The role of the private key in the CSR is for a proof of possession (POP).
You can use crypto and non-crypto methods to provide a proof of possession of
private key to a CA. Without a crypto method, I am not sure whether you can
provide a POP without disclosing the private key to the CA.
If the
Hi all,
Are RAND_seed(), RAND_add() NIST SP 800-151A compliant ?
NIST SP 800-151A compliant enforces that
RBGs specified in SP 800-90 (HASH, HMAC, CTR, DUAL_EC) and ANS X9.62-2005
(HMAC) are acceptable standards
I think this depends on the engine being loaded. HOwever, not sure what
engine is
On 5/03/2013 10:56 PM, Dr. Stephen Henson wrote:
> On Tue, Mar 05, 2013, Geoff Swan wrote:
>
>> Hi,
>>
>> I have an ocsp response in memory. The response may contain 1 or more
>> (probably about 20) ocsp responses for certificates based on the same
>> issuer name and issuer key.
>>
>> I need to lo
I upgraded my Apache and OpenSSL bits in /usr/local to 2.4.4 and 1.0.1e and
then
ran in test mode for about a week. All seems well enough.
I then made a big tarball and moved the entire pile from /usr/local over to
another
Solaris server. In fact, a zone on the same server.
It starts up a
On 5 Mar 2013, at 6:57 AM, Greg Keene wrote:
> Is there an API that will allow me to read an encrypted file directly into
> memory? If possible I would like to bypass decrypting the file and writing
> it back out to the hard drive.
What format is the encrypted file in? If it's just (for examp
Hi all,
I want to insert/modify the mlExpansionHistory attribute in a SMIME email
using the openssl API.
Thanks
--
View this message in context:
http://openssl.6102.n7.nabble.com/mlExpansionHistory-attribute-tp44086.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
On Mon, Mar 4, 2013 at 11:19 PM, Jeffrey Walton wrote:
> Hi All,
>
> OpenSSL 1.0.1e is not loading Intel's hardware random number
> generator. ENGINE_load_rdrand() silently fails:
>
> /*** eng_rand.c ***/
> void ENGINE_load_rdrand (void)
> {
> extern unsigned int OPENSSL_ia32cap_P[];
>
> i
On Tue, Mar 05, 2013, Vimol Kshetrimayum wrote:
> Hi Steve,
>
> I am also facing the same issue.
> If I want to to fix this bug, should the code for SSL_get_certificate() be
> restored to previous state? Is there any other place to be fixed?
>
Effectively yes. The fix is here:
http://git.opens
On Mon, Mar 4, 2013 at 9:33 PM, Steven Funasaki
wrote:
> Does the CSR need to be signed with the matching private key for the CA to
> validate it?
Of course. That demonstrates proof of possession of the private key.
Otherwise there is no binding of an entity to a keypair, and no cert
can have a
Ø Hypothetically, what if i have TWO key pairs (PubKey1, PrivKey1, PubKey2,
PrivKey2). First thing
Ø i do is move PrivKey1 to another place. Is there a way where I can use
PubKey1 to make the CSR
Ø (Without access to PrivKey1), but sign it with PrivKey2 to preserve
integrity?
If you can "
Hi Steve,
I am also facing the same issue.
If I want to to fix this bug, should the code for SSL_get_certificate() be
restored to previous state? Is there any other place to be fixed?
Thanks,
-Vimol
On Mon, Feb 11, 2013 at 10:21 PM, Dr. Stephen Henson wrote:
> On Mon, Feb 11, 2013, Bogdan Harj
The Certification Request has a signature field generated by running the RSA
sign operation against the fields in the request. This signature is used to
perform an RSA verify using the public key in the request. The signature must
be valid for most CAs to accept the request. The cryptographic te
I can't seem to find more detailed information on what is going on when
generating a CSR. I would like to learn more in detail how the private key
is used to create a CSR beside just matching the public key.
When generate a CSR using OpenSSL you have two options:
1) Generate a Private key when
Hi,
I have an ocsp response in memory. The response may contain 1 or more
(probably about 20) ocsp responses for certificates based on teh same
issuer name and issuer key.
I need to locate the response that is relevant for the certificate of
interest. Is the usual method to parse each response and
> I need to locate the response that is relevant for the certificate of
> interest Is the usual method
> to parse each response and match the cert serial number to find the index to
> the correct ocsp response?
Yes.
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
___
On Tue, Mar 05, 2013, Geoff Swan wrote:
> Hi,
>
> I have an ocsp response in memory. The response may contain 1 or more
> (probably about 20) ocsp responses for certificates based on the same
> issuer name and issuer key.
>
> I need to locate the response that is relevant for the certificate of
16 matches
Mail list logo
