Tuesday, November 13, 2007

Hash (ing) with OpenSSL

We can compute hash with OpenSSL Library. Hash method supported by OpenSSL are SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, MD5, MD4 and others.


Below is Simple example for utilize this library:
  1. Declare Used Variable:
    EVP_MD_CTX mdctx;
    const EVP_MD *md;

  2. Initialize Variable:
    md = EVP_get_digestbyname("sha1");
    EVP_MD_CTX_init(&mdctx);

  3. Initialize Hash Process:
    EVP_DigestInit_ex(&mdctx, md, NULL);

  4. Adding data to be hashed:
    EVP_DigestUpdate(&mdctx, (void*)"data-1", strlen("data-1"));

  5. Step above can be repeated so all data has been added

  6. Finish Hash and get the Hash Result:
    unsigned char *HashResult;
    int HashLen = EVP_MD_size(md);
    HashResult = new unsigned char[HashLen];
    EVP_DigestFinal_ex(&mdctx, HashResult , &HashLen);

Hash Result saved in HashResult Variable.


Read More……
Posted by Bhayangkara at 3:25 PM 1 comments
Labels: , , , , ,

Creating X509 Certificate using OpenSSL Library

OpenSSL Library is a very powerfull Library to Create many other things. From X509 Certificate, Message Signing, Message Encryption and Decryption, and others. And don't forget that OpenSSL library is distributed under Apache Style License. Detail License can be found here.

Below step by step to create Self Sign X509-Certificate:
  1. Initialize X509 Structure, sample:
    X509 *X509Cert = X509_new();

  2. Set X509 Certificate Version:
    X509_set_version(X509Cert, 0x2); // Set to V3

  3. Set Serial Number:
    ASN1_INTEGER_set(X509_get_serialNumber(X509Cert), 1);

  4. Set Issuer Certificate:
    X509_NAME_add_entry_by_txt(X509_get_issuer_name(X509Cert), "C", MBSTRING_ASC, (unsigned char *)"CC", -1, -1, 0);
    X509_NAME_add_entry_by_txt(X509_get_issuer_name(X509Cert), "O", MBSTRING_ASC, (unsigned char *)"Org", -1, -1, 0);
    X509_NAME_add_entry_by_txt(X509_get_issuer_name(X509Cert), "OU", MBSTRING_ASC, (unsigned char *)"OrgUnit", -1, -1, 0);
    X509_NAME_add_entry_by_txt(X509_get_issuer_name(X509Cert), "CN", MBSTRING_ASC, (unsigned char *)"CommonName", -1, -1, 0);

  5. Set Subject Certificate:
    X509_NAME_add_entry_by_txt(X509_get_subject_name(X509Cert), "C", MBSTRING_ASC, (unsigned char *)"CC", -1, -1, 0);
    X509_NAME_add_entry_by_txt(X509_get_subject_name(X509Cert), "O", MBSTRING_ASC, (unsigned char *)"Org", -1, -1, 0);
    X509_NAME_add_entry_by_txt(X509_get_subject_name(X509Cert), "OU", MBSTRING_ASC, (unsigned char *)"OrgUnit", -1, -1, 0);
    X509_NAME_add_entry_by_txt(X509_get_subject_name(X509Cert), "CN", MBSTRING_ASC, (unsigned char *)"CommonName", -1, -1, 0);

  6. Set the Validity of Certificate:
    X509_gmtime_adj(X509_get_notBefore(X509Cert), (long)60*60*24*Days); //Valid From, (start from now)
    X509_gmtime_adj(X509_get_notAfter(X509Cert), (long)60*60*24*Days); //Valid Until (start from now)

  7. Self Sign the Certificate:
    1. Generate RSA Key-pairs:
      EVP_PKEY *pkey = EVP_PKEY_new();
      RSA *rsa = RSA_generate_key(512, 65535, NULL, NULL); //RSA key: 512 bits
      EVP_PKEY_set1_RSA (pkey, rsa);
      X509_set_pubkey(X509Cert, pkey);

    2. Instantiate Digest Algorithm Object (SHA1/ SHA224/ SHA256/ SHA384/ SHA512):
      const EVP_MD *dgAlg = EVP_get_digestbyname("SHA1");

    3. Sign the Certificate:
      X509_sign(X509Cert, pkey, dgAlg);


  8. Save Certificate to File (DER Encoded : .cer):
    BIO *out = BIO_new_file("SampleCert.cer", "w");
    i2d_X509_bio(out, X509Cert);
    BIO_free(out);

  9. Save Corresponding Private Key-pairs to File (DER Encoded : .key):
    BIO *out = BIO_new_file("SampleCert.key", "w");
    i2d_PrivateKey_bio(out, pkey);
    BIO_free(out);

  10. Free up Certificate Variable:
    RSA_free(rsa);
    EVP_PKEY_free(pkey);
    X509_free(X509Cert);

All the code without verifying return value from each function to check whether thu function run successfully or not.


Read More……
Posted by Bhayangkara at 9:56 AM 2 comments
Labels: , , , , ,

Monday, November 12, 2007

OpenSSL Documentation for Developer

Frequently, when I code Application/Modul that used OpenSSL Library, I have to look into the source code to know how the function act, and how to use the function in my Code. Hope, i want to write down the function and its sample. So it can be usefull for others.


Read More……
Posted by Bhayangkara at 10:53 AM 0 comments
Labels:

SMS Gateway With Smartphone Kyocera K7135

Smartphone Kyocera K7135 include modem that support AT Command. But we can not send SMS with its AT Command just like others. So maybe we could create SMS Server Application Installed on The Device, And with Serial/USB/Infra Red we can create program on Desktop to contact this SMS Server Application. This make the device as Gateway for SMS.


Read More……
Posted by Bhayangkara at 10:41 AM 0 comments
Labels: ,
Subscribe to: Posts (Atom)