Couldn't you just use EVP_PKEY_get1_EC_KEY? https://www.openssl.org/docs/man1.0.2/crypto/EVP_PKEY_get1_EC_KEY.html
Cheers, Ethan On Wed, Mar 22, 2017 at 10:48 AM, Christian Adja via openssl-users < openssl-users@openssl.org> wrote: > Good evening everybody, > I need help about to transform public key (unsigned char *) retrieved from > IEEE cert in EVP_PKEY o EC_KEY. The public key is an ecdsaNistP256 in > compressed form (compressedy1). > The public key form in hex = > |00|80|83|x point (32 bytes)| > > Thanks, > > Best Regards > > > Il Mercoledì 15 Marzo 2017 22:23, "openssl-users-requ...@openssl.org" < > openssl-users-requ...@openssl.org> ha scritto: > > > Send openssl-users mailing list submissions to > openssl-users@openssl.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://mta.openssl.org/mailman/listinfo/openssl-users > or, via email, send a message with subject or body 'help' to > openssl-users-requ...@openssl.org > > You can reach the person managing the list at > openssl-users-ow...@openssl.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of openssl-users digest..." > > > Today's Topics: > > 1. Request for adding new ciphers (Christian Adja) > 2. Re: Request for adding new ciphers (Matt Caswell) > 3. Generating dh parameters multithreaded? (Joseph Southwell) > 4. Re: Generating dh parameters multithreaded? (Salz, Rich) > 5. OpenSSL Certificate Cross Signing (Moritz Wirth) > 6. Re: PKCS#7 (val?ry) > 7. Re: Generating dh parameters multithreaded? (Joseph Southwell) > 8. Re: Generating dh parameters multithreaded? (Salz, Rich) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 15 Mar 2017 18:03:44 +0000 (UTC) > From: Christian Adja <christian_a...@yahoo.it> > To: "openssl-users@openssl.org" <openssl-users@openssl.org> > Subject: [openssl-users] Request for adding new ciphers > Message-ID: <1576557894.1332584.1489601024...@mail.yahoo.com> > Content-Type: text/plain; charset="utf-8" > > Hi everyone, > Someone can help for adding the ciphersuite " ECDHE_ECDSA_WITH_AES_128_CCM > " and "ECDHE_ECDSA_WITH_AES_256_CCM " in openssl? > I tried adding in the file tls1.h??? # define > TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM??????????? > 0x0300C0AC > ??? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM??????????? 0x0300C0AD > And modifing the file? ssl_ciph.c the functions??? ssl_load_ciphers() ... > And modifing the file evp_cipher.c and sssl_locl.cand finaly ssl_algs.c. > There are no way to make it works. It continue to give me? error: > ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420 > thanks. > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: <http://mta.openssl.org/pipermail/openssl-users/ > attachments/20170315/5ea926a1/attachment-0001.html> > > ------------------------------ > > Message: 2 > Date: Wed, 15 Mar 2017 18:18:52 +0000 > From: Matt Caswell <m...@openssl.org> > To: openssl-users@openssl.org > Subject: Re: [openssl-users] Request for adding new ciphers > Message-ID: <e507eba7-b0c6-d85a-78aa-2af36c2e4...@openssl.org> > Content-Type: text/plain; charset=windows-1252 > > > > On 15/03/17 18:03, Christian Adja via openssl-users wrote: > > Hi everyone, > > > > Someone can help for adding the ciphersuite " > > ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in > > openssl? > > I tried adding in the file tls1.h > > # define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM 0x0300C0AC > > # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM 0x0300C0AD > > > > And modifing the file ssl_ciph.c the functions > > ssl_load_ciphers() ... > > And modifing the file evp_cipher.c and sssl_locl.c > > and finaly ssl_algs.c. > > > > There are no way to make it works. It continue to give me error: > > ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420 > > > These ciphersuites already exist in OpenSSL (from version 1.1.0). > > Matt > > > > ------------------------------ > > Message: 3 > Date: Wed, 15 Mar 2017 14:18:38 -0400 > From: Joseph Southwell <jsouthw...@serengeti.com> > To: openssl-users@openssl.org > Subject: [openssl-users] Generating dh parameters multithreaded? > Message-ID: <56015584-6edc-4bd6-aa21-f27835281...@serengeti.com> > Content-Type: text/plain; charset="utf-8" > > On any new install of our software we generate new dh parameters as > follows? > > DH *dh = DH_new(); > !DH_generate_parameters_ex(dh, 2048, 2, NULL); > int codes = 0; > DH_check(dh, &codes); > DH_generate_key(dh); > > It takes a long time. Is there some way to have it use all available cores > instead of just the one? > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: <http://mta.openssl.org/pipermail/openssl-users/ > attachments/20170315/abdcfd11/attachment-0001.html> > > ------------------------------ > > Message: 4 > Date: Wed, 15 Mar 2017 18:21:05 +0000 > From: "Salz, Rich" <rs...@akamai.com> > To: "openssl-users@openssl.org" <openssl-users@openssl.org> > Subject: Re: [openssl-users] Generating dh parameters multithreaded? > Message-ID: > <9ff829cd17f74e4a910ca067196f7...@usma1ex-dag1mb1.msg.corp.akamai.com> > Content-Type: text/plain; charset="utf-8" > > > It takes a long time. Is there some way to have it use all available > cores instead of just the one? > > You'll have to write the code to do that parallelism yourself. > > ------------------------------ > > Message: 5 > Date: Wed, 15 Mar 2017 19:46:07 +0100 > From: Moritz Wirth <m...@flanga.io> > To: openssl-users@openssl.org > Subject: [openssl-users] OpenSSL Certificate Cross Signing > Message-ID: <c879dec1-9fab-5ecc-de01-4e033c690...@flanga.io> > Content-Type: text/plain; charset=utf-8 > > Good Evening all, > > > I have 2 Root Certificate Authorities which I want to use to cross sign > an intermediate certificate. I created a certificate request and signed > it with both CAs. > > I issued an end user certificate with the intermediate CA and added both > intermediate CA Certificates (the one from Root1 and the one signed by > Root2). If only one CA is trusted, the certificate is still recognized > as trusted in Firefox regardless which certificate is on top of the > chain (Which is exactly what I want.) > > I wondered if I can connect both intermediate Certificates to a single > certificate or do I always need both certificates? > > > Best Regards, > > Moritz > > > > ------------------------------ > > Message: 6 > Date: Wed, 15 Mar 2017 21:42:50 +0100 > From: val?ry <vsb...@gmail.com> > To: openssl-users@openssl.org > Subject: Re: [openssl-users] PKCS#7 > Message-ID: > <CAMkdoSFR_kT=wxt5jAFMENwN3dXEhzVr=VkJmh-7=ocahj1...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Alright, big thanks to both of you for your input! > > On Mar 15, 2017 23:01, "Wouter Verhelst" <wouter.verhe...@fedict.be> > wrote: > > On 15-03-17 05:13, val?ry wrote: > > > Hi, > > > > thank you very much for your response. > > Say someone would be able to gather several clear text AES keys and > > their respective asymmetrically encrypted RSA blocks. Would it weakens > > the security of the RSA key pair ? I mean could it be easier for someone > > using that information to brute force an RSA key pair ? > > > > Think of it this way: > > As far as the RSA algorithm is concerned, the AES keys are just data. They > happen to be AES keys, but they might have been a hash value, an image, or > somebody's date of birth. > > If getting the cleartext as well as the encrypted text for an RSA message > would allow you to more easily guess the RSA key, then the RSA algorithm > would be seriously flawed. > > There is no known attack against RSA for which this is true, however, as > Rich pointed out. > > -- > Wouter Verhelst > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: <http://mta.openssl.org/pipermail/openssl-users/ > attachments/20170315/c5426a43/attachment-0001.html> > > ------------------------------ > > Message: 7 > Date: Wed, 15 Mar 2017 17:08:50 -0400 > From: Joseph Southwell <jsouthw...@serengeti.com> > To: "Salz, Rich" <rs...@akamai.com>, openssl-users@openssl.org > Subject: Re: [openssl-users] Generating dh parameters multithreaded? > Message-ID: <f3ade150-0faa-46b8-b481-816c1dd1b...@serengeti.com> > Content-Type: text/plain; charset=us-ascii > > Are you suggesting that I should modify openssl myself to expose that > functionality or are suggesting that there is a way to do that given the > already exposed functionality? If it is the latter could you point me in > the right direction? > > > On Mar 15, 2017, at 2:21 PM, Salz, Rich via openssl-users < > openssl-users@openssl.org> wrote: > > > >> It takes a long time. Is there some way to have it use all available > cores instead of just the one? > > > > You'll have to write the code to do that parallelism yourself. > > -- > > openssl-users mailing list > > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > > > > > ------------------------------ > > Message: 8 > Date: Wed, 15 Mar 2017 21:15:11 +0000 > From: "Salz, Rich" <rs...@akamai.com> > To: Joseph Southwell <jsouthw...@serengeti.com>, > "openssl-users@openssl.org" <openssl-users@openssl.org> > Subject: Re: [openssl-users] Generating dh parameters multithreaded? > Message-ID: > <2a86a335027d437ba9531551ce0ea...@usma1ex-dag1mb1.msg.corp.akamai.com> > Content-Type: text/plain; charset="Windows-1252" > > > Are you suggesting that I should modify openssl myself to expose that > > functionality or are suggesting that there is a way to do that given the > already > > exposed functionality? If it is the latter could you point me in the > right > > direction? > > OpenSSL code does not do what you want. You'll have to write it > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > openssl-users mailing list > openssl-users@openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-users > > > ------------------------------ > > End of openssl-users Digest, Vol 28, Issue 21 > ********************************************* > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users