Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

X.509 libraries [closed]

Tags:

python

c#

ruby

perl

x509

I'm looking for a library/module/package with which I could create and sign X.509 certificates, with the ability to conditionally add custom v3 extensions – which can be fairly complicated; for example, this bletchful OpenSSL.cnf snippet used by Kerberos PKINIT, just to represent [email protected]:

[v3_extensions]
    subjectAltName = email:[email protected],
                otherName:pkinitSan;SEQUENCE:krb_princ_name_1

[krb_princ_name_1]
    realm = EXP:0, GeneralString:EXAMPLE.ORG
    principal_name = EXP:1, SEQUENCE:krb_princ_seq_1

[krb_princ_seq_1]
    name_type = EXP:0, INTEGER:1
    name_string = EXP:0, SEQUENCE:krb_principal_1

[krb_principal_1]
    princ0 = GeneralString:foo

Out of everything I have found for languages I know (that being Perl, Python, Ruby, PHP, Bash, and some C#), using openssl from command line with automatically generated .cnf files... which is an ugly process. Is there a better way to do it? (Ruby's 'openssl' looked very nice at first, but then I got to PKINIT...)

like image 726
user1686 Avatar asked Oct 03 '11 19:10

user1686

3 Answers

As it turns out, I added exactly this information to the documentation for Ruby 1.9.3, which was just published today by James Britt - have a look at the documentation for OpenSSL::X509::Certificate, it should answer all your questions.

Modifying the examples there to generate the particular extensions listed in your example should be straightforward if that particular extension is supported by OpenSSL itself.

For more complicated cases, e.g. the custom OtherName in your example, you may still use OpenSSL::X509::Extension, which is not documented yet, unfortunately. The OpenSSL::ASN1 module needed for such custom extensions on the other hand has been documented for 1.9.3, and all the code/advice presented there should be applicable to 1.9.2 as well. You could also use the ASN1 module to create a multi-valued version of subjectAltName.

like image 112
emboss Avatar answered Sep 22 '22 00:09

emboss

I'd use OpenSSL or a direct wrapper around the library like Ruby's openssl library.

OpenSSL is a very powerful and trusted toolkit -- and it has the additional advantage that you can call it the same way from any scripting language. Using the OpenSSL commandline tools, you have the advantage that you can interact with the commandline to help debug your script; you can also manually generate certs outside of your script using the same CA.

like image 33
Tilo Avatar answered Sep 18 '22 00:09

Tilo

Our SecureBlackbox lets you create and manage X.509 certificates in C# and lets you add custom extensions. I believe BouncyCastle can do this as well.

like image 45
Eugene Mayevski 'Callback Avatar answered Sep 21 '22 00:09

Eugene Mayevski 'Callback
Sign in to Comment

Related questions

How do I implement a search feature with Entity Framework?
C#.NET VS2010 Break-Points Not Working
Dictionary containing with only Serializable objects
C#/Linq get sets with adjacent
equivalent to list() of php in C#
LINQ string[] against multiple fields
Windows Phone 7 - passing values between pages
Problem getting access_token after migrating to OAuth 2.0
Am I right in thinking this snippet is O(n^3)?
Converting RGB Colors to closest ACI Color in C#
.NET MVC Controller with multiple Repositories and Services?
New WPF window only shows underneath originating window
Actual Method Signature Using Reflection
DataTemplate multiple data triggers to same element and property
How to use Skip() and Take() with IQueryable
Software-design only with interfaces?
Checkboxes binding - what is better solution?
Cannot add a nested relation or an element column to a table containing a SimpleContent column
Class<T,C> and Activator.CreateInstance
Linq, OrderByDescending, First, and the nefarious DefaultIfEmpty

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!