openssl at schwebbman.com wrote:
I am working on writing a program that performs encryption uses
triple-DES. I am reading(decrypting) and writing(encrypting) a linked
list to a file. The program will read and write the individual
structures that make up the linked list using OpenSSL. The
On Tue, Mar 02, 2004 at 11:47:43AM -0600, Scott Lamb wrote:
On Feb 24, 2004, at 9:55 AM, Rich Salz wrote:
I think I misunderstood that question. I honestly don't know what we
would lose. Maybe a sense of openness.
In the past -- at least, say, 2-3 years ago -- we had a couple of
Dear Chris,
authentication methods and protocols were researched for years.
The method described is an easy one and probably could be implemented fast.
However, one better start from requirements before any coding.
For example: server is not authenticated here so man-in-the-middle
is allowed by
On Mon, Feb 16, 2004 at 10:40:36PM +1100, Chris Nolan wrote:
Hello Vadim!
On Mon, 2004-02-16 at 21:28, Vadim Fedukovich wrote:
Dear Chris,
authentication methods and protocols were researched for years.
The method described is an easy one and probably could be implemented fast
On Tue, Jan 13, 2004 at 08:43:21AM +0100, Aumont - Comite Reseaux des Universites
wrote:
Hi
The current version of openssl ocsp is based on stuff/index.txt so I
am affraid that the OCSP server must run on the same server as the
certificat authority, but in our case the CA server is
On Thu, Jan 08, 2004 at 09:02:12PM -0800, [EMAIL PROTECTED] wrote:
Hi,
I am using crypto library to do some calculations. I need to calculate the sqare
root of a 1024 bit number and round it to nearest integer.
this might mean working over just integers, isnt it?
The BN_mod_sqrt()
, Vadim Fedukovich wrote:
On Fri, Jan 02, 2004 at 02:09:39AM -0800, [EMAIL PROTECTED] wrote:
I run several SSL enabled services on a single host. Especially since
some of these don't run as root, I want to create a different
certificate, with a different DN, for each service. However, each
On Fri, Jan 02, 2004 at 02:09:39AM -0800, [EMAIL PROTECTED] wrote:
I run several SSL enabled services on a single host. Especially since
some of these don't run as root, I want to create a different
certificate, with a different DN, for each service. However, each
service certificates' CN
On Fri, Jan 02, 2004 at 12:24:18PM -0600, Jay Johnston wrote:
...
SOLUTION IMPLEMENTATION:
Back to my current delima of the needle-in-a-haystack searches I'm doing, I
decided to create a program that would screen scrape for the string in the
web-based file directories. First, however, I had
On Tue, Dec 09, 2003 at 12:28:47PM -0600, Jose Hernandez wrote:
Here, the problem is in the Certificate, the Linux hostname is not the same
that you gave in the certificate ...
I mean in the Common Name field It must be the Linux hostname ...
website name as fetched from server cert CN
On Sat, Nov 15, 2003 at 06:40:26PM -0500, David wrote:
What kind of voodoo is required to get a client to send a cert?
Both client and server are calling SSL_CTX_use_certificate_file() and
SSL_CTX_use_PrivateKey_file(), and the server is calling
SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL).
On Sat, Nov 15, 2003 at 09:09:37PM -0800, Sriram R wrote:
Can some one detail the steps to enable verbose debug on the openssl server.
I added debug option ..but that did not give me enough info to further investigate.
I get accept errors as attached below.
Any help is greatly appreciated.
hi Kim,
try setting it read-only before reset
good luck,
Vadim
On Thu, Oct 16, 2003 at 11:45:22AM +0200, Hellan.Kim KHE wrote:
Hi
I have a BIO populated with a PKCS#10 request. At the time I am parsing it, it don't
know if it is DER or PEM encoded, so I use the following code:
pReq =
Dear list,
did anyone implement a test for a given A an X exists that
X ^ k == A (mod N)
for a composite N = p*q with q and q being known primes?
Any good math paper?
thank you,
Vadim
__
OpenSSL Project
On Wed, Sep 03, 2003 at 11:46:30AM -0400, Charles B Cranston wrote:
Sean McKay wrote:
I was not able to get the LDAPS server to respond to the query so out of
despiration, I thought I'd try HTTPS -- if I remember right, I think
Microsoft uses a non-standard for LDAPS that I can't remember
On Thu, Aug 07, 2003 at 10:21:09AM +0200, Davide De Benedictis wrote:
Hi, here again
I'm a Java user and I'm using the Java Cryptography Extension shipped
with the JDK 1.4 and enhanced with the BouncyCastle.org open source
libraries. I need to interact with a PHP server which uses OpenSSL
Dear Torsten,
concatenating some certificates into a single file would not automagically
make every client and server follow the rules. To enforce it,
one can check something while doing SSL handshake or immediately
after the handshake before sending application data.
Servers could get client
On Fri, Jul 25, 2003 at 09:18:52AM -0400, Jue (Jacky) Shu wrote:
On 2003-07-24 at 18:43, David Schwartz wrote:
Please check this url:
http://developer.netscape.com/docs/manuals/security/sslin/contents.htm
Server authentication, step 4
The only difference is that netscape just check
On Mon, Jul 21, 2003 at 12:12:49PM -0400, Jue (Jacky) Shu wrote:
hi all,
maybe it is not a SSL question. I want to make post-connection assertion to
prevent man-in-the-middle attack. But I don't know how to get FQDN of the
peer side(Not from peer's certificate, it must be other side's real
On Mon, Jul 21, 2003 at 12:20:05PM -0400, Christopher Fowler wrote:
There is no functino in OpenSSL I beleive that does such a thing.
What you need to do is get the sockaddr sin_addr data from the accept()
function. At that point you have a IP Address. Use gethostbyaddr() to convert
that
password hashes instead of cleartext.
Both options looks better to me.
yours,
Vadim
Once again, thanks,
Michel
- Original Message -
From: Vadim Fedukovich [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, June 03, 2003 6:53 PM
Subject: Re: Philosophical question: What means
On Thu, Mar 20, 2003 at 04:13:48PM +0530, Vengada Prasad Govindan wrote:
Hello,
We are trying to use /usr/local/ssl/lib/openssl.a version 0.9.7a for
building another application (802.1x Xsupplicant0.6). We get the
following unresolved externals (see attachment - make_error.txt). Let us
On Mon, Feb 17, 2003 at 02:26:13PM +, Himanshu Soni wrote:
Hi
Is there a way to redirect the GET/POST request from a file to the openssl
s_client app? something like:
cat get.txt | openssl s_client -connect server:443 -cert crtfile -key keyfile
maybe
(cat something; sleep 10) |
On Mon, Feb 10, 2003 at 10:02:30AM +0530, Chandrasekhar R S wrote:
It seems I have not explained myself ably.
I completly understand that Private Keys should and would never be sent
across.
But assume that you are going through a proxy using SSL. And the proxy has
no capability to verify
or apache-ssl to do the job?
Sorry for the confusion. I hope, I had been clearer than earlier.
with thanks and regards,
rsr.
best wishes,
Vadim Fedukovich
consulting and software development
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Vadim
On Wed, Jan 22, 2003 at 02:36:16PM +0530, Chandrasekhar R S wrote:
Hello Vadim,
Localized Scenario : Proxy Client -- Backend Server
5. The requirement is, Proxy Client should be presenting
CLIENT CERT to the backend server.
Yes, it can present it
It describes the method how a proxy could handle HTTPS requests
Please note HTTP details might be off-topic for this list
hope this helps,
Vadim Fedukovich
consulting and software development
Could one help me further.
Namaste,
R S Chandrasekhar
[EMAIL PROTECTED]
ISD : 091-080
On Fri, Jan 10, 2003 at 02:57:12PM +0530, Chandrasekhar R S wrote:
I have the following scenario -
client-Proxy - server.
SSLClient - SSLServer | SSLClient - SSL Server.
It is my intent to pass on the clients
On Fri, Jan 10, 2003 at 04:52:07PM -, Dicks, Gareth M wrote:
Hi,
I'm trying to write an automated script to check for pending expiry dates in
SSL certs. I know how to get this info from a standard cert file in X509
format:-
openssl x509 -in cert.cer -enddate
The problem is I have
On Wed, Jan 08, 2003 at 11:46:50PM +1200, Franck Martin wrote:
You can't use virtual hosts on apache with https.
Each host must have its own IP address, that's what I learnt from the
doc... May be it is fixed somehow...
It can be fixed by implementing Upgrade HTTP request, both by servers
On Mon, Nov 25, 2002 at 12:50:40PM +0200, [EMAIL PROTECTED] wrote:
Hi
I'm wondering if you can help me with co-signature
problem and if you know something about co-signature and
how to implement this on openssl. I'm trying to sign a
message by several signers then put the all in one
On Fri, Nov 22, 2002 at 01:50:37PM -0500, Chris Jarshant wrote:
You can't convert a public key certificate into a PKCS12 file -
the openssl pkcs12 routine *requires* a private key to be in such
a file along with the public key, which you cannot have (CAs don't
give out their private keys).
On Thu, Nov 07, 2002 at 11:21:50PM +0100, Richard Levitte - VMS Whacker wrote:
While holding a lecture on PKI today, I was presented with a rather
interesting question that I couldn't answer:
A company wants to set up a web server that is secured through SSL,
and would like it to have
On Sun, Oct 27, 2002 at 02:11:12PM -0800, icewind wrote:
I am running some speed tests in which I use the
EVP_Sign and EVP_Verify functions. I have noticed that
the Signing takes much longer (about 10 times longer)
on average than does Verifying. This doesnt make sense
to me. Is what I am
On Wed, Oct 23, 2002 at 05:50:09PM +0400, Andrew Abramov wrote:
Andrew.Abramov And another question about additional stuff. Does the
Andrew.Abramov openssl support CMP? Can it generate and parse this
Andrew.Abramov kind of messages?
RLVW No.
And does anybody know, what software
On Wed, Oct 23, 2002 at 11:43:54AM -0400, Ashwin C Uthappa wrote:
Hi all,
Just some updates
I used the openssl tool to try and establish communication with both the
engine (which fails) and the proxy engine (which succeeds). I've
pasted the output below.
Some details: the engine
On Tue, Oct 22, 2002 at 12:50:04PM +0200, Martin Witzel wrote:
Except when you have an independent means to verify that
a) the self-signed certificate which you received druing the handshake
comes from the entity which claims to be the originator
b) you also feel comfortable to
On Thu, Oct 17, 2002 at 06:59:26PM +0200, Ibl Wolfgang wrote:
Hello,
I'm trying to verify text, which has been signed using wincrypt's
CryptSignMessage. This function produces pkcs#7 output.
OpenSSL outputs the message:
Verification Failure
1992:error:2107106C:PKCS7
hi Peter,
On Tue, Oct 15, 2002 at 12:43:24PM +0200, Peter de Vroomen wrote:
Hi Vadim,
I have forwarded this message to the OpenSSL group as well, maybe somebody
else can give me some good advice too. For people reading this, there was a
conversation going on before. I have troubles
Hi Jose,
would you please outline how exactly one could use this patch?
What kind of LDAP lookup works best with X509_NAME_oneline()-style names?
Should the LDAP tree be somewhat special?
thank you and sorry for off-topic,
Vadim
On Wed, Oct 02, 2002 at 08:50:36AM +0200, Jose Correia (J) wrote:
On Wed, Sep 25, 2002 at 07:58:54PM +0200, Federico Sauter wrote:
Hi all!!
Now I?ve got a security question: would it be safe to generate a (very
secret and important) symmetric key from a private RSA key? I mean
theorically you should not be able to reverse a hash function (in this
On Fri, Sep 06, 2002 at 09:20:37AM +0100, Colin McKinnon wrote:
Hi all,
I'm something of a newbie at this whole encryption game. I've set up our own
CA here using self signed certificates, (certificates only get used within
the company). OpenSSL works a treat, I've got stunnel securing
On Fri, Sep 06, 2002 at 12:59:02PM +0100, [EMAIL PROTECTED] wrote:
vf [SMTP:[EMAIL PROTECTED]] wrote:
Please consider to post a (short) signed message together with
signer's certificate. Private signing key would be great as
well, in case it's not used for production.
OK.
I loaded
Dear Joerg,
it would be interesting to learn the reason to consider ssltest insecure.
As I read it, DH parameters (modulus and generator) are set to
some well-known values. This is required to use the same group,
both by server and client. Security of DH key exchange is determined by
DH private
On Thu, Aug 01, 2002 at 10:25:02AM -0700, Priya Tamhankar wrote:
Hi,
I'm trying to get session resumption to work (from the client-side).
But, somehow, a new session-id is being negotiated every time, instead of a
reuse.
One could use protocol analyser to see whether client offer session-id
On Tue, Jul 30, 2002 at 03:27:40PM +0800, Stone Shi wrote:
Hello, all
I installed Apache+mod_ssl+OpenSSL as HTTPS Server, and I must make the
server support the Wrong Format Certificate(See in attechment).
How can I do?
I could see nothing wrong with this certificate.
DER encoding is
On Tue, Jul 30, 2002 at 10:49:02AM +0100, Chuo HUANG(CMS) wrote:
Hello!
I have programmed succefully a piece of VC++ with OpenSSL. The program is to
read the private key in a client's machine and do the signature. I'd like to
set cookies using this Signature to Client's machine later.
On Sun, Jul 14, 2002 at 11:56:19AM +0100, Ben Laurie wrote:
Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Tue, 9 Jul 2002 11:43:04
+0300, Vadim Fedukovich [EMAIL PROTECTED] said:
vf please consider to include this code into distribution
Thanks and forgive me
On Mon, Jul 08, 2002 at 03:05:49PM -0400, Rich Salz wrote:
I did some work on a project a while back that might be relevant to your
search:
http://crypto.stanford.edu/~dabo/ITTC/
This work is way cool. (At a previous company I had some email
exchanges with Dan :)
One
On Tue, Jul 02, 2002 at 09:15:02PM -0400, Frank Geck wrote:
I was wondering if someone could tell me real quick if this makes any
sense. I'm using the pkcs7 libraries ( not the command line interface)
provided by openssl to sign a file and save the output to a file. The
input file is 25,600
On Wed, Jul 03, 2002 at 02:58:45PM +0200, Judith Retief wrote:
I have to encrypt and decrypt an RSA key using symmetrical encryption,
using RC4 or one of the other symmetrical encryption APIs. I'm working in C.
But I assume I can't just give the RSA key struct to the encryption
On Sat, Jun 29, 2002 at 10:41:34PM +0200, davide wrote:
On Fri, 28 Jun 2002 09:15:40 +0300
Vadim Fedukovich [EMAIL PROTECTED] wrote:
On Thu, Jun 27, 2002 at 11:14:09PM +0200, davide wrote:
Hi,
How could I get a fingerprint from a RSA key?
DER-encode RSA public key and apply SHA1
On Thu, Jun 27, 2002 at 12:06:01PM -0500, Manish Ramesh Chablani wrote:
On Thu, 27 Jun 2002, Vadim Fedukovich wrote:
On Wed, Jun 26, 2002 at 07:35:59PM -0500, Manish Ramesh Chablani wrote:
Hi,
I am new to openSSL. I want to use openSSL to provide cryptographic
functions
On Sun, Jun 16, 2002 at 01:55:48PM +0200, Lutz Jaenicke wrote:
The second beta release of OpenSSL 0.9.7 is now available from the
OpenSSL FTP site URL: ftp://ftp.openssl.org/source/. Quite a lot
of code changed between the 0.9.6 release and the 0.9.7 release, so
a series of 3 or 4 beta
On Tue, Jun 18, 2002 at 05:30:45PM +0200, julien Bournelle wrote:
Hi all,
I have a little pb and after a little search on google I didn't find any
interesting help :-(
This is my pb: i try to get a session key by DH and when I compute keys I
didn't obtain the same session key.
No
On Fri, Jun 07, 2002 at 12:38:00AM -0700, Brian Doyle wrote:
Does anyone know where I can get the latest VeriSign root certificate (that
expires in 2028) in PEM format? It seems to be impossible to get it from
their website in anything other than some script to install it into a web
browser.
On Thu, Jun 06, 2002 at 05:17:48PM -0700, Bob Steele wrote:
This might be a nonsensical question, and if so it
wouldn't be my first foolish question here:
Is it possible or appropriate to add a timestamp object
(RFC 3161) to a PKCS#7 signature during the signature's
creation?
This
On Wed, Jun 05, 2002 at 08:42:10AM +0200, Lutz Jaenicke wrote:
On Wed, Jun 05, 2002 at 03:35:31AM +0300, Vadim Fedukovich wrote:
hi list,
Naina library may be considered an ASN.1 test; it handles some
Secure Electronic Transactions messages.
http://www.unity.net/~vf/naina_r1.tgz
hi list,
Naina library may be considered an ASN.1 test; it handles some
Secure Electronic Transactions messages.
http://www.unity.net/~vf/naina_r1.tgz
It works with 0.9.7-beta-1, on linux, gcc 2.9.5
It could be great to include SET-specific objects into openssl;
patch is there inside
regards,
On Mon, Jun 03, 2002 at 11:17:40PM +, Franck Martin wrote:
Read your web site,
Sorry other, if my e-mail is slightly off-topic but I think for a global
trusted e-mail system, we need some special certificates and I just want
to check if medracen is offering them...
Needs some info,
a hash of a document,
not necessary the document.
hope this fits,
Vadim
Thanks for all your help,
Kim
-Oprindelig meddelelse-
Fra: Vadim Fedukovich [mailto:[EMAIL PROTECTED]]
Sendt: 30. maj 2002 12:15
Til: [EMAIL PROTECTED]
Emne: Re: Format of RSA public key ?
On Thu, May
On Thu, May 30, 2002 at 03:35:51PM +0200, Hellan,Kim KHE wrote:
...
I have been looking at the RSA_public_decrypt() function, but I'm not quite sure
how it works.
How can I verify a signature without specifying what was signed in the first place?
Public key is normally used to recover the
On Sat, 25 May 2002, Averroes wrote:
Hi All,
Perhaps someone has the answer?
I want to sign a file (provided by a requester) with some information
like : hash+timestamp, then, transforms this signed file in PKCS7 structure
for sending back to the requester.
Any help will be appreciated.
On Fri, 17 May 2002, Haikel wrote:
Hi,
I'have generated keys in pkcs8 format with java and openssl. The thing
that was not expected is the difference of the two files structure. The
why not? it's encrypted private key.
Yes, one should expect them to be the same after decryption
two
On Thu, 16 May 2002, [ISO-8859-1] Martinez Bernardo · Maria Elena wrote:
Benoit,
You have a Client Certificate from Verisign and you can't use it to sign a
new certificate.
Nothing could stop a programmer from using such a private key to sign
other certificates.
However, an application
On Wed, 15 May 2002, FRISCH Laurent FTRD/DTL/ISS wrote:
Something bothers me with the authenticatedAttributes field in PKCS#7. It is
defined in SignerInfo by authenticatedAttributes [0] IMPLICIT Attributes,
Attributes being a SET OF attributes. This means that you should order
attributes in
On Mon, 13 May 2002, Rakeshbabu Bobba wrote:
here is the link
http://crypto.stanford.edu/~dabo/ITTC/dist-files/ittc-1.0.tar.gz
rakesh
On 13 May 2002, Aleix Conchillo wrote:
On Mon, 2002-05-13 at 19:34, Rakeshbabu Bobba wrote:
you might want to take a look at IITC project of Dan
On Tue, 30 Apr 2002, Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Mon, 29 Apr 2002
12:22:32 -0700 (PDT), Tim Jones [EMAIL PROTECTED] said:
t0psecret I'm trying to create password-protected client certs
t0psecret with OpenSSL and ssl.ca-0.1.tar.gz. Is this what
On Thu, 18 Apr 2002, Joern Sierwald wrote:
At 10:19 18.04.2002 +0200, you wrote:
Hi,
Is it possible to prevent apache from automatically giving out its server
certificate to everyone that is connecting to the server?
I want apache to only allow access to thoose that already have the
Carlos,
DBM (keep users in the database) method was specified in .htaccess and
apache was build without DBM. This have nothing to do with SSL.
You could either re-build httpd or specify another way to handle
web users list.
hope this helps,
Vadim
On Wed, 20 Mar 2002, Carlos Alberto Pelaez
subject name and only
issuer name is available from recipient info.
regards,
Vadim
Vadim Fedukovich wrote:
On Wed, 13 Mar 2002, Frank Geck wrote:
How would I get a list of the recipients from a PKCS7 message? I have
read it in and it's a signed enveloped and I have decoded it and I see
On Tue, 12 Mar 2002, Philipp [iso-8859-1] Gühring wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I read somewhere, that wildcard certificates are generally possible.
(With the exception that not every implementation might like it)
What about a certificate for *.com, *.org or
On Fri, 8 Mar 2002, Martin Witzel wrote:
Hi,
I have two questions about certificate chains.
a.) Can an openssl intermediate CA create certificates which contain the
certificate
of an intermediate level signing CA _and_ the certificate(s) of
higher level CAs,
i.e. a
On Thu, 7 Mar 2002, Dr S N Henson wrote:
Vadim Fedukovich wrote:
Hello,
would this construct
ASN1_SEQUENCE(SomeTypeDefinition) = {
ASN1_IMP(, someFieldName, ASN1_FBOOLEAN, N)
be fine for someFieldName [N] BOOLEAN DEFAULT FALSE in ASN.1?
Should one use ASN1_IMP_OPT
On Thu, 7 Mar 2002, Damian Hesse wrote:
Hi everybody,
we have set up our own CA and generated for everybody
user certificates for secure communication. It really works
fine.
The task: now we want to set up mailinglists (server side)
like [EMAIL PROTECTED] where some users of our company
On Mon, 4 Mar 2002, Wilhelm Farrugia wrote:
Dear all,
I am trying to use openssl with kannel are there any implications that I
should know about?
Does any one has some details about the issue ?
Thank you,
Wilhelm Farrugia
Oleg Taranov did something with kannel and openssl and
Dear Certicom,
why it was stated posting of source code is required on OpenSSL at
http://www.certicom.com/products/ssl_plus/g/ssl/020119_2_v1_chart.html ?
-vf
__
OpenSSL Project
On Mon, 21 Jan 2002, Hellan,Kim KHE wrote:
Hi
I have an RSA private key in a EVP_PKEY structure.
I need to get the RSA blob out of the EVP_PKEY, encrypt it
(EVP_des_ede3_cbc) and Base64 encode it.
Basically I need something like what the PEM_write_PrivateKey() function
does, except my
On Fri, 11 Jan 2002, Frank Geck wrote:
Thanks, I was already using a variant of this code. The issue seemed to
be openssl 0.9.6b, went to version c and it worked.
The current issue I have is how can I make the buffer that will hold the
decoded data dynamic instead of static (i.e. no BIG,
On Wed, 9 Jan 2002, Andrew wrote:
Well let's see if I can explain this a little better. How does 3DES
work? Apparently my co-worked took the final encrypted text, XOR'ed it with
the original message and obtained a key. Now he claims that he can decrypt
any message with that key.
Did
On 10 Jan 2002, Aleix Conchillo wrote:
Hi,
I am trying to create a PKCS7 SignedAndEnveloped. I get the idea
from the enc.c and dec.c files in crypto/pkcs7 directory. As it is and
enveloped pkcs7 i need to add a recepient. And as it is signed, i need to set
the signers. The problem
On Wed, 9 Jan 2002, Scott Frazor wrote:
Can anyone give me a rough idea on how to prepare and send a https POST via
openssl? I know how to open a socket and connect SSL, but I'm missing
something when it comes to sending a HTTPS POST and RECEIVING the response.
I'm not sure if I'm asking
On Sat, 22 Dec 2001, Mike Brandonisio wrote:
Hi,
I wanted to post an answer to a problem I had with Apache and SSL. It took
some time to figure this one out but here it is:
PROBLEM:
When I installed Apache and setup a virtual server for my test web site the
standard HTTP requests worked
On Mon, 24 Dec 2001 [EMAIL PROTECTED] wrote:
Hi expert guys,.. :)
I'm starting a class project which requires handling a packet after
encryption it, and before transmi it to the IP layer. I want to to add a
header and modify the current IP address of the packet.
The steps -- in
On Thu, 20 Dec 2001, Richard Levitte - VMS Whacker wrote:
There are devoices out there (I'm thinking of nCipher boxes, but I bet
there are others) where you can protect something (in the nCipher
case, the admin card) with n password, of which any m (m = n) are
required to unlock the
On Thu, 13 Dec 2001, Tony Vo wrote:
Hello,
Is OpenSSL PKCS1 compliant? I've noticed that in the function
for padding type 2 that the first byte (octet) is 0x00 followed by 0x02
for the second byte (octet). Is this correct? According to the PKCS1
specification, the first byte
On Mon, 10 Dec 2001, Bear Giles wrote:
Would this be a hassle if you have a root CA with a lot of intermediate
signers? That means that you have to store/locate all possible intermediate
signers to evaluate a couple of end user certificates.
This is why PKCS12 (iirc) provides a
On Tue, 11 Dec 2001, Tat Sing Kong wrote:
That's me told then, so to authenticate a certificate you need the whole
chain of certs going from the cert to authenticate all the way to a
trusted CA.
It's unlikely just authentication is of any practical use;
authorization is and risk of
Andrew,
openssl is rather mixer than generator or random data.
No deterministic (ok, stable) program can make something random.
To make a random secret one need some input unavailable to attacker.
/dev/random is internal enough and could be quite a good one.
regards,
Vadim
On Mon, 3 Dec 2001,
hi,
this will work for unique port numbers only.
Here's no chance to run a bunch of standard-SSL virtual hosts
on one single 443 port and I guess it was the question.
One could do that on different IP numbers
regards,
Vadim
On Fri, 30 Nov 2001, Amol Natu wrote:
Hi Shlomi
You would need to
Dear openssl team,
what is the best way to specify OAEP parameter for RSA operations?
Currently, RSA_eay_public_encrypt() and RSA_eay_private_decrypt()
will always pass NULL to RSA_padding_add_PKCS1_OAEP() and
RSA_padding_check_PKCS1_OAEP() respectively.
thank you,
Vadim
On Mon, 22 Oct 2001, Ravi Prakash B.V. wrote:
Dear All,
I do not receive any reply for this.
Any pointers will be appreciated.
What is the application that could benefit from cross certification?
Alternatively, what is the logic that requires cross certification?
thank you,
Vadim
Ravi
debugger
thank you,
Vadim
0 30 11: SEQUENCE {
2 022: INTEGER 840
6 022: INTEGER 735
10 021: INTEGER -254
: Warning: Integer has a negative value
: }
/* ASN.1 handling code (c) Vadim Fedukovich 2001
* work-in-progress; please use
Bill,
one good way to get this resolved is to outline ISO signature,
namely data format, digest and padding used as well as other
relevant details. A signature example (and the key used to make it)
could also help.
What is intermediate signature?
regards,
Vadim
On Mon, 8 Oct 2001 [EMAIL
On Thu, 6 Sep 2001, Zulkiffli Mohd Nur wrote:
hello.
i have a problem how to read version and serial number from certificate.
X509_get_version() will return a long that could be printed using %ld
specification.
just now i have a certificate.
the code like this
#include
On Fri, 31 Aug 2001, Mark Kilfoil wrote:
Someone had this exact question a month ago, and I find myself with
the same problem.. There were no responses, so I'm hoping it just
got lost in the shuffle.
The original message was:
I am attempting to have a C++ client do a Diffie Hellman key
On Mon, 27 Aug 2001, Arno Puder wrote:
Hi,
certificates and private keys are usually stored in PEM-formatted files
and are loaded using the functions SSL_CTX_use_certificate_file() and
SSL_CTX_use_PrivateKey_file().
If I want to hard code the keys in my application, such as
char*
hi Kim,
On Tue, 28 Aug 2001, Hellan,Kim KHE wrote:
I'm looking for an example of a RSA Digital Signature Using Hash Function
(text followed by the signature).
Probably the most relevant data structure is PKCS7 Signed.
Does anyone know where to find a more technical description of such a
On Wed, 15 Aug 2001, Khassaia, Amir wrote:
Hi,
I've encountered the following problem:
I generate PKCS#7 detached signed data using CryptSignMessage() in
CryptoAPI and try to verify it using OpenSSL but I get an OpenSSL Error:
{error:2107106C:PKCS7 routines:PKCS7_signatureVerify:unable
On Mon, 13 Aug 2001 [EMAIL PROTECTED] wrote:
I am trying to install openssl-0.9.6b onto a Linux REDHAT 7.1 server.
This is my first install of openssl-0.9.6b on REDHAT 7.1 . ON REDHAT 6.4
openssl-0.9.6b works just fine.
All seems to go fine with install and creating key/csr/crt files.
1 - 100 of 130 matches
Mail list logo
