Cryptography Tutorials - Tutorial Addendum - OpenSSL - Acceptance Aisle and Validation

arcadegamesios financeappsios strategygamesios
 31 December 18:00   

    



    



    

(Continued from antecedent part...)

    



    

2. Breeding a affidavit for John and active by , john.crt:

    

 

    

>echo Breeding keys for John

    

>openssl genrsa -des3 -out john_rsa.key

    

...

    

>echo Breeding a affidavit signing appeal for John

    

>openssl req -new -key john_rsa.key -out john.csr -config openssl.cnf

    

...

    

>echo Signing a John s appeal by s key

    

>openssl x509 -req -in john.csr -CA .crt -CAkey _rsa.key

    

-out john.crt -set_serial 3

    

...

    



    



    

3. Breeding a affidavit for Bill and active by John, bill.crt:

    

 

    

>echo Breeding keys for Bill

    

>openssl genrsa -des3 -out bill_rsa.key

    

...

    

>echo Breeding a affidavit signing appeal for Bill

    

>openssl req -new -key bill_rsa.key -out bill.csr -config openssl.cnf

    

...

    

>echo Signing a Bill s appeal by John s key

    

>openssl x509 -req -in bill.csr -CA john.crt -CAkey john_rsa.key

    

-out bill.crt -set_serial 7

    

...

    



    



    

4. Breeding a affidavit for Tom and active by Bill, tom.crt:

    

 

    

>echo Breeding keys for Tom

    

>openssl genrsa -des3 -out tom_rsa.key

    

...

    

>echo Breeding a affidavit signing appeal for Bill

    

>openssl req -new -key tom_rsa.key -out tom.csr -config openssl.cnf

    

...

    

>echo Signing a Tom s appeal by Bill s key

    

>openssl x509 -req -in tom.csr -CA bill.crt -CAkey bill_rsa.key

    

-out tom.crt -set_serial 11

    

...

    



    



    

Ok. 4 certificates are abundant to do some absorbing tests with the "verify" command:

    



    

5. Verify the beeline acceptance path, one affidavit only:

    

 

    

>openssl verify .crt

    

.crt: /C=CN/ST=PN/L=LN/O=ON/OU=UN/CN= Yang

    

error 18 at 0 abyss lookup:self active certificate

    

OK

    

>openssl verify -CAfile .crt .crt

    

.crt: OK

    

OK

    

>openssl verify john.crt

    

john.crt: /C=CN/ST=PN/L=LN/O=ON/OU=UN/CN=John Smith

    

error 20 at 0 abyss lookup:unable to get bounded issuer certificate

    

>openssl verify -CAfile john.crt john.crt

    

john.crt: /C=CN/ST=PN/L=LN/O=ON/OU=UN/CN=John Smith

    

error 20 at 0 abyss lookup:unable to get bounded issuer certificate

    



    



    

Note that:

    



        

  • You will get an OK with an error, if acceptance a self-signed affidavit after allegorical it as the CA certificate.

        



  •     

  • You will get a absolute OK, if acceptance a self-signed affidavit with the CA affidavit defined as itself.

        



  •     

  • You will get an error, if acceptance a non self-signed affidavit with or after allegorical it as the CA certificate.

        



  •     



    



    

6. Verify acceptance paths of two certificates:

    

 

    

>openssl verify -CAfile .crt john.crt

    

john.crt: OK

    

>openssl verify -CAfile .crt bill.crt

    

bill.crt: /C=CN/ST=PN/L=LN/O=ON/OU=UN/CN=Bill White

    

error 20 at 0 abyss lookup:unable to get bounded issuer certificate

    

>openssl verify -CAfile john.crt bill.crt

    

bill.crt: /C=CN/ST=PN/L=LN/O=ON/OU=UN/CN=John Smith

    

error 2 at 1 abyss lookup:unable to get issuer certificate

    



    



    

Note that:

    



        

  • Test 1: Perfect.

        



  •     

  • Test 2: Aisle torn at 0 depth. Could not acquisition the issuer on bill.crt.

        



  •     

  • Test 3: Aisle torn at 1 depth. Could not acquisition the issuer on john.crt.

        



  •     



    



    

7. Verify acceptance paths of some certificates:

    

 

    

>openssl verify -CAfile .crt -untrusted john.crt bill.crt

    

bill.crt: OK

    

>openssl verify -CAfile .crt -untrusted bill.crt tom.crt

    

tom.crt: /C=CN/ST=PN/L=LN/O=ON/OU=UN/CN=Bill Gate

    

error 20 at 1 abyss lookup:unable to get bounded issuer certificate

    

>copy john.crt+bill.crt all.crt

    

>openssl verify -CAfile .crt -untrusted all.crt tom.crt

    

tom.crt: OK

    



    



    

Note that:

    



        

  • Test 1: Perfect.

        



  •     

  • Test 2: Aisle torn at 1 depth. Could not acquisition the issuer on bill.crt.

        



  •     

  • Test 3: Perfect. Attending at how I accompany two certificates book calm with the DOS command "copy".

        



  •     



    



    



    

Conclusion

    



    

The acceptance aisle abstraction is simple. Just bethink that the antecedent affidavit identifies the issuer of the next certificate.

    



    

OpenSSL "verify" apparatus is cool. It needs alone two command options: -CAfile and -untrusted.

    



    



    

 


Tags: certificate, lookup, command, certificates, notes, broken, certification, signing, issuer, tutorial, tutorials

 openssl, certificate, verify, issuer, depth, cafile, generating, signed, certification, request, lookup, signing, unable, untrusted, local, perfect, certificates, crtbill, broken, validating, command, config, genrsa, cakey, serial, crtjohn, smitherror, , openssl verify, rsa key, verify cafile, john crt, bill crt, key out, cafile crt, depth lookup, echo generating, lookup unable, certification path, local issuer, crt bill, path broken, crt crt, bill rsa, depth could, crt untrusted, bill openssl, crtbill crt, bill crtbill, john smitherror, certificate openssl, crtjohn crt, john crtjohn, issuer certificate, signed certificate, crt set, key openssl, des3 out, john rsa, key echo, certificate signing, genrsa des3, openssl genrsa, certificate for, crt echo, generating keys, keys for, signing request, request for, cnf echo, echo signing, openssl x509, x509 req, openssl cnf, config openssl, openssl req, req new, new key, csr config, crt cakey, openssl verify cafile, depth lookup unable, csr config openssl, cnf echo signing, local issuer certificate, crt bill crtbill, certificate openssl verify, certificate signing request, key openssl x509, key echo generating, echo generating keys, crt echo generating, openssl genrsa des3, error when validating, signed certificate with, verify certification paths, issuer certificatenote that, certificates openssl verify, tutorials tutorial notes, tutorial notes openssl, openssl certification path, cryptography tutorials tutorial, notes openssl certification, issuer certificate openssl, verify cafile john, crt john crtjohn,

Share Cryptography Tutorials - Tutorial Addendum - OpenSSL - Acceptance Aisle and Validation:
Digg it!   Google Bookmarks   Del.icio.us   Yahoo! MyWeb   Furl  Binklist   Reddit!   Stumble Upon   Technorati   Windows Live   Bookmark

Text link code :
Hyper link code:

Also see ...

Permalink
Article In : Computers & Technology  -  crypto