CSR with only public key

Paul Yang kaishen.yy at alipay.com
Thu Sep 12 08:46:09 UTC 2019 

Dare any CA proceed to sign a CSR without verifying the signature…

Maybe there are scenarios we are not aware about...

> On Sep 12, 2019, at 4:41 PM, Francesco Petruzzi <francesco.petruzzi at innovery.net> wrote:
> 
> Sign request with a fake private key and hope the client do not require signature verification.
> 
> Regards
> Francesco Petruzzi
> 
> Da: openssl-users [mailto:openssl-users-bounces at openssl.org <mailto:openssl-users-bounces at openssl.org>] Per conto di Paul Yang via openssl-users
> Inviato: giovedì 12 settembre 2019 09:51
> A: Bharathi Prasad
> Cc: Openssl Users
> Oggetto: Re: CSR with only public key
> 
> How could you create the CSR with only public key?
> 
> 
> On Sep 12, 2019, at 3:50 PM, Bharathi Prasad <barati.j.prasad at gmail.com <mailto:barati.j.prasad at gmail.com>> wrote:
> 
> Hi,
> I have the public key of the client but not the private key. I am required
> to generate a CSR with only public key. I understand private key is required
> for Proof of Possession. However, as per my requirement I am supposed to
> create CSR only with public key and my CA would create a certificate.
> 
> I was able to create a CSR with CX509CertificateRequestCertificate and
> CX509Enrollment classes using the available public key. When I try to read
> the contents the of CSR in openssl (i used this command: openssl req -in
> client.csr -noout -text) i get "unable to load X509 request".
> 
> Is this happening because the CSR does not contain the signature of private
> key or the CSR is faulty.
> 
> Kindly help me.
> 
> Regards,
> Bharathi
> 
> 
> 
> --
> Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html <http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html>
> 
> 
> Regards,
> 
> Paul Yang


Regards,

Paul Yang

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190912/3a70a7fa/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190912/3a70a7fa/attachment-0001.sig>

More information about the openssl-users mailing list