Re: Format and standard for CSR

I don't see the point in DER encoding for a CSR – The RA and CA decide the composition of the cert, based on the rules and CPA that they follow, and of course any cert issued will be in DER format, and may include reordering or modified/expanded extensions and key use restrictions. A CSR is

Re: [openssl-users] RFC5077 ticket construction help

On Wed, Mar 28, 2018 at 9:44 AM, Viktor Dukhovni wrote: It would more sense for C to issue short-term client certificates. > Session tickets are for session resumption. In particular they > can't authenticate the server to the client, so you still need > an initial

Re: [openssl-users] RFC5077 ticket construction help

Since there exists a reference implementation, and the source code is available, why not start there? The symmetric key protocol is the basis of Kerberos. - M On Wed, Mar 28, 2018 at 9:26 AM, Henderson, Karl via openssl-users < openssl-users@openssl.org> wrote: > Need some help with RFC5077

Re: [openssl-users] How to form a proper hash after writing something into SSL handshake.

Comic Sans. Need I say more? On Tue, Dec 26, 2017 at 4:53 AM, Sai Teja Chowdary < asteja.chowdary.ec...@itbhu.ac.in> wrote: > > > Hi, > > > > Happy Holidays everyone. > > > > I want to send client certificate, client key exchange and client verify > in a single handshake message which appears as

Re: [openssl-users] Rejecting SHA-1 certificates

On Mon, Jul 10, 2017 at 10:22 AM, Viktor Dukhovni < openssl-us...@dukhovni.org> wrote: > > > On Jul 10, 2017, at 1:12 PM, Niklas Keller wrote: > > > > It's very well worth the effort, otherwise there's a security issue, > because certificates can be forged. > > Collision

Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

On Tue, May 2, 2017 at 8:27 AM, Michael Wojcik < michael.woj...@microfocus.com > wrote: It may be worth noting that nearly all well-written UNIX applications > should set the disposition of SIGPIPE to SIG_IGN. SIGPIPE is a

Re: [openssl-users] dates, times, durations in next release (commands)

On Tue, Sep 6, 2016 at 10:40 AM, Jakob Bohm wrote: ... > Another related (long standing) issue is the inability to > state an "as of" date to the various commands and APIs that > validate signatures, certificates etc. Both past and future > dates can be needed in various

Re: [openssl-users] openSSL and SLOTH attack

"Since the HMAC is only 96 bits long, even a generic collision requires only about 248 HMAC computations" But a sequence/call-flow diagram is on the page Sandeep referenced: http://www.mitls.org/pages/attacks/SLOTH - M ___ openssl-users mailing list To

Re: [openssl-users] openSSL and SLOTH attack

2^48. Which is larger than 248, which was a cut-and-paste error. ;-) On Fri, Jan 8, 2016 at 11:00 AM, Michael Sierchio <ku...@tenebras.com> wrote: > "Since the HMAC is only 96 bits long, even a generic collision requires > only about 248 HMAC computations" > > But

Re: [openssl-users] pkcs12 is no encryption possible for certs?

On Fri, Feb 13, 2015 at 11:33 AM, Sean Leonard dev+open...@seantek.com wrote: Using the openssl pkcs12 -export command, is it possible to specify a -certpbe value that does not do encryption? Perhaps you only want integrity protection--you don't care whether the certificates are shrouded. The

Re: [openssl-users] pkcs12 is no encryption possible for certs?

Yes, I am sure that some folks find known plaintext in an encrypted object to be helpful. [apologies for top-posting... dumb smart phone] - M On Feb 13, 2015 1:21 PM, Viktor Dukhovni openssl-us...@dukhovni.org wrote: On Fri, Feb 13, 2015 at 12:02:06PM -0800, Michael Sierchio wrote: Whenever

Re: Browsers do not import chained certificate.

On Wed, Oct 8, 2014 at 11:17 PM, dE de.tec...@gmail.com wrote: Hi! I'm trying to make a certificate chain using the following commands -- openssl genpkey -out issuer.key -algorithm rsa openssl genpkey -out intermediate.key -algorithm rsa openssl req -new -key issuer.key -out issuer.csr

Re: best practice for creating a CA cert?

On Sun, Sep 28, 2014 at 11:59 PM, Jason Haar jason_h...@trimble.com wrote: ... If I just click through the defaults of openssl ca, I'd probably end up with a 2048bit RSA, SHA-2 (256) cert. So my question is, should I future proof that by making it 4096bit and maybe SHA-2 (512)? (ie I want

Re: cannot read PEM key file - no start line

On Sun, Sep 7, 2014 at 10:26 PM, Liz Fall f...@sbcglobal.net wrote: I am getting the following with my client cert when trying to connect to an SSL-enabled MongoDB: 2014-09-03T13:37:56.881-0500 ERROR: cannot read PEM key file:

Re: The no-stdio and NO_FP_API options

On Wed, Sep 3, 2014 at 4:21 PM, Jens Maus m...@jens-maus.de wrote: Am 03.09.2014 um 21:33 schrieb Salz, Rich rs...@akamai.com: +1 for keeping the features (I use AmiSSL ;) ) It doesn’t build. Unless that is addressed, it is highly likely that I will remove it from the tree after 1.0.2

Re: help with error

My Windoze knowledge is hazy, and from the distant past, but if you're running this in a CMD window, you may simply need to increase the available memory from the default for that process. - M On Thu, Jul 3, 2014 at 11:43 AM, Steven Kinney steven.kin...@ers.state.tx.us wrote: No. Running on my

Re: Improving structure and governance

I've been thinking that the OpenSSL Foundation really needs to do better than simply being open to individual funders. A lot of companies use the libraries, and asking for some proper do-re-mi is completely kosher. More on this later, I'm in Florida this weekend (feel sorry for me). - M On

Re: using TRNG via /dev/random

On Mon, Sep 23, 2013 at 12:59 PM, starlight.201...@binnacle.cx wrote: At 20:27 9/23/2013 +0200, Richard Könning wrote: /dev/random is a PRNG which blocks when the (crude) entropy estimation of the entropy pool falls below a limit. Besides this there are afaik no big differences between

Re: using TRNG via /dev/random

On Sat, Sep 21, 2013 at 2:09 PM, David Lawless david_lawl...@flumedata.com wrote: ... Next I did this: cd /dev mv urandom urandom.hold mknod urandom c 1 8 Which causes /dev/urandom to make use of the /dev/random driver in the kernel. The above sort-of works. Some of the new

Re: using TRNG via /dev/random

On Sun, Sep 22, 2013 at 10:00 AM, starlight.201...@binnacle.cx wrote: Not interested in any PRNG. /dev/random is a PRNG. As I pointed out, True RBGs don't produce enough material. The problem is the fact that /dev/random blocks.

Re: Encumbered EC crypto algorithms in openssl?

On Fri, Aug 16, 2013 at 10:40 PM, Nico Williams n...@cryptonector.comwrote: If only we could agree to use DJB's Curve25519... +1

Re: Validating a certificate which is expired

On Wed, Jun 19, 2013 at 1:34 PM, Dave Thompson dthomp...@prinpay.com wrote: From: owner-openssl-us...@openssl.org On Behalf Of Bob Bell (rtbell) Sent: Wednesday, 19 June, 2013 15:01 I have a situation where I need to determine the validity of a certificate in all other aspects even though it has

Re: FIPS Capable Ciphers List

On Wed, May 15, 2013 at 8:26 AM, Viktor Dukhovni openssl-us...@dukhovni.org wrote: OpenSSL cipherlists are not for novices. Like everything else about an old API that grew organically, it has too much surface area. It's unreasonable to rely on expert performance to prevent errors - it should

Re: Does CSR need to be signed with matching private key?

On Mon, Mar 4, 2013 at 9:33 PM, Steven Funasaki thegreatste...@gmail.com wrote: Does the CSR need to be signed with the matching private key for the CA to validate it? Of course. That demonstrates proof of possession of the private key. Otherwise there is no binding of an entity to a keypair,

Re: OpenSSL: RC4 and IDEA algorithms

RC4 is not patented - RC4 is a Trademark of RSA Security. On Wed, Jan 23, 2013 at 8:36 AM, sarju tambe sarjuta...@gmail.com wrote: In OpenSSL(README File, openssl version-0.98x), there are 4 patented algorithms RC5, RC4, IDEA, Camellia out of which RC5 and Camellia are disabled in Configure

Re: genrsa question how secure is the random creation

On Tue, Dec 11, 2012 at 8:06 PM, Michael Sierchio ku...@tenebras.com wrote: - Select an interval near the desired size [ 2^1023 + 1^1022 + 1 , 2^1024 - 1 ] - Sieve out composites divisible by small primes - Select two probable primes such that (p - q) is reasonably large (2^100 or so

Re: genrsa question how secure is the random creation

On Tue, Dec 11, 2012 at 3:27 PM, redpath redp...@us.ibm.com wrote: When using this command openssl genrsa -out test.pem 2048 an RSA pair is created. Its not so much I want to know how a pair is randomly selected but how secure is that random selection. Random number generators are a

Re: add hash signature as part of the stream on which this hash is based on

On Mon, Nov 19, 2012 at 9:24 AM, lists li...@rustichelli.net wrote: By its nature, a hash completely changes if just a bit of the original content is modified By design, a cryptographic hash function (on average) changes half the output bits when a single bit in the input is inverted.

Re: CN in SubjectAltName necessary ?

The semantics of subjectAltName depend on use. For example http://tools.ietf.org/html/rfc4945 On Tue, Oct 23, 2012 at 1:57 AM, Thomas alth...@gmx.net wrote: Hey there, for openssl, is it necessary to include the CN in the subjectAltName field if the latter one is present at all ? I would

Re: strong TLS connections

On Fri, Oct 7, 2011 at 7:40 PM, Kristen J. Webb kw...@teradactyl.com wrote: My understanding is that a TLS connection with a server cert only identifies the server to the client.  This leads to a MiTM attack, where the mitm can impersonate the client because the server has not verified the

Re: Differences between RSA and ECDSA - Conceptual and Practical

On Sat, Oct 8, 2011 at 6:39 AM, Rick Lopes de Souza dragonde...@gmail.com wrote: Another thing that i know is that RSA can only sign things that are smaller than the size of the key used. No - you can sign a message of arbitrary length - a suitable message digest is what is encrypted (well,

Re: Reliable identification by DN (or something else) for commercially-signed certs?

Does any commercial CA still issue client certs? Most of them got out of this business because the liability for them outstrips the revenue benefit. While it makes sense to have server certs issued by a commercial CA, why would you even want client certs signed by a commercial CA? When you are

Re: Compressed ECC points - X9.62 vs IEEE1363

http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/DRBG_ANSI_X9-62-1998.pdf On Tue, May 3, 2011 at 3:28 AM, Julien Poumailloux julien.p...@free.fr wrote: Dear subscribers of the openssl-users list, I read in the code of openssl (crypto/ec.h) that the compression of ECC points is

Re: DH session Key length

The private exponent length need only be sufficient to make a brute force search (using the public exponent as a target) computationally infeasible, since the discrete log problem is still in the hard category. Cogent DH Private Exponent recommendations are always stated in terms of P, e.g., x :

Re: DH session Key length

Addendum - depending on the use of DH (usually using the DH shared secret as a basis for key exchange), the choice of prime is more important than private exponent length. Safe primes or strong primes are warranted. Most systems use small generators (e.g., 2). - M On Mon, Apr 18, 2011 at 7:25

Re: encrypting long strings

Despite what others have said, RSA is perfectly reasonable (if slow) to use for encryption. If you do, you should use OAEP/OAEP+ rather than the common/naive method of padding. http://cseweb.ucsd.edu/~mihir/papers/oaep.html The Wikipedia article is a good starting place

Re: Random Numbers

On Tue, Mar 30, 2010 at 11:48 PM, P Kamath pgkam...@hotmail.com wrote: I said it is an RNG, not cryptographic RNG. By adding current time source, however crude, and doing a sha1/md5, why should it not be cryptoPRNG? What properties should I look for? Taking a hash of an entirely

Re: Post-2010 future of the OpenSSL FIPS Object Module?

, UNIX, *BSD, etc.)? That would be the basis of fundraising activity (I mean making phone calls, which is something nearly everyone can do). $150,000 is not an intimidating amount for anyone who's done fundraising. - M -- Michael Sierchio

Re: A PKI in a web page

Richard Salz wrote: I'm making available my small set of web pages and Perl script that implement a self-service PKI built around OpenSSL. Awesome, Rich! Thanks. - M __ OpenSSL Project

Re: Diffie-Hellman key exchange : Preventing MITM attack

, properly implemented, and assuming integrity of private keys. An intermediary cannot play without the shared secret. You require only trusted (possibly OOB in your scenario) publication of public keys. -- Michael Sierchio +1 415 378 1182 PO Box 9036

Re: Diffie-Hellman key exchange : Preventing MITM attack

Victor Duchovni wrote: No. Without a previously arranged shared secret and no trusted introducer, DH doesn't require anything but mutual knowledge of public keys, since the shared secret is implicit. Either OOB or via a trusted directory service, or a cert binding the identity of a principal

Re: Diffie-Hellman key exchange : Preventing MITM attack

Victor Duchovni wrote: Bootstrapping authentication requires an out-of-band secure channel for key exchange (or initial delivery of keys of trusted introducers). Agreed. __ OpenSSL Project

Re: Signing a file using HMAC

toby.wa...@fxhome.com wrote: Hello, I am using the dgst command to sign a file, I'm also using the -hmac option. I then want to verify the signature by decrypting it and checking the hash. The problem is the hash never seems to match. It's unclear to me what you are trying to accomplish

Re: certificate expiration in hours

Lucas Mocellin wrote: I would like to generate a certificate valid in hours, does someone know how to do it? is that possible or I have to manage this hours by myself? Why? What kind of cert? What is the intended use for the cert? If it's for the purposes of restricting access to a given

Re: certificate expiration in hours

Lucas Mocellin wrote: I'm sorry, I don't understand very much about, but let's try. Bad idea. Certs bind identity to public keys. Authentication is not authorization, and it is extremely important that you understand the semantics before proceeding, IMHO.

Re: I want you to do my homework for me.

Michael S. Zick wrote: On Sat May 2 2009, Miguel Ghobangieno wrote: Furthermore I am aware that you opensource coders are all a buch of mysoginist sexists; for the most part you are all _men_. The EEOC is going to hear of THAT aswell.

Re: hmac digest wrong?

here? Luckily, yes. The latter version has an extra char. man echo. try `echo -n ronald | openssl dgst -sha1 -hmac $apikey` which doesn't add the '\n' that your version does. -- Michael Sierchio +1 415 378 1182 PO Box 9036ku

Re: documentation/description of RSA PEM file format used by OpenSSL

in octets. And more, sometimes. ;-) -- Michael Sierchio +1 510 962 5595 PO Box 9036ku...@tenebras.com Berkeley CA 94709 http://xijiaoshan.blogspot.com

Re: Where to store client PEM certificates for an application

Edward Diener wrote: Well I asked whether protection for the client side certs were needed, and how this might be done, and I was told I was barking up the wrong tree, so to speak. I felt this way from the very beginning but my employer wanted to get other opinions. You are either unclear on

Re: How to use a hardware RNG with openssl?

Gerd Schering wrote: So , if I get it right: we have a true random source to seed the PRNG and this produces true random numbers? No. There is no such guarantee using any PRNG. PRNGs provide a much higher bitrate than hardware RNGs or system sources of entropy. They use cryptographic hash

Re: Do you have to pre-pend 16 bytes to a raw value before RSA encryption

Peter Walker wrote: The purpose of my application is to send a credit card number in encrypted format. Then use OAEP. - M __ OpenSSL Project http://www.openssl.org User Support Mailing List

Re: Do you have to pre-pend 16 bytes to a raw value before RSA encryption

Kenneth Goldman wrote: What padding are you specifying? I suspect that you are specifying no padding, in which case the size of the input must be the same as the size of the key. No. The input is the same size as the *modulus*. When used in encryption the recommended approach for RSA is to

Re: X.509] Certificate Generation without PoP

Silviu VLASCEANU wrote: Hello, I am developing an application which also has some CA functions. The application knows the public key, KpC, of a client which has a priori proven to this app the possession of KpC through an out-of-band mean. Therefore, when the application calls the CA

why we call it entropy

Von Neumann counseled Shannon to call it entropy because no one really knows what entropy is. ;-) I wanted to say that it's inherently problematic to use things like the randomness in the interarrival time of events like interrupts, etc. to gather entropy -- Ted has touched on this with his

Re: why we call it entropy

Michael Sierchio wrote: A bit stream may have 1 bit of entropy per bit of message (i.e. an entropy of 1), and therefore be incompressible -- perhaps what Schwartz thinks he means when he says truly random -- and be entirely predictable. In case this isn't obvious, apply Von Neumann's

Re: Wondering if a vendor product might be vulnerable to existing (fixed) bugs, despite showing current version number

Samuel Lavitt wrote: I am wondering how I could determine, with only access to the compiled binary, if this version has any missing security fixes The worst vulnerabilities (and your time might be valuable, so prioritization might be important) have published exploits available. Black hat

Re: Problems with revoked certificate

albertlb wrote: I am using a debian pc with openssl and openvpn. The problem is I have revoked a user certificate but the user still has access to the vpn. In the crl.pem file appears the reference to this user. What could It happen? Thank you http://www.nabble.com/file/p18487517/openssl.cnf

Re: Please help: very urgent: Query on patented algorithms

RC4 is owned (and trademarked) by RSA Security Inc, but they are no longer enforcing the patent, RC4 was never protected by patent, but by trade secret. When the details of the algorithm were published, Ron Rivest himself suggested calling the alleged RC4 ARCFOUR. It is indeed a trademark

Re: RAND_load_file takes a long time to load 1K bytes from /dev/random

Glenn wrote: Lack of entropy? Try using /dev/urandom /dev/urandom supplies (statistically useful) random bits -- no claims are made about entropy. - M __ OpenSSL Project

Re: 2038 date limit

Brant Thomsen wrote: The C++ compiler in Microsoft's Visual Studio 2005 (and later) makes time_t a 64-bit number when compiling 32-bit code. Older compilers, such as Visual C++ 6.0, make time_t a 32-bit number, which would cause year 2038 issues. I'd very much like to see TAI64 adopted where

Re: Wider fallout from Debian issue?

David Schwartz wrote: ... Suppose I include a randomish string in my message 46e8bd8ceae57f8b7af66536e7859bad. Any attacker might see this message -- it's public. So he can certainly try that string as your password. So will you now run off and add it to a blacklist, since it's clearly now a

Re: Wider fallout from Debian issue?

David Schwartz wrote: Every known key, provided there are not too many known keys, is weak. Once again, you have a very idiosyncratic lexicon of cryptographic terms. How about if we use these words the way cryptographers do? A weak key is one that causes a cipher to leak private data in the

Re: DH Prime Question

Julian wrote: My fear is that get a hold of P will allow for someone else to use it to start a protocol disassembly. For instance anyone could create a DHE-RSA-AES256-SHA TLS server and use P to listen for connections, of course if would have to have a cert signed by CA to proceed even if they

Re: Accessing encrypted messages after cert expires

Steffen DETTMER wrote: For operational, administrative and forensic concerns I think it is important to know the key generation time as well as who generated it in exactly which way, who gave the key to whom when and why and so on - maybe even including a transactional log of every key usage

Re: Accessing encrypted messages after cert expires

Kyle Hamilton wrote: On Sun, Mar 16, 2008 at Since it's infeasable to store all of the possible keypairs in the number of atoms in the universe, your assertion holds no water. Did you do the calculation? The number of primes less than or equal to 512 bits in length number around 10**150,

Re: Please take me off

navneet Upadhyay wrote: me too Cancel Your Own Goddam Subscription - Wm. F Buckley __ OpenSSL Project http://www.openssl.org User Support Mailing List

Re: Accessing encrypted messages after cert expires

David Schwartz wrote: What I think Michael Sierchio was saying, though, was something different. He's not saying to treat a certificate as revoked, he's saying not to issue a certificate. Basically, he's saying a CA could refuse to issue a certificate for any key that it had ever seen before

Re: Accessing encrypted messages after cert expires

David Schwartz wrote: Michael Sierchio: If it's your policy not to reuse keys, or allow their use beyond the lifespan of the certificate, then the enforcement mechanism for this MUST be in the CA. I completely disagree. If this were true, CA's would generate the private key as part

Re: Accessing encrypted messages after cert expires

Kyle Hamilton wrote: Certificate issuance is a statement of identity binding for a given key at a given assurance. No more, no less. No, it isn't. It's often more. A CA does not and cannot specify the value of the data which can be encrypted or protected by any given key. Irrelevant

Re: Accessing encrypted messages after cert expires

Kyle Hamilton wrote: On Sun, Mar 16, 2008 at 10:44 PM, David Schwartz [EMAIL PROTECTED] wrote: If you can't trust the system that generates and stores your private key, you're screwed anyway. So I don't see that this argument has any validity. The issue is 'who is trusting what?' David's

Re: Accessing encrypted messages after cert expires

David Schwartz wrote: You have to have absolute trust in any entity that will generate or store your private key. Thus you can trust any information in it -- anyone who could put in bogus information could give away your key to strangers. (By absolute trust, I mean with respect to anything

Re: Accessing encrypted messages after cert expires

Kyle Hamilton wrote: A key's lifetime is, cryptographically speaking, the amount of time for which it can be expected to provide a sane level of security in relation to the value of the data which it protects. Right, which is a matter of consensus best practice, we hope... Of course,

Re: Accessing encrypted messages after cert expires

David Schwartz wrote: ... An attacker can start trying to break your key as soon he has your public key. Issuance date of the cert suffices. It's still not an attribute of the private key. In any case, you may of course need to validate an old signature, and the mechanics for that have been

Re: Accessing encrypted messages after cert expires

Patrick Patterson wrote: Actually, what you care about are the keys associated with the certificate. For encryption, you've got content that is encrypted with the public key, and decryptable only with the private key. Since the certificate is your public key signed by some Certificate

Re: Accessing encrypted messages after cert expires

David Schwartz wrote: Arguably, you shouldn't do it even once, because it's extremely easy to fall into the pattern of one key and one key only in the systems design or implementation. I can't remember who coined the phrase, but it's not good crypto hygeine. I have argued many times that not

Re: MAC

Main, James J Civ USAF AMC DET 3 AMCAOS/DOHJ wrote: Is there a driver available for MAC using ActivClient CAC 6.1? If so where is it available. Hey, Jim - does ActivClient present itself as a cryptosystem service, a la PKCS#11 or Microsoft's Smart Card interface? Regards. - Michael

Re: Accessing encrypted messages after cert expires

David Schwartz wrote: Arguably, you shouldn't do it even once, because it's extremely easy to fall into the pattern of one key and one key only in the systems design or implementation. I can't remember who coined the phrase, but it's not good crypto hygeine. I have argued many times that not

Re: Accessing encrypted messages after cert expires

David Schwartz wrote: If you can't trust the system that generates and stores your private key, you're screwed anyway. So I don't see that this argument has any validity. A timestamp is not an attribute of a private key. It's utterly irrelevant. If your purpose is to require that new

Re: Compiling on a Mac

Joel Christner wrote: The issue I'm seeing is when compiling: mac# openssl version OpenSSL 0.9.7l 28 Sep 2006 mac# gcc blowfish.c -o blowfish ... Undefined symbols: Basic C compiler/linker usage error. gcc blowfish.c -o blowfish -Llocation of libcrypt.so -lcrypto or something very much

Re: PKCS#7 without certificates??

[EMAIL PROTECTED] wrote: I've a problem. I need to cypher a buffer of bytes with pkcs7 format but I can't use certificates,i need encrypt using only a key or password. I have searched but I do not find anything to do it. Read the syntax for PKCS#7:

Re: man in the middle attack over https

[EMAIL PROTECTED] wrote: I'd like to ask the group about a possible man in the middle attack over https. What you've described (though see Viktor's post about what you didn't really include in your message) is not MITM -- it's just a fake URL scheme. SSL v3.0 and TLS with server auth are not

Re: certificate withou private key

Yes. No. Maybe. Such a question suggests some possible confusion. A certificate is a binding of a keypair to an identity. While only the public key is contained in the cert, some proof of possession of the corresponding private key is required. This usually requires a certificate signing

Re: use ssl for ssh transport layer (not proxy bypassing)

David Latil wrote: I have a somewhat bizarre project on my plate. I have been tasked to come up with a secure proxy of sorts that uses SSH over SSL (I mean to actually encrypt SSH with SSL, not just tunnel through a proxy). In the end, we would be using port forwarding over SSH for HTTP

Re: openssl verify signature with priv key?

you verify a signature with the public key, and you sign with the private key. -Original Message- From: Janet N [EMAIL PROTECTED] Subj: openssl verify signature with priv key? Date: Mon 2007 Jun 25 13:17 Size: 351 bytes To: openssl-users@openssl.org Hi there, How do I verify a

Re: Certificates, users and machines

Urjit Gokhale wrote: It seems that you are making the common mistake of conflating authentication with authorization. Certs are useful in binding pubkeys to identities and subsequently in verifying possession of the private key by being able to perform decryption. The SSL protocol has

Re: Certificates, users and machines

Mouse wrote: I.e. for the sake of the argument identity Michael may have an attribute employee of Tenebras, and another attribute permitted access to dev repository A12. Well, the Subject Distinguished Name should have the Organization, but I strongly disagree with you if you think access

Re: how to extract signature from public key using openssl?

Janet N wrote: ... So we need somehow to be able to get the rsa public key from the user certificate. Assuming a DER X.509 cert, you just need to parse out the public key: cert-SubjectPublicKeyInfo-SubjectPublicKey __

Re: Encrypt a Variable using PHP

It's September - tomatoes are good, figs are ripe, grapes are ready to harvest and school is back in session. __ OpenSSL Project http://www.openssl.org User Support Mailing List

Re: converting PKCS #7 data from BER to DER

Benjamin Sergeant wrote: I'd like to know how to proceed (is it doable) to convert a PKCS #7 data (made with PKCS7_sign, flag = PKCS7_BINARY | PKCS7_DETACHED;) with several cert (the one from the signer) and a chain of cert, from BER to DER encoding. Is the decryption key present to sign the

Re: Hiding headers for OpenSSL

Scott Campbell wrote: The long version: We run security check software, which makes connections with various services, calls up the header, and then tells us that based upon the version it read in the header, this service has certain vulnerabilities. For security purposes, we would

Re: how do i escape spaces in -subj (DN) arg to req?

Richard wrote: if, however i: ssl req -subj /C=US/ST=NY/L=New York ... ssl req -subj /C=US/ST=NY/L=New\ York ... i get an error of: unknown option York what am i doing wrong? Your problem is with your shell, not OpenSSL. I'm reluctant to say more -- I don't want

Re: Openssl self-signed certificate verificatiion

David Schwartz wrote: For example, if you try to connect to 'www.amazon.com' and the resolver resolvers this to '72.21.206.5', you want to get a certificate for 'www.amazon.com'. A certificate for '72.21.206.5' would not prove to the user that he reached 'www.amazon.com' because an

Re: Hardcoded DH Params?

Sreeram Kandallu wrote: Hi All, I'm building a p2p secure communication system where each user is identified by a RSA key. In such a system, is it ok to use hardcoded DH params compiled into the application, or must i generate separate dh params for every user? Hard-coded DH parameters

Re: Hardware random number generator

Wai Wu wrote: I would like to know your opinions on commercial hardware random number generators. Are they worth the money? How do they compare to the /dev/random device? Thnx. I've written extensively about this elsewhere. The devices are properly termed RBGs (random bit generators), and

Re: Regarding the IV in symertric encryption.

Wai Wu wrote: Do the Initial Vectors on both sides have to be the same? If they have to be the same, we not only have to exchange the key, but also the IV, No? Symmetric block cipher traffic contains the IV at the beginning of the ciphertext.

Re: Regarding the IV in symertric encryption.

Girish Venkatachalam wrote: The IV is used only for decrypting the first block since after that the first block serves as the IV for the second block and so on. To answer ur question, the IV has to be known at both sides along with the key. There is no sound cryptological argument for not

Re: Sequence of the handshaking

Xie Grace Jingru-LJX001 wrote: (1) what was just going on during the negotiation and security connection setup? The sequence of the handshaking. (2) Is the public key part of the certificate being passed to the client? (3) Did the server authenticate the client in this process? or there is no

Re: SPKAC to PKCS#10 convert

what can I do to convert a SPKAC request into a PKCS#10 ? After that will I be able to generate a SPKAC certificate from PKCS#10 request ? You can't. SPKAC is a signed pubkey and challenge. PKCS10 is a different format of self-signed object. You'd have to have the private key present

Re: client side certificates

Raymond Popowich wrote: One thing that I'd like some clarification on. Once I get this working, shouldn't there be a way for me to say I only want certain client side certificates to be able to connect to this web site? Otherwise anyone with a client side cert can connect. I'm sure I'm

Re: Password too long

Nadav Golombick wrote: What is the correct procedure if I come to a situation where the password length is too big for the given buffer. If this is a design question, then the proper thing to do IMHO is akin to what's done for HMAC-MD5 or HMAC-SHA1 -- if the passphrase exceeds the buffer

  1   2   3   >