Re: [openssl-users] Generate ECC key with password protection

On 1/13/2017 2:02 PM, Viktor Dukhovni wrote: parameter setting error 139854491113288:error:06089094:digital envelope routines:EVP_PKEY_CTX_ctrl:invalid operation:pmeth_lib.c:404: In that case, your OpenSSL library is broken, or was built without EC support. Perhaps you're running the wrong

Re: [openssl-users] Generate ECC key with password protection

On Fri, Jan 13, 2017 at 03:26:08PM -0500, Ken Goldman wrote: > On 1/13/2017 2:02 PM, Viktor Dukhovni wrote: > > > parameter setting error > > > 139854491113288:error:06089094:digital envelope > > > routines:EVP_PKEY_CTX_ctrl:invalid operation:pmeth_lib.c:404: > > > > In that case, your OpenSSL

Re: [openssl-users] troubleshooting a puzzling issue

In message <8df59ee9-2677-47d3-b9f6-69904b3ea...@inria.fr> on Fri, 13 Jan 2017 16:46:59 +0100, Thierry Parmentelat said: thierry.parmentelat> so I do see md5 in the list of digests Ok thierry.parmentelat> thierry.parmentelat> what else should I be looking at ?

Re: [openssl-users] Generate ECC key with password protection

On Fri, Jan 13, 2017 at 06:18:51PM +, Viktor Dukhovni wrote: > Easier to read the documentation and use the appropriate value. https://www.openssl.org/docs/man1.1.0/apps/genpkey.html -- Viktor. -- openssl-users mailing list To unsubscribe:

Re: [openssl-users] Generate ECC key with password protection

Thanks for the help. Am I getting closer? On 1/13/2017 9:44 AM, Viktor Dukhovni wrote: Also, take a look at test/certs/mkcert.sh: I looked at that, but what is $bits? The curve name. You're sure fond of leaving off the leading "-" in option names. You'll also really want the

Re: [openssl-users] Generate ECC key with password protection

On Fri, Jan 13, 2017 at 01:06:10PM -0500, Ken Goldman wrote: > I gather now that there are two -pkeyopt: Yes. > ec_paramgen_curve > ec_param_enc > > I tried prime256v1 for each, and also named_curve and explicit > for the second, in many combinations. Easier to read the documentation and use

Re: [openssl-users] Generate ECC key with password protection

On 1/13/2017 1:21 PM, Viktor Dukhovni wrote: On Fri, Jan 13, 2017 at 06:18:51PM +, Viktor Dukhovni wrote: Still no success. I think this is exactly what you suggested, and something I had already tried. openssl genpkey -out cakeyecc.pem -outform PEM -pass pass: -aes256 -algorithm

Re: [openssl-users] Generate ECC key with password protection

On Fri, Jan 13, 2017 at 01:49:14PM -0500, Ken Goldman wrote: > On 1/13/2017 1:21 PM, Viktor Dukhovni wrote: > > On Fri, Jan 13, 2017 at 06:18:51PM +, Viktor Dukhovni wrote: > > Still no success. I think this is exactly what you suggested, and something > I had already tried. > > openssl

Re: [openssl-users] Generate ECC key with password protection

Thanks, getting closer ... On 1/12/2017 5:47 PM, Viktor Dukhovni wrote: My latest attempt is this. It gives me a usage error. Any hints? openssl genpkey -out cakeyecc.pem -outform pem -pass pass: aes-256-cbc -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text The "aes-256-cbc"

Re: [openssl-users] Generate ECC key with password protection

On 13/01/17 14:32, Ken Goldman wrote: > Thanks, getting closer ... > > On 1/12/2017 5:47 PM, Viktor Dukhovni wrote: >>> My latest attempt is this. It gives me a usage error. Any hints? >>> >>> openssl genpkey -out cakeyecc.pem -outform pem -pass pass: >>> aes-256-cbc -algorithm ec

Re: [openssl-users] troubleshooting a puzzling issue

> On Jan 13, 2017, at 5:28 AM, Thierry Parmentelat > wrote: > > I have two certificates, one being signed by the other > the attached code is a python code that uses M2Crypto to check for that fact Your current problem is failure to post the two certificates

Re: [openssl-users] Generate ECC key with password protection

On Fri, Jan 13, 2017 at 09:32:01AM -0500, Ken Goldman wrote: > > The "aes-256-cbc" argument is wrong. Try "-aes256". > > BTW, I got aes-256-cbc from > > https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations > > and > openssl list-cipher-commands When cipher names are used

[openssl-users] troubleshooting a puzzling issue

Hey I am facing a problem that I have narrowed down to this: I have two certificates, one being signed by the other the attached code is a python code that uses M2Crypto to check for that fact and it turns out, on some boxes x509_verify() returns 1 as expected, while on some others I am

Re: [openssl-users] troubleshooting a puzzling issue

Thanks Viktor for your feedback Well, the 2 certificates are embedded in the python code as PEM; I am attaching them again here as plain files if that helps p1 Description: Binary data p2 Description: Binary data In terms of versioning, on one box that exhibits the issue of returning

Re: [openssl-users] troubleshooting a puzzling issue

Hey Richard here’s what I see # openssl help openssl:Error: 'help' is an invalid command. Standard commands asn1parse caciphers cms crl crl2pkcs7 dgst dh dhparam dsa dsaparam ec ecparam

Re: [openssl-users] troubleshooting a puzzling issue

In message <41a36a7f-ff5d-4190-9178-e9ff11aff...@inria.fr> on Fri, 13 Jan 2017 11:28:40 +0100, Thierry Parmentelat said: thierry.parmentelat> I am facing a problem that I have narrowed down to this: thierry.parmentelat> thierry.parmentelat> I have two

Re: [openssl-users] troubleshooting a puzzling issue

In message on Fri, 13 Jan 2017 09:26:35 -0500, Viktor Dukhovni said: openssl-users> openssl-users> > On Jan 13, 2017, at 5:28 AM, Thierry Parmentelat wrote: openssl-users> >

Re: [openssl-users] troubleshooting a puzzling issue

On Fri, Jan 13, 2017 at 04:17:14PM +0100, Thierry Parmentelat wrote: > Thanks Viktor for your feedback > > Well, the 2 certificates are embedded in the python code as PEM; I am > attaching them again here as plain files if that helps The leaf certificate is signed with RSA+MD5: $ openssl

Re: [openssl-users] troubleshooting a puzzling issue

; it explains it all :) Thanks so much for your time looking into this, it is very helpful — Thierry > On 13 Jan 2017, at 16:47, Viktor Dukhovni wrote: > > On Fri, Jan 13, 2017 at 04:17:14PM +0100, Thierry Parmentelat wrote: > >> Thanks Viktor for your