Re: [openssl-users] When to use a key or password
Michel, merci beaucoup, for the explanation. It does clear things up for me. I appreciate it, Warron On 7/8/2016 6:08 PM, Michel wrote: Hi, You need to remember a password. Passwords should never be stored. Keys are binary data (even if they look as text because they are hexa or base64 encoded). Secret keys can be 'derived' from a password to be used when encrypting or decrypting. Sometime you need to store an ENCRYPTED secret key (generally using another password). see https://en.wikipedia.org/wiki/Key_(cryptography) <https://en.wikipedia.org/wiki/Key_%28cryptography%29>. IV means 'Initial Vector', which is random binary data needed to 'start' encryption or decryption. See https://en.wikipedia.org/wiki/Initialization_vector Hope it helps, Regards, Michel. *De :*openssl-users [mailto:openssl-users-boun...@openssl.org] *De la part de* Warron French *Envoyé :* jeudi 7 juillet 2016 22:37 *À :* openssl-users@openssl.org *Objet :* [openssl-users] When to use a key or password Is there any good rule of thumb for when to use: *-k * versus *-K * Also, what does the term IV refer to in reference to *-iv IV*? Thanks in advance, Warron -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] When to use a key or password
Is there any good rule of thumb for when to use: *-k * versus *-K * * * Also, what does the term IV refer to in reference to *-iv IV*? Thanks in advance, Warron -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Compiling openssl-1.0.0.d
I have a SUN V240 running Solaris 10 10/09 SPARC (I added latest patch after discovering the problem to be described) using the ORACLE for Solaris CPU 11/04. I get a successful Configure, but have a problem with 'make'. Here is the output using GNU make from sunfreeware.com latest package: Killed Killed Killed Killed Killed Killed That's it. Any clue of what action to take from here? I uploaded the .zip file from my laptop to my server twice. Do I need to redownload the source code again? This is for the latest openssl-1.0.0.d code. Sent from my Verizon Wireless BlackBerry __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
PEM-DER-CSR-CRT
I have been reading HOWTOs all over the internet trying to figure out how to generate a self-signed and/or CA (mine) signed certificate. What I can't understand is, WHY do I need an RSA key or certificate. I think it's a key. WHY do I need a PEM certificate, and why a DER certificate? No where on any website does it say WHEN to use one type of certificate or just a key? Apache httpd.conf files will reference both .key and .crt files in their syntax; isn't the .crt a PEM-encoded certificate file? If so, why not give it a more meaningful .pem extension instead. Can anyone clarify for me? I am trying not to chase my tail and want to learn this stuff on a deeper level. When do I know if I need to perform the openssl req and then openssl x509 commands and NOT the openssl rsa command. This is all very confusing and I see no simplified (non-doctoral) documentation on this material. Anyone have a book to suggest? Thanks to anyone that can respond. -- *Warron French, SCSA* ** signature.asc Description: OpenPGP digital signature
