Can any one tell me about the HTTPS authentication using ssl .I have a crt file .What are the files required to authenticate HTTPS . I am using CURl . Any example program in c language to authenticate HTPPS using CURl is highly appreciable..
Thanks in advance.
I'm assuming you're talking about libcurl, and you've looked at the example here. That uses a PEM file: from the docs for CURLOPTSSLCERTTYPE, the supported formats are PEM and DER: your CRT file might be in DER format, so try the code from the sample.
If you have a valid .crt client certificate that doesn't get successfully interpreted as a DER format file you can convert it to PEM format.
Related
We are deploying a console application based batch files to send emails. We take the content from the standard input and then pass it to Bmail and MgSMTP server.
Now we want to add a DKIM signature to the email. Since the app is written in batch, the only way to sign hashes is using openssl.exe.
I already have the bodyhash and the headerhash hashed with sha1 and encoded in base64.
The question is: How can I dkim sign emails?
Well, after some research I found very useful this:
OpenSSL C++ RSA sign is different from command line sign
echo "%headerhash%" | openssl rsautl -sign -inkey key.pem -out tempfile.pem
Does LibCurl provide some functionality to produce tokens or hash/salt a string and shared secret? My c++ program will upload files to the server and my server script will authenticate that the HTTP post is coming from my c++ application and not someone else. So I'll send a auth token or hash in the query string that the server script can compare with its own to authenticate the request.
I've seen that you can authenticate using curl --user name:password http://www.example.com but can't a user just read the binary executable and see the username and password?
Although, maybe I am reinventing the wheel with my auth approach. Does LibCurl or another c++ provide the ability to perform shared-secret authentication?
I haven't tried this, but since the command line supports a netrc file as described here https://stackoverflow.com/a/27894407/1542667. This is more secure when using the command line as you don't make your password visible to everyone on the same host via the ps command.
It looks like you could use the same approach for libcurl
https://curl.haxx.se/libcurl/c/CURLOPT_NETRC_FILE.html
I need to create a PKCS7 signature for some data using my Python app running on Google App Engine (GAE). More specifically, I am trying to create a PKCS7 signature of an Apple Passbook pass manifest; the Passbook pass requires the PKCS7 signature file to be present in order to be a complete and valid pass.
I have spent almost a week researching and trying to no avail.
I can successfully create the signature using openssl command line on my local PC with:
openssl smime -binary -sign -certfile WWDR.pem -signer certificate.pem -inkey key.pem -in manifest.json -out signature -outform DER
I can also successfully create the signature using M2Crypto library on my local PC with:
from M2Crypto import BIO, SMIME, X509
s = SMIME.SMIME()
s.load_key('identity.pem') # my certificate and private key
x509 = X509.load_cert('WWDR.pem') # Apple's intermediate certificate
sk = X509.X509_Stack()
sk.push(x509)
s.set_x509_stack(sk)
p7 = s.sign(bio_manifest, SMIME.PKCS7_DETACHED | SMIME.PKCS7_BINARY)
pkcs7_buffer = BIO.MemoryBuffer()
p7.write_der(pkcs7_buffer)
f = open('signature', 'w')
f.write(pkcs7_buffer.read())
f.close()
However, M2Crypto is a wrapper to OpenSSL which is not supported on GAE.
GAE supports the pycrypto library, but it doesn't seem this library has support for PKCS7 signing.
I've also looked at tlslite, which is a pure python implementation and therefore should be supported on GAE, but it also doesn't seem to have support for PKCS7 signing.
I'm looking for guidance from anyone that has been able to successfully create a PKCS7 signature on GAE. If you could point me to a pure python library or any other solution, I'd really appreciate it.
Otherwise, I feel like I've reached the boundary of what is possible with GAE and will be looking to move my app to another platform. I'm a bit flabbergasted that it has been this difficult and that GAE doesn't support the openssl library given the importance of data security; it appears they aren't serious about providing a web app service that offers support for anything beyond the basics. Unless (hopefully) I've missed the obvious.
Thanks for any help!
Can anyone tell me how to verify the Password-based P12 file using openssl? Logic or sample code will be much helpful.
You can find a code sample that :
- opens a pkcs#12 file with password
- extracts the private key and certificates
in the openssl source code at :
./demos/pkcs12/pkread.c
I use google app engine trying to add ssl for custom domain. I use naked domain. After "PEM encoded X.509 public key certificate" and "Unencrypted PEM encoded RSA private key" uploaded. "The SSL certificate provided could not be inserted." is returned. I use https://www.sslchecker.com check private key/ssl match. It matches. What's wrong? I use key size "RSA 2048", nothing wrong ordering the concatenated certificates. Thank you.
I spent a long time working with this error and found a solution for my problem here:
http://qiita.com/yogurito/items/550b50b262418e93da22
If I understand correctly, the key file needed to be without a password, so running:
openssl rsa -in appengine.key -out appengine-nopass.key
provided a key that GAE liked.