Re: [openssl-users] Custom Random number generation while in Fips mode

> On Jul 27, 2016, at 8:18 PM, pratyush parimal > wrote: > > Hi all, > > I work on a consumer application which is striving to be fips-140-2 compliant. > > I'm using OpenSSL as recommended in the fips guide by invoking > fips_mode_set(). However, in certain parts

[openssl-users] different encrypted text for the same plain text message

Hello, I am using ECDSA-ECDHE-AES-SHA cipher suite for client -server security.I tried understanding the mechanism handshake mechanism. What still quizzes me is ; communication between a specific client -server for a specific session generates different encrypted text for the same plain text

Re: [openssl-users] server key exchange use case in ECDSA-ECDHE-AES-SHA

You have asked two very basic questions about cryptography. I suggest you start doing a literature search; for example, Wikipedia. -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz -- openssl-users mailing list To unsubscribe:

[openssl-users] server key exchange use case in ECDSA-ECDHE-AES-SHA

Hello, I have used ECDSA-ECDHE-AES-SHA as the cipher suite in my client- server communication. To use ECDHE key exchange algorithm I used ECDHE parameters and what I see is an additional server key exchange in my SSL handshake process. What does that imply? Does that increase the security

Re: [openssl-users] How can I generate an RSA Public Key with OAEP padding?

> On Jul 28, 2016, at 2:33 AM, Socrates wrote: > > The question is how can I use openssl command line tool to create a public > key using RSAES-PKCS1-v1_5, RSA-OAEP, or RSA-OAEP-256 (paddings?)? RSA public keys don't have padding, signature and encryption formats have

Re: [openssl-users] different encrypted text for the same plain text message

Rich Salz basically told this guy to read Wikipedia about cryptography… :) -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." On Jul 28, 2016, at 11:15 AM, Benjamin Kaduk > wrote:

Re: [openssl-users] different encrypted text for the same plain text message

There are several places where a per-connection random input is introduced, with a specific goal of making encryptions of the same plaintext produce different ciphertexts (as well as other benefits). If a plaintext always produced the same ciphertext, then an attacker could make a dictionary of

Re: [openssl-users] Custom Random number generation while in Fips mode

Hi Thomas, Thanks for your response! It clears up matters a lot :) There's one thing that I thought of though -- even though I'm generating the salt via non-OpenSSL means, the actual function that I'm using for hashing is "SHA512" from FIPS OpenSSL. Does the mere usage of salt that was generated

Re: [openssl-users] Custom Random number generation while in Fips mode

> On Jul 28, 2016, at 11:00 AM, pratyush parimal > wrote: > > Hi Thomas, > > Thanks for your response! It clears up matters a lot :) > > There's one thing that I thought of though -- even though I'm generating the > salt via non-OpenSSL means, the actual function

[openssl-users] How can I generate an RSA Public Key with OAEP padding?

Hi, Even though I have used openssl or ssh-keygen for years to generate key pairs mainly for SSH purposes, I don't know much about the underlying theory and finer details of cryptography. I want to use JSON Web Encryption (JWE) and there we have this concept of Key Encryption. Key Encryption

Re: [openssl-users] iOS FIPS armv7, armv7s, arm64

> > I have been trying for the life of me to get the FIPS module to compile > for those supported platforms. Our app compiles for those platforms so > without a compatible version of the openssl FIPS it causes errors. > > Is there any plans to have the FIPS module support those architectures? > --