Front page | perl.crypto |
Postings from July 2008
> On Mon, 30 Jun 2008 16:33:32 +0200, peter.reif@wien.gv.at
> ("Reif Peter")
> wrote:
>
> >How do I write a script in perl that signs a string with a
> certificate
> >(e.g. a SSL server certificate) to get a pkcs7 signature. I
> want a pkcs7
> >signature, because it contains the signing certificate and the ca.
> >
> >Thanks
> >Peter
>
> I'm no expert at this, but can't you just take the older x509 scripts
> and replace x509 with pkcs7 ?
>
> This shell outline works, but I don't know if it's correct use.
> ##################################################
> #!/bin/sh
>
> #Step one - create the key and request:
> openssl req -new > new.cert.csr
>
> #Step two - remove the passphrase from the key (optional):
> openssl rsa -in privkey.pem -out new.cert.key
>
> #Step three - convert request into signed cert:
> openssl pkcs7 -in new.cert.csr -out new.cert.cert -req -signkey
> new.cert.key -days 3650
> ###################################################
>
> Now you can try to get this to run in Perl thru IPC, but it may be
> tough. You may need to run openssl thru expect.
>
Thanks, but I don't want to create a certificate, I want to sign a
string with an certifikate. I can do this with
openssl rsautl -sign
But then I have a signed string, but the Information about the signing
certificate ist lost. If I had a pkcs7 certificate as the result of the
signing process, the sigining certificate would be included in the
result.
Peter
Thread Previous