David Müller
Reputation: 21
cryptlib cryptSignCert fails
I'm actually programming and end to end encryped calendar. For this I am using cryptlib. I've more or less copied the code from the manual. But always, when I try to generate a root ca. It fails with error code -2 at cryptSignCert(). (Which means, according to the manual, that there is a problem with the second parameter)
Here is a little code to reproduce the problem.
#include <iostream>
#include <cstring>
#include "cryptlib.h"
/*Generating a root ca*/
auto genRootCA(const char* commonName,const char* keyLabel,const char* country) -> int
{
int status;
CRYPT_CONTEXT cryptContext;
cryptCreateContext( &cryptContext, CRYPT_UNUSED, CRYPT_ALGO_RSA );
cryptSetAttributeString( cryptContext, CRYPT_CTXINFO_LABEL, keyLabel, strlen( keyLabel ) );
cryptGenerateKey( cryptContext );
CRYPT_CERTIFICATE cryptCertificate;
cryptCreateCert(&cryptCertificate,CRYPT_UNUSED,CRYPT_CERTTYPE_CERTIFICATE);
cryptSetAttributeString(cryptCertificate,CRYPT_CERTINFO_COUNTRYNAME,country,strlen(country));
cryptSetAttributeString(cryptCertificate,CRYPT_CERTINFO_COMMONNAME,commonName,strlen(commonName));
//Set to self-signed
cryptSetAttribute(cryptCertificate,CRYPT_CERTINFO_SELFSIGNED,1);
cryptSetAttribute(cryptCertificate,CRYPT_CERTINFO_CA,1);
//Sign certificate
status = cryptSignCert(cryptCertificate,cryptContext); //This is, what is actually not working
if( cryptStatusError( status ) )
{
cryptDestroyContext( cryptContext );
cryptDestroyCert(cryptCertificate);
return( status );
}
//Save data to disk....(cut out)
}
int main()
{
cryptInit();
cryptAddRandom(NULL,CRYPT_RANDOM_FASTPOLL);
std::cout << "Generating root ca.\n";
int r = genRootCA("[email protected]","Private key","DE");
std::cout << "Returned value " << r << std::endl;
cryptEnd();
}
Thanks in advance, David.
Upvotes: 1
Views: 268
Answers (1)
David Müller
Reputation: 21
I've finally found a solution for the problem. I've forgotten to add the public key to the certificate. Here is a working example code:
#include <iostream>
#include <cstring>
#include "cryptlib.h"
/* generating the root ca */
auto genRootCA(const char* commonName,const char* keyLabel, const char* country,const char* path, const char* password) -> int
{
int status;
CRYPT_CONTEXT cryptContext;
cryptCreateContext( &cryptContext, CRYPT_UNUSED, CRYPT_ALGO_RSA );
cryptSetAttributeString( cryptContext, CRYPT_CTXINFO_LABEL, keyLabel, strlen( keyLabel ) );
cryptGenerateKey( cryptContext );
CRYPT_CERTIFICATE cryptCertificate;
cryptCreateCert(&cryptCertificate,CRYPT_UNUSED,CRYPT_CERTTYPE_CERTIFICATE);
/* Add the public key */
status = cryptSetAttribute( cryptCertificate,
CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO, cryptContext );
cryptSetAttributeString(cryptCertificate,CRYPT_CERTINFO_COUNTRYNAME,country,strlen(country));
cryptSetAttributeString(cryptCertificate,CRYPT_CERTINFO_COMMONNAME,commonName,strlen(commonName));
//Set to self-signed
cryptSetAttribute(cryptCertificate,CRYPT_CERTINFO_SELFSIGNED,1);
cryptSetAttribute(cryptCertificate,CRYPT_CERTINFO_CA,1);
//Sign certificate
status = cryptSignCert(cryptCertificate,cryptContext); //Works now
if( cryptStatusError( status ) )
{
cryptDestroyContext( cryptContext );
cryptDestroyCert(cryptCertificate);
return( status );
}
//Saving data to disk (cut out)
return CRYPT_OK;
}
int main()
{
cryptInit();
cryptAddRandom(NULL,CRYPT_RANDOM_FASTPOLL);
std::cout << "Generating root ca.\n";
int r = genRootCA("[email protected]","Private key","DE","key.pem","abc");
std::cout << "Returned value " << r << std::endl;
cryptEnd();
}
I hope this helps others, who have the same problem.
Upvotes: 1
Related Questions
- OpenSSL ssl_accept() error 5
- rsa_public_encrypt returns -1, error 0x0406B07A
- OpenSSL RSA library throws exception
- Decrypting using openssl c/c++ API fails
- OpenSSL and Trusted System Certifcates
- Library has no ciphers available
- OpenSSL Fails at EVP_VerifyFinal
- OpenSSL certificate lacks key identifiers
- OpenSSL error "assertion failed"
- SSL Certificate verification fails: Using OpenSSL