From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele
Sent: Monday, 17 December, 2012 01:58
Its generating 64 bytes when I print with ECDSA_size(eckey)
But i neeed 56 bytes signature. [for secp224r1]
ECDSA_size is the *maximum* length of the encoded signature,
see the man
From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele
Sent: Monday, 17 December, 2012 02:48
Yes i am talking about signature.
ECDSA_SIG this ouptput structure will have r and s componet
of 28 bytes each. [for 224-bit curve]
So if I merge both r and s I will get 56 bytes
On Friday 14. December 2012 17:08:02 you wrote:
Hi Patrick ,
I actually don't want to use the file that is generated from
sautil. For security reasons - i delete the private key from disk and
rely on the one stored inside the HSM partition. I've been directed to
use the following
Thanks for ur help .
Can you guide me how can I use ECDH for exachnaging of the secret key.
I have to implement in two phases.
1.i have private key of 256 bit lenght need to get phase i1 value wx,wy
2.In second I have phase1 value and private key and need to get secret
key or public key.
I need to use ECDH to derive the shared key using public and private key given.
On 17 December 2012 18:56, jeetendra gangele gangele...@gmail.com wrote:
Thanks for ur help .
Can you guide me how can I use ECDH for exachnaging of the secret key.
I have to implement in two phases.
1.i
Hi All!
I have been working on an OpenSSL PKI tutorial, and the time has come where I
would like to solicit feedback from the community. The tutorial takes a
somewhat novel approach without ever referring to openssl.cnf or CA.pl (yuck).
You can find it here:
Hi,
Sorry, wrong error. The actual error is:
max@spirit6 ~/Downloads/openssl-1.0.1c/apps $ ./openssl smime -verify
-in message.txt.signed -text -CAfile cacert.pem
Verification failure
2897402476:error:0D0D50CE:asn1 encoding routines:SMIME_text:mime no content
type:asn_mime.c:586:
All,
We are trying to get a FIPS enabled Apache 2.4.3 built with OpenSSL 1.01.
Everything appeared to build correctly but when we try to start Apache
with SSLFIPS on directive we get the following error:
[Mon Dec 17 17:22:15.355149 2012] [mpm_worker:notice] [pid 10612:tid 1]
AH00292:
Thanks for the detailed response, Dave.
As the authenticator you know your own cert already. As the verifier you can
get the cert and look at it.
... You should be able to know what you configured.
In general, yes. But in the context of a large proxy server fronting hundreds
of servers and
HI for ECDH can I use the HAs256 algorithm.
I have gone through the inside DS and written this piece of code and
it worked also.
But here how can U sesha256 ,when i used i am getting the error.
How can i use here sha256?
int alen = 0;
int blen = 0;
int aout = 0;
int bout = 0;
Anyone have any ideas? Still haven't found a solution.
--
View this message in context:
http://openssl.6102.n7.nabble.com/Problem-reading-public-key-from-PEM-tp42657p42794.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
On 12/17/2012 12:32 PM, Jerry Blasdel wrote:
All,
We are trying to get a FIPS enabled Apache 2.4.3 built with OpenSSL 1.01.
Everything appeared to build correctly but when we try to start Apache
with SSLFIPS on directive we get the following error:
...
Library Error:
Steve,
Thank you for your quick reply. We are trying to follow the User's Guide
when building.
We did the following:
For OpenSSLFips (openssl-fips-1.2)
./config
make
make install
For OpenSSL (openssl-1.0.1c)
./configure fips --prefix=/WWW/openssl
On 12/17/2012 04:15 PM, Jerry Blasdel wrote:
Steve,
Thank you for your quick reply. We are trying to follow the User's
Guide when building.
We did the following:
For OpenSSLFips (openssl-fips-1.2)
./config
make
make install
For OpenSSL (openssl-1.0.1c)
Ah. The 1.2 module is
On Mon, Dec 17, 2012, Giovani Milanez wrote:
Hello,
i was trying to extract Authority Information Access extension from a
certificate and realize that my code was leaking memory.
You can try:
X509 *cert; //you should load your certificate and place here
X509_EXTENSION *ext;
From: owner-openssl-...@openssl.org On Behalf Of Thirumal, Karthikeyan
Sent: Monday, 17 December, 2012 13:12
I don't believe this belongs on -dev or -cvs.
We added the OpenSSL to our TCP Windows application, for Client -
Server communication.
Looks like few machines are not able to access the
From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele
Sent: Monday, 17 December, 2012 13:17
HI for ECDH can I use the HAs256 algorithm.
I have gone through the inside DS and written this piece of code and
it worked also.
But here how can U sesha256 ,when i used i am getting
From: owner-openssl-us...@openssl.org On Behalf Of Salz, Rich
Sent: Monday, 17 December, 2012 12:45
Thanks for the detailed response, Dave.
As the authenticator you know your own cert already. As the
verifier you can get the cert and look at it.
... You should be able to know what you
From: owner-openssl-us...@openssl.org On Behalf Of
massimiliano.m...@gmail.com
Sent: Monday, 17 December, 2012 12:00
Sorry, wrong error. The actual error is:
snip ./openssl smime -verify -in message.txt.signed -text -CAfile
cacert.pem
Verification failure
2897402476:error:0D0D50CE:asn1
From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele
Sent: Monday, 17 December, 2012 08:26
To: openssl-users@openssl.org
Subject: Re: Need help in loading private key for ECDSA
Thanks for ur help .
Can you guide me how can I use ECDH for exachnaging of the
secret
From: owner-openssl-us...@openssl.org On Behalf Of engineereeyore
Sent: Monday, 17 December, 2012 15:52
Anyone have any ideas? Still haven't found a solution.
View this message in context:
http://openssl.6102.n7.nabble.com/Problem-reading-public-key-f
rom-PEM-tp42657p42794.html
Sent
Thanks Mat - that info really helps. I validated your input and queried the
private key file - which indeed pointed to handles on the HSM. For further
validation - i tried to sign using the sautil output key file on another box
w/o hsm and it failed.
- Simon Charles -
From:
Yes i used from ec/ecdhtest.c.
If you see the ECDH_compute_key in last argument It need some hash
function to sign the shared secret.
And here I need 256 bit secret key,that will be point on curve?.
That why I tried to use here sha256,because sha1 is 20bytes .
Also ECDH_compute_key for this fun
Actaully here I need to write the hash function which generate the 448
bit hash value.
By looking into openssl I did not find any hash function which can
generate the 448 bit.
Do we have any library function for generating 448 bit hash value?
On 18 December 2012 08:18, jeetendra gangele
On Mon, Dec 17, 2012 at 11:16 PM, jeetendra gangele
gangele...@gmail.com wrote:
Hi,
Do we have support for 448 bit hash value generation in openssl.?
I looked into the header file and I did not find functiobn related to that.
Actually I need to compute shared key for ecdh and that should be
U mean to say I can generate 64 bytes and then I can ignore last 8
bytes? so I will get 56 bytes.
This value then I have to use as secret key for ECDH
On 18 December 2012 09:57, Jeffrey Walton noloa...@gmail.com wrote:
On Mon, Dec 17, 2012 at 11:16 PM, jeetendra gangele
gangele...@gmail.com
On Mon, Dec 17, 2012 at 11:50 PM, jeetendra gangele
gangele...@gmail.com wrote:
U mean to say I can generate 64 bytes and then I can ignore last 8
bytes? so I will get 56 bytes.
This value then I have to use as secret key for ECDH
https://www.google.com/#q=truncated+hash
Be careful of ECDH
Ok,
can you expain me how ec_compute_key work and specially this last argument.
Why its need hash value to calculate the secret key.
I need to generate the 56 BYtes shred key.
On 18 December 2012 10:32, Jeffrey Walton noloa...@gmail.com wrote:
On Mon, Dec 17, 2012 at 11:50 PM, jeetendra gangele
28 matches
Mail list logo