On 1/13/2017 2:02 PM, Viktor Dukhovni wrote:
parameter setting error
139854491113288:error:06089094:digital envelope
routines:EVP_PKEY_CTX_ctrl:invalid operation:pmeth_lib.c:404:
In that case, your OpenSSL library is broken, or was built without
EC support. Perhaps you're running the wrong
On Fri, Jan 13, 2017 at 03:26:08PM -0500, Ken Goldman wrote:
> On 1/13/2017 2:02 PM, Viktor Dukhovni wrote:
> > > parameter setting error
> > > 139854491113288:error:06089094:digital envelope
> > > routines:EVP_PKEY_CTX_ctrl:invalid operation:pmeth_lib.c:404:
> >
> > In that case, your OpenSSL
In message <8df59ee9-2677-47d3-b9f6-69904b3ea...@inria.fr> on Fri, 13 Jan 2017
16:46:59 +0100, Thierry Parmentelat said:
thierry.parmentelat> so I do see md5 in the list of digests
Ok
thierry.parmentelat>
thierry.parmentelat> what else should I be looking at ?
On Fri, Jan 13, 2017 at 06:18:51PM +, Viktor Dukhovni wrote:
> Easier to read the documentation and use the appropriate value.
https://www.openssl.org/docs/man1.1.0/apps/genpkey.html
--
Viktor.
--
openssl-users mailing list
To unsubscribe:
Thanks for the help. Am I getting closer?
On 1/13/2017 9:44 AM, Viktor Dukhovni wrote:
Also, take a look at test/certs/mkcert.sh:
I looked at that, but what is $bits?
The curve name.
You're sure fond of leaving off the leading "-" in option names.
You'll also really want the
On Fri, Jan 13, 2017 at 01:06:10PM -0500, Ken Goldman wrote:
> I gather now that there are two -pkeyopt:
Yes.
> ec_paramgen_curve
> ec_param_enc
>
> I tried prime256v1 for each, and also named_curve and explicit
> for the second, in many combinations.
Easier to read the documentation and use
On 1/13/2017 1:21 PM, Viktor Dukhovni wrote:
On Fri, Jan 13, 2017 at 06:18:51PM +, Viktor Dukhovni wrote:
Still no success. I think this is exactly what you suggested, and
something I had already tried.
openssl genpkey -out cakeyecc.pem -outform PEM -pass pass: -aes256
-algorithm
On Fri, Jan 13, 2017 at 01:49:14PM -0500, Ken Goldman wrote:
> On 1/13/2017 1:21 PM, Viktor Dukhovni wrote:
> > On Fri, Jan 13, 2017 at 06:18:51PM +, Viktor Dukhovni wrote:
>
> Still no success. I think this is exactly what you suggested, and something
> I had already tried.
>
> openssl
Thanks, getting closer ...
On 1/12/2017 5:47 PM, Viktor Dukhovni wrote:
My latest attempt is this. It gives me a usage error. Any hints?
openssl genpkey -out cakeyecc.pem -outform pem -pass pass: aes-256-cbc
-algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text
The "aes-256-cbc"
On 13/01/17 14:32, Ken Goldman wrote:
> Thanks, getting closer ...
>
> On 1/12/2017 5:47 PM, Viktor Dukhovni wrote:
>>> My latest attempt is this. It gives me a usage error. Any hints?
>>>
>>> openssl genpkey -out cakeyecc.pem -outform pem -pass pass:
>>> aes-256-cbc -algorithm ec
> On Jan 13, 2017, at 5:28 AM, Thierry Parmentelat
> wrote:
>
> I have two certificates, one being signed by the other
> the attached code is a python code that uses M2Crypto to check for that fact
Your current problem is failure to post the two certificates
On Fri, Jan 13, 2017 at 09:32:01AM -0500, Ken Goldman wrote:
> > The "aes-256-cbc" argument is wrong. Try "-aes256".
>
> BTW, I got aes-256-cbc from
>
> https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations
>
> and > openssl list-cipher-commands
When cipher names are used
Hey
I am facing a problem that I have narrowed down to this:
I have two certificates, one being signed by the other
the attached code is a python code that uses M2Crypto to check for that fact
and it turns out, on some boxes x509_verify() returns 1 as expected, while on
some others I am
Thanks Viktor for your feedback
Well, the 2 certificates are embedded in the python code as PEM; I am attaching
them again here as plain files if that helps
p1
Description: Binary data
p2
Description: Binary data
In terms of versioning, on one box that exhibits the issue of returning
Hey Richard
here’s what I see
# openssl help
openssl:Error: 'help' is an invalid command.
Standard commands
asn1parse caciphers cms
crl crl2pkcs7 dgst dh
dhparam dsa dsaparam ec
ecparam
In message <41a36a7f-ff5d-4190-9178-e9ff11aff...@inria.fr> on Fri, 13 Jan 2017
11:28:40 +0100, Thierry Parmentelat said:
thierry.parmentelat> I am facing a problem that I have narrowed down to this:
thierry.parmentelat>
thierry.parmentelat> I have two
In message on Fri, 13 Jan
2017 09:26:35 -0500, Viktor Dukhovni said:
openssl-users>
openssl-users> > On Jan 13, 2017, at 5:28 AM, Thierry Parmentelat
wrote:
openssl-users> >
On Fri, Jan 13, 2017 at 04:17:14PM +0100, Thierry Parmentelat wrote:
> Thanks Viktor for your feedback
>
> Well, the 2 certificates are embedded in the python code as PEM; I am
> attaching them again here as plain files if that helps
The leaf certificate is signed with RSA+MD5:
$ openssl
; it explains it all :)
Thanks so much for your time looking into this, it is very helpful — Thierry
> On 13 Jan 2017, at 16:47, Viktor Dukhovni wrote:
>
> On Fri, Jan 13, 2017 at 04:17:14PM +0100, Thierry Parmentelat wrote:
>
>> Thanks Viktor for your
19 matches
Mail list logo