On Sun, Jul 30, 2006, Bear Giles wrote: > Dr. Stephen Henson wrote: > > >On Sun, Jul 30, 2006, Girish Venkatachalam wrote: > > > > > > > >>--- Bear Giles <[EMAIL PROTECTED]> wrote: > >> > >> > >> > >>>Is there a way to programmatically obtain a list of > >>>available ciphers, > >>>digests and algorithms? I looked at the header > >>>files, but may have > >>>overlooked something. > >>> > >>> > >>> > >>man ciphers > >> > >> > > > >That only works for SSL/TLS ciphersuites. If the OP really means ciphers > >and > >digests then this is possible, there are two new options > >list-message-digest-algorithms and list-cipher-algorithms in OpenSSL 0.9.9 > >which do this, they use a couple of new functions derived from > >OBJ_name_do_all(). > > > > > Yes, I'm trying to update my code that creates PostgreSQL data types and > functions using OpenSSL. Some of the advanced functions (e.g., rekeying > an PKCS8 object) require that the user pass in things like digest names, > but my interface doesn't yet support a way of learning what those > possible values are. >
Well not all ciphers or digests are appropriate. Using 40 bit RC2 for example encrypting private keys. > I'm building against Debian and it's still 0.9.7. Is it hard to use > OBJ_name_do_all()? > The function isn't documented but you can trace the few functions that call it in 0.9.9 from the list-cipher-algorithms command and copy the source you need. The function EVP_cipher_do_all() in crypto/evp/names.c for example. > Hmm, I guess the worst-case scenario is that I return a staic list until > the next Debian release. The nature of the beast means that there will > be a lot of inertia and a strong preference for proven selections. > OpenSSL 0.9.9 wont be released for some time yet and wont make it into distros for some time after that. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
