Hi All,
I am trying to use OpenSSL to encrypt/decrypt some data for that
I am using EVP_* API. I have a question about EVP_En/DecryptUpdate function.
The second param of these functions is a pointer to a buffer where the
En/Decrypted data will be copied by the function, but I wasn't
I would guess anything within the last few years.
Lets take a system:
$ uname -a
Linux me.foobar.com 2.6.18 #1 SMP Sun Sep 24 21:09:55 BST 2006 x86_64
x86_64 x86_64 GNU/Linux
$ gcc -v
Using built-in specs.
Target: x86_64-redhat-linux
Configured with: ../configure --prefix=/usr
Hi,
Is there any API
available to get the next update time of CRL in
ASN1_GENERALIZEDTIME format?
The next update
time can be retrieved in ASN1_TIME format using the following
API:
get_crl_update_time(X509_CRL *crl )
{
ASN1_TIME *ctm = NULL;
ctm = M_ASN1_TIME_dup
Hi Team,
I found the following API to get the
timeASN1_GENERALIZEDTIME format.
==
ASN1_TIME *ctm = NULL;ASN1_GENERALIZEDTIME *asn1_time =
NULL;
ctm = M_ASN1_TIME_dup
(X509_CRL_get_nextUpdate(base_crl));asn1_time
=
Marek Marcola wrote:
Okay, I did everything you told me to do. First of all, the crt is a
test crt and has been all along. That's how Verisign works these days.
They give you a test cert until you pay them money.
When I displayed the key, then converted it to pem format and displayed
the
Hello,
Okay, I did everything you told me to do. First of all, the crt is a
test crt and has been all along. That's how Verisign works these days.
They give you a test cert until you pay them money.
When I displayed the key, then converted it to pem format and displayed
the converted key,
Hello,
I have an smime message that I am trying to decrypt and verify.
I'm not sure if the message is a valid one in the first place as it
seems to be all binary as apposed to ascii.
So my questions are,
1) Is it a valid message
2) If it is, what should my command look like?
Here's my command:
Marek Marcola wrote:
You should cat real PEM encoded cert and key.
I assume from what you write I should create a pem file out of the crt file:
server167# openssl base64 -d -in mrtablecloth-vi.com.crt | openssl rsa
-inform der mrtablecloth-vi.com.crt.pem
However, when I try that, I get
Marek Marcola wrote:
You should convert your private key to PEM format too.
This error is probably because certificate is read as RSA key.
Convert both files to PEM (files with BEGIN header),
cat both files to one file and use in your configuration.
Same thing:
server167# ls
Hi, I've implemented (in C++)a simple form of shamir secret sharing for the particular case(3,5).One function receives a BIGNUM A0 an generates the 5 secrets. Another function, receives 3 secrets and generates the recover BIGNUM A0. It's working fine. The problem is thatI need to convert
On Tue, Nov 14, 2006, [EMAIL PROTECTED] wrote:
On 14 Nov 2006 at 14:24, Also Sprach Dr. Stephen Henson:
OpenSSLs MIME parser is a minimal affair which doesn't handle some formats
at
all. You can use an external MIME parser and pass the content to the smime
command with the -inform DER
Marek Marcola wrote:
..
server167# openssl base64 -d -in mrtablecloth-vi.com.crt | openssl x509
-inform der mrtablecloth-vi.com.crt.pem
Clean, no complaints :)
However...
server167# /usr/local/sbin/lighttpd -f
/usr/ports/www/lighttpd/doc/lighttpd.conf
2006-11-14 14:56:44: (network.c.377) SSL:
On Tue, Nov 14, 2006, [EMAIL PROTECTED] wrote:
html deleted
Can you resend that without the html?
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage:
On Tue, Nov 14, 2006, [EMAIL PROTECTED] wrote:
Hello,
I have an smime message that I am trying to decrypt and verify.
I'm not sure if the message is a valid one in the first place as it
seems to be all binary as apposed to ascii.
So my questions are,
1) Is it a valid message
2) If it
Marek Marcola wrote:
You should convert your private key to PEM format too.
This error is probably because certificate is read as RSA key.
Convert both files to PEM (files with BEGIN header),
cat both files to one file and use in your configuration.
Same thing:
server167# ls
Hello,
You should convert your private key to PEM format too.
This error is probably because certificate is read as RSA key.
Convert both files to PEM (files with BEGIN header),
cat both files to one file and use in your configuration.
Same thing:
server167# ls
On Tue, Nov 14, 2006, [EMAIL PROTECTED] wrote:
Hi Team,
I found the following API to get the time ASN1_GENERALIZEDTIME format.
==
ASN1_TIME *ctm = NULL;
ASN1_GENERALIZEDTIME *asn1_time = NULL;
ctm = M_ASN1_TIME_dup
Hello,
You should cat real PEM encoded cert and key.
I assume from what you write I should create a pem file out of the crt file:
server167# openssl base64 -d -in mrtablecloth-vi.com.crt | openssl rsa
-inform der mrtablecloth-vi.com.crt.pem
However, when I try that, I get this
On 14 Nov 2006 at 15:53, Also Sprach Dr. Stephen Henson:
openssl pkcs7 -inform DER -in whatever.p7m
Thank you! that worked a treat.
Ok, so now I can decrypt it. I currently have something that looks
like:
[EMAIL PROTECTED]
Content-Type: application/EDIFACT; name=recvfile.edi
Hello,
server167# openssl base64 -d -in private.key_BAK | openssl rsa -inform
der mrtablecloth-vi.com.crt
writing RSA key
My mistake, should be of course to mrtablecloth-vi.com.crt.pem
server167# rm mrtablecloth-vi.com.crt.pem
Do not run this command now.
server167# openssl base64 -d -in
Hello,
server167# openssl base64 -d -in private.key_BAK | openssl rsa -inform
der mrtablecloth-vi.com.crt
writing RSA key
My mistake, should be of course to mrtablecloth-vi.com.crt.com
server167# rm mrtablecloth-vi.com.crt.pem
Do not run this command now.
server167# openssl base64 -d -in
Hello,
server167# openssl base64 -d -in mrtablecloth-vi.com.crt | openssl x509
-inform der mrtablecloth-vi.com.crt.pem
Clean, no complaints :)
However...
server167# /usr/local/sbin/lighttpd -f
/usr/ports/www/lighttpd/doc/lighttpd.conf
2006-11-14 14:56:44: (network.c.377) SSL: Private
Marek Marcola wrote:
Use something like:
server167# openssl base64 -d -in private.key_BAK | openssl rsa -inform
der mrtablecloth-vi.com.crt
writing RSA key
server167# rm mrtablecloth-vi.com.crt.pem
server167# openssl base64 -d -in mrtablecloth-vi.com.crt | openssl x509
-inform der
Marek Marcola wrote:
My mistake, should be of course to mrtablecloth-vi.com.crt.com
I assume you mean *.pem, not *.com but at any rate the results were the
same :(
Restore base64 encoded DER certificate to mrtablecloth-vi.com.crt
and run this command again.
server167# openssl base64 -d -in
Hello,
server167# openssl base64 -d -in private.key_BAK | openssl rsa -inform
der mrtablecloth-vi.com.crt.pem
writing RSA key
ok
server167# openssl base64 -d -in mrtablecloth-vi.com.crt | openssl x509
-inform der mrtablecloth-vi.com.crt.pem
unable to load certificate
looks like bad
On 14 Nov 2006 at 15:42, Also Sprach [EMAIL PROTECTED]:
I've put the signature in one file and the actual message in another.
Is it possible for me to verify that the signature is valid?
I have tried all (well apart from the correct one no doubt) permutations of
smime switches. The
one
On Tue, Nov 14, 2006, [EMAIL PROTECTED] wrote:
On 14 Nov 2006 at 15:42, Also Sprach [EMAIL PROTECTED]:
I've put the signature in one file and the actual message in another.
Is it possible for me to verify that the signature is valid?
I have tried all (well apart from the correct one
On 14 Nov 2006 at 14:24, Also Sprach Dr. Stephen Henson:
OpenSSLs MIME parser is a minimal affair which doesn't handle some formats at
all. You can use an external MIME parser and pass the content to the smime
command with the -inform DER switch. In this case everything after the blank
line.
Marek Marcola wrote:
I assume you mean substitute the current file for the one you sent. I
did that and the command executed successfully :)
However...
server167# /usr/local/sbin/lighttpd -f
/usr/ports/www/lighttpd/doc/lighttpd.conf
2006-11-14 16:55:06: (network.c.358) SSL:
Marek Marcola wrote:
I think you get this error because you specified in config file:
ssl.ca-file=/etc/ssl/certs/mrtablecloth-vi.com.crt
This file should be PEM file from Verisign temporary CA,
you should get it from Verisign, eventually convert to PEM
save to file and point in this
Hello,
First, my correction...I got that error when I tried to install a
CACert...I got the other error from the Verisign cert.
I got no pem file from CACert. Verisign says I can test what they've
given me and it should all work. The client wants to see that test work
before they pay them
Marek Marcola wrote:
You should get CA cert from Verisign (or something) which subject
will equal to this issuer.
Then maybe my problem was at the start. I received an email from
Verisign at the beginning telling me to load this trial CA cert from
this page:
Hello,
Then maybe my problem was at the start. I received an email from
Verisign at the beginning telling me to load this trial CA cert from
this page:
http://www.verisign.com/support/verisign-intermediate-ca/trial-secure-server-intermediate/index.html
Now, not knowing better (and still not),
Marek Marcola wrote:
Great, save contents of this certificate (in window) to lets say
vs_inter_ca.pem.
Next download Root certificate from:
http://www.verisign.com/support/verisign-intermediate-ca/Trial_Secure_Server_Root/index.html
and save to lets say vs_root_ca.pem
Done.
Then do first
Wait! I misunderstood...
server167# openssl verify -CAfile vs_root_ca.pem vs_inter_ca.pem
vs_inter_ca.pem: OK
server167# cat vs_root_ca.pem vs_inter_ca.pem vs_ca.pem
server167# openssl verify -CAfile vs_ca.pem mrtablecloth-vi.com.crt.pem
mrtablecloth-vi.com.crt.pem: OK
server167#
Hello,
Then do first check:
$ openssl verify -CAfile vs_root_ca.pem vs_inter_ca.pem
vs_inter_ca.pem: OK
server167# openssl verify -CAfile vs_root_ca.pem vs_inter_ca.pem
vs_inter_ca.pem: OK
vs_inter_ca.pem: OK
Error opening certificate file vs_inter_ca.pem:
Hello,
Wait! I misunderstood...
server167# openssl verify -CAfile vs_root_ca.pem vs_inter_ca.pem
vs_inter_ca.pem: OK
server167# cat vs_root_ca.pem vs_inter_ca.pem vs_ca.pem
server167# openssl verify -CAfile vs_ca.pem mrtablecloth-vi.com.crt.pem
mrtablecloth-vi.com.crt.pem: OK
server167#
Marek Marcola wrote:
Change ssl.ca-file directive to vs_ca.pem.
IT WORKED! IT WORKED! HALLELUJAH IT WORKED!!
Thank you SO MUCH for your help! Now, I'll review our million messages
and try to make sense of them, and put together a how-to if that seems
appropriate.
Thanks again :))
beno
Hi -
Compiling with gcc I get this error:
making all in crypto/ui...
make[2]: Entering directory `/usr/local/src/openssl-0.9.8d/crypto/ui'
cc -I.. -I../.. -I../../include -KPIC -DOPENSSL_PIC -DOPENSSL_THREADS
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -xtarget=ultra -xarch=v8plus -xO5
Garey Mills wrote:
Hi -
Compiling with gcc I get this error:
making all in crypto/ui...
make[2]: Entering directory `/usr/local/src/openssl-0.9.8d/crypto/ui'
cc -I.. -I../.. -I../../include -KPIC -DOPENSSL_PIC -DOPENSSL_THREADS
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -xtarget=ultra
Carson -
That was it.
Thanks;
Garey Mills
Library Systems Office
UC Berkeley
The brain is not where you think
On Tue, 14 Nov 2006, Carson Gaspar wrote:
Garey Mills wrote:
Hi -
Compiling with gcc I get this error:
making all in crypto/ui...
make[2]: Entering
Hi,
I'm working on an embedded device that makes heavy use of SSL. The
primary use of SSL is for authentication, users need to make sure that
they are talking to the correct device. As a result, each device has a
few SSL certificates that are created, signed and written to the
device during
Thanks Darryl. Here are the specific details of my system -
bash-3.00$ uname -a
Linux saumya.foobar.com 2.6.9-5.ELsmp #1 SMP Wed Jan 5 19:29:47 EST 2005
x86_64 x86_64 x86_64 GNU/Linux
bash-3.00$ gcc -v
Reading specs from /usr/lib/gcc/x86_64-redhat-linux/3.4.3/specs
Configured with: ../configure
43 matches
Mail list logo