RE: IE can't process 1024 bits cert?
Hy, thanks a lot. but i'm still confused of the cipher strength and key length. i always think 40-bit should be the key length of symmetric cipher algorithm and 512-bit is the key length of asymmetric cipher algorithm. It's just. 40-bit data encryption aglorithm is always corresponding to 512-bit certificate, and 128-bit to 1024/2048-bit. is that right? No, the certificate is independent of the symetric key-length. You can have a server with a 512 bits certificate which used 128 bits symetric-key, or a server with a 2048 bits certificate which used 40 bits symetric-key. It's just a question of configuration of the server and the version (support crypto 128 bits or No). -- Ludovic FLAMENT __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
openssh dsa_verify still fails with openssl-0.9.6-beta2
The dsa_verify failure for server_host_key which was seen in beta1 is still present in beta2. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem: Adding certificate and private key to IIS 5.0
First, thank you for your answer. You wrote: Both, the key and certificate _SHOULD_ be in PEM format refer to http://www.openssl.org/docs/apps/pkcs12.html# for details. Oh right, sorry, I didn't see it, but it says so on the site. Now, how can I "encode" the files to the .pem format? Is .pem the same as PKCS #12? My Certificate is encoded in Base64, my private key is DER-encoded (or at least I think so, I'm not sure about all these different formats. It looks pretty unreadable opened in a Texteditor *g*) Can you please tell, Which tool was used to generate the private key and the CSR (certificate signing request) ? Sure, I generated the private key and the request file using keygen.exe, an IIS 4.0 command line tool to generate private key and certificate request, given the right information. The certificate request are mostly send to Thawte, if it makes a difference... So, any more ideas? Thank you in advance, Thomas Christmann NT-Systemprogrammierer mailto:[EMAIL PROTECTED] Schlund + Partner AG Erbprinzenstrasse 4-12 D-76133 Karlsruhe http://www.schlund.de __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OpenSSL version 0.9.6 Beta 2 (problems with Win 98)
I got a little bit of problem with the new beta 2 under Windows 98. The following line causes a program error: openssl req -x509 -newkey rsa:512 -keyout key.pem -out cer.pem I compiled it with Borland 5.5, since I don't have an assembler I turned off the "readtimer" function in rand_win.c . (Which could be why this happens in the first place but I hope not) Details: Printscreen (dos window): --- Microsoft(R) Windows 98 (C)Copyright Microsoft Corp 1981-1998. C:\openssl req -x509 -newkey rsa:512 -keyout key.pem -out cer.pem Using configuration from C:\OPENSSL\OPENSSL.CNF Loading 'screen' into random state - C:\ --- Error-detail on desktop - OPENSSL verursachte einen Fehler durch eine ungültige Seite in Modul Unbekannt bei :0095a5d5. Register: EAX=0072f166 CS=017f EIP=0095a5d5 EFLGS=00010216 EBX=0095a5d0 SS=0187 ESP=0072f134 EBP= ECX=81622bc8 DS=0187 ESI=00953ec0 FS=2e27 EDX=bffc9490 ES=0187 EDI=bff7 GS= Bytes bei CS:EIP: 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Stapelwerte: 0046823f 004cd210 0072f16c bfea bff5 - TIA U.K. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem: Adding certificate and private key to IIS 5.0
Hi, AFAIK, if you have generated the private key and CSR using IIS 4.0 supplied tool, then the certificate and private key will be in NET format. For details of extracting the key from IIS backup file and converting to PEM format look for the messages with subject "Using openssl to generate keys for IIS" in the archives. It gives you exact procedure to deal with the IIS 4.0 generated keys. hope this helps, Mandar Thomas Christmann wrote: First, thank you for your answer. You wrote: Both, the key and certificate _SHOULD_ be in PEM format refer to http://www.openssl.org/docs/apps/pkcs12.html# for details. Oh right, sorry, I didn't see it, but it says so on the site. Now, how can I "encode" the files to the .pem format? Is .pem the same as PKCS #12? My Certificate is encoded in Base64, my private key is DER-encoded (or at least I think so, I'm not sure about all these different formats. It looks pretty unreadable opened in a Texteditor *g*) Can you please tell, Which tool was used to generate the private key and the CSR (certificate signing request) ? -- Mandar Prabhakar Behere Member of Technical Staff Persistent Systems Pvt. Ltd. Phone : office : 91-20-5676700 ext. 541 residence : 91-20-4485174 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Does anybody launches ssl aware apache under WIN32 correctly?
[18/Sep/2000 14:03:55 00864] [info] Init: Loading certificate private key of SSL-aware server tjww.adaptview.com:443 [18/Sep/2000 14:03:55 00864] [info] Init: Requesting pass phrase via builtin terminal dialog Your log suggests that the terminal(the application window) is waiting for a passphrase to decrypt the private key. Enter there the passphrase that you entered when you generated the certifcate request/private key. Amit. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL version 0.9.6 Beta 2 (problems with Win 98)
Initialize the function pointers acquire, gen, release, netstatget, netfree to 0. Error-detail on desktop - OPENSSL verursachte einen Fehler durch eine ungültige Seite in Modul Unbekannt bei :0095a5d5. Register: EAX=0072f166 CS=017f EIP=0095a5d5 EFLGS=00010216 EBX=0095a5d0 SS=0187 ESP=0072f134 EBP= ECX=81622bc8 DS=0187 ESI=00953ec0 FS=2e27 EDX=bffc9490 ES=0187 EDI=bff7 GS= Bytes bei CS:EIP: 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Stapelwerte: 0046823f 004cd210 0072f16c bfea bff5 Jeffrey Altman * Sr.Software Designer The Kermit Project * Columbia University 612 West 115th St * New York, NY * 10025 * USA http://www.kermit-project.org/ * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Does anybody launches ssl aware apache under WIN32 correctly?
Your log suggests that the terminal(the application window) is waiting for a passphrase to decrypt the private key. Enter there the passphrase that you entered when you generated the certifcate request/private key. Amit. First thank you for your answer, Amit The Apache log confused me, it shows --Enter pass phrase: first, and I input the passphrase number, then it shows --Apache/1.3.12 (Win32) mod_ssl/2.6.5 OpenSSL/0.9.5a running... and wait for input again without any prompt, which I have just inputted, so I wait for it continue running, it wait for my input:(( DEADLOCK:( I am so foolish, I have traced into it, but did not try to input the passphrase number again actually:((( So fool I am, and thank you for your advice:) Bye, Sincerely yours tjww. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Verify signature of a multipart message
Angus Lee wrote: = Original Message From [EMAIL PROTECTED] = I could use OpenSSL to decrypt this signed and encrypted message. Then when I verify the digital signature, OpenSSL told me that 'content and data present'. Is there anything wrong with my code? Can you send me a copy of the message and/or signature. The signed but decrypted version that is? b4dec.txt is the original signed and encrypted message, while afterdec.txt is what I got after decryption. cityuca.pem is the CA certificate of the signer. What version of Netscape is this BTW? 4.71 (40 bit). Ugh. I checked OpenSSL 4.73 too and it does the same. The cause is that Netscape isn't properly excluding the content. It is including a zero length content. This is a recent addition to Netscape and is a bug. I'll see if I can develop a work around. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem: Adding certificate and private key to IIS 5.0
Hi, AFAIK, if you have generated the private key and CSR using IIS 4.0 supplied tool, then the certificate and private key will be in NET format. For details of extracting the key from IIS backup file and converting to PEM format look for the messages with subject "Using openssl to generate keys for IIS" in the archives. It gives you exact procedure to deal with the IIS 4.0 generated keys. hope this helps, Mandar It did, yes, thank you! I found out that keygen.exe creates my private key in NET format and my certificate in PEM format. So I looked at the thread you mentioned and found out how to convert NET to PEM, which worked like that: openssl-0.9.5a\out32dllopenssl rsa -inform NET -outform PEM -in C:\Work\privkey.net -out C:\Work\userkey.pem I created my desired PKCS #12 file with the following command: openssl pkcs12 -export -in C:\Work\MyCert.cer -inkey C:\Work\userkey.pem -out C:\Work\Outfile.pfx and got the .PFX file that I wanted in order to import the key and certificate into IIS 5.0. Problem is, it doesn't work. When I double-click the .pfx file. the import wizard starts up, asks me for the file to import (the newly created .pfx file) and in which certificate store I want to put the imported certificate (I chose personal there, all my others are there, too). The wizards completes with the words "Import successful"; the problem is, my certificate was not imported, I cannot find it in any store, and so I can't assign it to a web. I think that's no openssl related problem any more, but if anyone might have any ideas, I'd be grateful. Thanks, Thomas Christmann NT-Systemprogrammierer mailto:[EMAIL PROTECTED] Schlund + Partner AG Erbprinzenstrasse 4-12 D-76133 Karlsruhe http://www.schlund.de __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Verify signature of a multipart message
Angus Lee wrote: b4dec.txt is the original signed and encrypted message, while afterdec.txt is what I got after decryption. cityuca.pem is the CA certificate of the signer. OK. I've included a work around to the dev version of OpenSSL. It will be in OpenSSL 0.9.6. If you want to fix this yourself just locate the test in the function PKCS7_verify() in crypto/pkcs7/pk7_smime.c and comment it out. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Problem compiling openssl engine beta2 on NT
I tried to compile on a Win32 platforom openssl engine beta2, and the OpenSSL beta2, and I recieve in both case this error: cl /Fotmp32dll\rand_win.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN3 2_LEAN_AND_MEAN -DL_ENDIAN /Fdout32dll /GD -D_WINDLL -D_DLL -c .\crypto\rand\rand_win.c rand_win.c .\crypto\rand\rand_win.c(175) : error C2143: syntax error : missing ')' before '*' .\crypto\rand\rand_win.c(175) : error C2143: syntax error : missing '{' before '*' .\crypto\rand\rand_win.c(175) : error C2059: syntax error : ')' .\crypto\rand\rand_win.c(175) : error C2059: syntax error : ';' .\crypto\rand\rand_win.c(190) : error C2065: 'NETSTATGET' : undeclared identifier .\crypto\rand\rand_win.c(190) : error C2146: syntax error : missing ';' before identifier 'netstatget' .\crypto\rand\rand_win.c(190) : error C2065: 'netstatget' : undeclared identifier .\crypto\rand\rand_win.c(191) : error C2275: 'NETFREE' : illegal use of this type as an expression .\crypto\rand\rand_win.c(176) : see declaration of 'NETFREE' .\crypto\rand\rand_win.c(191) : error C2146: syntax error : missing ';' before identifier 'netfree' .\crypto\rand\rand_win.c(191) : error C2065: 'netfree' : undeclared identifier .\crypto\rand\rand_win.c(201) : error C2146: syntax error : missing ';' before identifier 'GetProcAddress' .\crypto\rand\rand_win.c(202) : warning C4047: '=' : 'int ' differs in levels of indirection from 'unsigned long (__stdc all *)(unsigned char *)' .\crypto\rand\rand_win.c(209) : error C2063: 'netstatget' : not a function .\crypto\rand\rand_win.c(212) : error C2063: 'netfree' : not a function .\crypto\rand\rand_win.c(214) : error C2063: 'netstatget' : not a function .\crypto\rand\rand_win.c(217) : error C2063: 'netfree' : not a function NMAKE : fatal error U1077: 'cl' : return code '0x2' Is there a solution to this problem? Thanks, ERIC __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL version 0.9.6 Beta 2 (problems with Win 98)
- Original Message - From: Jeffrey Altman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, September 18, 2000 1:08 PM Subject: Re: OpenSSL version 0.9.6 Beta 2 (problems with Win 98) Initialize the function pointers acquire, gen, release, netstatget, netfree to 0. Yep, that did it, thank you. Another satisfied customer :) Uli K. Error-detail on desktop - OPENSSL verursachte einen Fehler durch eine ungültige Seite in Modul Unbekannt bei :0095a5d5. Register: EAX=0072f166 CS=017f EIP=0095a5d5 EFLGS=00010216 EBX=0095a5d0 SS=0187 ESP=0072f134 EBP= ECX=81622bc8 DS=0187 ESI=00953ec0 FS=2e27 EDX=bffc9490 ES=0187 EDI=bff7 GS= Bytes bei CS:EIP: 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Stapelwerte: 0046823f 004cd210 0072f16c bfea bff5 Jeffrey Altman * Sr.Software Designer The Kermit Project * Columbia University 612 West 115th St * New York, NY * 10025 * USA http://www.kermit-project.org/ * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Error code 0D067007
Hi I'm new to openssl having just implemented Apache 1.3.9 and openssl 0.9.4. Everything was fine until I installed the certificate from Verisign (via BT Trustwise). We are now getting the following errors: [Mon Sep 18 13:21:02 2000] [error] mod_ssl: SSL handshake failed (OpenSSL library error follows) [Mon Sep 18 13:21:02 2000] [error] OpenSSL: error:0D067007:asn1 encoding routines:ASN1_COLLATE_PRIMITIVE:expecting an asn1 sequence [Mon Sep 18 13:26:24 2000] [error] mod_ssl: SSL error on reading data (OpenSSL library error follows) [Mon Sep 18 13:26:24 2000] [error] OpenSSL: error:0D067007:asn1 encoding routines:ASN1_COLLATE_PRIMITIVE:expecting an asn1 sequence I'd really appreciate it if someone could let me know what I'm doing wrong! -- Regards, Stephen A. Clark __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Apps over SSL
On Fri, 15 Sep 2000, Soul Fire wrote: Thanks for the direction. I know that openssh would replace the need for telnet right off the bat but does it allow for other apps to ride over the encrypted stream as well? OpenSSH automagically sets up a tunnel for the X Window protocol, and I've also used it to tunnel VNC sessions. It's not too hard to set up. See the documentation for details. Here's a shellscript that I wrote to encapsulate the gory details of VNC tunnelling: #! /bin/sh GATEWAY=${VNC_GATEWAY-rahal} ssh -L 5900:$1:5902 -x -f $GATEWAY 'sleep 10' vncviewer -encodings "copyrect hextile" localhost $GATEWAY is the name of the machine at the other end of the tunnel. VNC uses ports 5900-up. The 'sleep 10' command is probably needed only because I don't know more about controlling ssh properly. Further discussion of ssh ought to move to [EMAIL PROTECTED] or comp.security.ssh . -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] 2000-05-05 13:27:15 GMT -- still no icebergs in the White River __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
MVS ports
Hello, I'm looking for a standard and free cryptographic library (like SSLeay, and OpenSSL of course) which can be easily compiled and linked to applications on IBM MVS - OS/390 machines. Please, help me! (^_^) Thanks in advance, see you soon, Simone -- | / ___/ ___|| __ ) __|_ \___ \___ \| _ \ | || || ___) |__) | |_) | __|_ || || |//|/ | || || || || ||| | || || || || ||| SOCIETA' | || || || || ||| PER I SERVIZI | || || || || ||| BANCARI S.p.A. Ing. Simone Ventola - addetto studi e progettazione Divisione E-Business e Sistemi Interbancari Tel:02-3484509 Cell: 0348-8231912 E-mail: [EMAIL PROTECTED] == "All'origine di ogni errore attribuito al computer ci sono almeno due errori umani... compreso quello di attribuire l'errore al computer..." == __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: MVS ports
Please turn off your reciept requesting "feature" of your mail client. /Douglas Simone Ventola wrote: Hello, I'm looking for a standard and free cryptographic library (like SSLeay, and OpenSSL of course) which can be easily compiled and linked to applications on IBM MVS - OS/390 machines. Please, help me! (^_^) Thanks in advance, see you soon, Simone -- | / ___/ ___|| __ ) __|_ \___ \___ \| _ \ | || || ___) |__) | |_) | __|_ || || |//|/ | || || || || ||| | || || || || ||| SOCIETA' | || || || || ||| PER I SERVIZI | || || || || ||| BANCARI S.p.A. Ing. Simone Ventola - addetto studi e progettazione Divisione E-Business e Sistemi Interbancari Tel:02-3484509 Cell: 0348-8231912 E-mail: [EMAIL PROTECTED] == "All'origine di ogni errore attribuito al computer ci sono almeno due errori umani... compreso quello di attribuire l'errore al computer..." == __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- -- Douglas Wikström [EMAIL PROTECTED] -- Yes, God created Man before Woman, but one always makes a draft before the masterpiece. -- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem compiling openssl engine beta2 on NT
Try replacing LMSTR with LPWSTR in crypto/rand/rand_win.c I tried to compile on a Win32 platforom openssl engine beta2, and the OpenSSL beta2, and I recieve in both case this error: cl /Fotmp32dll\rand_win.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN3 2_LEAN_AND_MEAN -DL_ENDIAN /Fdout32dll /GD -D_WINDLL -D_DLL -c .\crypto\rand\rand_win.c rand_win.c .\crypto\rand\rand_win.c(175) : error C2143: syntax error : missing ')' before '*' .\crypto\rand\rand_win.c(175) : error C2143: syntax error : missing '{' before '*' .\crypto\rand\rand_win.c(175) : error C2059: syntax error : ')' .\crypto\rand\rand_win.c(175) : error C2059: syntax error : ';' .\crypto\rand\rand_win.c(190) : error C2065: 'NETSTATGET' : undeclared identifier .\crypto\rand\rand_win.c(190) : error C2146: syntax error : missing ';' before identifier 'netstatget' .\crypto\rand\rand_win.c(190) : error C2065: 'netstatget' : undeclared identifier .\crypto\rand\rand_win.c(191) : error C2275: 'NETFREE' : illegal use of this type as an expression .\crypto\rand\rand_win.c(176) : see declaration of 'NETFREE' .\crypto\rand\rand_win.c(191) : error C2146: syntax error : missing ';' before identifier 'netfree' .\crypto\rand\rand_win.c(191) : error C2065: 'netfree' : undeclared identifier .\crypto\rand\rand_win.c(201) : error C2146: syntax error : missing ';' before identifier 'GetProcAddress' .\crypto\rand\rand_win.c(202) : warning C4047: '=' : 'int ' differs in levels of indirection from 'unsigned long (__stdc all *)(unsigned char *)' .\crypto\rand\rand_win.c(209) : error C2063: 'netstatget' : not a function .\crypto\rand\rand_win.c(212) : error C2063: 'netfree' : not a function .\crypto\rand\rand_win.c(214) : error C2063: 'netstatget' : not a function .\crypto\rand\rand_win.c(217) : error C2063: 'netfree' : not a function NMAKE : fatal error U1077: 'cl' : return code '0x2' Is there a solution to this problem? Thanks, ERIC __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer The Kermit Project * Columbia University 612 West 115th St * New York, NY * 10025 * USA http://www.kermit-project.org/ * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Verify signature of a multipart message
= Original Message From [EMAIL PROTECTED] = Ugh. I checked OpenSSL (Netscape?) 4.73 too and it does the same. The cause is that Netscape isn't properly excluding the content. It is including a zero length content. This is a recent addition to Netscape and is a bug. I'll see if I can develop a work around. In other words, do you mean that I couldn't verify the digital signature of those e-mail come from Netscape. I'm developing a Eudora S/MIME plug-in for our University. I've asked my colleague to send me a signed message using Outlook Express. He accidentally sent both plain text and HTML format to me. So the message is a multipart message, but I could verify the digital signature without any problem. By the way, my colleague used a digital certificate generated using OpenSSL to sign the e-mail. Did it matter? Angus Lee --- Get Your Free Email at http://www.hknetmail.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Verify signature of a multipart message
Angus Lee wrote: = Original Message From [EMAIL PROTECTED] = Ugh. I checked OpenSSL (Netscape?) 4.73 too and it does the same. The cause is that Netscape isn't properly excluding the content. It is including a zero length content. This is a recent addition to Netscape and is a bug. I'll see if I can develop a work around. In other words, do you mean that I couldn't verify the digital signature of those e-mail come from Netscape. I'm developing a Eudora S/MIME plug-in for our University. I've asked my colleague to send me a signed message using Outlook Express. He accidentally sent both plain text and HTML format to me. So the message is a multipart message, but I could verify the digital signature without any problem. By the way, my colleague used a digital certificate generated using OpenSSL to sign the e-mail. Did it matter? No it doesn't manner: its a Netscape messenger bug. As I said in my other message I've added a work around in OpenSSL now anyway and it verifies your test message (and mine) just fine. Yes I did mean Netscape 4.73 has the problem also. I'm using PSM and it also does that. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Make Ends Meet
Subject: Invest $25 to get $500,000 in every 4 to 5 months!! Dear Friend: AS SEEN ON NATIONAL TV : ''Making over half million dollars every 4 to 5 months from your home for an investment of only $25 U.S. Dollars expense one time'' THANX TO THE COMPUTER AGE AND THE INTERNET ! === BE A MILLIONAIRE LIKE OTHERS WITHIN A YEAR !!! Before you say ''Bull'' , please read the following. This is the letter you have been hearing about on the news lately. Due to the popularity of this letter on the internet, a national weekly news program recently devoted an entire show to the investigation of this program described below , to see if it really can make people money. The show also investigated whether or not the program was legal. Their findings proved once and for all that there are ''absolutely NO. Laws prohibiting the participation in the program and if people can follow the simple instructions, they are bound to make some mega bucks with only $25 out of pocket cost''. DUE TO THE RECENT INCREASE OF POPULARITY RESPECT THIS PROGRAM HAS ATTAINED, IT IS CURRENTLY WORKING BETTER THAN EVER. This is what one had to say: '' Thanks to this profitable opportunity. I was approached many times before but each time I passed on it. I am so glad I finally joined just to see what one could expect in return for the minimal effort and money required. To my astonishment, I received total $ 610,470.00 in 21 weeks, with money still coming in''. Pam Hedland, Fort Lee, New Jersey. - Here is another testimonial: '''This program has been around for a long time but I never believed in it. But one day when I received this again in the mail I decided to gamble my $25 on it. I followed the simple instructions and walaa . 3 weeks later the money started to come in. First month I only made $240.00 but the next 2 months after that I made a total of $290,000.00. So far, in the past 8 months by re-entering the program, I have made over $710,000.00 and I am playing it again. The key to success in this program is to follow the simple steps and NOT change anything .'' More testimonials later but first, ** PRINT THIS NOW FOR YOUR FUTURE REFERENCE *** $$$ If you would like to make at least $500,000 every 4 to 5 months easily and comfortably, please read the following...THEN READ IT AGAIN and AGAIN !!! $$$ FOLLOW THE SIMPLE INSTRUCTION BELOW AND YOUR FINANCIAL DREAMS WILL COME TRUE, GUARANTEED ! INSTRUCTIONS: Order all 5 reports shown on the list below. For each report, send $5 CASH, THE NAME NUMBER OF THE REPORT YOU ARE ORDERING and YOUR E-MAIL ADDRESS to the person whose name appears ON THAT LIST next to the report. MAKE SURE YOUR RETURN ADDRESS IS ON YOUR ENVELOPE TOP LEFT CORNER in case of any mail problems. When you place your order, make sure you order each of the 5 reports. You will need all 5 reports so that you can save them on your computer and resell them. YOUR TOTAL COST $5 X 5 = $25.00. Within a few days you will receive, vie e-mail, each of the 5 reports from these 5 different individuals. Save them on your computer so they will be accessible for you to send to the 1,000's of people who will order them from you. Also make a floppy of these reports and keep it on your desk in case something happen to your computer. IMPORTANT __ DO NOT alter the names of the people who are listed next to each report, or their sequence on the list, in any way other than what is instructed below in step '' 1 through 6 '' or you will loose out on majority of your profits. Once you understand the way this works, you will also see how it does not work if you change it. Remember, this method has been tested, and if you alter, it will NOT work!!! People have tried to put their friends/relatives names on all five thinking they could get all the money. But it does not work this way. Believe us, we all have tried to be greedy and
converting raw signature to PKCS#7 format
Hi I have a library which signs data on a smart card and returns 128 bytes signature. Now the problem is how to convert it into PKCS#7 so that it can be verified by a PKCS#7 compliant verify tool. Is there any utility which can convert raw signature to a PKCS#7 object. The platform on which signature is done is Windows NT/95. Thanks vivek ___ Free Unlimited Internet Access! Try it now! http://www.zdnet.com/downloads/altavista/index.html ___ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
generating a certificate chain in pkcs7 format using OpenSSL?
Does anyone know how to generate a certificate chain in pkcs7 form using OpenSSL? thanks, Kim __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]