« Return to Thread: CMP authentication
CMP authentication
by Juraj Michalak
::
Rate this Message:
Hello,
I created CMP session (CRYPT_REQUESTTYPE_INITIALIZATION) to obtain
certificate from CA. In my project I have used EJBCA
(http://www.ejbca.org) as CA. I have created end user with password in
EJBCA. I have set that user and password on my cryptlib CMP session and
activated it... -> error ...
Problem:
========
In EJBCA logs I can see that there is problem with user authentication.
EJBCA is expecting authentication via regToken attribute in
CRMF->CertRequest->Controls (it is only supported auth. by EJBCA).
With use of wireshark I have found that cryptlib sends in that CMP
session only PBM (Password Based Mac), where is used USERNAME previously
set on that cryptlib CMP session. So I believe that cryptlib uses PBM
for authentication.
QUESTION:
=========
What can I do? I'm so far with my project. Till now I have used only
those dummy self signed certificates (CRYPT_CERTINFO_XYZZY) or imported
certificates.
PS:
==
I have seen that there are some questions about importing from different
formats (PEM, PKCS12). And I think that better answer could be:
Let's use openssl to covert any certificate into .der format, which can
be imported easily by cryptCertImport(...):
openssl x509 -inform PEM -in cert_in_pem_file -outform DER -out
converted_cert_in_der
(for other usage - openssl x509 help)
PS2:
====
If you are curious/interested - my project (quotation of cryptlib's
manual is also there, it is short article for out faculty conference):
http://student.fiit.stuba.sk/~michalak04/zdielane/Michalak_iit-src2009.pdf
best regards
Juraj Michalak
_______________________________________________
Cryptlib mailing list
Cryptlib@... via Mail: cryptlib-request@...
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
I created CMP session (CRYPT_REQUESTTYPE_INITIALIZATION) to obtain
certificate from CA. In my project I have used EJBCA
(http://www.ejbca.org) as CA. I have created end user with password in
EJBCA. I have set that user and password on my cryptlib CMP session and
activated it... -> error ...
Problem:
========
In EJBCA logs I can see that there is problem with user authentication.
EJBCA is expecting authentication via regToken attribute in
CRMF->CertRequest->Controls (it is only supported auth. by EJBCA).
With use of wireshark I have found that cryptlib sends in that CMP
session only PBM (Password Based Mac), where is used USERNAME previously
set on that cryptlib CMP session. So I believe that cryptlib uses PBM
for authentication.
QUESTION:
=========
What can I do? I'm so far with my project. Till now I have used only
those dummy self signed certificates (CRYPT_CERTINFO_XYZZY) or imported
certificates.
PS:
==
I have seen that there are some questions about importing from different
formats (PEM, PKCS12). And I think that better answer could be:
Let's use openssl to covert any certificate into .der format, which can
be imported easily by cryptCertImport(...):
openssl x509 -inform PEM -in cert_in_pem_file -outform DER -out
converted_cert_in_der
(for other usage - openssl x509 help)
PS2:
====
If you are curious/interested - my project (quotation of cryptlib's
manual is also there, it is short article for out faculty conference):
http://student.fiit.stuba.sk/~michalak04/zdielane/Michalak_iit-src2009.pdf
best regards
Juraj Michalak
_______________________________________________
Cryptlib mailing list
Cryptlib@... via Mail: cryptlib-request@...
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
« Return to Thread: CMP authentication
| Free embeddable forum powered by Nabble | Forum Help |
