[nSSLite] a simple signing/checking library

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

[nSSLite] a simple signing/checking library

alexander.konotop
Hi to all :-)
Recently I've written a library for neko which implements some
openssl functions (actually two functions) - signing a string using
private key and checking the signature using public key.
Before writing it I thought that the most right way is to improve hxSSL
instead of writing smth new, but after looking at it I decided to write
a standalone lib because I didn't have enough time to understand hxSSL's
structure. Also as I understand hxSSL is cross-platform but my lib is
only for neko.

So the question is quite simple: do I have to send it to haxelib, is it
needed? For example if anybody will want to insert somehow my lib into
hxSSL then I don't see any reason to send my "another SSL library" to
haxelib separately from hxSSL. If not - then I think I have to do it -
maybe it will be useful for someone, not to invent a bycicle/wheel/etc
once more, though it's quite simple.

The question was born while digging the hxSSL code - I saw comments
which were telling smth like "here cerificate using/checking has to be
but it's still implemented".

Best regards
Alexander
--
haXe - an open source web programming language
http://haxe.org

nSSLite.tar.bz2 (60K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [nSSLite] a simple signing/checking library

Nicolas Cannasse
Le 09/11/2011 16:02, Alexander Konotop a écrit :
> Hi to all :-)
> Recently I've written a library for neko which implements some
> openssl functions (actually two functions) - signing a string using
> private key and checking the signature using public key.

Can it be used to write a SSL socket class ? I think that's the main use
people have of SSL.

Best,
Nicolas


--
haXe - an open source web programming language
http://haxe.org
Reply | Threaded
Open this post in threaded view
|

Re: [nSSLite] a simple signing/checking library

alexander.konotop
В Wed, 09 Nov 2011 16:20:46 +0100
Nicolas Cannasse <[hidden email]> пишет:

> Le 09/11/2011 16:02, Alexander Konotop a écrit :
> > Hi to all :-)
> > Recently I've written a library for neko which implements some
> > openssl functions (actually two functions) - signing a string using
> > private key and checking the signature using public key.
>
> Can it be used to write a SSL socket class ? I think that's the main
> use people have of SSL.
>
> Best,
> Nicolas
>
>

I think it may be one of the parts of such class. It can be used during
RSA handshake to generate a key which a symmetric crypto-algorythm
will use to encrypt the data which is sent to a socket. So it's useful
itself but it can be used once before sending data to setup a secure
data tunnel.

P.S. Everything that I wrote upper is how I understand the SSL algorythm
- so there may be mistakes.

Best regards
Alexander

--
haXe - an open source web programming language
http://haxe.org
Reply | Threaded
Open this post in threaded view
|

Re: [nSSLite] a simple signing/checking library

tong-2
In reply to this post by alexander.konotop
On 11/09/2011 04:02 PM, Alexander Konotop wrote:
So the question is quite simple: do I have to send it to haxelib, is it
needed? For example if anybody will want to insert somehow my lib into
hxSSL then I don't see any reason to send my "another SSL library" to
haxelib separately from hxSSL. If not - then I think I have to do it -
maybe it will be useful for someone, not to invent a bycicle/wheel/etc
once more, though it's quite simple.
you can fork hxssl and integrate your code here:
https://github.com/tong/hxssl

-- 
[) | 5 |< † |2 3 3 - http://disktree.net

--
haXe - an open source web programming language
http://haxe.org
Reply | Threaded
Open this post in threaded view
|

Re: [nSSLite] a simple signing/checking library

alexander.konotop
В Thu, 10 Nov 2011 12:07:26 +0100
tong <[hidden email]> пишет:

> On 11/09/2011 04:02 PM, Alexander Konotop wrote:
> > So the question is quite simple: do I have to send it to haxelib,
> > is it needed? For example if anybody will want to insert somehow my
> > lib into hxSSL then I don't see any reason to send my "another SSL
> > library" to haxelib separately from hxSSL. If not - then I think I
> > have to do it - maybe it will be useful for someone, not to invent
> > a bycicle/wheel/etc once more, though it's quite simple.
> you can fork hxssl and integrate your code here:
> https://github.com/tong/hxssl
>

hxSSL has separate _bio.c, _ssl.c and others so it's some kind of
strict low-level library port. But my functions sometimes use some of
these libs simultaneously - they perform the end task - to sign or to
check - so it's some kind of garbage in comparsion with strict hxSSL
structure. I can just put my *.c file in src folder of hxSSL and modify
Makefile - so tls.ndll will include my functions too and also add my
*.hx file/class which now has only two functions. But I think it's too
"unclean" and You will not want to accept a branch merge on git.

Here's an example of my lib usage:
======================
import nSSLite.SSLite;
class Signandcheck
{
  static function main()
  {
    var data : String = "123";
    var cert_file : neko.io.FileInput =
      neko.io.File.read("1753373.pem", false );
    var sign : String =
      SSLite.signData(data, cert_file.readAll().toString());
    trace(sign);
    var pkey_file : neko.io.FileInput =
      neko.io.File.read("1753373.pub", false );
    var valid : Int =
      SSLite.checkSign(data, pkey_file.readAll().toString(), sign);
    trace(valid);
  }
}
======================
As You can see, now there is no way of low-level communication between
my functs and hxSSL. Even if they will be in single lib - the way usage
of them both won't be enough apparent.

So how do You think? Can it be integrated into hxSSL, should I really do
this?

--
haXe - an open source web programming language
http://haxe.org
Reply | Threaded
Open this post in threaded view
|

Re: [nSSLite] a simple signing/checking library

tong-2
On 11/10/2011 12:51 PM, Alexander Konotop wrote:

> В Thu, 10 Nov 2011 12:07:26 +0100
> tong<[hidden email]>  пишет:
>
>> On 11/09/2011 04:02 PM, Alexander Konotop wrote:
>>> So the question is quite simple: do I have to send it to haxelib,
>>> is it needed? For example if anybody will want to insert somehow my
>>> lib into hxSSL then I don't see any reason to send my "another SSL
>>> library" to haxelib separately from hxSSL. If not - then I think I
>>> have to do it - maybe it will be useful for someone, not to invent
>>> a bycicle/wheel/etc once more, though it's quite simple.
>> you can fork hxssl and integrate your code here:
>> https://github.com/tong/hxssl
>>
> hxSSL has separate _bio.c, _ssl.c and others so it's some kind of
> strict low-level library port. But my functions sometimes use some of
> these libs simultaneously - they perform the end task - to sign or to
> check - so it's some kind of garbage in comparsion with strict hxSSL
> structure. I can just put my *.c file in src folder of hxSSL and modify
> Makefile - so tls.ndll will include my functions too and also add my
> *.hx file/class which now has only two functions. But I think it's too
> "unclean" and You will not want to accept a branch merge on git.
you can fork it and submit a pull request.

--
[) | 5 |<  † |2 3 3 - http://disktree.net


--
haXe - an open source web programming language
http://haxe.org
Reply | Threaded
Open this post in threaded view
|

Re: [nSSLite] a simple signing/checking library

alexander.konotop
В Thu, 10 Nov 2011 13:19:49 +0100
tong <[hidden email]> пишет:

> On 11/10/2011 12:51 PM, Alexander Konotop wrote:
> > В Thu, 10 Nov 2011 12:07:26 +0100
> > tong<[hidden email]>  пишет:
> >
> >> On 11/09/2011 04:02 PM, Alexander Konotop wrote:
> >>> So the question is quite simple: do I have to send it to haxelib,
> >>> is it needed? For example if anybody will want to insert somehow
> >>> my lib into hxSSL then I don't see any reason to send my "another
> >>> SSL library" to haxelib separately from hxSSL. If not - then I
> >>> think I have to do it - maybe it will be useful for someone, not
> >>> to invent a bycicle/wheel/etc once more, though it's quite simple.
> >> you can fork hxssl and integrate your code here:
> >> https://github.com/tong/hxssl
> >>
> > hxSSL has separate _bio.c, _ssl.c and others so it's some kind of
> > strict low-level library port. But my functions sometimes use some
> > of these libs simultaneously - they perform the end task - to sign
> > or to check - so it's some kind of garbage in comparsion with
> > strict hxSSL structure. I can just put my *.c file in src folder of
> > hxSSL and modify Makefile - so tls.ndll will include my functions
> > too and also add my *.hx file/class which now has only two
> > functions. But I think it's too "unclean" and You will not want to
> > accept a branch merge on git.
> you can fork it and submit a pull request.
>

OK, I'll try to merge the code.

Best regards
Alexander

--
haXe - an open source web programming language
http://haxe.org