wpa_supplicant and blobs
Bryan Kadzban
bryan
Thu Sep 7 14:47:28 PDT 2006
Branko Subasic wrote:
> On Thu, 2006-09-07 at 12:45 -0400, Bryan Kadzban wrote:
>
>> # For the cert: openssl x509 -in certfile.pem -inform PEM -outform
>> DER -out certfile.der
>>
>
> It's an application on an embedded platform. The OpenSSL apps are not
> present, only the lib is. And the app must be able to handle PEM as
> well.
Well, I was thinking pull the cert off the embedded platform and put it
onto a real computer, run the conversion, then somehow get the converted
DER-format data back onto the embedded platform. (I mean, you got the
PEM data over there and into a blob somehow; it should be possible to do
the same with DER data.)
> If the private key is encrypted, i.e. passphrase protected, then I
> would have to decrypt it first.
Yes, but only once, instead of every time the supplicant tries to read
the blob. (I still think you can have DER-encoded passphrase-protected
private keys, though. In that case, it would work to just base64-decode
the PEM file's contents.)
> One reason why I chose this approch is because most of this is
> already done by the wpa_supplicant.
>
> The other reason is that I think it would be nice if blobs are
> handled analogous to files.
True. I was just wondering if another way of looking at the problem
might give you another solution. :-)
> Assuming that the changes themselves are OK, of course ;-)
They look decent to me -- but I've never done any OpenSSL programming,
either, so my opinion should carry *very* little weight. ;-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20060907/ec2a1edb/attachment.pgp
More information about the Hostap
mailing list