public key format

Guus Sliepen guus at sliepen.eu.org
Sat Feb 14 00:25:34 CET 2004


On Fri, Feb 13, 2004 at 05:59:28PM +0100, Bruno Randolf wrote:

> i would like to use tinc with public keys which are extracted from x509 
> certificates. the only public key format i was able to extract from 
 certificates with openssl commands looked like this: 
> 
> - -----BEGIN PUBLIC KEY-----
[...]
> i think this is the X.509 subjectPublicKeyInfo format.
> the public keys that tinc generates look like that 
> 
> - -----BEGIN RSA PUBLIC KEY-----
[...]
> which may be a PKCS #1 RSAPublicKey (?)
> unfortunately tinc crashes with a segementation fault when i try to use the 
> first format: 
[...]

> dows anyone know a way to convert the first key format to one tinc 
> understands? or is there a way tinc can handle the subjectPublicKeyInfo  
> format? looking at the source it seems like it's supposed to be able to read 
> both formats.

tinc tries both PEM_read_RSAPublicKey() and PEM_read_RSA_PUBKEY(), which
treat keys a bit different although I don't have a clue what the
difference is. But apparently it didn't work for your key. I suggest you
ask the OpenSSL developers.

Alternatively, you could try this version of tinc using gnutls and
libgcrypt:

http://sliepen.eu.org/~guus/tinc-1.0-gnutls.tar.gz

It uses TLS for the meta connections, and accepts PEM encoded X.509
certificates directly. Note that this version is not supported, not
tested, and currently only prints a warning if a certificate is not
signed by a trusted party. You'll have to hack in the source code if you
want it to work properly.

-- 
Met vriendelijke groet / with kind regards,
    Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20040214/a6e0d229/attachment.pgp


More information about the Tinc mailing list