On Thu, Mar 20, 2003 at 04:13:48PM +0530, Vengada Prasad Govindan wrote:
Hello,
We are trying to use /usr/local/ssl/lib/openssl.a version 0.9.7a for
building another application (802.1x Xsupplicant0.6). We get the
following unresolved externals (see attachment - make_error.txt). Let us
password hashes instead of cleartext.
Both options looks better to me.
yours,
Vadim
Once again, thanks,
Michel
- Original Message -
From: Vadim Fedukovich [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, June 03, 2003 6:53 PM
Subject: Re: Philosophical question: What means
On Mon, Jul 21, 2003 at 12:12:49PM -0400, Jue (Jacky) Shu wrote:
hi all,
maybe it is not a SSL question. I want to make post-connection assertion to
prevent man-in-the-middle attack. But I don't know how to get FQDN of the
peer side(Not from peer's certificate, it must be other side's real
On Mon, Jul 21, 2003 at 12:20:05PM -0400, Christopher Fowler wrote:
There is no functino in OpenSSL I beleive that does such a thing.
What you need to do is get the sockaddr sin_addr data from the accept()
function. At that point you have a IP Address. Use gethostbyaddr() to convert
that
On Fri, Jul 25, 2003 at 09:18:52AM -0400, Jue (Jacky) Shu wrote:
On 2003-07-24 at 18:43, David Schwartz wrote:
Please check this url:
http://developer.netscape.com/docs/manuals/security/sslin/contents.htm
Server authentication, step 4
The only difference is that netscape just check
Dear Torsten,
concatenating some certificates into a single file would not automagically
make every client and server follow the rules. To enforce it,
one can check something while doing SSL handshake or immediately
after the handshake before sending application data.
Servers could get client
On Thu, Aug 07, 2003 at 10:21:09AM +0200, Davide De Benedictis wrote:
Hi, here again
I'm a Java user and I'm using the Java Cryptography Extension shipped
with the JDK 1.4 and enhanced with the BouncyCastle.org open source
libraries. I need to interact with a PHP server which uses OpenSSL
On Wed, Sep 03, 2003 at 11:46:30AM -0400, Charles B Cranston wrote:
Sean McKay wrote:
I was not able to get the LDAPS server to respond to the query so out of
despiration, I thought I'd try HTTPS -- if I remember right, I think
Microsoft uses a non-standard for LDAPS that I can't remember
Dear list,
did anyone implement a test for a given A an X exists that
X ^ k == A (mod N)
for a composite N = p*q with q and q being known primes?
Any good math paper?
thank you,
Vadim
__
OpenSSL Project
hi Kim,
try setting it read-only before reset
good luck,
Vadim
On Thu, Oct 16, 2003 at 11:45:22AM +0200, Hellan.Kim KHE wrote:
Hi
I have a BIO populated with a PKCS#10 request. At the time I am parsing it, it don't
know if it is DER or PEM encoded, so I use the following code:
pReq =
On Sat, Nov 15, 2003 at 06:40:26PM -0500, David wrote:
What kind of voodoo is required to get a client to send a cert?
Both client and server are calling SSL_CTX_use_certificate_file() and
SSL_CTX_use_PrivateKey_file(), and the server is calling
SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL).
On Sat, Nov 15, 2003 at 09:09:37PM -0800, Sriram R wrote:
Can some one detail the steps to enable verbose debug on the openssl server.
I added debug option ..but that did not give me enough info to further investigate.
I get accept errors as attached below.
Any help is greatly appreciated.
On Tue, Dec 09, 2003 at 12:28:47PM -0600, Jose Hernandez wrote:
Here, the problem is in the Certificate, the Linux hostname is not the same
that you gave in the certificate ...
I mean in the Common Name field It must be the Linux hostname ...
website name as fetched from server cert CN
On Fri, Jan 02, 2004 at 02:09:39AM -0800, [EMAIL PROTECTED] wrote:
I run several SSL enabled services on a single host. Especially since
some of these don't run as root, I want to create a different
certificate, with a different DN, for each service. However, each
service certificates' CN
On Fri, Jan 02, 2004 at 12:24:18PM -0600, Jay Johnston wrote:
...
SOLUTION IMPLEMENTATION:
Back to my current delima of the needle-in-a-haystack searches I'm doing, I
decided to create a program that would screen scrape for the string in the
web-based file directories. First, however, I had
, Vadim Fedukovich wrote:
On Fri, Jan 02, 2004 at 02:09:39AM -0800, [EMAIL PROTECTED] wrote:
I run several SSL enabled services on a single host. Especially since
some of these don't run as root, I want to create a different
certificate, with a different DN, for each service. However, each
On Thu, Jan 08, 2004 at 09:02:12PM -0800, [EMAIL PROTECTED] wrote:
Hi,
I am using crypto library to do some calculations. I need to calculate the sqare
root of a 1024 bit number and round it to nearest integer.
this might mean working over just integers, isnt it?
The BN_mod_sqrt()
On Tue, Jan 13, 2004 at 08:43:21AM +0100, Aumont - Comite Reseaux des Universites
wrote:
Hi
The current version of openssl ocsp is based on stuff/index.txt so I
am affraid that the OCSP server must run on the same server as the
certificat authority, but in our case the CA server is
Dear Chris,
authentication methods and protocols were researched for years.
The method described is an easy one and probably could be implemented fast.
However, one better start from requirements before any coding.
For example: server is not authenticated here so man-in-the-middle
is allowed by
On Mon, Feb 16, 2004 at 10:40:36PM +1100, Chris Nolan wrote:
Hello Vadim!
On Mon, 2004-02-16 at 21:28, Vadim Fedukovich wrote:
Dear Chris,
authentication methods and protocols were researched for years.
The method described is an easy one and probably could be implemented fast
On Tue, Mar 02, 2004 at 11:47:43AM -0600, Scott Lamb wrote:
On Feb 24, 2004, at 9:55 AM, Rich Salz wrote:
I think I misunderstood that question. I honestly don't know what we
would lose. Maybe a sense of openness.
In the past -- at least, say, 2-3 years ago -- we had a couple of
openssl at schwebbman.com wrote:
I am working on writing a program that performs encryption uses
triple-DES. I am reading(decrypting) and writing(encrypting) a linked
list to a file. The program will read and write the individual
structures that make up the linked list using OpenSSL. The
Hi,
just hard to guess it..any example floating around?
thank you,
Vadim
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List
Hi Rosario,
if you need understanding, use specifications and source code.
Unix is almost always to be a synonym.
hope this will not mean OS war,
Vadim
On Fri, 1 Sep 2000, Rosario Riccio wrote:
Hi...
Thanks very very much, especially to Arnaud De Timmerman: finally I've
obtained a good
Hi Andrew,
including private key into application binary means no protection
for that key other that "you should not reverse.." shrink-wrap.
Besides, private keys are best to be used generated by end-users,
to let them trust that keys. Please consider to review your
application's general design
On Sat, 9 Sep 2000, Charles Walker wrote:
I have written some client code which uses OpenSSL plus libwww to
retrieve files from a server. In the environment where this thing runs,
we don't really care about authenticating the server, so we want to use
a self signed certificate or make up
On Wed, 13 Sep 2000, Chan, Moses wrote:
Folks,
Could somebody tell me how to generate free wildcard certificates?
Can I do this in OpenSSL?
One of use of wilcard certificate is "security proxy".
One should remember by doing this one effectively voids trust
in server validation provided
On Wed, 11 Oct 2000, Adam Wiggins wrote:
Greetings,
I am writing a client/server app in which the client needs to validate
that the server it is connecting to is actually who it claims to be.
The server is using a self-signed certificate. The logic would
(hopefully) be along the
On Fri, 13 Oct 2000, Poetsch, Michael wrote:
Hello Apache user community,
Michael,
this is not exactly apache list, anyway:
does anybody know if it is possible to configure multiple virtual hosts with
different SSL certificates? Basically it should be possible to include all
SSL related
On Fri, 13 Oct 2000, Norman Mackey wrote:
Shouldn't it be possible to configure Apache/OpenSSL to
handle name-based virtual hosting using TLS? Apparently
Norman,
I believe it was made clear already. The only point to add
is a recent RFC on "Upgrade to TLS".
ARIN thinks so, since they've
On Fri, 24 Nov 2000, Deepak Taneja wrote:
Hello
i'm getting problem in compiling Diffle hellman algorithm . please help
me that what should be done . i mean which file is to be compiled as there i'm
tring to compile p1024.c . there is BN_BL_CTX struc is missing . If anyone has
On Mon, 4 Dec 2000 [EMAIL PROTECTED] wrote:
A developer among our team has informed us that OpenSSL
cannot generate 40 bit keys (48 bit is the bare minimum).
Is this true?
Which exactly algorithm do you mean?
An example: freeswan (.org) choose to drop support
for the weak cipher (DES)
Kim,
since X.509 certificate is somethingToBeSigned and signature over that
once can use X509_sign() to do it. Probably you mean certify_cert()
and, yes, lots of parameters there to specify certificate content.
Regards,
Vadim
On Fri, 16 Feb 2001, Hellan,Kim KHE wrote:
Hi
I'm trying to make
what I should do to get from X.509
"parts" I already have loaded to a self-signed or CA-signed certificate.
The difference is issuer name and private key used for signing
regards,
Vadim
Any help appreciated!
TIA
Kim Hellan
Fra: Vadim Fedukovich [mailto:[EMAIL PROTECTED]]
Emn
Andras,
you may want to handle private key some other way, namely
dont free() it.
hope this helps,
Vadim
On Wed, 18 Apr 2001 [EMAIL PROTECTED] wrote:
Hi all.
I've made a function, which takes as params an x509 certificate request,
the ca's private key, and certificate, and makes a signed
Patric,
an apache module from http://www.webdav.org may fit your
test environment (if used with mod_ssl or apache_ssl).
Described behaviour is likely covered by rfc2518 (WEBDAV),
section 8.7.1
Please note PUT method have nothing to do with this list.
good luck,
Vadim
On Mon, 30 Apr 2001,
Lee,
unpredictable random numbers required for ssl client to set
pre-master secret, client key exchange message, rsa mode.
One can run a reverse solution with SSL client on a web server.
Unfortunately this breaks HTTPS. However, you still have
a secure solution and a CA in business :)
would
On Fri, 4 May 2001, Dilkie, Lee wrote:
It is critical to get the initial seed with as much entropy as possible
yes, it's traditional way to keep openssl' PRNG happy.
However, a random inside server hello is sent in clear
and it may be appropriate to use low-quality clock-based source here.
On Mon, 9 Jul 2001, Alexander op de Weegh wrote:
Hi all,
I have padding question.
I am using the following code for creating a PKCS#7
signed and enveloped message:
X509 *signer, *recipient;
RSA *signkey;
p7 = PKCS7_new();
PKCS7_set_type(p7, NID_pkcs7_signedAndEnveloped);
On Fri, 3 Aug 2001, Frank Geck wrote:
I have the same issue. I used the openssl rand -out randfile 1024. this created
the random bit file. I pointed RANDFILE to this file and get the same error
PRNG not seeded.
By the response below do I take it that the supplied enc.c program is wrong
On Mon, 13 Aug 2001 [EMAIL PROTECTED] wrote:
I am trying to install openssl-0.9.6b onto a Linux REDHAT 7.1 server.
This is my first install of openssl-0.9.6b on REDHAT 7.1 . ON REDHAT 6.4
openssl-0.9.6b works just fine.
All seems to go fine with install and creating key/csr/crt files.
On Wed, 15 Aug 2001, Khassaia, Amir wrote:
Hi,
I've encountered the following problem:
I generate PKCS#7 detached signed data using CryptSignMessage() in
CryptoAPI and try to verify it using OpenSSL but I get an OpenSSL Error:
{error:2107106C:PKCS7 routines:PKCS7_signatureVerify:unable
hi Kim,
On Tue, 28 Aug 2001, Hellan,Kim KHE wrote:
I'm looking for an example of a RSA Digital Signature Using Hash Function
(text followed by the signature).
Probably the most relevant data structure is PKCS7 Signed.
Does anyone know where to find a more technical description of such a
On Mon, 27 Aug 2001, Arno Puder wrote:
Hi,
certificates and private keys are usually stored in PEM-formatted files
and are loaded using the functions SSL_CTX_use_certificate_file() and
SSL_CTX_use_PrivateKey_file().
If I want to hard code the keys in my application, such as
char*
On Fri, 31 Aug 2001, Mark Kilfoil wrote:
Someone had this exact question a month ago, and I find myself with
the same problem.. There were no responses, so I'm hoping it just
got lost in the shuffle.
The original message was:
I am attempting to have a C++ client do a Diffie Hellman key
On Thu, 6 Sep 2001, Zulkiffli Mohd Nur wrote:
hello.
i have a problem how to read version and serial number from certificate.
X509_get_version() will return a long that could be printed using %ld
specification.
just now i have a certificate.
the code like this
#include
from system ressources to initialize the PRNG.
There's a method (function call) to gather random state in the system
continuously.
Comments?
Personally I'm waiting for a local team to make statements on
"reasonable business risk" using SSLeay/OpenSSL.
Vadim
On Fri, Feb 11, 2000 at 04:43:48PM -0800, [EMAIL PROTECTED] wrote:
I'm configuring a few cisco routers to do IKE for our VPN's. Works great
with pre-shared keys, but for scalability purposes I'd like to use
certificates, which requires the use of a CA. But the ciscos store keys
and
On Fri, Jan 28, 2000 at 03:18:25PM +0100, Radovan Semancik wrote:
hello!
I'm interested in SET (Secure Electronic Transactions) protocol support
in OpenSSL.
Is there such a best? Is there plan to add SET implementation to
OpenSSL?
Is there any other open SET implementations?
There's
Hello,
dublicates are generated by public.guangzhou.gd.cn
and I dont know whom to contact there.
Please let us do something right instead of just complyning
"I have dublicates" back to the list driving traffic up.
One might want to blacklist this host on primary list server.
Thank all for yur
Hello,
there's lots of old messages coming back to the list (example attached).
Does someone know how to fix it?
Regards,
Vadim
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
On Wed, Apr 05, 2000 at 01:38:14AM -0400, Michael Harvey wrote:
Be Nice ,..I am new
I Need Help with setting up CRL's
I run a small www site for a special group
I set up a Self signed CA
My Problem...
each client has a cert that is checked
How do create a Proper crl cert
I
On Wed, Apr 12, 2000 at 02:10:10PM -0500, Grebelsky, Konstantin wrote:
I guess my first impression of sign.c was incorrect...
What it does is create a signature for some data is this correct? So if I
have to store the signature in the file I just have to append it, correct?
A well-known
On Sun, May 07, 2000 at 09:51:06AM -0700, Claus Assmann wrote:
Is there a "simple" way to achieve a non-hierarchical trust model
within TLS?
The X.509 certificates currently allow only for one signature, right?
If this is wrong, how can several CAs sign a certificate?
Signatures are
On Thu, May 11, 2000 at 04:20:12PM +0200, Alexander 'Alfe' Fetke wrote:
On Mon, 8 May 2000, Bill Klein wrote:
Does anybody know where I can find the OpenSSL version
history. For example, if I wanted to know what has changed
between 0.9.5 and 0.9.5a where would I look. Can't seem to
On Thu, Jun 22, 2000 at 11:55:12PM -0400, Steve Sobol wrote:
...
I am most worried about people being able to get access to the
database in the event root is compromised. (This is a Linux box that I
am
dealing with). After I sent my original question, I decided that the
only
safe way to
Hi,
is there a good reason to PKCS7_set_detached(,1) after
pushing data into p7bio? Is it Ok to set it before
PKCS7_dataInit()?
A memory-based BIO seems not required to hold to-be-signed
in this case but still is created affecting memory usage.
please comment,
Vadim
Hi Albert,
On Mon, 31 Jul 2000, Albert Serra wrote:
a) The functions with "verify" in them is there to tell the server or
client where the public keys and the CA's public keys are for verifying
the other's keys. Those keys and the symbolic links associated with them
is pretty important.
On Mon, 22 Oct 2001, Ravi Prakash B.V. wrote:
Dear All,
I do not receive any reply for this.
Any pointers will be appreciated.
What is the application that could benefit from cross certification?
Alternatively, what is the logic that requires cross certification?
thank you,
Vadim
Ravi
Dear openssl team,
what is the best way to specify OAEP parameter for RSA operations?
Currently, RSA_eay_public_encrypt() and RSA_eay_private_decrypt()
will always pass NULL to RSA_padding_add_PKCS1_OAEP() and
RSA_padding_check_PKCS1_OAEP() respectively.
thank you,
Vadim
Bill,
one good way to get this resolved is to outline ISO signature,
namely data format, digest and padding used as well as other
relevant details. A signature example (and the key used to make it)
could also help.
What is intermediate signature?
regards,
Vadim
On Mon, 8 Oct 2001 [EMAIL
debugger
thank you,
Vadim
0 30 11: SEQUENCE {
2 022: INTEGER 840
6 022: INTEGER 735
10 021: INTEGER -254
: Warning: Integer has a negative value
: }
/* ASN.1 handling code (c) Vadim Fedukovich 2001
* work-in-progress; please use
hi,
this will work for unique port numbers only.
Here's no chance to run a bunch of standard-SSL virtual hosts
on one single 443 port and I guess it was the question.
One could do that on different IP numbers
regards,
Vadim
On Fri, 30 Nov 2001, Amol Natu wrote:
Hi Shlomi
You would need to
Andrew,
openssl is rather mixer than generator or random data.
No deterministic (ok, stable) program can make something random.
To make a random secret one need some input unavailable to attacker.
/dev/random is internal enough and could be quite a good one.
regards,
Vadim
On Mon, 3 Dec 2001,
On Mon, 10 Dec 2001, Bear Giles wrote:
Would this be a hassle if you have a root CA with a lot of intermediate
signers? That means that you have to store/locate all possible intermediate
signers to evaluate a couple of end user certificates.
This is why PKCS12 (iirc) provides a
On Tue, 11 Dec 2001, Tat Sing Kong wrote:
That's me told then, so to authenticate a certificate you need the whole
chain of certs going from the cert to authenticate all the way to a
trusted CA.
It's unlikely just authentication is of any practical use;
authorization is and risk of
On Thu, 13 Dec 2001, Tony Vo wrote:
Hello,
Is OpenSSL PKCS1 compliant? I've noticed that in the function
for padding type 2 that the first byte (octet) is 0x00 followed by 0x02
for the second byte (octet). Is this correct? According to the PKCS1
specification, the first byte
On Thu, 20 Dec 2001, Richard Levitte - VMS Whacker wrote:
There are devoices out there (I'm thinking of nCipher boxes, but I bet
there are others) where you can protect something (in the nCipher
case, the admin card) with n password, of which any m (m = n) are
required to unlock the
On Sat, 22 Dec 2001, Mike Brandonisio wrote:
Hi,
I wanted to post an answer to a problem I had with Apache and SSL. It took
some time to figure this one out but here it is:
PROBLEM:
When I installed Apache and setup a virtual server for my test web site the
standard HTTP requests worked
On Mon, 24 Dec 2001 [EMAIL PROTECTED] wrote:
Hi expert guys,.. :)
I'm starting a class project which requires handling a packet after
encryption it, and before transmi it to the IP layer. I want to to add a
header and modify the current IP address of the packet.
The steps -- in
On Wed, 9 Jan 2002, Andrew wrote:
Well let's see if I can explain this a little better. How does 3DES
work? Apparently my co-worked took the final encrypted text, XOR'ed it with
the original message and obtained a key. Now he claims that he can decrypt
any message with that key.
Did
On 10 Jan 2002, Aleix Conchillo wrote:
Hi,
I am trying to create a PKCS7 SignedAndEnveloped. I get the idea
from the enc.c and dec.c files in crypto/pkcs7 directory. As it is and
enveloped pkcs7 i need to add a recepient. And as it is signed, i need to set
the signers. The problem
On Wed, 9 Jan 2002, Scott Frazor wrote:
Can anyone give me a rough idea on how to prepare and send a https POST via
openssl? I know how to open a socket and connect SSL, but I'm missing
something when it comes to sending a HTTPS POST and RECEIVING the response.
I'm not sure if I'm asking
On Fri, 11 Jan 2002, Frank Geck wrote:
Thanks, I was already using a variant of this code. The issue seemed to
be openssl 0.9.6b, went to version c and it worked.
The current issue I have is how can I make the buffer that will hold the
decoded data dynamic instead of static (i.e. no BIG,
On Mon, 21 Jan 2002, Hellan,Kim KHE wrote:
Hi
I have an RSA private key in a EVP_PKEY structure.
I need to get the RSA blob out of the EVP_PKEY, encrypt it
(EVP_des_ede3_cbc) and Base64 encode it.
Basically I need something like what the PEM_write_PrivateKey() function
does, except my
Dear Certicom,
why it was stated posting of source code is required on OpenSSL at
http://www.certicom.com/products/ssl_plus/g/ssl/020119_2_v1_chart.html ?
-vf
__
OpenSSL Project
On Mon, 4 Mar 2002, Wilhelm Farrugia wrote:
Dear all,
I am trying to use openssl with kannel are there any implications that I
should know about?
Does any one has some details about the issue ?
Thank you,
Wilhelm Farrugia
Oleg Taranov did something with kannel and openssl and
On Thu, 7 Mar 2002, Dr S N Henson wrote:
Vadim Fedukovich wrote:
Hello,
would this construct
ASN1_SEQUENCE(SomeTypeDefinition) = {
ASN1_IMP(, someFieldName, ASN1_FBOOLEAN, N)
be fine for someFieldName [N] BOOLEAN DEFAULT FALSE in ASN.1?
Should one use ASN1_IMP_OPT
On Thu, 7 Mar 2002, Damian Hesse wrote:
Hi everybody,
we have set up our own CA and generated for everybody
user certificates for secure communication. It really works
fine.
The task: now we want to set up mailinglists (server side)
like [EMAIL PROTECTED] where some users of our company
On Fri, 8 Mar 2002, Martin Witzel wrote:
Hi,
I have two questions about certificate chains.
a.) Can an openssl intermediate CA create certificates which contain the
certificate
of an intermediate level signing CA _and_ the certificate(s) of
higher level CAs,
i.e. a
On Tue, 12 Mar 2002, Philipp [iso-8859-1] Gühring wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I read somewhere, that wildcard certificates are generally possible.
(With the exception that not every implementation might like it)
What about a certificate for *.com, *.org or
subject name and only
issuer name is available from recipient info.
regards,
Vadim
Vadim Fedukovich wrote:
On Wed, 13 Mar 2002, Frank Geck wrote:
How would I get a list of the recipients from a PKCS7 message? I have
read it in and it's a signed enveloped and I have decoded it and I see
Carlos,
DBM (keep users in the database) method was specified in .htaccess and
apache was build without DBM. This have nothing to do with SSL.
You could either re-build httpd or specify another way to handle
web users list.
hope this helps,
Vadim
On Wed, 20 Mar 2002, Carlos Alberto Pelaez
On Thu, 18 Apr 2002, Joern Sierwald wrote:
At 10:19 18.04.2002 +0200, you wrote:
Hi,
Is it possible to prevent apache from automatically giving out its server
certificate to everyone that is connecting to the server?
I want apache to only allow access to thoose that already have the
On Tue, 30 Apr 2002, Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Mon, 29 Apr 2002
12:22:32 -0700 (PDT), Tim Jones [EMAIL PROTECTED] said:
t0psecret I'm trying to create password-protected client certs
t0psecret with OpenSSL and ssl.ca-0.1.tar.gz. Is this what
On Mon, 13 May 2002, Rakeshbabu Bobba wrote:
here is the link
http://crypto.stanford.edu/~dabo/ITTC/dist-files/ittc-1.0.tar.gz
rakesh
On 13 May 2002, Aleix Conchillo wrote:
On Mon, 2002-05-13 at 19:34, Rakeshbabu Bobba wrote:
you might want to take a look at IITC project of Dan
On Wed, 15 May 2002, FRISCH Laurent FTRD/DTL/ISS wrote:
Something bothers me with the authenticatedAttributes field in PKCS#7. It is
defined in SignerInfo by authenticatedAttributes [0] IMPLICIT Attributes,
Attributes being a SET OF attributes. This means that you should order
attributes in
On Thu, 16 May 2002, [ISO-8859-1] Martinez Bernardo · Maria Elena wrote:
Benoit,
You have a Client Certificate from Verisign and you can't use it to sign a
new certificate.
Nothing could stop a programmer from using such a private key to sign
other certificates.
However, an application
On Fri, 17 May 2002, Haikel wrote:
Hi,
I'have generated keys in pkcs8 format with java and openssl. The thing
that was not expected is the difference of the two files structure. The
why not? it's encrypted private key.
Yes, one should expect them to be the same after decryption
two
On Sat, 25 May 2002, Averroes wrote:
Hi All,
Perhaps someone has the answer?
I want to sign a file (provided by a requester) with some information
like : hash+timestamp, then, transforms this signed file in PKCS7 structure
for sending back to the requester.
Any help will be appreciated.
a hash of a document,
not necessary the document.
hope this fits,
Vadim
Thanks for all your help,
Kim
-Oprindelig meddelelse-
Fra: Vadim Fedukovich [mailto:[EMAIL PROTECTED]]
Sendt: 30. maj 2002 12:15
Til: [EMAIL PROTECTED]
Emne: Re: Format of RSA public key ?
On Thu, May
On Thu, May 30, 2002 at 03:35:51PM +0200, Hellan,Kim KHE wrote:
...
I have been looking at the RSA_public_decrypt() function, but I'm not quite sure
how it works.
How can I verify a signature without specifying what was signed in the first place?
Public key is normally used to recover the
On Mon, Jun 03, 2002 at 11:17:40PM +, Franck Martin wrote:
Read your web site,
Sorry other, if my e-mail is slightly off-topic but I think for a global
trusted e-mail system, we need some special certificates and I just want
to check if medracen is offering them...
Needs some info,
hi list,
Naina library may be considered an ASN.1 test; it handles some
Secure Electronic Transactions messages.
http://www.unity.net/~vf/naina_r1.tgz
It works with 0.9.7-beta-1, on linux, gcc 2.9.5
It could be great to include SET-specific objects into openssl;
patch is there inside
regards,
On Wed, Jun 05, 2002 at 08:42:10AM +0200, Lutz Jaenicke wrote:
On Wed, Jun 05, 2002 at 03:35:31AM +0300, Vadim Fedukovich wrote:
hi list,
Naina library may be considered an ASN.1 test; it handles some
Secure Electronic Transactions messages.
http://www.unity.net/~vf/naina_r1.tgz
On Fri, Jun 07, 2002 at 12:38:00AM -0700, Brian Doyle wrote:
Does anyone know where I can get the latest VeriSign root certificate (that
expires in 2028) in PEM format? It seems to be impossible to get it from
their website in anything other than some script to install it into a web
browser.
On Thu, Jun 06, 2002 at 05:17:48PM -0700, Bob Steele wrote:
This might be a nonsensical question, and if so it
wouldn't be my first foolish question here:
Is it possible or appropriate to add a timestamp object
(RFC 3161) to a PKCS#7 signature during the signature's
creation?
This
On Sun, Jun 16, 2002 at 01:55:48PM +0200, Lutz Jaenicke wrote:
The second beta release of OpenSSL 0.9.7 is now available from the
OpenSSL FTP site URL: ftp://ftp.openssl.org/source/. Quite a lot
of code changed between the 0.9.6 release and the 0.9.7 release, so
a series of 3 or 4 beta
On Tue, Jun 18, 2002 at 05:30:45PM +0200, julien Bournelle wrote:
Hi all,
I have a little pb and after a little search on google I didn't find any
interesting help :-(
This is my pb: i try to get a session key by DH and when I compute keys I
didn't obtain the same session key.
No
On Thu, Jun 27, 2002 at 12:06:01PM -0500, Manish Ramesh Chablani wrote:
On Thu, 27 Jun 2002, Vadim Fedukovich wrote:
On Wed, Jun 26, 2002 at 07:35:59PM -0500, Manish Ramesh Chablani wrote:
Hi,
I am new to openSSL. I want to use openSSL to provide cryptographic
functions
1 - 100 of 130 matches
Mail list logo