-
|
hi guys! trying to do openssl LMS verify on command line on 3.6 and doesnt work? i did build with enable-lms [root@RHELopenssl36 lms]# openssl pkeyutl -provider default -verify -pubin -inkey /lms/lmspub.pem -sigfile /lsm/sig1.bin -rawin -in /lms/lmspub.pem -keyform PEM heres my public key PEM file: -----BEGIN PUBLIC KEY----- its XDR in a pem. any ideas? is the LMS verify support only for custom code and not in command line yet? thank you, |
Beta Was this translation helpful? Give feedback.
Replies: 7 comments 4 replies
-
|
any help? we are using an HSM to gen the LMS private key. Thus we dont want to use the LMS key to do anything in the verification procedure. we want our LMS verify just to use the public key we exported in XDR format in the PEM file. why is openssl saying couldnt load private key of the public key? when doing an LMS verify on command line for openssl 3.6? i did built it with enable-lms too Does this feature work? is it code only? does it work on command line? hsm's protect private keys, we dont want to use it for LMS verify for anything. just our lms pem file of the public key. any ideas? thank you, |
Beta Was this translation helpful? Give feedback.
-
|
as a follow up my pub key xdf in a pem with the signature and message works for LMS verify in bouncy castle 1.82 :-) but i cant get the LMS verify working in openssl 3.6 using the same 3 files. same LMS public key any ideas? is lms verify in openssl 3.6 only in code, or can it work on command line too? if not in command line yet, when will that come? thanks |
Beta Was this translation helpful? Give feedback.
-
|
@slontis - any thoughts? |
Beta Was this translation helpful? Give feedback.
-
|
if anyone wants my 3 files to do an LMS verify here they are :-) attached. these files work in bouncy castle 1.82 to LMS verify --the lms pub key in XDR pem anyways. feel free to test with this as you wish :-) also i am attaching my bouncy castle 1.82 code to lms verify. the LMS signature and LMS pubkey came from good production big man rack mounted HSM working solution :-) that meets the nist standard for LMS. if anyone can get the openssl lms verify working on command line that would be cool, or say what version itll work in. thanks cheers! cheerio chaps :-) |
Beta Was this translation helpful? Give feedback.
-
|
youll need 3 bouncy jars for my working LMS verify bouncy 1.82 code bcpkix-jdk18on-1.82.jar thanks :-) |
Beta Was this translation helpful? Give feedback.
-
|
For LMS there is no SubjectPublicInfo encoder/decoder currently, the decoder only works on XDR format currently so this commandline wont work. I will see how hard it is to add. |
Beta Was this translation helpful? Give feedback.
-
|
thanks for checking it out! very much appreciated :-) |
Beta Was this translation helpful? Give feedback.
-
|
Quite a few changes are needed to get this to work, |
Beta Was this translation helpful? Give feedback.
-
|
Having trouble getting it reviewed.. |
Beta Was this translation helpful? Give feedback.
-
|
thanks for your work on this! Please keep trying, this is a fantastic feature to add in ! thank you |
Beta Was this translation helpful? Give feedback.
-
|
i know of many companies that WANT this feature :-) |
Beta Was this translation helpful? Give feedback.
Quite a few changes are needed to get this to work,
See #29381