, the rules for encoding a positive number whose
high-order bit (on an 8-bit boundary) is 1 is to make the length one longer
and output a leading zero. But it looks like you java program has the same
integer, so I don't think that is the source of the problem.
Greg Stark
[EMAIL
The place to start for the ASN.1 for such beasts is usually the PKCS site,
(http://www.rsalabs.com/pkcs/index.html). Look at PKCS#1 and PKCS#7.
Greg Stark
[EMAIL PROTECTED]
- Original Message -
From: Hellan,Kim KHE [EMAIL PROTECTED
Why do you think it is a problem? IE tends to do things differently than
Netscape ;). For a number of reasons, IE will close a connection after the
handshake, and then reconnect. It shouldn't cause any problems.
Greg Stark
[EMAIL PROTECTED
--redirected to -users
I think that is how it should work. I see no reason why another DNS lookup
should be made after the first one. I assume that a gethostbyname() is
called once.
BTW, you random seeding is totally insecure, but you probably already know
that.
Greg
export
of the private key. Check your script which creates the certficate request
and private key; it should have something that looks like
objectname.createPKCS10. Make sure nothing sets the low-order bit of
objectname.GenKeyFlags; it should be zero.
Greg Stark
[EMAIL PROTECTED
Title: Message
Hmm.. Looking at my libeay32, I have a d2i_X509, but no
d2i_x509. Perhaps your code just has a typo, and you meant to use the upper case
X?
Greg Stark[EMAIL PROTECTED]
- Original Message -
From:
Andrew Finnell
Have you modified openssl? If so, perhaps you can say what mods you made.
Greg Stark
[EMAIL PROTECTED]
- Original Message -
From: Nathan Bell [EMAIL PROTECTED]
To: OpenSSL Users [EMAIL PROTECTED]
Sent: Thursday, August 23, 2001 1:15 PM
Subject
www.rtfm.com/ssldump
Greg Stark
[EMAIL PROTECTED]
- Original Message -
From: Bill @ Rebey.com [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, August 13, 2001 12:35 PM
Subject: RE: Can't get SSL error information
No, I haven't tried
http://www.ultranet.com/~fhirsch/Papers/wwwj/article.html
http://www.modssl.org/docs/2.8/ssl_intro.html
Greg Stark
[EMAIL PROTECTED]
- Original Message -
From: Ballou,Matt [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, July 27, 2001 12
You're probably asking about CryptoAPI-enabled apps that use the MS
providers. These store the private and public keys in proprietary formats.
They are accessed through the functions of the CryptoAPI. These return the
answers in various appropriate standard formats.
Greg
UI to ask the user
what to do, and then reconnect and proceed on. This behavior also occurs if
the server ROOT cert is not trusted by IE, if the server cert is expired, or
if the server cert NAME doesn't match the hostname typed in the IE address
window.
Greg Stark
[EMAIL
for you.
Greg Stark
[EMAIL PROTECTED]
- Original Message -
From: Joe Coates [EMAIL PROTECTED]
To: Openssl-Dev@Openssl. Org [EMAIL PROTECTED]
Sent: Friday, July 20, 2001 10:27 AM
Subject: RSA p and q inverses
I am hoping to offload
Certificates do not contain private keys. They wouldn't be very private if
they were in the certificate.
Greg Stark
[EMAIL PROTECTED]
- Original Message -
From: Norman Zhang [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 16, 2001 8
This question seems to be coming up more frequently! The message you
encrypt must be *less* than the modulus.
Greg Stark
[EMAIL PROTECTED]
- Original Message -
From: Patrick Mackinlay [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday
It would only be a guess, but perhaps you are not handling the IV correctly,
and/or you are not handling the blocksize padding correctly. Maybe you are
only properly initializing the first four bytes of an 8 byte key? Maybe
Greg Stark
[EMAIL PROTECTED
Vincent,
Take a look at some of these archived threads:
(http://www.mail-archive.com/openssl-users@openssl.org/msg12948.html),
(http://www.mail-archive.com/openssl-users@openssl.org/msg09399.html) and
see if they address your needs.
Greg Stark
[EMAIL PROTECTED
FW: Re: SSLv2_method and SSLv23_methodDid you try SSLv2_method()?
Greg Stark
[EMAIL PROTECTED]
- Original Message -
From: Hieu Nguyen
To: '[EMAIL PROTECTED]'
Sent: Monday, May 07, 2001 12:01 PM
Subject: FW: Re: SSLv2_method and SSLv23_method
to hash some data, have a look at the docs at
(http://www.openssl.org/docs/crypto/EVP_DigestInit.html#)
Greg Stark
[EMAIL PROTECTED]
- Original Message -
From: imran badr [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, May 07, 2001 3:12 PM
The SSL_CTX_set_timeout() function does not do what you want. It sets the
lifetime of an SSL session, which is the period during which you can reuse
the pre-master secret and avoid expensive public key crypto ops.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
Yes, that is exactly what you need to do, unless you plan to reverse
engineer Microsoft's proprietary private key storage encryption mechanism.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message
1.2.3.4.
Greg Stark
[EMAIL PROTECTED]
- Original Message -
From: Joe Julian [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, May 01, 2001 3:53 PM
Subject: Is the ip address stored in an x509 certificate?
I have Cyrus imap set up with openssl, and everything seems to be
working
You can add the second CN in the config file, something like
1.CN=CN#1
1.CN_default=127.0.0.1
2.CN=CN#2
2.CN_default=localhost
Greg Stark
[EMAIL PROTECTED]
- Original Message -
From: Olivier Wegria [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, April 23, 2001 1:21 PM
Subject
to
SSL_CTX_load_verify_locations(). The filenames have to be special, however.
The filename has to be the hash of the subject name in the certificate.
I don't know exactly what the advantage of one way over the other is.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
No problem; Dr. Henson did attempt an answer to your question; see
(http://www.mail-archive.com/openssl-users@openssl.org/msg18489.html)
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From
Laurent,
You cannot use a memory BIO that way; BIO_new_mem_buf() creates a
READ-ONLY BIO. See (http://www.openssl.org/docs/crypto/BIO_s_mem.html#).
Instead, just do bp = BIO_new(BIO_s_mem()) and go from there
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
, then the output goes to
stdout. If you set it to the null sink BIO, you don't get any output.
Since stdout is typically buffered, you may need to flush stdout, perhaps
with BIO_flush(bio_s_out);
good luck
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
Gustavo,
Take a look at the archived articles
(http://www.mail-archive.com/openssl-dev@openssl.org/msg08902.html) and
(http://www.mail-archive.com/openssl-users@openssl.org/msg18264.html).
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
companies can probably afford it :)
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: Dilkie, Lee [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, April 25, 2001 4:44 PM
Subject: RE
Judy,
I think the manual gives a hint to examine the errno for the socket that
is being used, or maybe WSAGetLastError() if using Windows.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message
to call
EVP_cleanup().
Perhaps this could be documented at
(http://www.openssl.org/docs/ssl/SSL_library_init.html#)?
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: Gustavo Badauy [EMAIL
1. I'm wondering if it's possible to make a digital cert that
supports/uses SCG (Server Gated Cryptography), and if so, how?
[Lee] I think you have to be a big company, like MS or Netscape, and
negotate a special deal with the NSA.
I don't think so. Better yet, search for SGC (not SCG) in
The memory BIO will grow itself as needed to hold data written into it. You
do not need to size it in advance.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: Hausermann Laurent [EMAIL
Also you might find the ssldump tool useful. Please see
www.rtfm.com/ssldump.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: Lutz Jaenicke [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent
even if the client
doesn't authenticate. With the second option, the client must authenticate
or the handshake fails. Are you perhaps using option #1?
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message
It is documented @
(http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html#).
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: George Lind [EMAIL PROTECTED]
To: [EMAIL PROTECTED
George,
The alert is encrypted under the current ciphersuite, as it should be.
It is almost certainly a close_notify alert, which is expected and correct.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
For your puposes, you'd expect it to look like any other random function
that outputs four bytes. What exactly do you need for your 'unique enough'
property?
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original
OpenSSL on NTfollow the instructions in install.w32; other than that, you'll
have to tell us what errors you are getting.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: Timothy H
be able to do
better with some other techniques.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Kenneth R. Robinette" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, April
@openssl.org/msg11445.html).
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Harald Koch" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, April 19, 2001 4:48 PM
Subject: Re: Me
George,
Do you really need to allow SSLv2? I'm curious, as I would think that by now
there are almost no systems left which CANNOT use SSLv3.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message
.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Isaac Foraker" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, April 19, 2001 5:51 PM
Subject: win32 compile failed
for
managing session resumption. See the documentation for SSL_set_shutdown()
(http://www.openssl.org/docs/ssl/SSL_set_shutdown.html#) for some hints of
what to do.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original
-Length header or some other heursitic (like
looking for the /HTML tag), how can your client be certain the transport
closure packet (TCP FIN) wasn't spoofed?
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original
Carl,
For Internet Explorer, you would have to write a customized
Cryptographic Service Provider (CSP) to accomplish this. It is not trivial.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message
the session was resumed by looking at the session id's in the clear text
handshake messages.
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Roberto Rodrigues - McLean" [EMAIL
SSH is not run over SSL, it runs over its own secure transport protocol.
OpenSSH just uses the crypto library from OpenSSL.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: [EMAIL
bytes using PKCS#1 block type 1
padding (for an RSA certificate).
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "ET Tan" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL
check out the doc/openssl.txt file.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Tim Newsham" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, April 16, 2001 2:35
would use the OR the flags
SSL_VERIFY_PEER and SSL_VERIFY_FAIL_IF_NO_PEER_CERT
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Colin Fox" [EMAIL PROTECTED]
To: [EMAIL PROTE
Jeremy,
What exactly is the problem you are having?
Reiner's comments seemed right on, so perhaps you can give a little more info,
what error messages are you getting, what are you trying to achieve,
etc.
_Greg StarkEthentica,
Inc.[EMAIL
RC4 is not license-encumbered but rather trademarked. However, to answer
your question, add the no-* flags to the perl lines in the ms\do_masm.bat
file.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original
why do you want to do this? Do you know the difference between a private and
public key?
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Mevlana Sari" [EMAIL PROTECTED]
are.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Tat Sing Kong" [EMAIL PROTECTED]
To: "openssl" [EMAIL PROTECTED]
Sent: Tuesday, April 03, 2001 12:20 PM
Subject: Certificate
A QuestionPlease check out
(http://www.openssl.org/docs/ssl/SSL_get_error.html#) and collect all
possible error information before posting, including the underlying socket
error code if applicable.
Thank,
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
\vcvars32.bat on your command line
*before* running any nmake commands. This sets up the environment properly.
For myself, to make this easy to do, I create a shortcut to command.com and
fill in the batch file entry to point to the vcvars32.bat file.
_
Greg Stark
uses up 11
bytes of the RSA payload, so the smallest modulus would be 48+11=59 bytes,
or 472 bits. You should not use such small moduli, however.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message
.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Pradeep Kamath" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 22, 2001 11:40 AM
Subject: key size 384 gives problem on server
Hello
.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Hegde, Ramdas" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 22, 2001 6:10 PM
Subject: Strange behaviour with SSL_CTX_set_verify
After I
of the server-specified CA's.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 21, 2001 11:35 AM
Subject: how to generate
)
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Dailou Walker" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 14, 2001 10:13 AM
Subject: How to test for a complete
extensions in your certificate.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 21, 2001 1:10 PM
Subject: Re: how to generate
You don't have to do the cutting; the EVP_* functions do it
for you.
_Greg
StarkEthentica, Inc.[EMAIL PROTECTED]_
- Original Message -
From:
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday,
.
This will at least give you some hints on where to do your thing in the
protocol, if not the code.
I'll try to look around in the code a bit later for ideas.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
-connect www.verisign.com:443
and after it stops spewing, type GET / and press return.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "D. David Pirzadeh" [EMAIL PROTECTED]
\mk1mf.pl %SKIPS% VC-WIN32 ms\nt.mak
Look through the perl script and maybe a few other places to see what no-***
options are supported. Please post the results to the list. I think it is of
general interest.
Good luck,
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
n or buggy commercial
SSL implementations.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Hubert Froehlich" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 15, 2
Chaz,
Creation should be no problem; see
(http://www.mail-archive.com/openssl-users@openssl.org/msg15592.html) for a
discussion of some other issues that may arise.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
If you look carefully in the INSTALL.W32 file (look under Tweaks:), you will
see how to do it.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Eli Zvik" [EMAIL PROTECTED]
Just note that the IP address is not authenticated and thus is untrusted.
Whether this matters or not depends on what you are doing with it.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message
ect places.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Marcel Loesberg" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 09, 2001 9:17 AM
Subject: Can't compile openssl-0.9.6
Hi,
/catalog/38354-6.htm, though
I have never looked at it.
Good luck,
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Erick Perez - CriptoData Panama" [EMAIL PROTECTED]
To: [EMAIL PRO
PI mailing list archives
(http://discuss.microsoft.com/archives/cryptoapi.html). You might search on
CRYPT_MACHINE_KEYSET to get some posts on similar sorts of issues.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
. It
has the chicken-and-egg problem you mentioned, but that's life.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "John Pliam" [EMAIL PROTECTED]
To: "Rich Salz" [EMAIL P
Aslam,
Look at the 'Tweaks' section of the Install.W32 file. You'll should end
up getting these lines in do_masm.bat
perl util\mk1mf.pl debug VC-WIN32 ms\nt.mak
perl util\mk1mf.pl dll debug VC-WIN32 ms\ntdll.mak
_
Greg Stark
Ethentica, Inc.
[EMAIL
Jeffrey,
The short answer is neither. The client's only use of its private key is
to sign a hash of the handshake messages, one of which includes the server
random value.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
Jeff,
That is correct, all the payload data is MAC'ed using shared symmetric
keys, so repudiation by either peer claiming tampering by the other is
possible.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Sandipan Gangopadhyay" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 07, 2001 10:38 AM
Subject: Re: Question
Christian,
I assume you mean X509 v3 and X509v1
instead of SSL v3 and SSL v1, no?
_Greg StarkEthentica,
Inc.[EMAIL PROTECTED]_
- Original Message -
From:
Christian
Ullman
To: [EMAIL PROTECTED]
Why not RSA? In theory, you could create and use DSA-signed certificates
which contain DSA or DH parameters, but there is very little support for
these in existing software.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
to libdes.
I haven't seen more recent versions of BSAFE, so I don't know if they still
contain the acknowledgement.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Alex Graveley&qu
It is the hash of the entire DER encoded
certificate.
You can calculate it using the 'openssl' utility
via:
openssl dgst -sha1 -c cert.der
_Greg StarkEthentica,
Inc.[EMAIL PROTECTED]_
- Original Message -
are looking for.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Scott Fagg" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, February 28, 2001 11:44 PM
Subject: Re:
();
}
}
}
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "srinivasa siripurapu" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, February 28, 2001 8:25 PM
Subject: PKCS8 and JAVA Application
Hi,
I am tryi
in
proprietary databases. Folks on this list seem to have lots of experience
with Apache-SSL, mod-ssl, Netscape, and IIS.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Gil Schi
.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Josh Howlett" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, February 15, 2001 5:12 PM
Subject: help: DH_compute_key
Hi all,
W
_read_X509().
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Philip J Grabner" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, February 24, 2001 5:39 PM
Subject: QUESTION: how to retrieve the
of the SSLv2 record protocol in any
of the TLS or SSLv3 rfc's or draft RFC's. I do have an HTML document that I
scrounged from somewhere (probably sun) describing SSLv2. I'd be glad to
e-mail to anyone or post it to the list.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Patrick Li" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, February 21, 2001 8:43 PM
Subject: SSL_read
Hi,
I got a question about SSL_read. If
already generated it, so perhaps that is the
case. In any event, check the return value from DH_compute_key(). If it
is -1, then you have an error.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From
( dh_struct );
dh_secret = malloc ( DH_size( dh_struct ) );
DH_compute_key ( dh_secret, client_key, dh_struct );
free ( dh_secret );
BN_free ( client_key );
DH_free ( dh_struct );
return (0);
}
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
IDEA is patented in the U.S. I believe the patent holders have made it
available royalty-free for *some* uses, but you need to check with them
(http://www.media-crypt.com/).
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
with a few examples.
When you ask how can Xenroll work with OpenSSL, do you want use Xenroll to
generate the certificate requests and use openssl to sign them? This can
certainly be done.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
. Your first
call to DH_new() doesn't do anything except create a memory leak. DH_check()
returns its answer in the integer *pointed* to by the second parameter. So,
if dh_error is an int then you need to pass dh_error to DH_check().
_
Greg Stark
Ethentica, Inc
65537 is nice number because it "big enough" in
the Goldilocks sense, unlikely to be a factor of L, and is fast to compute
with if the binary exponentiation algorithm is used.
_
Greg Stark
Ethentica, Inc.
[EMAIL
.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Patricio Valdebenito" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, February 16, 2001 2:52 PM
Subject: deign question
Hello, my name
No. Your question doesn't make any sense, so folks are just trying to guess
what you *might* mean.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Auteria Wally Winzer Jr.&qu
Probably caused by the browser. The certificates don't really have much to
say about whether you get 40-bit or 128-bit cryptography. Upgrade to a
browser that supports 128-bit cryptography.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
Make sure you use the same C runtime library to link your application as you
specified to build openssl. Which makefile did you use to build openssl,
nt.mak or ntdll.mak?
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
://www.openssl.org/docs/apps/openssl.html#. If your password is badpass,
then you can use openssl genrsa -des3 -out rca.key -passout pass:badpass
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From
1 - 100 of 128 matches
Mail list logo