wpa_supplicant and blobs

Bryan Kadzban bryan
Thu Sep 7 14:47:28 PDT 2006


Branko Subasic wrote:
> On Thu, 2006-09-07 at 12:45 -0400, Bryan Kadzban wrote:
> 
>> # For the cert: openssl x509 -in certfile.pem -inform PEM -outform
>> DER -out certfile.der
>> 
> 
> It's an application on an embedded platform. The OpenSSL apps are not
>  present, only the lib is. And the app must be able to handle PEM as 
> well.

Well, I was thinking pull the cert off the embedded platform and put it
onto a real computer, run the conversion, then somehow get the converted
DER-format data back onto the embedded platform.  (I mean, you got the
PEM data over there and into a blob somehow; it should be possible to do
the same with DER data.)

> If the private key is encrypted, i.e. passphrase protected, then I
> would have to decrypt it first.

Yes, but only once, instead of every time the supplicant tries to read
the blob.  (I still think you can have DER-encoded passphrase-protected
private keys, though.  In that case, it would work to just base64-decode
the PEM file's contents.)

> One reason why I chose this approch is because most of this is
> already done by the wpa_supplicant.
> 
> The other reason is that I think it would be nice if blobs are
> handled analogous to files.

True.  I was just wondering if another way of looking at the problem
might give you another solution.  :-)

> Assuming that the changes themselves are OK, of course ;-)

They look decent to me -- but I've never done any OpenSSL programming,
either, so my opinion should carry *very* little weight.  ;-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20060907/ec2a1edb/attachment.pgp 



More information about the Hostap mailing list