1

I'm actually programming and end to end encryped calendar. For this I am using cryptlib. I've more or less copied the code from the manual. But always, when I try to generate a root ca. It fails with error code -2 at cryptSignCert(). (Which means, according to the manual, that there is a problem with the second parameter)
Here is a little code to reproduce the problem. 

#include <iostream>
#include <cstring>

#include "cryptlib.h"

/*Generating a root ca*/
auto genRootCA(const char* commonName,const char* keyLabel,const char* country) -> int
{
    int status;
    CRYPT_CONTEXT cryptContext;

    cryptCreateContext( &cryptContext, CRYPT_UNUSED, CRYPT_ALGO_RSA );
    cryptSetAttributeString( cryptContext, CRYPT_CTXINFO_LABEL, keyLabel, strlen( keyLabel ) );
    cryptGenerateKey( cryptContext );

    CRYPT_CERTIFICATE cryptCertificate;
    cryptCreateCert(&cryptCertificate,CRYPT_UNUSED,CRYPT_CERTTYPE_CERTIFICATE);
    cryptSetAttributeString(cryptCertificate,CRYPT_CERTINFO_COUNTRYNAME,country,strlen(country));
    cryptSetAttributeString(cryptCertificate,CRYPT_CERTINFO_COMMONNAME,commonName,strlen(commonName));

    //Set to self-signed
    cryptSetAttribute(cryptCertificate,CRYPT_CERTINFO_SELFSIGNED,1);
    cryptSetAttribute(cryptCertificate,CRYPT_CERTINFO_CA,1);

    //Sign certificate
    status = cryptSignCert(cryptCertificate,cryptContext); //This is, what is actually not working
    if( cryptStatusError( status ) )
    {
        cryptDestroyContext( cryptContext );
        cryptDestroyCert(cryptCertificate);
        return( status );
    }

    //Save data to disk....(cut out)
}

int main()
{
    cryptInit();
    cryptAddRandom(NULL,CRYPT_RANDOM_FASTPOLL);
    std::cout << "Generating root ca.\n";
    int r = genRootCA("test@example.com","Private key","DE");
    std::cout << "Returned value " << r << std::endl;
    cryptEnd();
}

Thanks in advance, David.

David Müller
  • 21
  • 5
  • *"I've more or less copied the code from the manual"* Now what does this mean? Are we supposed to go through your code and the manual to spot any differences? Please [edit] your question to provide a [mcve]. – Baum mit Augen Feb 26 '17 at 12:00
  • Also, please try and come up with a better title. *"not working"* is about the least useful problem description possible. – Baum mit Augen Feb 26 '17 at 12:01
  • I'm sorry but I don't see your point. I've never used cryptlib before and so no idea how it would work correctly. And if you look at the manual you will notice, that there is no code which, can be copy and pasted. – David Müller Feb 26 '17 at 12:03
  • @BaummitAugen first of all thanks for your help. I am new to stackoverflow. And I've posted this question, cause I don't know any other way out. I've edited the title, I hope it is better know. – David Müller Feb 26 '17 at 12:04
  • The typo aside the title is better now. Now what you should do is produce the shortest, compilable example that still reproduces the error. The link in my first comment contains help on how to do that. – Baum mit Augen Feb 26 '17 at 12:07
  • @BaummitAugen I've edited the question another time. I hope it fulfills now the requirements. I will keep your advices in mind for the next time I'll ask a question. – David Müller Feb 26 '17 at 12:24
  • Looks good now, thank you. – Baum mit Augen Feb 26 '17 at 12:32

1 Answers1

1

I've finally found a solution for the problem. I've forgotten to add the public key to the certificate. Here is a working example code:

#include <iostream>
#include <cstring>

#include "cryptlib.h"

/* generating the root ca */
auto genRootCA(const char* commonName,const char* keyLabel, const char* country,const char* path, const char* password) -> int
{
    int status;
    CRYPT_CONTEXT cryptContext;

    cryptCreateContext( &cryptContext, CRYPT_UNUSED, CRYPT_ALGO_RSA );

    cryptSetAttributeString( cryptContext, CRYPT_CTXINFO_LABEL, keyLabel, strlen( keyLabel ) );

    cryptGenerateKey( cryptContext );

    CRYPT_CERTIFICATE cryptCertificate;
    cryptCreateCert(&cryptCertificate,CRYPT_UNUSED,CRYPT_CERTTYPE_CERTIFICATE);

    /* Add the public key */
    status = cryptSetAttribute( cryptCertificate,
    CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO, cryptContext );

    cryptSetAttributeString(cryptCertificate,CRYPT_CERTINFO_COUNTRYNAME,country,strlen(country));

    cryptSetAttributeString(cryptCertificate,CRYPT_CERTINFO_COMMONNAME,commonName,strlen(commonName));

    //Set to self-signed
    cryptSetAttribute(cryptCertificate,CRYPT_CERTINFO_SELFSIGNED,1);
    cryptSetAttribute(cryptCertificate,CRYPT_CERTINFO_CA,1);

    //Sign certificate
    status = cryptSignCert(cryptCertificate,cryptContext); //Works now
    if( cryptStatusError( status ) )
    {
        cryptDestroyContext( cryptContext );
        cryptDestroyCert(cryptCertificate);
        return( status );
    }

    //Saving data to disk (cut out)

    return CRYPT_OK;
}

int main()
{
    cryptInit();
    cryptAddRandom(NULL,CRYPT_RANDOM_FASTPOLL);
    std::cout << "Generating root ca.\n";
    int r = genRootCA("test@example.com","Private key","DE","key.pem","abc");
    std::cout << "Returned value " << r << std::endl;
    cryptEnd();
}

I hope this helps others, who have the same problem.

David Müller
  • 21
  • 5