On Tue, Mar 4, 2014 at 11:51 AM, Viktor Dukhovni
openssl-us...@dukhovni.org wrote:
On Tue, Mar 04, 2014 at 05:46:45PM +0100, Dr. Stephen Henson wrote:
NistCurveToNidByBits(256) returns NID_X9_62_prime256v1. I also tried
returning NID_secp256k1 with the same result.
I'm setting up
On Tue, Mar 4, 2014 at 11:46 AM, Dr. Stephen Henson st...@openssl.org wrote:
On Tue, Mar 04, 2014, Jeffrey Walton wrote:
On Tue, Mar 4, 2014 at 11:19 AM, Dr. Stephen Henson st...@openssl.org
wrote:
On Tue, Mar 04, 2014, Jeffrey Walton wrote:
On Tue, Mar 4, 2014 at 9:02 AM, Viktor
On Tue, Mar 4, 2014 at 11:41 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Tue, Mar 4, 2014 at 11:19 AM, Dr. Stephen Henson st...@openssl.org wrote:
...
I'm setting up Wireshark now on another machine to get the trace.
The Wireshark trace is useless (to me) because its only displaying TCP
On Tue, Mar 4, 2014 at 1:28 PM, Viktor Dukhovni
openssl-us...@dukhovni.org wrote:
On Tue, Mar 04, 2014 at 11:59:42AM -0500, Jeffrey Walton wrote:
Perhaps the server's EC private key is not being set correctly, so it
can't use the certificate.
Is there a way to test this?
Usually, after
On Tue, Mar 4, 2014 at 12:34 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Tue, Mar 4, 2014 at 11:41 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Tue, Mar 4, 2014 at 11:19 AM, Dr. Stephen Henson st...@openssl.org
wrote:
...
I'm setting up Wireshark now on another machine to get
On Tue, Mar 4, 2014 at 1:33 PM, Viktor Dukhovni
openssl-us...@dukhovni.org wrote:
On Tue, Mar 04, 2014 at 12:34:22PM -0500, Jeffrey Walton wrote:
I'm setting up Wireshark now on another machine to get the trace.
The Wireshark trace is useless (to me) because its only displaying TCP
traffic
On Tue, Mar 4, 2014 at 6:35 AM, Jeffrey Walton noloa...@gmail.com wrote:
I've got a server that can't negotiate a cipher suite with a client
when using ECDSA certificates. When using ECDSA, the server reports
0x1408a0c1 (no shared cipher).
The same server can consume RSA and DSA certificates
On Tue, Mar 4, 2014 at 2:00 PM, Dave Thompson dthomp...@prinpay.com wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
Sent: Tuesday, March 04, 2014 12:34
...
but that reminds me: does your ECDSA cert have the publickey in
named=OID format, NOT explicit (prime
On Tue, Mar 4, 2014 at 2:25 PM, Dr. Stephen Henson st...@openssl.org wrote:
On Tue, Mar 04, 2014, Jeffrey Walton wrote:
If that's the case, then that's probably it. Below is a sample.
I've been using PEM_write_PKCS8PrivateKey and PEM_write_X509. What
does one use to write the named curve
On Tue, Mar 4, 2014 at 3:26 PM, Dr. Stephen Henson st...@openssl.org wrote:
On Tue, Mar 04, 2014, Jeffrey Walton wrote:
On Tue, Mar 4, 2014 at 2:25 PM, Dr. Stephen Henson st...@openssl.org wrote:
...
It is stored in the private key when the key is generated. How did you
generate
On Tue, Mar 4, 2014 at 3:26 PM, Dr. Stephen Henson st...@openssl.org wrote:
On Tue, Mar 04, 2014, Jeffrey Walton wrote:
On Tue, Mar 4, 2014 at 2:25 PM, Dr. Stephen Henson st...@openssl.org wrote:
...
int nid = ...
EC_KEY* key = EC_KEY_new_by_curve_name(nid);
int rc
I'm reading a private key from disk and trying to validate it. The key
was saved with OPENSSL_EC_NAMED_CURVE.
After reading the key from disk, I perform the following:
__
OpenSSL Project
On Tue, Mar 4, 2014 at 6:46 PM, Jeffrey Walton noloa...@gmail.com wrote:
I'm reading a private key from disk and trying to validate it. The key
was saved with OPENSSL_EC_NAMED_CURVE.
[sorry about that half-post]
Here's what I needed:
int EC_KEY_get_asn1_flag(const EC_KEY* key)
{
ASSERT
I'm probably missing something really obvious here
I've got a couple of non-makefile based scripts to build my program.
The program is a mix of C and C++, so the FIPSLD_CC/fipsld does not
work due to c++ name mangling.
The scripts have a couple of variables:
FIPS_PREMAIN=`find $OPENSSLDIR
I'm have a cache of SSL_CTX's. When a SSL_CTX reference count drops to
1, I'd like to remove it from the cache. (1 means the cache holds the
only copy, so I should be able to remove it and call SSL_CTX_free).
Is it possible to retrieve the reference count on a SSL_CTX?
Thanks in advance.
I still have not found a solution to using OpenSSL with a C++ compiler.
fips_premain.c makes the following declarations. They lack 'extern
C', so I've got unresolved symbols:
extern const void *FIPS_text_start(), *FIPS_text_end();
extern const unsigned char FIPS_rodata_start[],
On Sat, Mar 8, 2014 at 3:52 PM, Viktor Dukhovni
openssl-us...@dukhovni.org wrote:
On Fri, Mar 07, 2014 at 06:16:33PM -0500, Jeffrey Walton wrote:
I'm have a cache of SSL_CTX's. When a SSL_CTX reference count drops to
1, I'd like to remove it from the cache. (1 means the cache holds the
only
On Tue, Mar 11, 2014 at 6:24 AM, ajay.sonawane ajay.sonaw...@gmail.com wrote:
I have downloaded FIPs 2.0 source code and openssl 1.0.1f source code. I m
trying to build FIPS on Windows/MAC but not sure if I could build shared
library of FIPS. If shared library is possible, what is the command
On Sun, Mar 16, 2014 at 5:49 AM, srikanth skanth2...@gmail.com wrote:
Hi,
We are working on making our application FIPS 140-2 Compliant.
There's no such thing as FIPS Compliant. You use validated
cryptography, or you don't use validated cryptography.
If your marketing department calls your
On Sun, Mar 9, 2014 at 9:06 AM, Dr. Stephen Henson st...@openssl.org wrote:
On Sun, Mar 09, 2014, Jeffrey Walton wrote:
I still have not found a solution to using OpenSSL with a C++ compiler.
fips_premain.c makes the following declarations. They lack 'extern
C', so I've got unresolved
On Tue, Mar 18, 2014 at 1:02 PM, axisofevil douglas.b...@ceiva.com wrote:
I dug into source - it's in DER format so a sleezy hacked function is this: (
I use curve NID_X9_62_prime256v1 )
ECDSA_SIG * sig
BIGNUM * r;
BIGNUM * s;
/* A correct
On Fri, Mar 21, 2014 at 8:06 PM, Thomas Leavy tombu...@gmail.com wrote:
Is there any way to accomplish building OpenSSL FIPS under the iOS 7 sdk?
See the OpenSSL FIPS User Guide, Appendix E.2.
http://www.openssl.org/docs/fips/UserGuide-2.0.pdf.
I'm running ubuntu (12.04, I think) on a VM on a Macbook Air using VMware. I
tried the default ubuntu SSL, 1.0.1f, 1.0.1c and 1.0.2beta1, no luck in any
case.
...
Any ideas why I can't do that with openssl?
Ubuntu disables TLS 1.1 and 1.2 in their version of OpenSSL. See, for
example,
On Thu, Mar 27, 2014 at 5:47 AM, Stefan H. Holek ste...@epy.co.at wrote:
On 25.03.2014, at 17:44, Zack Williams wrote:
...
3. Is there a reason to not set a pathLen in the basicConstraints
section of the Root CA's (to 1, to allow a maximum of one layer of
CA's below the Root), but to do so
On Mon, Mar 31, 2014 at 3:18 PM, Landen Landens landenfam...@gmail.com wrote:
My Mac still has OpenSSL 0.9.8. How may I update this to the latest stable
version?
You can't because 0.9.8 and 1.0.1 are *not* binary compatible.
You can download OpenSSL, `./Configure darwin64-x86_64-cc`, `make`,
On Tue, Apr 1, 2014 at 9:24 AM, Viktor Dukhovni
openssl-us...@dukhovni.org wrote:
On Tue, Apr 01, 2014 at 05:37:05AM -0400, Jeffrey Walton wrote:
You can download OpenSSL, `./Configure darwin64-x86_64-cc`, `make`,
and then `sudo make install`. Your updated version will be located in
`/usr
Hi All,
Sorry to ask this... Does OpenSSL support CCM and GCM modes? The
documentation [1] does not cover the topic. But it also does not cover
CBC mode, which OpenSSL surely must offer.
Thanks,
Jeffrey Walton
[1] http://openssl.org/docs/crypto/crypto.html
Hi Eystein,
typedef struct _STRING {
USHORT Length;
USHORT MaximumLength;
PCHAR Buffer;
} STRING, *PSTRING;
That looks like a UNICODE_STRING (or less commonly LSA_STRING) to me.
I don't ever recall seeing Microsoft defining it as a STRING. Perhaps
mingw/ntdef.h is the culprit.
Jeff
On
Hi Dennis,
I am presently looking at implementing AES 256bit into an
application which I am working on... Is it possible to do it
with OpenSSL?
It depends on what you want to accomplish, and the mode of operation
in which AES-256 will be operating. Can you offer more details?
Jeff
On
Hi Peter,
so we ran this with a 64 bit int and noticed that 128 bits comes out.
can we safely ignore the other 64 bits? why are we getting 128 bits out?
It depends on your choice of modes. Specifically on the padding
requirements accompanying the mode.
Modes such as ECB and CBC will pad to the
Hi Brian,
If so, what is it's purpose?
They are ASN.1 encoded integers. The leading '0' octect ensures the
value is interpreted as non-negative. See X.680.
Do You Yahoo!?
No.
Jeff
On Tue, Sep 22, 2009 at 9:47 PM, Brian Kuschak bkusc...@yahoo.com wrote:
I'm using OpenSSL to generate EC key
Hi Doctor,
Form the docs:
SHA1 is the digest of choice for new applications.
It appears the docs are bit dated. Depending on the application, I
believe NIST recommends that new applications use SHA-2 family (circa
2006 [1]), and requires SHA-2 after 2010 [2]. Considering McDonald,
Hawkes,
Hi Bradford,
tmp32dll\uplink.obj : fatal error LNK1112: module machine type 'X86'
conflicts with target machine type 'x64'
MachineType is a field in both the object file and PE file. uplink.obj
was built for x86, but your target is an x64 executable.
I've found it easier to use Shining Light's
On Wed, Oct 7, 2009 at 11:22 AM, Younie, Bradford
bradford.you...@chasepaymentech.com wrote:
Hi Bradford,
I've found it easier to use Shining Light's prebuilt OpenSSL gear.
Thomas provides both x86 and x64 binaries. See
http://www.slproweb.com/products/Win32OpenSSL.html.
Thanks Jeff,
I
Hi Alessandro,
Other rsa source code doesn’t work right because target environment
use big endian memory allocation for int and long
I don't believe this is characteristic of many libraries, such as
Peter Guttman's Cryptlib or Wei Dai's Crypto++.
Jeff
On Thu, Oct 15, 2009 at 10:37 AM,
Hi Doug,
I am trying to figure out where the padding bits
are applied?
...
The two private keys are described in a different
number of bytes. Since the 2nd generated private
key is shown in 20 bytes i.e. 160 bits, is it assumed
that the MS 3 bits are 0?
The public key, also known as the
: 630769944952357370507177294689782720716591612297
C:\Users\Public\Programs\Crypto++\ECParams
Jeff
On Wed, Oct 21, 2009 at 11:50 AM, Doug Bailey dbai...@digium.com wrote:
- Jeffrey Walton noloa...@gmail.com wrote:
Hi Doug,
I am trying to figure out where the padding bits
are applied?
...
The two private keys are described
Hi Doug,
After extracting the private key from the testkey.pem file and putting it into
the vendor's tool file format, the vendor tool generated digest ends up
looking
like:
E39C9EEB4A60BFAF93235B376E9E54883C127BC40300
F4760E34AC2ECB484B2DFF06E87113C9F1F9F99F0200
Ah! Now I see
Hi Bizhan,
The command BN_num_bytes(rsa_public_key-e) returns the size
of the exponent part of the public key, and it is 3 bytes. 10001.
Could this be a valid value?
Yes. Typical values are 3, 17, and 65535.
We have a system that requires public key exponent to be 4 bytes,
could I pad the
Hi Kirk,
I'm pretty sure that the weakness of all the mechanism is the key-length and
I'd like to avoid the brute force attack or the worst birthday attack...so
here's my questions.
There's no need to find collisions on the hash. The key is the weak
point. Your attacker will factor N, change
to encipherment and not
signatures.
Also keep in mind that FIPS recommends/requires SHA-2, which means you
can drop to SHA-224 if the 1000 messages per day are placing too much
of a burden on your server.
Jeff
On Mon, Nov 9, 2009 at 10:44 AM, Kirk81 rigo_...@yahoo.it wrote:
Jeffrey Walton-3 wrote:
1
Hi Vasu,
We are in desperate to resolve this issue and any help/insight
would be greatly appreciated as this is an urgent issue.
In case no one is interested in grinding though the dump files, you
might find someone to assist at
http://www.openssl.org/support/consulting.html.
Jeff
On Wed, Nov
Hi Sads,
On Mon, Apr 19, 2010 at 3:32 AM, Sad Clouds
cryintotheblue...@googlemail.com wrote:
On Sun, 18 Apr 2010 21:11:40 -0700
David Schwartz dav...@webmaster.com wrote:
Sad Clouds wrote:
1) According to the FAQ, an SSL connection may not concurrently
be used by multiple threads. Does
Hi Mikhail,
On Fri, Apr 23, 2010 at 11:34 AM, Mikhail Kruk mes...@gmail.com wrote:
Hi,
we are getting strange intermittent errors from OpensSSL. We have a
hundreds of instances of this app connecting over the Internet to our
servers. Only this one instance is sometimes experiences the
Hi denote23,
On Sun, May 2, 2010 at 4:08 AM, denot...@libero.it denot...@libero.it wrote:
Hi all
wha's the best way to do a H(M || T) ??
From your follow up email, it appears you've got the API figured out.
H is a one-way function (preferably SHA1)
SHA1 is great for Web interop, but it
Hi denote23,
On Sun, May 2, 2010 at 8:40 AM, Jeffrey Walton noloa...@gmail.com wrote:
Hi denote23,
On Sun, May 2, 2010 at 4:08 AM, denot...@libero.it denot...@libero.it wrote:
Hi all
[SNIP]
H is a one-way function (preferably SHA1)
SHA1 is great for Web interop, but it is beyond its
Hi Anamitra,
Key agreement using DH is not approved. See Section 2.3 and 2.4 of
OpenSSL FIPS 140-2 Security Policy
(http://www.openssl.org/docs/fips/SecurityPolicy-1.1.1.pdf).
Jeff
On Thu, May 6, 2010 at 3:22 PM, Anamitra Dutta Majumdar (anmajumd)
anmaj...@cisco.com wrote:
Have not seen a
Hi Kunal,
I was also wondering about the cipher block size. I was thinking
of using 16 as block size, read the input ...
You have no choice. AES is a 16-byte block cipher.
Using the EVP_* functions is easier.
Jeff
On Fri, May 21, 2010 at 2:30 AM, ~ Kunal Sharma ~ koolku...@gmail.com wrote:
The last assertion in the program is hit.
Am I missing something?
PKCS padding.
2010/5/21 Pedro Lamarão pedro.lama...@gmail.com:
In the following program, there is an explicit pre-condition that the
data to be processed is a multiple of the block size, with check in
code.
cipher is
OpenSSL is closer to Java than C# or Crypto++. So where you see Java,
thisnk OpenSSL.
Cryptographic Interoperability: Keys
http://www.codeproject.com/KB/security/CryptoInteropKeys.aspx
Cryptographic Interoperability: Digital Signatures
Hi Dave,
Amazingly IE7 on testing likes even CA:false, which is crazy.
What store did the cert get put in? Was it the Trusted Root
Certification Authorities? If you let Windows automatically select the
store, it most likely went in Personal.
Jeff
On Tue, Jun 1, 2010 at 9:17 PM, Dave Thompson
Hi Vieri,
How does one issue a cert for multiple CN?
Suppose I have just one HTTP server but it can be accessed
via multiple FQDN... I suppose I need to use subjectAltName?
Subject alternative name is one possibility. If you need a cert for
several hosts/hostnames belonging to the same
-
From: Jeffrey Walton
Hi Vieri,
How does one issue a cert for multiple CN?
Suppose I have just one HTTP server but it can be accessed
via multiple FQDN... I suppose I need to use subjectAltName?
Subject alternative name is one possibility. If you need
a cert for
several
On Tue, Jun 8, 2010 at 6:55 AM, Eisenacher, Patrick
patrick.eisenac...@bdr.de wrote:
Hi Jeff,
thanks for responding, but see my comments below.
-Original Message-
From: Jeffrey Walton
Hi Patrick,
can you please elaborate on where you see a security drawback
in the attack
Jeff,
-Original Message-
From: Jeffrey Walton
As long as the bad guy doesn't compromise your private key, he
won't be able to impersonate any of your hosts, wildcard
cert or not.
What happens in the case of a web farm behind a proxy or load
balancer, where the forward facing host
less stable to
do business with because of their cost-cutting attempts. But, that is a
different argument.
-Original Message-
From: owner-openssl-us...@openssl.org on behalf of Jeffrey Walton
Sent: Wed 6/9/2010 11:24 AM
To: openssl-users@openssl.org
Subject: RE: self-signed SSL
Hi All,
Are there any plans to incororate IBM's patches (eg,
http://rt.openssl.org/Ticket/Display.html?id=782). Given its been 6 or
so years, the reason is probably not technical merits or difficulties.
Can anyone comment?
Thanks,
Jeff
NIST approved authenc
mode).
Personally, I would prefer Bellare, Rogaways, and Wagner's EAX mode
over CCM. But I guess Rogaway and Wagner user up all their NIST creds
with CTR mode.
Jeff
On Fri, Jun 18, 2010 at 6:03 AM, Dr. Stephen Henson st...@openssl.org wrote:
On Thu, Jun 17, 2010, Jeffrey
Hi Hansa,
Now problem is exe is not running in some PC having Server
2003 and XP. While it is running in others.
What can be reason? How can I solve it?
(1) Program bug - you're on your own
(2) Missing files of the VC 6.0 era - verify that your including all
required files
(3) Try
Hi Massimiliano,
If the locks need to be shared across processes, use a Mutex (the
mutexes can be named for separate processes, or the mutex can be
unnamed if Object Handle Inheritance is used (a flag to CreateProcess,
which is similar to fork(2))).
Otherwise, use a CRITICAL_SECTION. The
, one is probably not going to follow Win32 best
practices (is this 'too much' of a leap?).
On Fri, Jun 25, 2010 at 5:01 AM, Jakob Bohm jb-open...@wisemo.com wrote:
On 24-06-2010 23:31, Jeffrey Walton wrote:
[SNIP]
Critical sections have the added benefit that you don't have to supply
, then you found yet another security bug in the
SRM itself (congratulations).
PS: One small correction to my post: For at least some APIs, Windows 9x
will not object to a non-NULL lpSecurityDescriptor anyway.
On 25-06-2010 21:08, Jeffrey Walton wrote:
Hi Jakob,
Boy this is an argumentative
Hi Mark,
I think I need to pull some data out of the header in the openssl DER file
and put it into the key BLOB (BLOBHEADER/RSAPUBKEY) structure in Windows.
When you pluck the various ASN Integers out of the DER encoded key
file, the integers have to be baked a bit before inserting into the
The general approach is to encrypt data using a symmetric cipher (e.g.,
AES-256) with a randomly-generated key, and then encrypt that symmetric key
with the RSA (public) key.
AES-256 requires a RSA modulus with an equivalent strength, which is a
15360 (IIRC). If you choose RSA-1024 or RSA-2048,
Handbook of Applied Cryptography (HAC)
... but the principles stated in those books are
still valid and worth knowing.
Section 9.6 of the HAC is no longer applicable, and should be
considered wrong (worth mentioning since its not a typo or other
errata, and it applies to the entire section).
...@gmail.com wrote:
On Sat, Jul 10, 2010 at 12:13 PM, Jeffrey Walton noloa...@gmail.com wrote:
The general approach is to encrypt data using a symmetric cipher (e.g.,
AES-256) with a randomly-generated key, and then encrypt that symmetric
key
with the RSA (public) key.
AES-256 requires a RSA modulus
-Part1-revised2_Mar08-2007.pdf)
On Mon, Jul 12, 2010 at 10:16 AM, Jakob Bohm jb-open...@wisemo.com wrote:
On 10-07-2010 20:13, Jeffrey Walton wrote:
The general approach is to encrypt data using a symmetric cipher (e.g.,
AES-256) with a randomly-generated key, and then encrypt that symmetric
key
On Tue, Jul 13, 2010 at 3:04 PM, Jakob Bohm jb-open...@wisemo.com wrote:
On 13-07-2010 15:00, Jeffrey Walton wrote:
[SNIP]
proponents of the RSA and DH algorithms said that the
number was wildly exaggerated and proposed some much
smaller values.
I'm not willing to go out on a limb
On Wed, Jul 14, 2010 at 6:42 AM, Jakob Bohm jb-open...@wisemo.com wrote:
On 14-07-2010 07:52, Jeffrey Walton wrote:
On Tue, Jul 13, 2010 at 3:04 PM, Jakob Bohmjb-open...@wisemo.com wrote:
[SNIP]
proponents of the RSA and DH algorithms said that the
number was wildly exaggerated
Hi Marc,
If you want to encrypt a database, have you considered SQLCipher
(http://www.zetetic.net/code/sqlcipher)? It is free and uses OpenSSL.
Jeff
On Thu, Aug 5, 2010 at 11:19 AM, Marc Phillips rm...@copacetic.net wrote:
Ger Hobbelt g...@hobbelt.com wrote:
Got some sample data to show which
I think part of my problem is that EVP_BytesToKey only returns a 16 byte key.
You will probably need to duplicate Crypt-CBC-2.30's algorithm for
creating or deriving the key. Blowfish uses a variable length key
(some hand waiving) [1], so there should be no algorithm to duplicate.
Use the 56
On Wed, Oct 6, 2010 at 8:45 PM, Darryl Miles
darryl-mailingli...@netbauds.net wrote:
[SNIP]
Oh, and stdint.h is not available with all compilers!
Isn't this an ANSI requirement, ah well, poor compiler users what standards
do they conform to then ?
Like the safer string functions (strcpy_s
LNK2001: http://msdn.microsoft.com/en-us/library/f6xx1b1z%28VS.71%29.aspx
When i try to link Libeay32.lib in my application i see following link
errors where as these errors are not seen when build without FIPS.
It appears you are missing a library (non-fips has it, fips is
lacking). Compare
So I wasted my precious time preparing a patch while someone
else had already posted a patch off-list.
Lol... If you're going to throw a tantrum every time someone beats you
ta a patch, you owe us a tantrum:
WinCE patch:
http://www.mail-archive.com/openssl-users@openssl.org/msg61765.html
Pierre
Hi All,
Forgive me if this has been answered else where.
I did not see a multi-threaded unit test, and searching the archives
(http://www.mail-archive.com/openssl-...@openssl.org/) returned 0
hits. Grepping the site returns one reference to unit test regarding
to Thomas Wu's SRP at [1] (Ticket
Hi Rajesh,
I've had success with integrity checking using MACs and signatures for
both PE/PE+ and Elf32/64 executables and dynamic libraries on their
respective platforms (not limited to a OpenSSL dll). If I recall,
OpenSSL is only trying to embed a MAC.
5292:error:2507606A:DSO support
On Wed, Nov 3, 2010 at 9:12 AM, David Schwartz dav...@webmaster.com wrote:
On 11/2/2010 6:25 PM, Md Lazreg wrote:
r=select(m_sock_fd + 1, fds, 0, 0, ptv);
if (r = 0 (Errno == EAGAIN || Errno == EINTR))/*if we timed
out with EAGAIN try again*/
{
r = 1;
2010/11/22 Ing. Fabián Martínez Osorio fab...@autodocuments.com:
Hi:
I have a C++ program that uses the openssl library, and on some computers, I
got the message “La aplicación no se ha podido inicializar correctamente,
error 0xc0150002. Haga clic en aceptar para terminar la aplicación” Can
On Sun, Dec 5, 2010 at 11:12 AM, Eugene N neverov.biks.0...@gmail.com wrote:
Dear sirs
I am looking for a way to perform a set of heterogeneous operations, with
some parameters being BIGNUM and some just 32 bit integers.
for example, multiply a bignum by 2, increment a bignum by 1, find a
On Sun, Dec 12, 2010 at 12:12 PM, S Mathias smathias1...@yahoo.com wrote:
i can use natively openssl for anonymous chat:
# Chat:
# server side:
openssl req -x509 -nodes -days 365 -newkey rsa:8192 -keyout mycert.pem -out
mycert.pem
# server side - generate a self-signed cert.
openssl
On Wed, Dec 15, 2010 at 12:55 AM, Kannan J
kannan_jayapraka...@yahoo.co.inwrote:
From my relentless search on the internet I hit upon this webpage
http://www.mobilefish.com/services/rsa_key_generation/rsa_key_generation.php
On Wed, Dec 15, 2010 at 12:58 AM, Victor Duchovni
victor.ducho...@morganstanley.com wrote:
On Tue, Dec 14, 2010 at 09:46:11PM -0800, Kannan J wrote:
I'm copying and pasting the text from the smart card guide. It is too
big to attach.
Please use plain-text (non-HTML) email when sending mail
On Thu, Dec 23, 2010 at 3:35 PM, aerow...@gmail.com wrote:
Export the environment variable OPENSSL_FIPS=1, and then try openssl md5?
I am aware of two companies which are (were?) claiming a FIPS
validated module via OpenSSL sources, but not building the canister.
For completeness, the companies
On Thu, Dec 23, 2010 at 3:48 PM, Mike Mohr akih...@gmail.com wrote:
Good afternoon,
When generating an RSA key, several components are described in the
output file. Per the RSA specification on wikipedia,
You should question anything on Wiki since it is generally unedited.
Don't make the
, Jeffrey Walton noloa...@gmail.com wrote:
On Thu, Dec 23, 2010 at 3:35 PM, aerow...@gmail.com wrote:
Export the environment variable OPENSSL_FIPS=1, and then try openssl md5?
I am aware of two companies which are (were?) claiming a FIPS
validated module via OpenSSL sources, but not building
fipscanister.
Agreed. Sorry about the traces of cynicism. I just don't trust
corporate or government. They collude all the time.
Jeff
On Thu, Dec 23, 2010 at 3:48 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Thu, Dec 23, 2010 at 5:56 PM, aerow...@gmail.com wrote:
OPENSSL_FIPS=1 causes openssl
On Wed, Jan 5, 2011 at 12:45 PM, Harshvir Sidhu hvssi...@gmail.com wrote:
Hi,
Is the CAPI engine from OpenSSL supported on WinCE?
I don't believe OpenSSL will compile on Windows Mobile. I also
believe a patch by Pierre
Delaage is available at
On Thu, Jan 20, 2011 at 5:01 PM, Welling, Conrad Gerhart
conrad.gerhart.well...@saic.com wrote:
My team just received a directive from our customer to start using SHA-2
immediately. Yes, in effect, the directive is that vague, and, no, details
have not been forthcoming! So, I intend to tell
Hi Yann,
I know , but i haven't file .KEY (eg. cert.key) , i must convert file .cer
into .pfx without file .key
Factor n, or solve the discrete log to recover the private exponent.
On Mon, Feb 14, 2011 at 11:44 AM, yann458 sival...@gmail.com wrote:
I know , but i haven't file .KEY (eg.
On Sun, Mar 6, 2011 at 4:51 AM, pattabi raman rprt...@gmail.com wrote:
Hi,
I have to implement the RSA algorithm in our solaris10 ( which has openssl
already) using C programming.
Anyone please forward any doc / sample code / Weblink anything would be a
great help me.
c = m^e mod n
m = c^d
On Sun, Mar 6, 2011 at 5:23 AM, pattabi raman rprt...@gmail.com wrote:
Hi ,
I need to implement the entire RSA logic in C program to encrypt the
customer key for one of our application functionality.
I am bit confused on RSA API, which gives me struggle like Which method to
call / order
On Fri, Mar 25, 2011 at 3:56 PM, Anthony Gabrielson
agabriels...@comcast.net wrote:
This will do what you want:
http://agabrielson.wordpress.com/2010/07/15/openssl-an-example-from-the-command-line/
memset(plaintext,0,sizeof(plaintext));
The optimizer might remove your zeroization.
Jeff
On Thu, Apr 21, 2011 at 7:44 AM, ikuzar razuk...@gmail.com wrote:
Ok,
I see now what you mean. I 'll try to hash the shared value with SHA1, then
truncate it to obtain 128 bits ...
In addition to Dave's comments, see NIST 800-135 and RFC 5869 for
guidelines and recommendations on
On Tue, Apr 26, 2011 at 5:49 AM, Michel (PAYBOX) msa...@paybox.com wrote:
Hi,
I am no expert on the matter, but on my humble opinion,
I think you can rely on this book because most of its content is about
fundamental concepts,
not implementation details ( padding, message encoding, ... ) for
char mykey[EVP_MAX_KEY_LENGTH] = blowfish_key;
char iv[EVP_MAX_IV_LENGTH] = blowfish;
These look problematic. Is it the case that EVP_MAX_KEY_LENGTH ==
sizeof('blowfish_key')? Is it the case that EVP_MAX_IV_LENGTH ==
sizeof('blowfish')?
EVP_EncryptInit(ctx, EVP_bf_cfb(), (unsigned
2011/5/4 Prashant Batra prashant0...@gmail.com:
http://pastebin.com/0BG97RDH
This does not contain complete source code, but will definitely give you the
idea about what I am trying to do.
After a quick look, it does not appear there is enough code to say
what is wrong. For example, you
On Mon, May 16, 2011 at 1:15 AM, raghib nasri raghibna...@gmail.com wrote:
I have also observed that changing my application code causes a different
HMAC sig generated by premain. So if it is covering just validated module
(fipscanister.o) then sig should remain same as i m using the same
On Mon, May 16, 2011 at 8:51 AM, Sergey sh0...@gmail.com wrote:
Hello,
I have a program, written on C++ and QT.
I need to implement checking of file signature in my program, so that it
would do the same check, as this openssl command:
openssl dgst -sha1 -signature signature.bin -verify
On Mon, May 16, 2011 at 9:53 AM, John Hascall j...@iastate.edu wrote:
Duh, thanks to the people who pointed out that the pointer returned by
PEM_read_bio_RSA_PUBKEY might be null, and indeed it is (sadly I have to use
Xcode, which refuses to show any local variables and GDB claims they don't
On Thu, May 19, 2011 at 5:44 AM, Tim Watts t...@dionic.net wrote:
Hi folks,
I'm setting up a new CA/SSL infrastructure for work - the CA is self signed
and all SSL certs (mostly server certs rather than client certs) will be
signed off against this CA.
I've just made the effort to try to
201 - 300 of 744 matches
Mail list logo
