hello
i thank you very much sir,
i'v other question , where i
put the name of signature algorithm which i use it to sign a
certificate , cause in my config file i put only the MD5 function (but
it is a hash function and i can't use it to sign, am i wrong??)
in my sslcreat.pl
# create request
hello
where i
put the name of signature algorithm which i use it to sign a
certificate , cause in my config file i put only the MD5 function (but
it is a hash function and i can't use it to sign, am i wrong??). how can the
verify function deduce which function to use .
in my sslcreat.pl
#
Please don't use md5. Use sha128 or sha256 instead, if you can.
How signing works is this:
1) The signer creates the data he wishes to sign. (In this case, a
certificate.)
2) The signer performs the specified hash function over the data he
wishes to sign. (This is done via md5, sha1, sha2,
Well if I remember well, you don't specify the key type in the config
file, but when you create the key file itself (req -newkey command
in openssl).
BTW, for alternative certificate store usage, you can use
SSL_CTX_x functions.
2009/2/24 sarym binome binome_...@hotmail.com:
hello
i thank
hello
how can i get the public Key from a certificate ?
( please give me just the name of the function, for example i use to get a
public key from a private key :
PrivKey = RSA_generate_key(512, RSA_F4, NULL, NULL);
PubKey = RSAPublicKey_dup(PrivKey);
)
if i send a certificate ,
Hello,
Sorry for double posting if any, but I just figured out that my
previous post might not have passed some filters due to my nick-name.
I have a problem when using CRL. My certificate setup is the following:
= =
| Cert1 | | Root |
= =
Greetings.
I have recently done some testing with OpenSSL versions 0.9.8i and 0.9.8j.
Basically, the application is opening 10,000 connections between a client and
server on the same Linux machine. I've noticed quite a difference in memory
utilization when monitered with the Linux top
Forgot to include a subject line, my apoligies.
From: jetso...@hotmail.com
To: openssl-users@openssl.org
Subject:
Date: Tue, 24 Feb 2009 14:48:01 +
Greetings.
I have recently done some testing with OpenSSL versions 0.9.8i and 0.9.8j.
I need to turn PKI certs into JKSes. I have some instructions from one
of the developers, but it refers to a KeyTool UI which, it turns out,
is not part of the base OS install, but, Oh, just go out and search the
Internet for one... No thanks. Besides, I'd like to script this
stuff. The man
Thanks!
No it means that the service is an RFC3161 time stamp which OpenSSL doesn't
currently support. You can perform limited verification of these using the
smime command line utility for example...
openssl smime -verify -inform DER -out ts.der -in timstamp -noverify
will verify the
Hi again,
I forgot to include a subject and I have some extra information on this
as well so thought I'd send more.
I have printed out the human readable error output of the call to
PEM_read_PrivateKey and it is a s such:
error:0906B072:lib(9):func(107):reason(114)
From looking
if you have a certificate in a X509 object, the x509.h header mentions the
function:
EVP_PKEY *X509_get_pubkey(X509 *x);
From: binome_...@hotmail.com
To: openssl-users@openssl.org
Subject: get public Key from a certificate
Date: Tue, 24 Feb 2009 10:29:42 +
hello
how can i get the
first - do you use FIPS? if yes,
1) the you need to include in the very beginning // for use with
privkey with password
OpenSSL_add_all_algorithms();
PKCS5_PBE_add();
2) convert the key before use:
openSSL pkcs8 -in privkey_pass.pem -topk8 -v2 des3 -out
On Tue, Feb 24, 2009, Larson, John wrote:
Hi again,
I have printed out the human readable error output of the call to
PEM_read_PrivateKey and it is a s such:
error:0906B072:lib(9):func(107):reason(114)
From looking through the EVP error codes function 107 is
Made the fix and that seems to be the case, thanks!
-John Larson
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson
Sent: Tuesday, February 24, 2009 9:18 AM
To: openssl-users@openssl.org
Subject: Re: Error
Thanks a lot Kyle. That was a very clear explanation.
One final question. Given that non fips mode openssl can talk with fips
validated implementations , Lets say i have a server
which is using openssl in non fips mode which speaks and suports all the
ciphers (including the FIPS ciphers) .Now for
Hey there;
On February 24, 2009 02:07:39 pm smitha daggubati wrote:
Thanks a lot Kyle. That was a very clear explanation.
One final question. Given that non fips mode openssl can talk with fips
validated implementations , Lets say i have a server
which is using openssl in non fips mode which
One final question. Given that non fips mode openssl can talk with fips
validated implementations , Lets say i have a server
which is using openssl in non fips mode which speaks and suports all the
ciphers (including the FIPS ciphers) .Now for a FIPS validated client is
there any way for the
On Tue, Feb 24, 2009 at 08:02:30AM -0800, John Oliver wrote:
I need to turn PKI certs into JKSes. I have some instructions from one
JKS is Java KeyStore or some such. It's a database of certificates
and private keys. You can't turn a certificate into a .jks but you
can store certificates into
I'm extremely new to this so any help would be much appreciated.
Ultimately I need to use pre-computed Public and Private EC keys to
digitally sign and verify a message. I can't seem to be able to take
the DER encoded keys and produce a usable EC_KEY for calling the
ECDSA_sign() or ECDSA_verify()
Why does the call to d2i_ECPrivateKey(NULL, pptr, len); always fail?
Because you didn't pass it a key. Change that 'NULL' to 'eckey'.
DS
__
OpenSSL Project http://www.openssl.org
User Support
On Tue, Feb 24, 2009, Ryan Tolonen wrote:
// Get the private key in DER
pptr = buf;
len = i2d_ECPrivateKey(eckey, pptr);
// Convert the private key back from DER/allocate new eckey
newkey = d2i_ECPrivateKey(NULL, pptr, len);
Why does the call to
On Tue, Feb 24, 2009 at 03:48:21PM -0500, Mark H. Wood wrote:
On Tue, Feb 24, 2009 at 08:02:30AM -0800, John Oliver wrote:
I need to turn PKI certs into JKSes. I have some instructions from one
JKS is Java KeyStore or some such. It's a database of certificates
and private keys. You can't
On Tue, Feb 24, 2009 at 03:48:21PM -0500, Mark H. Wood wrote:
On Tue, Feb 24, 2009 at 08:02:30AM -0800, John Oliver wrote:
10. Right click on the displayed keypair and Rename it to 'key'
-changealias -alias OLDNAME -destalias key
Question:
When I did this with the GUI tool, the OLDNAME
24 matches
Mail list logo
