On Sat, Mar 16, 2013 at 01:16:23AM -0400, Ewen Chan wrote:
> Okay then, here's another one of my infamous dumb questions.
>
> If that's the case, then why do we need the AES-NI instruction set?
It's far from the first accelerated instruction set of dubious utility. ;)
Marketing... etc.
Actually
On Sat, Mar 16, 2013 at 12:06:07AM -0400, Ewen Chan wrote:
> That's MUCH faster than I expect it to be (even with AES-NI) and the
> 888 MB/s is faster than any available storage host-bus interface we've
> got right now; so I want to make sure that I am not losing my marbles
> here in trying to make
On Wed, Mar 13, 2013 at 04:00:48PM -0400, Ewen Chan wrote:
> I'm running on a 30 TB server with about 1.4 million files.
>
> I think that at last audit, the single largest file is 45 GB (as an example).
>
> And I'm prepping to run AES-256-CBC.
>
> The host system has a SATA 6 Gbps, 10 drive, RAI
The Certification Request has a signature field generated by running the RSA
sign operation against the fields in the request. This signature is used to
perform an RSA verify using the public key in the request. The signature must
be valid for most CAs to accept the request. The cryptographic te
On Wed, Feb 20, 2013 at 06:51:12PM -0500, Dave Thompson wrote:
> Or openssl asn1parse, likely available to anyone asking here
> even on non-Linux; with -inform der if applicable which it is
> here (easily determinable with any kind of octal or hex dump
> or a good guess for anything that doesn't
Use the dumpasn1 utility on it, it's in almost every Linux distro, or from its
website:
http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.c
Matthew.
On Wed, Feb 20, 2013 at 07:54:00PM +, Santhosh Kokala wrote:
> Hi All,
> I am unable to identify the certificate format that I received during SC
On Mon, Feb 18, 2013 at 10:57:14AM -0800, Joel Bion wrote:
> 3372:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> failure:.\ssl\s23_lib.c:177:
I think this is the important thing to check:
error:[error code]:[library name]:[function name]:[reason string]
error:140790E5:SSL routines:SSL23_
On Fri, Feb 15, 2013 at 07:03:20AM +0100, Walter H. wrote:
> Hello,
>
> can someone, please tell me, how to generate a certificate
> that conforms to http://www.ietf.org/rfc/rfc3739.txt (RFC 3739)
>
> Thanks,
> Walter
Hi Walter,
We could help better if we understood what's not working for you a
On Thu, Feb 14, 2013 at 11:55:59AM -0800, Matthew Hall wrote:
> I used this configuration file:
>
> [req]
> default_bits = 4096
> prompt = no
> encrypt_key= no
> default_md = sha256
> distinguished_name = dn
> req_extensions
On Thu, Feb 14, 2013 at 05:37:00AM +, Viktor Dukhovni wrote:
> On Thu, Feb 14, 2013 at 04:11:33AM +, Viktor Dukhovni wrote:
> A more complete example:
>
> $ cat openssl.cnf
> [ req ]
> distinguished_name = dn
> req_extensions = san
> [ dn ]
> [ san ]
> subjectAl
Hi Erwann,
On Thu, Feb 14, 2013 at 11:09:23AM +0100, Erwann Abalea wrote:
> RFC5280 was not "written by the CAs themselves".
Some of them are listed in the authorship; they also reference 5280 and other
PKI RFCs in their standards they created as part of the CAB Forum and the
Webtrust auditing
I am sure at least some would sign it because RFC 5280 PKIX standard was
written by the CAs themselves and they are the ones deprecating CN in favor of
SAN.
--
Sent from my mobile device.
Viktor Dukhovni wrote:
>On Thu, Feb 14, 2013 at 04:11:33AM +, Viktor Dukhovni wrote:
>
>> You'll natu
this part
of the RFC is supported at all, and if it is supported, how I should be
invoking the command to get the expected behavior. If it's documented already,
and I missed it, I apologize in advance.
Thanks,
Matthew Hall
command:
openssl req \
-new -config test-no-cn.cnf -newkey rsa:4
On Thu, 21 Nov 2002, mikecross wrote:
> Seems to me that you problem is that you didn't supply
> password.
> PKCS12 format stores Private + Public key pair
> encrypted with password.
Why would I want to store all this in a pcks12 file that
I want to give to clients/other people to import into
the
I'm trying to find out how to take my ca.crt file (signed
by my own CA self) and convert it to pkcs12 format for importation
into Mozilla, so that Mozilla will recognize anything else signed
by me as 'OK'.
Converting it to DER format was easy:
openssl x509 -in ca.crt -out ca.der -outform DER
I'
15 matches
Mail list logo