Re: [openssl-users] PKCS#7

> Say someone would be able to gather several clear text AES keys and their > respective asymmetrically encrypted RSA blocks. Would it weakens the security > of the RSA key pair ? I mean could it be easier for someone using that > information to brute force an RSA key pair ? No --

Re: [openssl-users] OpenSSL DRBG in FIPS mode confusion.

On 15.03.2017 10:50, Jayalakshmi bhat wrote: > Hi All, > > OpenSSL uses 256 bit AES-CTR DRBG as default DRBG in FIPS mode. I have > question associated with this. > > 1. OpenSSL wiki says : Default DRBG is 256-bit CTR AES *using a derivation > function* > 2. Where as the document >

[openssl-users] OpenSSL DRBG in FIPS mode confusion.

Hi All, OpenSSL uses 256 bit AES-CTR DRBG as default DRBG in FIPS mode. I have question associated with this. 1. OpenSSL wiki says : Default DRBG is 256-bit CTR AES *using a derivation function* 2. Where as the document http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf

Re: [openssl-users] Generating dh parameters multithreaded?

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Salz, Rich via openssl-users > Sent: Wednesday, March 15, 2017 15:15 > To: Joseph Southwell; openssl-users@openssl.org > Subject: Re: [openssl-users] Generating dh parameters multithreaded? > > > Are you suggesting

[openssl-users] Request for adding new ciphers

Hi everyone, Someone can help for adding the ciphersuite " ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in openssl? I tried adding in the file tls1.h    # define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM    0x0300C0AC     # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM

Re: [openssl-users] Request for adding new ciphers

On 15/03/17 18:03, Christian Adja via openssl-users wrote: > Hi everyone, > > Someone can help for adding the ciphersuite " > ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in > openssl? > I tried adding in the file tls1.h > # define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM

Re: [openssl-users] Generating dh parameters multithreaded?

> It takes a long time. Is there some way to have it use all available cores > instead of just the one? You'll have to write the code to do that parallelism yourself. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] PKCS#7

On 15-03-17 05:13, valéry wrote: Hi, thank you very much for your response. Say someone would be able to gather several clear text AES keys and their respective asymmetrically encrypted RSA blocks. Would it weakens the security of the RSA key pair ? I mean could it be easier for someone using

[openssl-users] OpenSSL Certificate Cross Signing

Good Evening all, I have 2 Root Certificate Authorities which I want to use to cross sign an intermediate certificate. I created a certificate request and signed it with both CAs. I issued an end user certificate with the intermediate CA and added both intermediate CA Certificates (the one from

[openssl-users] Generating dh parameters multithreaded?

On any new install of our software we generate new dh parameters as follows… DH *dh = DH_new(); !DH_generate_parameters_ex(dh, 2048, 2, NULL); int codes = 0; DH_check(dh, ); DH_generate_key(dh); It takes a long time. Is there some way to have it use all available cores instead of just the

Re: [openssl-users] PKCS#7

Alright, big thanks to both of you for your input! On Mar 15, 2017 23:01, "Wouter Verhelst" wrote: On 15-03-17 05:13, valéry wrote: > Hi, > > thank you very much for your response. > Say someone would be able to gather several clear text AES keys and > their

Re: [openssl-users] Generating dh parameters multithreaded?

> Are you suggesting that I should modify openssl myself to expose that > functionality or are suggesting that there is a way to do that given the > already > exposed functionality? If it is the latter could you point me in the right > direction? OpenSSL code does not do what you want. You'll

Re: [openssl-users] Generating dh parameters multithreaded?

Are you suggesting that I should modify openssl myself to expose that functionality or are suggesting that there is a way to do that given the already exposed functionality? If it is the latter could you point me in the right direction? > On Mar 15, 2017, at 2:21 PM, Salz, Rich via