On 15/04/12 23:33, Dr. Stephen Henson wrote:
On Sun, Apr 15, 2012, Jeffrey Walton wrote:
On Sun, Apr 15, 2012 at 12:01 PM,toredhiddenu...@tormail.net wrote:
Hello guyz and cryptobrains! :P
One of the main disadvantages of EC on openssl seems to be the
inability
to create arbitrary-sized
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Edward Ned Harvey
attacker doesn't know is your key and your plaintext. There is only one
solution. You must use a second key. Use your first key to encrypt the
second key (so an attacker can
On 4/17/2012 1:59 PM, Edward Ned Harvey wrote:
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Edward Ned Harvey
attacker doesn't know is your key and your plaintext. There is only one
solution. You must use a second key. Use your first key to
The standard answer: If this is a real security project, hire an
expert. If you design your own crypto algorithm, you will get it wrong.
If this is just for fun, to learn about openssl, CTR mode will give you
random access.
On 4/16/2012 6:41 PM, MauMau wrote:
As for Q4, yes, decrypting
Hello, Edward, Jakob, Ken,
Thanks for lots of ideas and information. I'll investigate Edward's
block-number-based iv and Ken's CTR mode. Let me consult you if I get stuck
again. I'll consider some way to eliminate the need to call
EVP_EncryptInit_ex/EVP_DecryptInit_ex for each block/record.
Hello all,
I've been working on getting AES-CCM available for negotiation over a TLS
connection. I know that AES-CCM is available via the EVP interface, but I need
it to be available as a TLS cipher suite so it can be negotiated with a client.
I started adding it as a new cipher suite, in a
Quick question regarding certificate usage in an ssl connection; you can
associate a number of certificates with a server endpoint - is there any way of
deciding at runtime which certificate is presented to the client (depending on
the identity of the client say).
And would the same mechanism
Hi all,
I created a CA on my local machine (using CA.sh), which I used to develop some
socket-based applications. The apps access the CA
using SSL_CTX_load_verify_locations, with the (local) path of the CA.
I'm now distributing the applications to other machines, and was wondering how
I can
On 17 Apr 2012, at 10:48 AM, Nathan Smyth wrote:
I created a CA on my local machine (using CA.sh), which I used to develop
some socket-based applications. The apps access the CA using
SSL_CTX_load_verify_locations, with the (local) path of the CA.
I'm now distributing the applications to
On 17/04/12 06:57, toredhiddenu...@tormail.net wrote:
The library only supports Fp and F2^m custom curves. The easiest way to
construct a custom curve is by using one of:
EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const
BIGNUM *b, BN_CTX *ctx);
EC_GROUP
On 17/04/12 15:31, MauMau wrote:
Hello, Edward, Jakob, Ken,
Thanks for lots of ideas and information. I'll investigate Edward's
block-number-based iv and Ken's CTR mode. Let me consult you if I get
stuck again. I'll consider some way to eliminate the need to call
If the apps only need to be able to verify certificates issued by that CA,
then all they need is a copy of the CA's certificate and to know that that
certificate should be used as a trust root. (And, perhaps, access to a CRL or
something if you want to be able to revoke certificates before
On 17 Apr 2012, at 2:04 PM, Nathan Smyth wrote:
If the apps only need to be able to verify certificates issued by that CA,
then all they need is a copy of the CA's certificate and to know that that
certificate should be used as a trust root. (And, perhaps, access to a CRL
or something if
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Ken Goldman
The standard answer: If this is a real security project, hire an
expert. If you design your own crypto algorithm, you will get it wrong.
If this is just for fun, to learn about
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Ken Goldman
The standard answer: If this is a real security project, hire an
expert. If you design your own crypto algorithm, you will get it wrong.
Or, if you're pretty confident you know how a
On Tue, Apr 17, 2012 at 7:59 AM, Edward Ned Harvey
open...@nedharvey.com wrote:
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Edward Ned Harvey
attacker doesn't know is your key and your plaintext. There is only one
solution. You must use a
On Tue, Apr 17, 2012 at 9:47 PM, Edward Ned Harvey
open...@nedharvey.com wrote:
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Ken Goldman
The standard answer: If this is a real security project, hire an
expert. If you design your own crypto
17 matches
Mail list logo
