I am using windows openssl version 3.0.1 14. The issue is when the file name has non-English character, it failed to encrypt the file with below error:
C:\Users\XXX\Desktop>openssl aes-256-cbc -e -salt -in "C:\Users\XXX\Desktop\test\试试.txt" -out "C:\Users\XXX\Desktop\test\ENCRYPTING.txt" -k 12230000000000000000000000000000 -iv F1230000000000000000000000000000
Can't open "C:\Users\XXX\Desktop\test\??.txt" for reading, Invalid argument
B8280000:error:8000007B:system library:BIO_new_file:Unknown error:crypto\bio\bss_file.c:67:calling fopen(C:\Users\lishi\Desktop\test\??.txt, rb)
B8280000:error:10080002:BIO routines:BIO_new_file:system lib:crypto\bio\bss_file.c:77:
The terminal I use is Windows command prompt, I verified that this Chinese file can be opened successfully in cmd using issuing:
C:\Users\XXX\Desktop>notepad C:\Users\XXX\Desktop\test\试试.txt
Any configuration things I need to do in openssl side to support utf8?
Related
My requirement is to create RSA private key file from certificate file (.crt extention file). Openssl installed in my system and I also set the environment variable in "PATH". Unfortunately, while I am executing the command in CMD it's not working... The response getting in the CMD is
The command I am executing in CMD
openssl pkcs12 -in myfile.crt -nocerts -out keyFile.key
The response is
pkcs12: Use -help for summary.
I am not familiar with Openssl, Not found a correct solution yet. If any help, it will be appreciated.
Thanks in advance.
This command fails on one Windows machine in git bash session, while on the other machine it work fine.
auser#pc MINGW64 /c/Developer/TEMP/openssltest
$ echo "Hi Alice!" | openssl rsautl -encrypt -inkey /c/Developer/TEMP/openssltest/pub2.pem --pubin
Can't open /c/Developer/TEMP/openssltest/pub2.pem for reading, No such file or directory
15844:error:02001003:system library:fopen:No such process:../openssl-1.1.1k/crypto/bio/bss_file.c:69:fopen('/c/Developer/TEMP/openssltest/pub2.pem','r')
15844:error:2006D080:BIO routines:BIO_new_file:no such file:../openssl-1.1.1k/crypto/bio/bss_file.c:76:
unable to load Public Key
auser#pc
This command work on a machine where it fails
$ echo "Hi Alice!" | openssl rsautl -encrypt -inkey ./pub2.pem --pubin
I do not have any issues on another machine. Where to look?
I would look into:
difference in openssl version
read access: cat /c/Developer/TEMP/openssltest/pub2.pem (or cat /c/Developer/TEMP/anyOtherFile)
difference in user for the shell session (env|grep -i user)
If you are running that test with a user account which does not have the right to read that TEMP folder, you would get that error.
I'm trying to convert a bash script for Linux to run in Windows batch as well. Amongst several commands, there is also an OpenSSL command which reads a certificate from an https server and stores it in a variable. The bash command is:
openssl s_client -showcerts -connect $SERVER_IP:443/login </dev/null 2>/dev/null|openssl x509 -outform PEM > mycertfile.pem
I've installed OpenSSL in my Windows machine from here. I prefered the "Win64 OpenSSL v1.1.0e Light" version of OpenSSL.
How is this command transferred to Windows logic? Any ideas?
Learning about big query on google app engine and wanted to try out this library that also required me to know about Converting the service account credential to other formats. I have tried the command
# Convert the key from pkcs12 to pkcs1 (PEM).
$ cat /path/to/xxxx-privatekey.p12 | openssl pkcs12 -nodes -nocerts -passin pass:notasecret | openssl rsa > /path/to/secret.pem
on the command line but I get
'cat' is not recognized as an internal or external command,
operable program or batch file.
How do I resolve this?
Use windows powershell. WIndows 7 afterwards, it comes along with the windows.
Use 'Windows PowerShell' to the 'cat' Command, It'll work.
Instead of going to Extension Builder > Build Package…, I'd like to built a .safariextz package from the MyExtension.safariextension folder.
I know I can unpack an extension with xar -xf. I suspect the way back involves packing it with xar, but then I'll need to do the code signing thing, which may or may not involve codesign(1).
Here are Omar Ismail's instructions, omitting the need for separate shell scripts. This will all occur in a directory safari/, where we will be signing the directory safari/appname.safariextension/ to become the extension safari/appname.safariextz. The first thing is to sign the extension the official way, with Extension Builder's Build Package.
Set up Xar:
1. Download and unzip/untar
https://github.com/downloads/mackyle/xar/xar-1.6.1.tar.gz
to wherever you want the executable xar-1.6.1 (xar 1.6dev doesn't support the options we need)
2. in xar-1.6.1/
./configure
make
sudo make install
sudo ln -s /full/path/to/xar-1.6.1/src/xar /usr/local/bin/xar161
Set up your certificates:
1. in safari/
mkdir certs/
xar161 -f appname.safariextz --extract-certs certs/
2. open Keychain Access and export your Safari Developer certificate to safari/certs/certs.p12 (use a blank password for certs.p12, and then use your Mac's password to export the cert)
3. in safari/certs/
openssl pkcs12 -in certs.p12 -nodes | openssl x509 -outform der -out cert.der
(same blank password)
openssl pkcs12 -in certs.p12 -nodes | openssl rsa -out key.pem
(same blank password)
openssl dgst -sign key.pem -binary < key.pem | wc -c > size.txt
It's possible that you can get the certificates from certs/cert.p12, and not need the --extract-certs step (and hence not need the extension built the official way), but I don't know openssl well enough, and it's only for the set up that you need that step anyway.
Once everything is set up, to sign the extension:
In safari/
xar161 -czf appname.safariextz --distribution appname.safariextension/
xar161 --sign -f appname.safariextz --digestinfo-to-sign digest.dat --sig-size `cat certs/size.txt` --cert-loc certs/cert.der --cert-loc certs/cert01 --cert-loc certs/cert02
openssl rsautl -sign -inkey certs/key.pem -in digest.dat -out sig.dat
xar161 --inject-sig sig.dat -f appname.safariextz
rm -f sig.dat digest.dat
This was all on a 2006 Snow Leopard MacBook, so it's possible things may be different on a machine that's more up to date.
Looks like there is a way to patch XAR with a signature option. http://code.google.com/p/xar/issues/detail?id=76#c0