R: CSR with only public key

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Yes Paul, you are right. Real CA must never accept CSR without verifying the signature.

 

Francesco Petruzzi

 

Information Security Manager

Innovery SpA

Via Farini, 81 – 20159 Milano

Cell.         +39 320 170 4978

 

Da: Paul Yang [mailto:kaishen.yy@xxxxxxxxxx]
Inviato: giovedì 12 settembre 2019 10:46
A: Francesco Petruzzi
Cc: openssl-users@xxxxxxxxxxx
Oggetto: Re: CSR with only public key

 

Dare any CA proceed to sign a CSR without verifying the signature…

 

Maybe there are scenarios we are not aware about...



On Sep 12, 2019, at 4:41 PM, Francesco Petruzzi <francesco.petruzzi@xxxxxxxxxxxx> wrote:

 

Sign request with a fake private key and hope the client do not require signature verification.

 

Regards

Francesco Petruzzi

 

Da: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] Per conto di Paul Yang via openssl-users
Inviato: giovedì 12 settembre 2019 09:51
A: Bharathi Prasad
Cc: Openssl Users
Oggetto: Re: CSR with only public key

 

How could you create the CSR with only public key?

 

On Sep 12, 2019, at 3:50 PM, Bharathi Prasad <barati.j.prasad@xxxxxxxxx> wrote:

 

Hi,
I have the public key of the client but not the private key. I am required
to generate a CSR with only public key. I understand private key is required
for Proof of Possession. However, as per my requirement I am supposed to
create CSR only with public key and my CA would create a certificate. 

I was able to create a CSR with CX509CertificateRequestCertificate and
CX509Enrollment classes using the available public key. When I try to read
the contents the of CSR in openssl (i used this command: openssl req -in
client.csr -noout -text) i get "unable to load X509 request". 

Is this happening because the CSR does not contain the signature of private
key or the CSR is faulty.

Kindly help me.

Regards,
Bharathi



--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html

 


Regards,

 

Paul Yang

 


Regards,

 

Paul Yang

 


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux