date:20080315

[no subject]

2008-03-15 Thread Ajeet kumar.S

Dear All;

 

When I compiled openssl-0.9.8g on VDSP and run \demos\ssl\cli.cpp .And I
tried to connect https://www.gmail.com https://www.gmail.com/  .At that
time I saw  client sent client hello and  server sent server hello
successfully. But After that Client is not sending MASTER_KEY message. I
checked and I found in file ssl\s2_clnt.c  inside function  int
ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data)
having function 

 

x509=d2i_X509 (NULL, data,(long)len);

 

return x509=0; that's why it is going err. And returning ret =-1;

Please tell me how I can  remove this error.

One thing I want to say for compilation purpose I added  below function in
this file  .

 

////

 

 

 

 

 

 

Thnx.

Regards;

 

Ajeet Kumar Singh 

DSP Software Engg.

 

Jasmin Infotech Private Limited

Plot No.119, (Opp to N.I.O.T.),

Velachery Tambaram Road,

Pallikaranai, Chennai 600 100, India

Problem in openssl Master key Generation

2008-03-15 Thread Ajeet kumar.S

Dear All;

 

When I compiled openssl-0.9.8g on VDSP and run \demos\ssl\cli.cpp .And I
tried to connect https://www.gmail.com https://www.gmail.com/   using
sslv2.0 .At that time I saw  client sent client hello and  server sent
server hello successfully. But After that Client was not sending MASTER_KEY
message. I checked and I found in file ssl\s2_clnt.c  inside function
int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char
*data)   having function 

 

x509=d2i_X509 (NULL, data,(long)len);

 

return x509=0; that's why it is going to label  err. And returning ret =-1;

Please tell me how I can  remove this error. So  I can proceed further next
step in sslv2.0 response .

One thing I want to say for compilation purpose I added below function in
this file x_x509.c.

 

 

 

////

ASN1_SEQUENCE(X509_EXTENSION) = {

ASN1_OPT(X509_EXTENSION, object, ASN1_BOOLEAN),

ASN1_OPT(X509_EXTENSION, value, ASN1_OCTET_STRING)

} ASN1_SEQUENCE_END(X509_EXTENSION)

 

ASN1_SEQUENCE(PKCS8_PRIV_KEY_INFO) = {

ASN1_OPT(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),

} ASN1_SEQUENCE_END(PKCS8_PRIV_KEY_INFO)

 

 

IMPLEMENT_ASN1_FUNCTIONS(X509)

IMPLEMENT_ASN1_DUP_FUNCTION(X509)

IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION)

IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)

IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)

IMPLEMENT_ASN1_DUP_FUNCTION(PKCS8_PRIV_KEY_INFO)

 

////

 

If above  function is wrong and problem due to this, what I wrote in file
x_x509.c  then please tell me how Linux or Window os map this function and
how I can map it.

 

 

 

 

 

Thnx.

Regards;

 

Ajeet Kumar Singh

Re: Accessing encrypted messages after cert expires

2008-03-15 Thread Kyle Hamilton

It's rather infeasable to keep the same private key and generate a new
public key.  If you keep the private key after the expiration of the
certificate, you can still decrypt messages encrypted to it; thus, if
you generate a new pub/priv pair, you just need to keep the old key,
and use all the keys you have to try to decrypt until one works.

-Kyle H

On Fri, Mar 14, 2008 at 4:20 PM, Mick [EMAIL PROTECTED] wrote:

  Yes it does.  Keeping the same private key and generating new public key with
  it seems to be a sensible thing to do from a practical point of view.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Problem in openssl Master key Generation

2008-03-15 Thread Marek . Marcola

Hello,
 When I compiled openssl-0.9.8g on VDSP and run \demos\ssl\cli.cpp .And I 
tried to connect 
 https://www.gmail.com  using sslv2.0 .At that time I saw  client sent 
client hello and 
 server sent server hello successfully. But After that Client was not 
sending MASTER_KEY 
 message. I checked and I found in file ssl\s2_clnt.c  inside 
function int 
 ssl2_set_certificate(SSL *s, int type, int len, const unsigned char 
*data)   having function 
 
 x509=d2i_X509 (NULL, data,(long)len);
 
 return x509=0; that’s why it is going to label  err. And returning ret 
=-1;
 Please tell me how I can  remove this error. So  I can proceed further 
next step in 
 sslv2.0 response .
 One thing I want to say for compilation purpose I added below function 
in this file “x_x509.c“.
Do not use/support SSL2 for secure communications, use SSL3 or TLS1.
SSL2 client_hello may be used for negotiations SSL3 or TLS1 (only one 
handshake
packet).

Best regards,
--
Marek Marcola [EMAIL PROTECTED]

Re: Accessing encrypted messages after cert expires

2008-03-15 Thread Mick

On Saturday 15 March 2008, Kyle Hamilton wrote:
 It's rather infeasable to keep the same private key and generate a new
 public key.  If you keep the private key after the expiration of the
 certificate, you can still decrypt messages encrypted to it; thus, if
 you generate a new pub/priv pair, you just need to keep the old key,
 and use all the keys you have to try to decrypt until one works.

Thanks Kyle,

Doesn't what you suggest create a headache?  Every time I want to decrypt an 
old message I sent or I received, or a file, I will need to change the mail 
client configuration and point it to another private key.  Keeping the same 
key overcomes this problem.  Have I got this right?  Why is it not feasible 
to retain the same private key?
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: Accessing encrypted messages after cert expires

2008-03-15 Thread Kyle Hamilton

On Sat, Mar 15, 2008 at 12:12 PM, Mick [EMAIL PROTECTED] wrote:
 On Saturday 15 March 2008, Kyle Hamilton wrote:
   It's rather infeasable to keep the same private key and generate a new
   public key.  If you keep the private key after the expiration of the
   certificate, you can still decrypt messages encrypted to it; thus, if
   you generate a new pub/priv pair, you just need to keep the old key,
   and use all the keys you have to try to decrypt until one works.

  Thanks Kyle,

  Doesn't what you suggest create a headache?  Every time I want to decrypt an
  old message I sent or I received, or a file, I will need to change the mail
  client configuration and point it to another private key.  Keeping the same
  key overcomes this problem.  Have I got this right?  Why is it not feasible
  to retain the same private key?

If you want to decrypt an old message sent to you from the private
key, you keep the certificate that contains the public key associated
with it.  This costs storage on the receiver.

If you want to decrypt a message sent to the private key from the old
public key, you keep the private key associated with that public key.

Most mail clients allow you to have multiple keypairs, and identify
which to use by the key used to encrypt them.  The certificate is a
means of specifying the 'policy' associated: 'do not use this key for
new encryption after X date/time.'

It's infeasable to generate a new public key associated with the same
private key because of the mathematics involved.  If a new public key
could be derived at-will from the private key, then a new private key
could be derived at-will from the public key, which would rather
defeat the entire security of asymmetric-key cryptography.  (The
function which must be solved is the same both ways -- if one way can
be solved easily, the other way can be solved just as easily.)

-Kyle H
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

[no subject]

Problem in openssl Master key Generation

Re: Accessing encrypted messages after cert expires

Re: Problem in openssl Master key Generation

Re: Accessing encrypted messages after cert expires

Re: Accessing encrypted messages after cert expires

6 matches

Site Navigation

Mail list logo

Footer information