[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Using webservice and OPENSSL
Thanks Mike for your very good tips.
I try
best regards
Mario
-----Messaggio originale-----
From: Mike Krebs
Sent: Friday, September 05, 2014 8:37 PM
To: HTTPAPI and FTPAPI Projects
Subject: RE: Using webservice and OPENSSL
You check it by encrypting it and then decrypting it. For example:
CALL QP2TERM
echo 'mike' > mike.txt
openssl base64 -in mike.txt -out mike.base64
cat mike.base64
bWlrZQo=
openssl base64 -d -in mike.base64 -out mike.decrypt64
cat mike.decrypt64
mike
Hint. The base64 file will be readable, the rsautl encrypted file should not
be. I don't think the rsautl automatically makes it base64. Do it in two
steps or | (pipe) one into the other.
Here is an example of a piped command:
openssl base64 -in mike.txt | openssl base64 -d -out mike.decrypt64two
You would of course use your rsautl in the first part and you would use the
base64 (without the decrypt) in the second part. Yours might look like
this:
openssl rsautl -encrypt -in CF.txt -inkey SanitelCF.cer -certin ?pkcs |
openssl base64 -out CF.enc
then to check you would reverse that with the private "decrypt" key (which
you probably don't have):
openssl base64 -d -in CF.enc|openssl rsautl -d -inkey SanitelCF.cer -certin
?pkcs -out CF.txt2
compare CF.txt and CF.txt2 and if they are exactly the same, you win!
-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Mario
Martoriello
Sent: Friday, September 5, 2014 11:55 AM
To: HTTPAPI and FTPAPI Projects
Subject: Re: Using webservice and OPENSSL
Hello Scott
thank you for your answer. On my server 5733-sc1 is already installed. I
download and installed your utility UNIXCMD. I read the examples and the
documentation, if I well understand I may create a pipe to STDIN e STDOUT
to pass the input and read the output . Now if the command is like this
openssl rsautl -encrypt -in CF.txt -out CF.enc -inkey SanitelCF.cer -certin
?pkcs
where cf.txt is input and CF.enc is the output how can I set the pipe to
these files correct?
I know that openssl has a base64 tool but I'm not sure that if I use the
openssl's option "rsautl" the output is in base64, how can I check it?
Thanks in advance
Mario
-----Messaggio originale-----
From: Scott Klement
Sent: Thursday, September 04, 2014 7:33 PM
To: HTTPAPI and FTPAPI Projects
Subject: Re: Using webservice and OPENSSL
If the output is indeed base64, as you say, then it shouldn't be "strange
ASCII characters" that you are sending.
You can install the openssl command-line tool in PASE. (In fact, IBM ships
it as part of LPO 5733-SC1, which is a no-charge item that is now sent along
with the OS CDs when you get the operating system.)
It's possible to use my UNIXCMD utility to run this command and get the
result back in your RPG program. Or you can run it with the STRQSH CL
command. You'll want to make sure that the output is giving you Base64
-- if not, openssl also has a base64 tool that can be used for that.
Once you have it in base64, you should be able to send it with HTTPAPI (and
presumably also WSDL2RPG) without any troubles.
On 9/1/2014 11:08 AM, Mario Martoriello wrote:
Hi
I use HTTPAPI and WSDL2RPG (Thomas?s version) to consume some
webservice and until now I have no problem and everything works fine.
Now I have to consume a webservice where I have to send some input
fields that must be encrypted as the output of the following command:
openssl rsautl -encrypt -in CF.txt -out CF.enc -inkey SanitelCF.cer
-certin ?pkcs
The encrypt must use BASE64 (RFC1521).
Did anyone do it before ? Which problem may I find putting these
strange ASCII characters in the XML file to send by Httpapi ? Is
possible to call OPENSSL from RPG?
Thanks in advance for your help
Mario
----------------------------------------------------------------------
- This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
----------------------------------------------------------------------
-
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------