 2002
From: cryptlib@mbsks.franken.de (alex)
Date: Sat, 23 Feb 2002 15:33:58 +0300
Subject: [Cryptlib] hi from new cryptlib fan
Message-ID: <3C778C36.73EF89B9@dynaweb.ru>
Hi everybody!
I was looking for multiplatform and rather secure crypting lib for my
program and once came across cryptlib. After a while I've got it's
security level and found its design as an exellent one :0)
But further on I am in a fix.
The problem is that I'm an experienced programmer but a newby in
cryptography and hence I'm shor tof some "obvious" stuff that's missing
in cryptlib docs.
All that long pleamble is for you not to be flaming me for stupid
questions.
I'm new in cryptlib but I learn fast :0)
Now my questions:
I need to make secure session (connection) using ssh.
As I got from the manual I'm creating session context and then (for
server-side) add private key. That's nice but how could I get it. At the
very beginning of the same manual I found very wise phrase about I won't
have direct access to the keys generated via creation of crypt context.
That's a good idea.
Then I tried to push context handle as a private key but got an invalid
3-d param error. I looked through CRYPT_ATTRIBUTE_ consts but didn't
find any close except for KEY itself that is avalable for direct loading
only.
What I'm missing?
I feel I'm walking close to some very basic things that all of you
threat as obvious.
Though not me :0(
Thanks for any help or for a link to the place where to read about it.
Alexander Komratov
From cryptlib@mbsks.franken.de Sat Feb 23 18:38:00 2002
From: cryptlib@mbsks.franken.de (Gregg Housh)
Date: Sat, 23 Feb 2002 12:38:00 -0600
Subject: [Cryptlib] SSL in VB
Message-ID: <001001c1bc99$394313c0$2fc0fa0c@attbi.com>
This is a multi-part message in MIME format.
------=_NextPart_000_000D_01C1BC66.EDE0BFE0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
First off, thanks for a great free library.
I need to do an SSL connection from a VB app using the cryptlb activex =
object. Ive used winsock for a long time, so I hope its close to the =
same idea on how to use it. I was wondering if anyone had any sample =
source on how to do SSL with the object?
Gregg
------=_NextPart_000_000D_01C1BC66.EDE0BFE0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
First off, thanks for a great free=20
library.
I need to do an SSL connection from a =
VB app using=20
the cryptlb activex object. Ive used winsock for a long time, so I =
hope=20
its close to the same idea on how to use it. I was wondering if =
anyone had=20
any sample source on how to do SSL with the object?
Gregg
------=_NextPart_000_000D_01C1BC66.EDE0BFE0--
From cryptlib@mbsks.franken.de Mon Feb 25 04:13:27 2002
From: cryptlib@mbsks.franken.de (cryptlib@mbsks.franken.de)
Date: Sun, 24 Feb 2002 22:13:27 -0600
Subject: [Cryptlib] Building public key keyset for SSL client authentication
Message-ID: <3C796587.15461.25478139@localhost>
Greetings all, I'm trying to do what seems to be a simple task: I'm setting up a SSL
server which will authenticate clients cia client certificates. I've constructed a CA to
sign the certs (both server and client).
I've been able to generate and sign the client certs, but I can't build the keyset. I'm
sure that the issue is improper mixing of certs and encryption contexts, but I just
can't tell from the documentation and the archives what the proper sequence is.
Here's what I have (function call sequence, sorry about the wrap):
status = cryptKeysetOpen(&cKeyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE,
keyset, CRYPT_KEYOPT_CREATE);
if (status == CRYPT_ERROR_DUPLICATE)
status = cryptKeysetOpen(&cKeyset, CRYPT_UNUSED,
CRYPT_KEYSET_FILE, keyset, CRYPT_KEYOPT_NONE);
status = cryptImportCert(buffer, bytes, CRYPT_UNUSED, &cCert);
status = cryptAddPublicKey(cKeyset, cCert);
status = cryptKeysetClose(cKeyset);
The cryptAddPublicKey() call fails with a -2 (CRYPT_ERROR_PARAM2). The
keyset doesn't exist, so the CREATE gets called.
Do I need to somehow extract the public key from the cert? If so, how is this done?
Thanks very much in advance for any and all information.
Brad
From cryptlib@mbsks.franken.de Mon Feb 25 09:25:06 2002
From: cryptlib@mbsks.franken.de (Richard Skopal)
Date: Mon, 25 Feb 2002 10:25:06 +0100
Subject: [Cryptlib] Cryptlib and Borland C++ Builder
Message-ID: <8190D1AA86E3D2118BCD0008C7BA2A713FE764@SERVER-TREXIMA>
Hi,
is it possible to compile cryptlib with Borland C++ Builder?
Richard Skopal
From cryptlib@mbsks.franken.de Tue Feb 26 22:19:23 2002
From: cryptlib@mbsks.franken.de (alex)
Date: Wed, 27 Feb 2002 01:19:23 +0300
Subject: [Cryptlib] SSL in VB
References: <001001c1bc99$394313c0$2fc0fa0c@attbi.com>
Message-ID: <3C7C09EB.8ADAA5C0@dynaweb.ru>
--------------C2A3E7E6A9356A3AD3FCA436
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit
Hi Gregg!
As it seems to me that questions in this mailing list exist but not the
answers :0)
So I'm trying to help you as I came across the subject that you need :0)
cryptlib VB Interface
=====================
I have just caught up to cryptlib beta0413 with my VB interface.
It is available for download at :-
http://www.geocities.com/SiliconValley/Heights/8298
To convince you that it is much more than just a plain VB interface,
you might want to note the following :-
1. The entire exposed cryptlib functions have been interfaced and
tested with sample code. The author feels that there is nothing
you want to achieve with cryptlib that cannot be achieved with
the vb interface.
2. You could use cryptXXX, VBcryptXXX or mixed. The VBcryptXXX is
the VB flavoured API while the cryptXXX is the faithful
interface of cryptlib function into VB.
The VBcryptXXX is sweet most of the time but ocasionally becomes
a real pain. The cryptXXX is pain most of the time but ocasionally
becomes really handy.
So, even if you are so obliged to use cryptXXX, you should also
taken a look at the VBcryptXXX to get to know the bells and
whistles of using C APIs not tailored for VB.
3. You could use local VB time instead of the default C language
time_t. For example,
validitydate = #April 26, 2007#
VBcryptAddCertComponentTime cert, CRYPT_CERTINFO_VALIDTO,
validitydate
or
VBcryptGetCertComponentTime cert, CRYPT_CERTINFO_VALIDTO, time_t
CTimeToBLocalTime time_t, validitydate
text1 = Format(validitydate, "ddd mmm, DD, hh:mm:ss yyyy")
4. It configures Microsoft Access ODBC for you, you don't need to click
the 'control panel'.
I also have a sample GUI that allows you to manage a cryptlib key
database, such as search/delete certificate by DN components and
dates.
Again, you enter VB time/date strings directly.
5. Certificate handling is made 1-2-3 with the plentiful samples
provided.
You can use cryptlib to be the CA for handling XEnroll certificate
requests. cryptlib signed certificates can be read into Outlook
or MSIE.
Also included is a utility to convert binary stream to base64 stream,
since Microsoft does not support "-----BEGIN/END ...." enveloping,
Dim certificate as String
' export the certificate
VBcryptExportCert certificate, CRYPT_CERTFORMAT_CERTCHAIN, cert
Dim base64 As String
BinToBase64 certificate, base64
' save the file
Open "mycert.b64" For Binary As #3
Put #3, , base64
Close #3
Have fun.
Gregg Housh wrote:
> First off, thanks for a great free library. I need to do an SSL
> connection from a VB app using the cryptlb activex object. Ive used
> winsock for a long time, so I hope its close to the same idea on how
> to use it. I was wondering if anyone had any sample source on how to
> do SSL with the object? Gregg
--------------C2A3E7E6A9356A3AD3FCA436
Content-Type: text/html; charset=koi8-r
Content-Transfer-Encoding: 7bit
Hi Gregg!
As it seems to me that questions in this mailing list exist but not
the answers :0)
So I'm trying to help you as I came across the subject that you need
:0)
cryptlib VB Interface
=====================
I have just caught up to cryptlib beta0413 with my VB interface.
It is available for download at :-
http://www.geocities.com/SiliconValley/Heights/8298
To convince you that it is much more than just a plain VB interface,
you might want to note the following :-
1. The entire exposed cryptlib functions have been interfaced and
tested with sample code. The author feels that there is
nothing
you want to achieve with cryptlib that cannot be achieved
with
the vb interface.
2. You could use cryptXXX, VBcryptXXX or mixed. The VBcryptXXX is
the VB flavoured API while the cryptXXX is the faithful
interface of cryptlib function into VB.
The VBcryptXXX is sweet most of the time but ocasionally
becomes
a real pain. The cryptXXX is pain most of the time but
ocasionally
becomes really handy.
So, even if you are so obliged to use cryptXXX, you should
also
taken a look at the VBcryptXXX to get to know the bells
and
whistles of using C APIs not tailored for VB.
3. You could use local VB time instead of the default C language
time_t. For example,
validitydate = #April 26, 2007#
VBcryptAddCertComponentTime cert, CRYPT_CERTINFO_VALIDTO,
validitydate
or
VBcryptGetCertComponentTime cert, CRYPT_CERTINFO_VALIDTO,
time_t
CTimeToBLocalTime time_t, validitydate
text1 = Format(validitydate, "ddd mmm, DD,
hh:mm:ss yyyy")
4. It configures Microsoft Access ODBC for you, you don't need
to click
the 'control panel'.
I also have a sample GUI that allows you to manage a cryptlib
key
database, such as search/delete certificate by DN components
and dates.
Again, you enter VB time/date strings directly.
5. Certificate handling is made 1-2-3 with the plentiful samples provided.
You can use cryptlib to be the CA for handling XEnroll
certificate
requests. cryptlib signed certificates can be read into
Outlook
or MSIE.
Also included is a utility to convert binary stream to
base64 stream,
since Microsoft does not support "-----BEGIN/END ...."
enveloping,
Dim certificate as String
' export the certificate
VBcryptExportCert certificate,
CRYPT_CERTFORMAT_CERTCHAIN, cert
Dim base64 As String
BinToBase64 certificate, base64
' save the file
Open "mycert.b64" For Binary As
#3
Put #3, , base64
Close #3
Have fun.
Gregg Housh wrote:
First
off, thanks for a great free library. I
need to do an SSL connection from a VB app using the cryptlb activex object.
Ive used winsock for a long time, so I hope its close to the same idea
on how to use it. I was wondering if anyone had any sample source
on how to do SSL with the object? Gregg
--------------C2A3E7E6A9356A3AD3FCA436--
From cryptlib@mbsks.franken.de Tue Feb 26 23:01:14 2002
From: cryptlib@mbsks.franken.de (Gregg Housh)
Date: Tue, 26 Feb 2002 17:01:14 -0600
Subject: [Cryptlib] SSL in VB
References: <001001c1bc99$394313c0$2fc0fa0c@attbi.com> <3C7C09EB.8ADAA5C0@dynaweb.ru>
Message-ID: <001f01c1bf19$7dbe5dc0$0400a8c0@gregg2>
This is a multi-part message in MIME format.
------=_NextPart_000_001C_01C1BEE7.32E84450
Content-Type: text/plain;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable
Thank you for responding. This looks like good stuff. I will give it a =
look when I get the free time, probably tomorrow night.
Gregg
----- Original Message -----=20
From: alex=20
To: cryptlib@mbsks.franken.de=20
Sent: Tuesday, February 26, 2002 4:19 PM
Subject: Re: [Cryptlib] SSL in VB
Hi Gregg!=20
As it seems to me that questions in this mailing list exist but not =
the answers :0)=20
So I'm trying to help you as I came across the subject that you need =
:0)=20
cryptlib VB Interface=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
I have just caught up to cryptlib beta0413 with my VB interface.=20
It is available for download at :-=20
http://www.geocities.com/SiliconValley/Heights/8298=20
To convince you that it is much more than just a plain VB interface,=20
you might want to note the following :-=20
1. The entire exposed cryptlib functions have been interfaced and=20
tested with sample code. The author feels that there is nothing=20
you want to achieve with cryptlib that cannot be achieved with=20
the vb interface.=20
=20
2. You could use cryptXXX, VBcryptXXX or mixed. The VBcryptXXX is=20
the VB flavoured API while the cryptXXX is the faithful=20
interface of cryptlib function into VB.=20
The VBcryptXXX is sweet most of the time but ocasionally becomes=20
a real pain. The cryptXXX is pain most of the time but ocasionally=20
becomes really handy.=20
So, even if you are so obliged to use cryptXXX, you should also=20
taken a look at the VBcryptXXX to get to know the bells and=20
whistles of using C APIs not tailored for VB.=20
3. You could use local VB time instead of the default C language=20
time_t. For example,=20
validitydate =3D #April 26, 2007#=20
VBcryptAddCertComponentTime cert, CRYPT_CERTINFO_VALIDTO, =
validitydate=20
or=20
=20
VBcryptGetCertComponentTime cert, CRYPT_CERTINFO_VALIDTO, time_t=20
CTimeToBLocalTime time_t, validitydate=20
text1 =3D Format(validitydate, "ddd mmm, DD, hh:mm:ss yyyy")=20
4. It configures Microsoft Access ODBC for you, you don't need to =
click=20
the 'control panel'.=20
I also have a sample GUI that allows you to manage a cryptlib key=20
database, such as search/delete certificate by DN components and =
dates.=20
Again, you enter VB time/date strings directly.=20
5. Certificate handling is made 1-2-3 with the plentiful samples =
provided.=20
You can use cryptlib to be the CA for handling XEnroll certificate=20
requests. cryptlib signed certificates can be read into Outlook=20
or MSIE.=20
Also included is a utility to convert binary stream to base64 =
stream,=20
since Microsoft does not support "-----BEGIN/END ...." enveloping,=20
=20
Dim certificate as String=20
' export the certificate=20
VBcryptExportCert certificate, CRYPT_CERTFORMAT_CERTCHAIN, cert =
Dim base64 As String=20
BinToBase64 certificate, base64=20
' save the file=20
Open "mycert.b64" For Binary As #3=20
Put #3, , base64=20
Close #3=20
Have fun.=20
=20
=20
Gregg Housh wrote:=20
First off, thanks for a great free library. I need to do an SSL =
connection from a VB app using the cryptlb activex object. Ive used =
winsock for a long time, so I hope its close to the same idea on how to =
use it. I was wondering if anyone had any sample source on how to do =
SSL with the object? Gregg=20
------=_NextPart_000_001C_01C1BEE7.32E84450
Content-Type: text/html;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable
Thank you for responding. This =
looks like=20
good stuff. I will give it a look when I get the free time, =
probably=20
tomorrow night.
Gregg
----- Original Message -----
From:=20
alex =
Sent: Tuesday, February 26, =
2002 4:19=20
PM
Subject: Re: [Cryptlib] SSL in =
VB
Hi Gregg!=20
As it seems to me that questions in this mailing list exist but not =
the=20
answers :0)
So I'm trying to help you as I came across the subject =
that=20
you need :0)=20
cryptlib VB Interface =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
I have just caught up to cryptlib beta0413 with my VB interface. =
It is=20
available for download at :-=20
http://www.g=
eocities.com/SiliconValley/Heights/8298=20
To convince you that it is much more than just a plain VB =
interface,=20
you might want to note the following :-=20
1. The entire exposed cryptlib functions have been interfaced and=20
tested with sample code. The author feels that there =
is=20
nothing
you want to achieve with cryptlib that cannot =
be=20
achieved with
the vb interface.
2. You =
could=20
use cryptXXX, VBcryptXXX or mixed. The VBcryptXXX is
=
the VB=20
flavoured API while the cryptXXX is the faithful
=
interface of=20
cryptlib function into VB.=20
The VBcryptXXX is sweet most of the time but =
ocasionally=20
becomes
a real pain. The cryptXXX is pain most of the =
time=20
but ocasionally
becomes really handy.=20
So, even if you are so obliged to use cryptXXX, you =
should=20
also
taken a look at the VBcryptXXX to get to know =
the bells=20
and
whistles of using C APIs not tailored for VB.=20
3. You could use local VB time instead of the default C language=20
time_t. For example,=20
validitydate =3D #April 26, 2007#=20
VBcryptAddCertComponentTime cert,=20
CRYPT_CERTINFO_VALIDTO, validitydate=20
or
=20
VBcryptGetCertComponentTime cert, CRYPT_CERTINFO_VALIDTO, time_t=20
CTimeToBLocalTime time_t, validitydate=20
text1 =3D Format(validitydate, "ddd mmm, =
DD,=20
hh:mm:ss yyyy")=20
4. It configures Microsoft Access ODBC for you, you don't =
need to=20
click
the 'control panel'.=20
I also have a sample GUI that allows you to manage a =
cryptlib=20
key
database, such as search/delete certificate by DN =
components and dates.
Again, you enter VB time/date =
strings=20
directly.=20
5. Certificate handling is made 1-2-3 with the plentiful samples =
provided.=20
You can use cryptlib to be the CA for handling XEnroll =
certificate
requests. cryptlib signed certificates =
can be=20
read into Outlook
or MSIE.=20
Also included is a utility to convert binary stream to =
base64=20
stream,
since Microsoft does not support =
"-----BEGIN/END=20
...." enveloping,
=
Dim=20
certificate as String
' =
export the=20
certificate
VBcryptExportCert =
certificate, CRYPT_CERTFORMAT_CERTCHAIN, cert=20
Dim base64 As String=20
BinToBase64 certificate, =
base64=20
' save the file=20
Open "mycert.b64" For Binary =
As #3=20
Put #3, , base64=20
Close #3=20
Have fun.
=20
Gregg Housh wrote:=20
First off, thanks for a great =
free=20
library. I =
need to do an=20
SSL connection from a VB app using the cryptlb activex object. =
Ive=20
used winsock for a long time, so I hope its close to the same idea =
on how to=20
use it. I was wondering if anyone had any sample source on how =
to do=20
SSL with the object? Gregg
------=_NextPart_000_001C_01C1BEE7.32E84450--
From cryptlib@mbsks.franken.de Wed Feb 27 13:57:35 2002
From: cryptlib@mbsks.franken.de (bigworm)
Date: Wed, 27 Feb 2002 21:57:35 +0800 (CST)
Subject: [Cryptlib] =?gb2312?B?UmU6IFJlOiBbQ3J5cHRsaWJdIFNTTCBpbiBWQg==?=
Message-ID: <3C7CE5CF.000006.09734@bjapp7>
Hi,
Can you give me one copy of it ,I can not download from the website.
My EMail address is :zhong_duhang@163.net
>
> Hi Gregg!
> As it seems to me that questions in this mailing list exist but not
> the answers :0)
>
> So I'm trying to help you as I came across the subject that you need
> :0)
> cryptlib VB Interface
>
> =====================
> I have just caught up to cryptlib beta0413 with my VB interface.
>
> It is available for download at :-
> http://www.geocities.com/SiliconValley/Heights/8298
> To convince you that it is much more than just a plain VB interface,
===============================================
ÊÖ»úºÅÂëÊǵçÓÊ£¬´Ó´Ë½»·Ñ²»ÓóһºÅÔÚÊÖ¡°ËæÉíÓÊ¡±
¡ª¡ª 163¡°ËæÉíÓÊ¡±ÊÖ»úÓÊÏä ¡ª¡ª
¡ò ÊÖ»úºÅÂë¾ÍÊǵç×ÓÓÊÏäµØÖ·£¬·½±ã¼ÇÒä
¡ò ²»ÓÃÉÏÍø£¬Í¸¹ýÊÖ»ú¶ÌÐÅ£¬ËæʱÕÆÎÕÓʼþµÄ½ÓÊÕÇé¿ö
¡ò ¾ö²»´í¹ýÈκÎÉÌÒµÁ¼»ú
¡ò ·½±ãµÄ°´ÔÂÊÕ·Ñ·½Ê½£¬×îµÍÿÔÂÖ»Ðè5Ôª
ÏêÇéÇëä¯ÀÀ
http://vip.163.net/mobile/mobile.htm
===============================================
From cryptlib@mbsks.franken.de Thu Feb 28 02:31:49 2002
From: cryptlib@mbsks.franken.de (Tod Courtney)
Date: Wed, 27 Feb 2002 20:31:49 -0600
Subject: [Cryptlib] trouble verifying signature generated by cryptlib
Message-ID: <3C7D9695.48C58BE7@crhc.uiuc.edu>
all
I am fairly new to crypto and cryptlib.
I am having trouble verifying a signature generated by cryptlib. I am
using SHA hashing with RSA. The signature is being passed to a java
program via a CORBA call, along with the Certificate and original data
(the data that was signed). In Java I am using the 'bouncycastle'
crypt library.
First, I had a very difficult time interpretting the signature char *
array returned by cryptCreateSignatureEx. Finally, with some help
from folks, I can do this, and I can now have the java performing the
signature verification without any exceptions. But it is failing. It
performs the RSA decryption and produces data with a 15 byte
DigestInfo header, but the 20 bytes of hash values don't match what I
originally hashed it with.
Because the DigestInfo is correct, I believe the RSA decryption is
occurring correctly. However I can not figure out why the hash values
would be wrong.
My only thought is perhaps cryptlib isn't storing the hash values as a
standard 20 byte array-- that instead it is stored some other way. Is
this possible?
For specifics, here is what I am getting when the Java code verifies
the signature:
digestInfo header:
30 21 30 9 6 5 2b e 3 2 1a 5 0 4 14
sigHash: (the incorrect decrypted hash)
8b b9 c9 5 df 84 6a 34 41 b5 2b b6 ce d2 11 b8 b a9 ec c5
hash: (the correct hash)
44 b7 ab 51 25 6a 27 52 33 b6 36 ae a0 1c 1b a9 1c 57 f 25
I have confirmed that the hash values (the second ones) are correct.
These are what is produced by the hashing functions in both Java and
C++. (I checked the C++ using
cryptGetAttributeString(hash_ctx,
CRYPT_CTXINFO_HASHVALUE,hash,&hashLen);
I would appreciate any help or hints you can give on this problem. If
nothing else, could someone point me to specific places the source
where this hash value is stored into the DigestInfo object before RSA
encryption?
In case it helps, I have enclosed the output of dumpasn1 of the
signature char * array produced by cryptlib. Notice the hash in the
header (starting at byte 132) also matches the 'correct' hash above.
thanks
tod
>~/code/crypt_lib-3.0/keymgmt/dumpasn1 sig.out
0 30 296: SEQUENCE {
4 02 1: INTEGER 1
7 30 39: SEQUENCE {
9 30 27: SEQUENCE {
11 31 11: SET {
13 30 9: SEQUENCE {
15 06 3: OBJECT IDENTIFIER countryName (2 5 4 6)
20 13 2: PrintableString 'US'
: }
: }
24 31 12: SET {
26 30 10: SEQUENCE {
28 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
33 13 3: PrintableString 'p01'
: }
: }
: }
38 02 8: INTEGER
: 71 C5 AC EF E4 51 69 84
: }
48 30 9: SEQUENCE {
50 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
57 05 0: NULL
: }
59 A0 93: [0] {
61 30 24: SEQUENCE {
63 06 9: OBJECT IDENTIFIER contentType (1 2 840 113549 1 9
3)
74 31 11: SET {
76 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: }
: }
87 30 28: SEQUENCE {
89 06 9: OBJECT IDENTIFIER signingTime (1 2 840 113549 1 9
5)
100 31 15: SET {
102 17 13: UTCTime '020228032547Z'
: }
: }
117 30 35: SEQUENCE {
119 06 9: OBJECT IDENTIFIER messageDigest (1 2 840 113549 1
9 4)
130 31 22: SET {
132 04 20: OCTET STRING
: 44 B7 AB 51 25 6A 27 52 33 B6 36 AE A0 1C 1B
A9
: 1C 57 0F 25
: }
: }
: }
154 30 13: SEQUENCE {
156 06 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1
1)
167 05 0: NULL
: }
169 04 128: OCTET STRING
: 5B 29 EA BF 2C 47 5B 28 FD 0E F3 08 D6 2D 5E 73
: 7F 3F 79 58 90 98 38 9B C6 8F 7E 73 4C 91 9E 6A
: 84 C5 EC C9 90 3B D3 32 E7 01 ED 95 28 89 8D FB
: BD 5E D1 88 D3 1C F3 3C FF 3A 99 FA 05 72 95 5C
: 1A B6 1E CD 73 D9 48 40 B3 02 5A 07 BA 24 D8 91
: AB 1D 58 DE 73 E5 C0 67 30 F4 31 26 0B 5D 94 F6
: 4E D5 A7 FA 79 F9 40 0E 29 63 3F 2E 4D 58 29 30
: B5 39 68 49 11 86 AB CC 2B C9 E1 64 EF FB B9 86
: }
--
Tod Courtney Research Programmer, PERFORM Research Group
Center for Reliable & High-Performance Computing |Ph: (217)244-3203
University of Illinois at Urbana, Champaign |Fax:(217)244-3359
231 CSL, 1308 W. Main St., Urbana, IL 61801 |tod@crhc.uiuc.edu
From cryptlib@mbsks.franken.de Thu Feb 28 14:31:04 2002
From: cryptlib@mbsks.franken.de (alex)
Date: Thu, 28 Feb 2002 17:31:04 +0300
Subject: [Cryptlib] client ssh session fails to activate
Message-ID: <3C7E3F28.3F0D665A@dynaweb.ru>
Hi!
I'm activating client ssh session just as it's explained in the manual.
But after proceeding cryptSetAttribute(session,CRYPT_SESSION_ACTIVE,1)
I get only -11 error code i.e. CRYPT_ERROR_NOTINITED.
I'm trying to gather error info using
cryptGetAttribute(session,CRYPT_ATTRIBUTE_INT_ERRORCODE, &ecode)
but it returns zero value.
More over
cryptGetAttributeString(session,CRYPT_ATTRIBUTE_INT_ERRORMESSAGE, emsg,
&emsg_len)
returns -43 i.e. data not found.
Well, then I opened sources of ssh.c and found four points where I can
get CRYPT_ERROR_NOTINITED but in every that point there's code putting
some error info about the situation.
I it something what I don't understand here? Or tis a bug?
Working under RedHat Linux 7.2 kernel 2.4.17 GCC 3.02
Alex
PS I wish any help - though while last week I see only questions not
answers :0(
From cryptlib@mbsks.franken.de Thu Feb 28 15:37:21 2002
From: cryptlib@mbsks.franken.de (Tod Courtney)
Date: Thu, 28 Feb 2002 09:37:21 -0600
Subject: [Cryptlib] trouble verifying signature generated by cryptlib
References: <3C7D9695.48C58BE7@crhc.uiuc.edu>
Message-ID: <3C7E4EB1.74F85DC6@crhc.uiuc.edu>
all
Just to let you know, this problem is resolved. It looks like a bug
in cryptCreateSignatureEx. I switched back to cryptCreateSignature
and now everything is working fine.
Just wanted to let others know in case there is something that needs
to be fixed. I am using cryptlib 3.0.
tod
Tod Courtney wrote:
>
> all
>
> I am fairly new to crypto and cryptlib.
>
> I am having trouble verifying a signature generated by cryptlib. I am
> using SHA hashing with RSA. The signature is being passed to a java
> program via a CORBA call, along with the Certificate and original data
> (the data that was signed). In Java I am using the 'bouncycastle'
> crypt library.
>
> First, I had a very difficult time interpretting the signature char *
> array returned by cryptCreateSignatureEx. Finally, with some help
> from folks, I can do this, and I can now have the java performing the
> signature verification without any exceptions. But it is failing. It
> performs the RSA decryption and produces data with a 15 byte
> DigestInfo header, but the 20 bytes of hash values don't match what I
> originally hashed it with.
>
> Because the DigestInfo is correct, I believe the RSA decryption is
> occurring correctly. However I can not figure out why the hash values
> would be wrong.
>
> My only thought is perhaps cryptlib isn't storing the hash values as a
> standard 20 byte array-- that instead it is stored some other way. Is
> this possible?
>
> For specifics, here is what I am getting when the Java code verifies
> the signature:
>
> digestInfo header:
> 30 21 30 9 6 5 2b e 3 2 1a 5 0 4 14
>
> sigHash: (the incorrect decrypted hash)
> 8b b9 c9 5 df 84 6a 34 41 b5 2b b6 ce d2 11 b8 b a9 ec c5
>
> hash: (the correct hash)
> 44 b7 ab 51 25 6a 27 52 33 b6 36 ae a0 1c 1b a9 1c 57 f 25
>
> I have confirmed that the hash values (the second ones) are correct.
> These are what is produced by the hashing functions in both Java and
> C++. (I checked the C++ using
> cryptGetAttributeString(hash_ctx,
> CRYPT_CTXINFO_HASHVALUE,hash,&hashLen);
>
> I would appreciate any help or hints you can give on this problem. If
> nothing else, could someone point me to specific places the source
> where this hash value is stored into the DigestInfo object before RSA
> encryption?
>
> In case it helps, I have enclosed the output of dumpasn1 of the
> signature char * array produced by cryptlib. Notice the hash in the
> header (starting at byte 132) also matches the 'correct' hash above.
>
> thanks
>
> tod
>
> >~/code/crypt_lib-3.0/keymgmt/dumpasn1 sig.out
> 0 30 296: SEQUENCE {
> 4 02 1: INTEGER 1
> 7 30 39: SEQUENCE {
> 9 30 27: SEQUENCE {
> 11 31 11: SET {
> 13 30 9: SEQUENCE {
> 15 06 3: OBJECT IDENTIFIER countryName (2 5 4 6)
> 20 13 2: PrintableString 'US'
> : }
> : }
> 24 31 12: SET {
> 26 30 10: SEQUENCE {
> 28 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
> 33 13 3: PrintableString 'p01'
> : }
> : }
> : }
> 38 02 8: INTEGER
> : 71 C5 AC EF E4 51 69 84
> : }
> 48 30 9: SEQUENCE {
> 50 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
> 57 05 0: NULL
> : }
> 59 A0 93: [0] {
> 61 30 24: SEQUENCE {
> 63 06 9: OBJECT IDENTIFIER contentType (1 2 840 113549 1 9
> 3)
> 74 31 11: SET {
> 76 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
> : }
> : }
> 87 30 28: SEQUENCE {
> 89 06 9: OBJECT IDENTIFIER signingTime (1 2 840 113549 1 9
> 5)
> 100 31 15: SET {
> 102 17 13: UTCTime '020228032547Z'
> : }
> : }
> 117 30 35: SEQUENCE {
> 119 06 9: OBJECT IDENTIFIER messageDigest (1 2 840 113549 1
> 9 4)
> 130 31 22: SET {
> 132 04 20: OCTET STRING
> : 44 B7 AB 51 25 6A 27 52 33 B6 36 AE A0 1C 1B
> A9
> : 1C 57 0F 25
> : }
> : }
> : }
> 154 30 13: SEQUENCE {
> 156 06 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1
> 1)
> 167 05 0: NULL
> : }
> 169 04 128: OCTET STRING
> : 5B 29 EA BF 2C 47 5B 28 FD 0E F3 08 D6 2D 5E 73
> : 7F 3F 79 58 90 98 38 9B C6 8F 7E 73 4C 91 9E 6A
> : 84 C5 EC C9 90 3B D3 32 E7 01 ED 95 28 89 8D FB
> : BD 5E D1 88 D3 1C F3 3C FF 3A 99 FA 05 72 95 5C
> : 1A B6 1E CD 73 D9 48 40 B3 02 5A 07 BA 24 D8 91
> : AB 1D 58 DE 73 E5 C0 67 30 F4 31 26 0B 5D 94 F6
> : 4E D5 A7 FA 79 F9 40 0E 29 63 3F 2E 4D 58 29 30
> : B5 39 68 49 11 86 AB CC 2B C9 E1 64 EF FB B9 86
> : }
>
> --
> Tod Courtney Research Programmer, PERFORM Research Group
> Center for Reliable & High-Performance Computing |Ph: (217)244-3203
> University of Illinois at Urbana, Champaign |Fax:(217)244-3359
> 231 CSL, 1308 W. Main St., Urbana, IL 61801 |tod@crhc.uiuc.edu
>
> _______________________________________________
> Cryptlib mailing list
> Cryptlib@mbsks.franken.de
> Administration via Mail: cryptlib-request@mbsks.franken.de
--
Tod Courtney Research Programmer, PERFORM Research Group
Center for Reliable & High-Performance Computing |Ph: (217)244-3203
University of Illinois at Urbana, Champaign |Fax:(217)244-3359
231 CSL, 1308 W. Main St., Urbana, IL 61801 |tod@crhc.uiuc.edu
From cryptlib@mbsks.franken.de Thu Feb 28 17:36:01 2002
From: cryptlib@mbsks.franken.de (Olivier Fouache)
Date: Thu, 28 Feb 2002 18:36:01 +0100
Subject: [Cryptlib] interoperability trouble between CryptLib and Cryptix
Message-ID: <3C7E6A80.E1ABD89B@eurecom.fr>
This is a multi-part message in MIME format.
--------------9BC317E378C0EAB764F0BA21
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
I have some pb of decryption with Rijndael (AES) cipher and decipher
(CBC mode):
for exemple :
key : c1668d66f21eafe1a762f526dc6cf89d
IV : 8eb968ca9d155ca64b13ebc7ff358c37
PT : 0000000301000100000080c59a7ff98f
Cryptlib CT : e1da869f44e3c8141c386ce75183d7e1
Cryptix CT : b47edd0252e5162a02eff0de1f13d22a
if someone knows what is the origin of this pb ...
thanks.
--
Olivier Fouache Ingenieur de
Recherche
Laboratoire Securite (labo 118) Olivier.Fouache@eurecom.fr
Institut EURECOM, 2229 Route des Cretes Tel labo secu : 04.93.00.26.98
SOPHIA ANTIPOLIS 06560 VALBONNE - FRANCE
http://www.eurecom.fr/~fouache/
--------------9BC317E378C0EAB764F0BA21
Content-Type: text/x-vcard; charset=us-ascii;
name="olivier.fouache.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Olivier Fouache
Content-Disposition: attachment;
filename="olivier.fouache.vcf"
begin:vcard
n:Fouache;Olivier
tel;cell:06.66.01.87.42
tel;work:04.93.00.26.98
x-mozilla-html:FALSE
url:http://www.eurecom.fr/~fouache
org:Institut Eurécom;Corporate Communication
version:2.1
email;internet:olivier.fouache@eurecom.fr
title:Ingénieur de Recherche
adr;quoted-printable:;;2229 Route des Cr=EAtes=0D=0A;Valbonne;France;06560;
fn:Olivier Fouache
end:vcard
--------------9BC317E378C0EAB764F0BA21--
From cryptlib@mbsks.franken.de Thu Feb 28 18:58:12 2002
From: cryptlib@mbsks.franken.de (Matthias Bruestle)
Date: Thu, 28 Feb 2002 19:58:12 +0100
Subject: [Cryptlib] interoperability trouble between CryptLib and Cryptix
In-Reply-To: <3C7E6A80.E1ABD89B@eurecom.fr>; from olivier.fouache@eurecom.fr on Thu, Feb 28, 2002 at 06:36:01PM +0100
References: <3C7E6A80.E1ABD89B@eurecom.fr>
Message-ID: <20020228195812.F28051@mbsks.franken.de>
Mahlzeit
On Thu, Feb 28, 2002 at 06:36:01PM +0100, Olivier Fouache wrote:
> I have some pb of decryption with Rijndael (AES) cipher and decipher
> (CBC mode):
> for exemple :
> key : c1668d66f21eafe1a762f526dc6cf89d
> IV : 8eb968ca9d155ca64b13ebc7ff358c37
> PT : 0000000301000100000080c59a7ff98f
> Cryptlib CT : e1da869f44e3c8141c386ce75183d7e1
> Cryptix CT : b47edd0252e5162a02eff0de1f13d22a
When I do normal CBC (xor IV with PT and then encrypt the block) I get
the same results as in cryptlib:
key = c1668d66f21eafe1a762f526dc6cf89d
input = 8eb968c99c155da64b136b02654a75b8
enc = e1da869f44e3c8141c386ce75183d7e1
dec = 8eb968c99c155da64b136b02654a75b8
This was with Brian Gladmans implementation from February 2001.
Mahlzeit
endergone Zwiebeltuete