I am trying to execute the following command (rsautl) with the OpenSSL source code (something like this):
openssl rsautl -decrypt -inkey 'privateKeyFilepath' -in 'cipherFilepath'
I already added the necessary binaries to my project, but I am not able to get my cipher file decrypted. Is there any similar method in the OpenSSL source code like rsautl, where i only have to provide the key filepath and the cipher filepath?
Related
I have a question regarding openssl. I am looking for some examples where we can access/retrieve the name=value pair from the openssl.cnf file. For example I have below openssl.cnf file:
.
.
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
engine_id = pkcs11
dynamic_path = /usr/lib/engines-1.1/pkcs11.so
MODULE_PATH = /usr/lib/libtpm2_pkcs11.so
PIN = 12xx
default_algorithms = ALL
init = 0
Now, if I want to access PIN value within the C++ source code, how can this be achieved? Does openssl has any parsing tool for such cases? Any alternative way to do this is also helpful.
The official doc of openssl config file mentions
The OpenSSL CONF library can be used to read configuration files.
But I could not find any examples of using this library.
Thanks in advance.
P.S: Please let me know if further info is needed
My employer has given me access to a VM where a certificate is installed. I tried sign installers (of the software I create) using the signtool and I succeeded. However, I also need to sign zip files. I have not succeeded so far. Here is the command-line statement:
signtool.exe sign /i "SOMEISSUERNAME" /fd SHA256 /a /v /t http://timestamp.digicert.com something.zip
This fails. Here is the error message:
SignTool Error: This file format cannot be signed because it is not
recognized.
I have searched online for solutions. The solutions I found online refer to the "the path to your certificate" (example). But I do not have that path. What I know is what is written in an email that I need to refer to the right issuername, which I did. It is working for installers but not for zip files.
Can I sign my zip file in such way as well? Or do I really need the path to my certificate?
The error message from signtool is telling you that the .zip format is not recognized.
Signtool is only able to sign PE (portable executable) filetypes and a few others, such as applications (.EXE, .cpl, .scr, .sys, etc), .DLL, .OCX, drivers, installers (.MSI, .APPX), .CAB, and .CAT files.
ZIP files with a .zip extension are not supported for signing.
One option is to convert the .zip to a self-extracting(SFX) .EXE archive or bundle the contents into an installer that can be signed.
A .zip file isn't an app, and it can't be signed, so it is unable to be signed by Signtool.
Zip does not have a signature standard. As #Superbob mentioned, you can create a self-extracting executable file for signing.
Or create your own program to sign and verify the signature and pack the zip file with your program. [1]
Another solution is to use a seperate Catalog file, and shipping the catalog file with your zip file. [2]
I would like to know if the openssl library include a function for openssl passwd command ?
For example I would like to create a hashed password using sha512 with a custom salt, corresponding command is openssl passwd -6 -salt xxxx password.
I search in the documentation but I didn't find anything, always talking about the command but not about the library.
Thanks in advance
There is no one function in the library, if you want to know what the command is doing, it points you to it in the help:
-5
-6
Use the SHA256 / SHA512 based algorithms defined by Ulrich Drepper.
See https://www.akkadia.org/drepper/SHA-crypt.txt.
So it's using the openssl library to implement the SHA512 algorithm by Ulrich Drepper.
You can check out the source code here to see how it's done. Look for the shacrypt function which is implementing the Ulrich Drepper algorithm using the openssl library.
Getting the error
Akka.dll Strong-name signed assemblies must specify a public key in their InternalsVisibleTo declarations.after manually signing the AKKA.DLL from a command Line
I have signed AKKA.DLL manually from a command Line using the following commands
ildasm /all /out="C:\temp\AKKA.il" " E:\Emporos\Projects\MSPOS\Main-branch-SS-Beta\packages\Akka.1.0.6\lib\net45\Akka.dll”
ilasm /dll /key=" E:\Certificate\Ours.snk" "C:\temp\AKKA.il"
But now when I use AKKA I get the following error:
Akka.dll Strong-name signed assemblies must specify a public key in their InternalsVisibleTo declarations.
after manually signing the AKKA.DLL from a command Line.
Any Ideas on how to work around this? I need the DLL signed.
I had the exact same problem. This answer helped guide me to a solution.
Ultimately, I downloaded the Akka.net source code, added my snk to the Akka project, then added the assembly name of the project consuming the Akka.net dll along with the public key to the AssemblyInfo.cs file in the Akka.net project like below.
[assembly: InternalsVisibleTo("MyCompany.Integrations.Crm.Services,PublicKey=" +
"00240000048000009400000006020000002400005253413100040000010001003be31b5689fa8f" +
"1de77977ce8a45369da533967baf4074228362e63f04dc116cf3713abcf2ed84c77c7dd107c7aa" +
"e15b9688e53faa71af6b6bf5d767ac6e030edd4dcccca45693bc4c17c969fdb5c282bd1f594b81" +
"f9c46c1ca81cf119fd73bcf83a875515e1f18695bbdf90bc05ece7b28567f613ea9db23b96fe22" +
"2ad90b95")]
Then compile the Akka.net project and reference that dll in the MyCompany.Integrations.Crm.Services project.
I am using Zip Archive library for compressing and decompressing files, i needed to enable AES encryption so by Uncommenting
#def ZIP_AES
in the _features.h file included with the library and recompiling I got CZipException for decompression
"WinZip AES encryption has not been enabled for the library, but is required to decompress the archive."
Am i missing something? please any guide would so much appreciated.
Thanks to Oli Charlesworth; there was a conflict between the lib file produced from the free library and the one i bought thanks a lot.
I strangely got this error when the program in question needed Pkzip encryption, not AES encryption as the message suggested.
(While this isn't OP's problem, I'm mentioning it for future readers)