public key format
Guus Sliepen
guus at sliepen.eu.org
Sat Feb 14 00:25:34 CET 2004
On Fri, Feb 13, 2004 at 05:59:28PM +0100, Bruno Randolf wrote:
> i would like to use tinc with public keys which are extracted from x509
> certificates. the only public key format i was able to extract from
certificates with openssl commands looked like this:
>
> - -----BEGIN PUBLIC KEY-----
[...]
> i think this is the X.509 subjectPublicKeyInfo format.
> the public keys that tinc generates look like that
>
> - -----BEGIN RSA PUBLIC KEY-----
[...]
> which may be a PKCS #1 RSAPublicKey (?)
> unfortunately tinc crashes with a segementation fault when i try to use the
> first format:
[...]
> dows anyone know a way to convert the first key format to one tinc
> understands? or is there a way tinc can handle the subjectPublicKeyInfo
> format? looking at the source it seems like it's supposed to be able to read
> both formats.
tinc tries both PEM_read_RSAPublicKey() and PEM_read_RSA_PUBKEY(), which
treat keys a bit different although I don't have a clue what the
difference is. But apparently it didn't work for your key. I suggest you
ask the OpenSSL developers.
Alternatively, you could try this version of tinc using gnutls and
libgcrypt:
http://sliepen.eu.org/~guus/tinc-1.0-gnutls.tar.gz
It uses TLS for the meta connections, and accepts PEM encoded X.509
certificates directly. Note that this version is not supported, not
tested, and currently only prints a warning if a certificate is not
signed by a trusted party. You'll have to hack in the source code if you
want it to work properly.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20040214/a6e0d229/attachment.pgp
More information about the Tinc
mailing list