How can I send the RSA-key to openssl rsautl without putting it in a file first.
What I would like to do:
openssl rsautl -decrypt -inkey "MII3f....324=="
instead of
openssl rsautl -decrypt -inkey privateKey.pem
Seems like it's impossible. The docs don't show any arguments that would allow this.
I guess I'll have to write a C++ wrapper.
Related
I'm currently working on generating a certificate & private key and trying to import it in a pkcs#12 file, however when i try to generate it, i had a error from OpenSSL. For my tests, i have to insert a friendly name to my privatekey when the p12 is generating. Here under some details :
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name "otto"
After this last command, i enter the server.key passphrase, enter an export password, and after that, a window appears informing that OpenSSL crashed...
I already searched for solutions, but found nothing usefull, does anyone have an idea ?
Thank you for your help
Regards
After running this:
openssl pkcs12 -in path.p12 -out newfile.crt.pem -clcerts -nokeys
I get prompted with the option descriptions.
After running this
openssl pkcs12 -in path.p12 -out newfile.key.pem -nocerts -nodes
I get prompted with "Enter Import Password:". What is this import password? I tried the one I set from the firefox backup and it responded with "Mac verify error: invalid password?". I'm sure that the password is correct because I tested it by importing it again into firefox.
I got the commands from the answer to this question!
I experienced the same thing too. Try to put the password in the command line like this. It works for me:
openssl pkcs12 -in path.p12 -out newfile.key.pem -nocerts -nodes -password pass:<mypassword>
I need to automate X509 SSL certificate generation in a bash script (without prompt any strings to console).
I generate an SSL key and cert request automatically, but I can not automatize certificate generation without promt password.
This commands works without prompt:
openssl genrsa -des3 -passout pass:passwd -out testem/2.key 1024
openssl req -new -passin pass:passwd -subj "/" -key testem/2.key -out testem/2.csr
This command requests input password:
openssl x509 -req -days 365 -in testem/2.csr -signkey testem/2.key -out testem/2.crt
I can't find the option "-passout" in the manual of the command "x509".
What can be done?
You need to supply the password. Like this for example.
openssl x509 -passin pass:passwd -req -days 365 -in testem/2.csr -signkey testem/2.key -out testem/2.crt
I am trying to run OpenSSL from Node.js in order to create a CSR. Basically, this works fine, but now I have a problem I can not solve.
Basically, what I want to do is to create a CSR from a key. The appropriate command is
$ openssl req -key private.key -new -subj "/C=DE/ST=..."
This outputs the CSR to stdout. So far, this is fine. What I now want to change is that I do not need to have the private key in a special file, instead I want to provide it from stdin. So, basically I'd like to run OpenSSL like this:
$ openssl req -new -subj "/C=DE/ST=..."
But since the -key parameter is now missing, this forces OpenSSL to create a new private key. How can I tell OpenSSL not to create a new private key, but to use the one I provide via stdin?
PS: I am aware of the option to hand over /dev/stdin to the -key parameter, but this will only work on OS X and Linux, not on Windows.
Instead of going to Extension Builder > Build Packageā¦, I'd like to built a .safariextz package from the MyExtension.safariextension folder.
I know I can unpack an extension with xar -xf. I suspect the way back involves packing it with xar, but then I'll need to do the code signing thing, which may or may not involve codesign(1).
Here are Omar Ismail's instructions, omitting the need for separate shell scripts. This will all occur in a directory safari/, where we will be signing the directory safari/appname.safariextension/ to become the extension safari/appname.safariextz. The first thing is to sign the extension the official way, with Extension Builder's Build Package.
Set up Xar:
1. Download and unzip/untar
https://github.com/downloads/mackyle/xar/xar-1.6.1.tar.gz
to wherever you want the executable xar-1.6.1 (xar 1.6dev doesn't support the options we need)
2. in xar-1.6.1/
./configure
make
sudo make install
sudo ln -s /full/path/to/xar-1.6.1/src/xar /usr/local/bin/xar161
Set up your certificates:
1. in safari/
mkdir certs/
xar161 -f appname.safariextz --extract-certs certs/
2. open Keychain Access and export your Safari Developer certificate to safari/certs/certs.p12 (use a blank password for certs.p12, and then use your Mac's password to export the cert)
3. in safari/certs/
openssl pkcs12 -in certs.p12 -nodes | openssl x509 -outform der -out cert.der
(same blank password)
openssl pkcs12 -in certs.p12 -nodes | openssl rsa -out key.pem
(same blank password)
openssl dgst -sign key.pem -binary < key.pem | wc -c > size.txt
It's possible that you can get the certificates from certs/cert.p12, and not need the --extract-certs step (and hence not need the extension built the official way), but I don't know openssl well enough, and it's only for the set up that you need that step anyway.
Once everything is set up, to sign the extension:
In safari/
xar161 -czf appname.safariextz --distribution appname.safariextension/
xar161 --sign -f appname.safariextz --digestinfo-to-sign digest.dat --sig-size `cat certs/size.txt` --cert-loc certs/cert.der --cert-loc certs/cert01 --cert-loc certs/cert02
openssl rsautl -sign -inkey certs/key.pem -in digest.dat -out sig.dat
xar161 --inject-sig sig.dat -f appname.safariextz
rm -f sig.dat digest.dat
This was all on a 2006 Snow Leopard MacBook, so it's possible things may be different on a machine that's more up to date.
Looks like there is a way to patch XAR with a signature option. http://code.google.com/p/xar/issues/detail?id=76#c0