[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using webservice and OPENSSL

From: "Mario Martoriello" <martoriello@xxxxxxxxxxxxxxx>
To: "HTTPAPI and FTPAPI Projects" <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Using webservice and OPENSSL
Date: Mon, 8 Sep 2014 09:34:44 +0200

Thanks Mike for your very good tips.
I try
best regards
Mario

-----Messaggio originale-----From: Mike Krebs

Sent: Friday, September 05, 2014 8:37 PM
To: HTTPAPI and FTPAPI Projects
Subject: RE: Using webservice and OPENSSL


You check it by encrypting it and then decrypting it. For example:

CALL QP2TERM

echo 'mike' > mike.txt
openssl base64 -in mike.txt -out mike.base64
cat mike.base64
bWlrZQo=
openssl    base64 -d -in mike.base64 -out mike.decrypt64
cat mike.decrypt64
mike

Hint. The base64 file will be readable, the rsautl encrypted file should notbe. I don't think the rsautl automatically makes it base64. Do it in twosteps or | (pipe) one into the other.


Here is an example of a piped command:

openssl base64 -in mike.txt | openssl base64 -d -out mike.decrypt64two

You would of course use your rsautl in the first part and you would use thebase64 (without the decrypt) in the second part. Yours might look likethis:openssl rsautl -encrypt -in CF.txt -inkey SanitelCF.cer -certin ?pkcs |openssl base64 -out CF.enc

then to check you would reverse that with the private "decrypt" key (whichyou probably don't have):openssl base64 -d -in CF.enc|openssl rsautl -d -inkey SanitelCF.cer -certin?pkcs -out CF.txt2


compare CF.txt and CF.txt2 and if they are exactly the same, you win!


-----Original Message-----

From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of MarioMartoriello

Sent: Friday, September 5, 2014 11:55 AM
To: HTTPAPI and FTPAPI Projects
Subject: Re: Using webservice and OPENSSL

Hello Scott

thank you for your answer. On my server 5733-sc1 is already installed. Idownload and installed your utility UNIXCMD. I read the examples and thedocumentation, if I well understand I may create a pipe to STDIN e STDOUTto pass the input and read the output . Now if the command is like thisopenssl rsautl -encrypt -in CF.txt -out CF.enc -inkey SanitelCF.cer -certin?pkcs

where cf.txt is input and CF.enc is the output   how can I set the pipe to
these files correct?

I know that openssl has a base64 tool but I'm not sure that if I use theopenssl's option "rsautl" the output is in base64, how can I check it?

Thanks in advance
Mario

-----Messaggio originale-----
From: Scott Klement
Sent: Thursday, September 04, 2014 7:33 PM
To: HTTPAPI and FTPAPI Projects
Subject: Re: Using webservice and OPENSSL

If the output is indeed base64, as you say, then it shouldn't be "strangeASCII characters" that you are sending.

You can install the openssl command-line tool in PASE. (In fact, IBM shipsit as part of LPO 5733-SC1, which is a no-charge item that is now sent alongwith the OS CDs when you get the operating system.)

It's possible to use my UNIXCMD utility to run this command and get theresult back in your RPG program. Or you can run it with the STRQSH CLcommand. You'll want to make sure that the output is giving you Base64

-- if not, openssl also has a base64 tool that can be used for that.

Once you have it in base64, you should be able to send it with HTTPAPI (andpresumably also WSDL2RPG) without any troubles.


On 9/1/2014 11:08 AM, Mario Martoriello wrote:

    Hi
    I use HTTPAPI and WSDL2RPG (Thomas?s version) to consume some
    webservice and until now I have no problem and everything works fine.
    Now I have to consume a webservice where I have to send some  input
    fields that  must be encrypted as the output of the following command:
    openssl rsautl -encrypt -in CF.txt -out CF.enc -inkey SanitelCF.cer
    -certin ?pkcs
    The encrypt must use BASE64 (RFC1521).
    Did anyone do it before ? Which problem may I find  putting these
    strange ASCII characters in the XML file to send by Httpapi ?  Is
    possible to call OPENSSL from RPG?
    Thanks in advance for your help
    Mario



----------------------------------------------------------------------
- This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
----------------------------------------------------------------------
-








-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi

-----------------------------------------------------------------------

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi

-----------------------------------------------------------------------

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

References:
- Using webservice and OPENSSL
  - From: Mario Martoriello
- Re: Using webservice and OPENSSL
  - From: Scott Klement
- Re: Using webservice and OPENSSL
  - From: Mario Martoriello
- RE: Using webservice and OPENSSL
  - From: Mike Krebs

Prev by Date: RE: Using webservice and OPENSSL
Next by Date: Getting started
Previous by thread: RE: Using webservice and OPENSSL
Next by thread: HTTPAPI - Post to SOAP Web Service
Index(es):
- Date
- Thread