openssl dgst -sha256 < data.txt produces something like: (stdin)= b39eaeb437e33087132f01c2abc60c6a16904ee3771cd7b0d622d01061b40729 notice the (stdin)=‘? you don’t want that to be part of your hash, if you need to create a digest, use the -binary option. try using this to sign your data: openssl sha -sha256 -sign private.pem < data.txt This does everything you need. edit – … Read more
Same problem here, BUT usually Makefiles will consider environment variables for compiler or linker options. So, if you place the -fPIC option before calling the configure script, it should take care of it. You can do it with: CFLAGS=-fPIC ./config shared –prefix=/your/path or export CFLAGS=-fPIC ./config shared –prefix=/your/path It worked for me.
#include <openssl/rsa.h> #include <openssl/pem.h> const int kBits = 1024; const int kExp = 3; int keylen; char *pem_key; RSA *rsa = RSA_generate_key(kBits, kExp, 0, 0); /* To get the C-string PEM form: */ BIO *bio = BIO_new(BIO_s_mem()); PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, NULL); keylen = BIO_pending(bio); pem_key = calloc(keylen+1, 1); /* Null-terminate */ BIO_read(bio, … Read more
Note: Calls to rubygems.org are deprecated – proceed with caution! I had the same issue on Mac OSX after also building ruby2.1.0p0 from the source. I already had openssl installed. It appears that the reference in gems needed refreshing. I ran: gem source -r https://rubygems.org/ to remove followed by gem source -a https://rubygems.org/ to read … Read more
Personally, I find the OpenSSL API to be so incredibly painful to use, I avoid it unless the cost of avoiding it is extremely high. I find it quite upsetting that it has become the standard API in the crypto world. I was feeling bored, and I wrote you one in C++. This one should … Read more
For local certificates you can see the subject and direct issuer using: openssl x509 -noout -subject -issuer -in test.crt subject= /C=US/ST=Utah/L=SLC/O=My Organization/CN=my.server.com issuer= /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA – SHA256 – G2 But that doesn’t indicate if the certificate includes any intermediate certificates or the full chain of trust. The verify command you listed will … Read more
I get the error: unable to load certificates myserver.crt needs to be in PEM format. Does it have —– BEGIN CERTIFICATE —– and —– END CERTIFICATE —–? myserver.crt should actually be a chain of certificates (and not just the one server certificate). The chain should include all intermediate certificates needed by the client to verify … Read more
The “e” is the public exponent, in openssl genrsa, you can use the option -F4 or -3 to choose between 65537 and 3. For information on public exponent, you may take a look on this question: https://security.stackexchange.com/questions/2335/should-rsa-public-exponent-be-only-in-3-5-17-257-or-65537-due-to-security-c
Converting certificates between cer/pem/crt/der/pfx/p12 can be done in Linux with the use of OpenSSL tool via the terminal. These commands allow you to convert certificates and keys to different formats to make them compatible with specific types of servers or software. Convert a DER file (.crt .cer .der) to PEM openssl x509 -inform der -in … Read more
I’m on El Capitan 10.11.6 and i had the issue while installing manually the mongodb php extension. I solved it following the indications of @user7059092 about the configure stage : $./configure LDFLAGS=’-L/usr/local/opt/openssl/lib’ CPPFLAGS=’-I/usr/local/opt/openssl/include’