Re: [openssl-users] openssl-users Digest, Vol 10, Issue 19 (lib4758cca.bad
I guess I missed that. Works perfectly now! Thanks, Viktor!! Neil On 9/25/2015 2:45 PM, openssl-users-requ...@openssl.org wrote: Send openssl-users mailing list submissions to openssl-users@openssl.org To subscribe or unsubscribe via the World Wide Web, visit https://mta.openssl.org/mailman/listinfo/openssl-users or, via email, send a message with subject or body 'help' to openssl-users-requ...@openssl.org You can reach the person managing the list at openssl-users-ow...@openssl.org When replying, please edit your Subject line so it is more specific than "Re: Contents of openssl-users digest..." Today's Topics: 1. Re: lib4758cca.bad (Viktor Dukhovni) 2. How can i verify a signature without knowing the private key? not by openssl command but openssl function. (=?gb18030?B?1qrstvTDvLo=?=) 3. Re: How can i verify a signature without knowing the private key? not by openssl command but openssl function. (Scott Neugroschl) 4. Re: How can i verify a signature without knowing the private key? not by openssl command but openssl function. (Scott Neugroschl) 5. Browsers SSL handshake issues with https://wiki.openssl.org (Bubnov Dmitriy) -- Message: 1 Date: Thu, 24 Sep 2015 19:52:49 + From: Viktor DukhovniTo: openssl-users@openssl.org Subject: Re: [openssl-users] lib4758cca.bad Message-ID: <20150924195249.gr21...@mournblade.imrryr.org> Content-Type: text/plain; charset=us-ascii On Thu, Sep 24, 2015 at 12:50:43PM -0500, neil carter wrote: I just completed compiling the openssl-1.0.2d bundle on 64-bit linux (OEL 5.8). I say completed, but I cheated somewhat. steps: ./config --prefix=/usr/local shared no-dso make make install When I ran the 'make install' the first time, it failed at the 4758cca section with several errors about all of the lib* files in the engines sub-directory. When you disable dynamic shared objects, you also need to disable engine support. Try: ./config --prefix=/usr/local shared no-dso no-engine make depend make (Building with no-engine does not seem to work on the "master" branch just now, but works for me with 1.0.2 from git, have not tried 1.0.2d). ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Browsers SSL handshake issues with https://wiki.openssl.org
Hello, All. I have met an issue with different browsers behavior when opening a link https://wiki.openssl.org/. Investigations shows that it is SSL handshake issues. Is it possible to correct situation for Safari browser? Below is 'ssldump's and 'openssl version -a' logs. > >>> osx10.6.8 + chrome 45.0.2454.101; SSL session is OK >>> New TCP connection #1: 192.168.0.1(59718) <-> 194.97.150.234(443) 1 1 0.0506 (0.0506) C>S V3.1(512) Handshake ClientHello Version 3.3 random[32]= d2 e1 13 ee 12 ed 4a cd 48 ab 9a 84 89 5e 68 65 6c 74 d1 47 16 b6 a8 59 20 78 1e 73 1c 29 08 40 resume [32]= 96 63 75 db a1 7d 41 71 5c 80 22 ae b0 2f 5d 8e 3c fc e8 0a d3 1d 0e 16 ea 17 17 de 30 29 f1 6d cipher suites Unknown value 0xcc14 Unknown value 0xcc13 Unknown value 0xcc15 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_EMPTY_RENEGOTIATION_INFO_SCSV compression methods NULL 1 2 0.1002 (0.0496) S>C V3.3(81) Handshake ServerHello Version 3.3 random[32]= 25 b5 71 fa 69 9c 64 26 91 48 e5 c1 6f 07 6c 4b 12 b7 22 a6 20 e6 fb 6d 80 00 dd a1 99 43 70 dc session_id[32]= 96 63 75 db a1 7d 41 71 5c 80 22 ae b0 2f 5d 8e 3c fc e8 0a d3 1d 0e 16 ea 17 17 de 30 29 f1 6d cipherSuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 compressionMethod NULL 1 3 0.1002 (0.) S>C V3.3(1) ChangeCipherSpec 1 4 0.1002 (0.) S>C V3.3(40) Handshake 1 5 0.1017 (0.0014) C>S V3.3(1) ChangeCipherSpec 1 6 0.1017 (0.) C>S V3.3(40) Handshake 1 7 0.1024 (0.0006) C>S V3.3(521) application_data 1 8 0.2268 (0.1244) S>C V3.3(299) application_data 1 9 4.0905 (3.8636) C>S V3.3(426) application_data 1 10 4.1691 (0.0786) S>C V3.3(598) application_data 1 11 4.1737 (0.0046) C>S V3.3(495) application_data 1 12 4.2673 (0.0935) S>C V3.3(298) application_data 19.2750 (5.0077) S>C TCP FIN 1 14.2687 (4.9936) C>S TCP FIN > >>> osx10.6.8 safari5.1.10(6534.59.10); SSL session is BROKEN >>> New TCP connection #1: 192.168.0.1(59771) <-> 194.97.150.234(443) 1 1 0.0598 (0.0598) C>S V3.1(158) Handshake ClientHello Version 3.1 random[32]= 56 05 6d 21 f6 ef c5 31 be 10 7d ef e8 b4 78 cf a5 47 61 7a 23 42 29 30 a2 6e c3 dc e3 0f 67 4b cipher suites TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_RC4_128_SHA TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_RC4_128_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDH_ECDSA_WITH_RC4_128_SHA TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS_ECDH_RSA_WITH_AES_256_CBC_SHA TLS_ECDH_RSA_WITH_RC4_128_SHA TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA compression methods NULL 10.1143 (0.0545) S>C TCP FIN 10.1158 (0.0014) C>S TCP FIN New TCP connection #2: 192.168.0.1(59773) <-> 194.97.150.234(443) 2 1 0.0569 (0.0569) C>S V3.0(81) Handshake ClientHello Version 3.0 random[32]= 56 05 6d 21 d2 ca b5 6f 97 90 79 52 f9 c6 af 40 20 77 73 28 de 7d 60 48 c0 58 fc d8 a8 df 9d d0 cipher suites
Re: [openssl-users] How can i verify a signature without knowing the private key? not by openssl command but openssl function.
Ignore me. I completely misread your email. From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Scott Neugroschl Sent: Friday, September 25, 2015 10:32 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] How can i verify a signature without knowing the private key? not by openssl command but openssl function. That's the whole point of private key encryption. You don't NEED to know the private key. What you do is write out the data (abcde1234). Then hash it (SHA-256), and encrypt the *HASH* with the private key. The recipient reads the data and encrypted hash. He then decrypts the hash with the public key, compares it to the hash of the data. If the two hashes match, the data is authentic. From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Sent: Friday, September 25, 2015 3:52 AM To: openssl-users Subject: [openssl-users] How can i verify a signature without knowing the private key? not by openssl command but openssl function. Hi guys i want to write two programd to learn the details of ecdsa signature. program A read the private key from private.pem, sign a string, like "abcde1234", save the signature as sig.pem. program B read the public key from pub.pem, read the sig.pem, and verify the signature. can anybody provide me a example code? my implementation is as follow: 1, generate the ecc keys by "openssl ecparam -genkey -name secp256r1 -out private.pem" and extract the public key by "openssl ec -in private.pem -out public.pem -pubout" 2, read the private key by "PEM_read_PrivateKey()", and sign with "ECDSA_do_sign", there is no problem. program A works well. 3, the problem is how to read the public key from public.pem ? i find PEM_read_bio_PUBKEY from app/apps.c, but i can't find the source code. how can i verify the signature without knowing the private key? ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How can i verify a signature without knowing the private key? not by openssl command but openssl function.
That's the whole point of private key encryption. You don't NEED to know the private key. What you do is write out the data (abcde1234). Then hash it (SHA-256), and encrypt the *HASH* with the private key. The recipient reads the data and encrypted hash. He then decrypts the hash with the public key, compares it to the hash of the data. If the two hashes match, the data is authentic. From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Sent: Friday, September 25, 2015 3:52 AM To: openssl-users Subject: [openssl-users] How can i verify a signature without knowing the private key? not by openssl command but openssl function. Hi guys i want to write two programd to learn the details of ecdsa signature. program A read the private key from private.pem, sign a string, like "abcde1234", save the signature as sig.pem. program B read the public key from pub.pem, read the sig.pem, and verify the signature. can anybody provide me a example code? my implementation is as follow: 1, generate the ecc keys by "openssl ecparam -genkey -name secp256r1 -out private.pem" and extract the public key by "openssl ec -in private.pem -out public.pem -pubout" 2, read the private key by "PEM_read_PrivateKey()", and sign with "ECDSA_do_sign", there is no problem. program A works well. 3, the problem is how to read the public key from public.pem ? i find PEM_read_bio_PUBKEY from app/apps.c, but i can't find the source code. how can i verify the signature without knowing the private key? ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] How can i verify a signature without knowing the private key? not by openssl command but openssl function.
Hi guys i want to write two programd to learn the details of ecdsa signature. program A read the private key from private.pem, sign a string, like "abcde1234", save the signature as sig.pem. program B read the public key from pub.pem, read the sig.pem, and verify the signature. can anybody provide me a example code? my implementation is as follow: 1, generate the ecc keys by "openssl ecparam -genkey -name secp256r1 -out private.pem" and extract the public key by "openssl ec -in private.pem -out public.pem -pubout" 2, read the private key by "PEM_read_PrivateKey()", and sign with "ECDSA_do_sign", there is no problem. program A works well. 3, the problem is how to read the public key from public.pem ? i find PEM_read_bio_PUBKEY from app/apps.c, but i can't find the source code. how can i verify the signature without knowing the private key?___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users