Re: RSA OAEP encrypt with a label
on., 09.09.2009 kl. 10.25 +0200, skrev Einar Thorsrud: > I do not find any possibility to add the label to the > RSA_public_encrypt() function, but it could perhaps be achieved > otherwise? Could the label perhaps be related to the *p parameter in int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen, const unsigned char *f,int fl, const unsigned char *p,int pl); This however, is really just a shot in the dark on my behalf, as I am unable to find any reference to "label" related to RSA in the OpenSSL source code. - Einar __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Is openssl crypto library thread-safe?
Hi, Thanks for the response, steve. So, irrepective of creating the openssl object per thread or globally for all threads, callback functions should be implemented to make the application thread safe? Thanks, Deiva Shanmugam On Wed, Sep 9, 2009 at 8:35 PM, Dr. Stephen Henson wrote: > On Wed, Sep 09, 2009, deiva shanmugam wrote: > > > Hi, > > > > We are planning to make use of openssl crypto library in multithreaded > > environment. > > > > We call OpenSSL_add_all_algorithms() before creating threads and will > create > > BIO, EVP_KEY, SHA256 , SHA1 and RSA object in each thread and makes use > of > > the following functions: > > > > SHA1_Init BIO_new_mem_bufEVP_PKEY_get1 > > RSA_size > > SHA1_Final BIO_free EVP_PKEY_free > > RSA_PKCS1_PADDING > > SHA1_Update BIO_write EVP_cleanup > > RSA_free > > SHA256_InitBIO_flush > > RSA_verify > > SHA256_FinalBIO_new > > SHA256_UpdateBIO_s_mem > > > > We found in the openssl website that "OpenSSL can safely be used in > > multi-threaded applications provided that at least two callback functions > > are set, locking_function and threadid_func." And from FAQ, its stated > that > > "Openssl is thread safe with limitations [ SSL connections may not be > used > > concurrently in many threads]" . > > > > So, can someone let us know that the functions mentioned above are MT > safe > > without implementing the two callback functions. > > > > Use of SHA* functions directly is not recommended, you should use EVP > instead. > > You need the callbacks for almost any usage because the locks are used to > maintain the error queue which is used by just about every subsection of > OpenSSL. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org >
RE: send encrypted data to remote server
skar: > Thanks for the advice. Hope this one is clear. > Here are the concrete requirements: > 1) Content should be encrypted only on the server. > And public key must stay only on the server. No other > person should have access to the public key. That is not a requirement, that is an implementation. If you have to use public-key cyrptography, it would only be because that is the only way to meet your requirements. > 2) Private key on the client machine should decrypt the > file. It should have only the private key, not the > public key. That way, no hostile user can create his own > encrypted content and decrypt the file using the private key. This is a completely nonsensical implementation. Whatever your requirements are (which for some reason you refuse to state) this *can't* be a sensible way to meet them. > And it basically boils down to separating the public and private > keys and finding a way to not have the public key inside the > private key, which is the default in openssl. Do you understand why the public key is so named? It doesn't seem so. I don't think public key crypography is the right way to meet when I'm guessing your requirements are. I strongly urge you to have a talk with someone knowledgeable in cryptography and design a scheme with them. Honestly, this conversation is not going well and is very, *very* unlikely to result in you having a good idea of a way to meet your actual requirements, whatever they are. Sorry to be blunt, but getting a scheme that's actually secure is not easy. You have to make sure your scheme isn't vulnerable to weaknesses of which you are not aware, and if you refuse to do it the same way everyone else does, that won't happen. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: send encrypted data to remote server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 skar karthikeyan wrote: | My requirements are(again): | | 1) Content should be encrypted only on the server. And public key must | stay only on the server. No other person should have access to the | public key. | 2) Private key on the client machine should decrypt the file. It should | have only the private key, not the public key. That way, no hostile user | can create his own encrypted content and decrypt the file using the | private key. And without the private key, client shouldn't be able to | decrypt the file. I think you have terrible mixed up you requirements and your (broken) solution. As far as I understood, you want: 1) Only one entity may be able to generate data. 2) Only a fixed set of entities may be able to read ~ the generated data. The answer to 1) is data signing done with the signers private key and verified by the signers public key that is distributed to all recipients. The answer to 2) is encryption. One of the possible ways to do that is encrypting the data for all public key of all recipients. The public keys of all recipients must be present when the data is encrypted. Both requirements can be fulfilled by using something like PKCS#7 signedAndEnvelopedData. If your requirements are really these two I mentioned please stick with an established method since you have obviously do not the expertise to develop an own one. Bye Goetz - -- DMCA: The greed of the few outweighs the freedom of the many -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKqA9v2iGqZUF3qPYRAtdCAJ0TH7WJbWHRKDqunTuH65dgCzwZEQCeItlC Xhg0PxZPZg0efFc7rgYJxa0= =VOeH -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: send encrypted data to remote server
On Wed, 2009-09-09 at 09:50 -0700, skar karthikeyan wrote: > My requirements are(again): > > 1) Content should be encrypted only on the server. And public key must > stay only on the server. No other person should have access to the > public key. > 2) Private key on the client machine should decrypt the file. It > should have only the private key, not the public key. That way, no > hostile user can create his own encrypted content and decrypt the file > using the private key. And without the private key, client shouldn't > be able to decrypt the file. IMHO, this is a statement of how an implementation must solve your problem, not a statement of the problem you are trying to solve. I suggest that you forget for the moment everything you think you know about public and private keys, state your problem, and then listen to the responses you get. Paul Allen __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: send encrypted data to remote server
> As others have posted, this sounds like a job for PGP (or gnu's version of > it). > It is included with, or available for; nearly every *nix ever shipped > plus many other operating systems, including some proprietary systems. > > For instance, the file manager GUI in many Linux distributions will allow > your client to select the filename, and just click "decrypt" - P.F.M. > > Nothing new needs to be invented, just let your server be the home of the > encrypted file and the PGP key files. > Thanks for the help. I did try gnupg too. It also has the same problem, where it allows access to the public key if you have the private key. That would break my need, where I need to be only one with access to the public key, so that only I can create encrypted content. All the clients can have the private key(and private key only) so that they can decrypt the content. If they don't have the private key, they shouldn't be able to decrypt it. Both GnuPG and OpenSSL support sending encrypted content to a guy with the private key. But they both allow the guy(in my case, the client machine) with the private key to create his own encrypted content, since the public key is embedded within the private key. I'd like to remove that public key and have only the private key. My requirements are(again): 1) Content should be encrypted only on the server. And public key must stay only on the server. No other person should have access to the public key. 2) Private key on the client machine should decrypt the file. It should have only the private key, not the public key. That way, no hostile user can create his own encrypted content and decrypt the file using the private key. And without the private key, client shouldn't be able to decrypt the file. cheers, skar.
Re: MAC address binding to the certificate
* Anoop C wrote on Wed, Sep 09, 2009 at 18:02 +0530: >Thanks for the quick response. > I totally agree on your point. Our associates often used to try others > certificate .So I want to remove that threat also by incorporating MAC > address also into the certificates apart from the existing set up. Typically, SSL/TLS security is bound to the secrecy of a private key (secret key), not to the secrecy of a MAC address (which may be easy to disclose by looking to some label or sticker). A stolen certificate cannot be used (in a reasonable cryptosystem, such as SSL/TLS) without having the private (secret) key. Don't know what EAP-TLS is doing, but SSL/TLS usually work on top of TCP and TCP does not know anything MAC. You may even have PPP with TCP but without any MAC addresses. oki, Steffen --[ end of message ]-->8=== __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: send encrypted data to remote server
On Wed September 9 2009, skar wrote: > Dave Thompson wrote: > >>From: owner-openssl-us...@openssl.org On Behalf Of skar karthikeyan > >>Sent: Tuesday, 08 September, 2009 13:13 > >> > > > > > >>I want to send data from my machine to another one and the remote > >> machine should be able to decrypt and make sense of the data only if it > >> has the correct credentials, like a key file. > >> > > > > > >>I'm a new to openssl and public key systems. From what I understand > >> from the docs, I should be able to generate a key pair, 1 public and > >> another private. Now, I've created a private RSA key and extracted the > >> public key. Next, I signed the data using the private key and sent it > >> to the remote machine. I also copied the exported public key to the > >> remote machine too. The remote machine can verify the data and I can see > >> the data I originally signed. > >> > > > > This is exactly backwards. _signing_ provides integrity/authentication > > but NOT confidentiality/privacy. In other words, anyone can see the data, > > but the remote machine can be certain that the data came from your machine > > and nobody else. (Assuming you keep your privatekey secure; what it can > > actually be sure is that it came from someone possessing the privatekey.) > > > > PK _encryption_ works the other way. Only the _recipient_ has the > > privatekey, > > and the sender(s) (there may be more than one) have the publickey. In some > > situations the sender gets the recipient's publickey 'on demand' e.g. from > > a keyserver, from the recipient's certificate, etc.; in some situations > > (possibly including yours) it stored in advance. The sender encrypts using > > the recipient's publickey, and then only the recipient can decrypt it. > > > > > > > >>However, I've got 2 doubts: > >> > > > > > >>1) Am I doing it right? Is the signed data secure and not accessible > >> > > > > > >> to anyone without the public/private key? Of course, hackers can always > >> break it, I understand that. But, otherwise I'm following the right > >> > > process/idiom? > > > > No, as above. If you do, and you use valid algorithms with sufficiently > > large key sizes, 'hackers' CAN'T break the cryptography itself, not within > > the lifetime of the universe, at least using currently known physics. > > Attackers may however be able to break other parts of your system though, > > by for example: getting malware (virus, trojan, etc.) onto your computer > > that > > finds and tells them your privatekey, or just your sensitive data directly; > > guessing your key if it was generated on a machine using a poor random > > number generator; guessing your data if it wasn't 'padded' with sufficent > > randomness, or again used a poor random number generator. > > > > > >>2) If the data size is bigger, I get the error "data greater than > >> > > mod > > > >> len:rsa_eay.c:660:". How do I deal with this case? > >> > > > > In RSA you can't encrypt or sign a value larger than the modulus, > > and similar restrictions apply to other PK algorithms. In fact > > because you NEED padding for security, as above, the largest value > > you can use is less than the modulus by usually 10-20 bytes or so. > > > > Normally people don't use RSA or other PK directly. For encryption > > you generate a random symmetric key, use it to 'bulk' encrypt the data, > > and encrypt (only) the symmetric key using RSA; for decryption, you > > decrypt the symmetric key and use it to decrypt the data. For signing, > > you compute a (cryptographic) hash of the data, and sign the hash; > > to verify, you re-compute the hash and verify it. If you do want > > to use PK especially RSA directly, you won't be interoperable with > > anyone else, and (these parts of) your system will be slower. > > > Thanks David and Dave :) So signing is the reverse of what I need. I > need to encrypt. In that case, I need to have only the private key on > the other side and have the public key with me to encrypt the data. Is > that possible? I can't use SSL/TLS alone, as I also want the data to > stay encrypted on the other side and be decrypted only when needed. Any > good material that I can read to learn more on this? > As others have posted, this sounds like a job for PGP (or gnu's version of it). It is included with, or available for; nearly every *nix ever shipped plus many other operating systems, including some proprietary systems. For instance, the file manager GUI in many Linux distributions will allow your client to select the filename, and just click "decrypt" - P.F.M. Nothing new needs to be invented, just let your server be the home of the encrypted file and the PGP key files. Mike > cheers, > skar. > __ OpenSSL Project http://www.openssl.org User Support Ma
Re: Is openssl crypto library thread-safe?
On Wed, Sep 09, 2009, deiva shanmugam wrote: > Hi, > > We are planning to make use of openssl crypto library in multithreaded > environment. > > We call OpenSSL_add_all_algorithms() before creating threads and will create > BIO, EVP_KEY, SHA256 , SHA1 and RSA object in each thread and makes use of > the following functions: > > SHA1_Init BIO_new_mem_bufEVP_PKEY_get1 > RSA_size > SHA1_Final BIO_free EVP_PKEY_free > RSA_PKCS1_PADDING > SHA1_Update BIO_write EVP_cleanup > RSA_free > SHA256_InitBIO_flush > RSA_verify > SHA256_FinalBIO_new > SHA256_UpdateBIO_s_mem > > We found in the openssl website that "OpenSSL can safely be used in > multi-threaded applications provided that at least two callback functions > are set, locking_function and threadid_func." And from FAQ, its stated that > "Openssl is thread safe with limitations [ SSL connections may not be used > concurrently in many threads]" . > > So, can someone let us know that the functions mentioned above are MT safe > without implementing the two callback functions. > Use of SHA* functions directly is not recommended, you should use EVP instead. You need the callbacks for almost any usage because the locks are used to maintain the error queue which is used by just about every subsection of OpenSSL. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: MAC address binding to the certificate
On Wed September 9 2009, Anoop C wrote: > Hi all > > I am using certificates generated by openssl for authenticating the > WiFi useres using EAP-TLS 802.1x authentication. > I would like to add MAC address of the user machines into each user > certificates so that the certificates used by one machine cannot be used in > another machine/PC. > ? ? ? ? In general, the MAC address is programmable, not etched in silicon. It would probably be trivial for the "un-intended user" to reset the MAC address to match the certificate. If you want to "node lock" a certificate - better to use a device intended for that purpose rather than the NIC's MAC address. Mike > Could anyone please help how to create certificate with MAC address > binded to it. > > Regards > Anoop > > > > Get your world in your inbox! > > Mail, widgets, documents, spreadsheets, organizer and much more with your > Sifymail WIYI id! > Log on to http://www.sify.com > > ** DISCLAIMER ** > Information contained and transmitted by this E-MAIL is proprietary to > Sify Limited and is intended for use only by the individual or entity to > which it is addressed, and may contain information that is privileged, > confidential or exempt from disclosure under applicable law. If this is a > forwarded message, the content of this E-MAIL may not have been sent with > the authority of the Company. If you are not the intended recipient, an > agent of the intended recipient or a person responsible for delivering the > information to the named recipient, you are notified that any use, > distribution, transmission, printing, copying or dissemination of this > information in any way or in any manner is strictly prohibited. If you have > received this communication in error, please delete this mail & notify us > immediately at ad...@sifycorp.com > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: send encrypted data to remote server
On Wed, Sep 9, 2009 at 8:54 PM, David Schwartz wrote: > > > I suggest you find someone familiar with encryption and have a dialogue > with > them until a solution emerges. It's just going to take ridiculously long > going back and forth this way because you don't seem to have any kind of > statement of your requirements. > Thanks for the advice. Hope this one is clear. Here are the concrete requirements: 1) Content should be encrypted only on the server. And public key must stay only on the server. No other person should have access to the public key. 2) Private key on the client machine should decrypt the file. It should have only the private key, not the public key. That way, no hostile user can create his own encrypted content and decrypt the file using the private key. I don't think there's anything more to what I need. And it basically boils down to separating the public and private keys and finding a way to not have the public key inside the private key, which is the default in openssl. cheers, skar.
RE: send encrypted data to remote server
skar wrote: > Now the remaining part is, how do I encrypt a file on my machine, so > that only the client machines with the right key can decrypt them? I > could keep the public key with me and have the private key on the client > machines. But I don't know of a way to have only the private key alone, > as openssl also allows extracting the public key from the private key. > More over, I'd be giving away the private key away while keeping the > public key for myself, which is ridiculous. Any ideas? Have the client send the server its public key. The server can then encrypt the file so that only the client can access it. Alternatively, you can just have the client software decrypt the file. It's hard to say because you still haven't stated any of your requirements. Either the client or the server has to encrypt the file such that the client can decrypt it. Which one and what algorithm depends on why you are trying to do this, and it's not clear why. One way would be for the client to generate a random 128-bit key and send it to the server. The server can encrypt the data using this random 128-bit key and send it to the client. The client can then write out a header including the 128-bit key (encrypted however you like) before the data received from the server. Another way would be for the file to be pre-encrypted on the server. The server can send the key to the client before it sends the file. The client can then store the key (encrypted however you like) along with the file. I suggest you find someone familiar with encryption and have a dialogue with them until a solution emerges. It's just going to take ridiculously long going back and forth this way because you don't seem to have any kind of statement of your requirements. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: A PKI in a web page
Richard Salz wrote: > I'm making available my small set of web pages and Perl script that > implement a self-service PKI built around OpenSSL. Awesome, Rich! Thanks. - M __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: send encrypted data to remote server
On Wed, Sep 9, 2009 at 6:43 PM, Scott Gifford wrote: > skar writes: > > [...] > > > You may want to consider using PGP for this, it sounds like your > scenario is exactly what it was designed for. Each client would > generate its own private and public key, then the sender would add the > public keys to its PGP keychain and encrypt and sign a message to all > of them. PGP would take care of making this work (IIRC it would > encrypt the file using a symmetric key, then include copies of the > symmetric key encrypted with each recipient's public key). > Thanks. However, I feel openssl would do the job itself. For eg, I can create a private key with: ##snip## openssl genrsa -out 1pri.pem 4096 Generating RSA private key, 4096 bit long modulus ++ ..++ e is 65537 (0x10001) # openssl rsa -in 1pri.pem -out 1pub.pem -pubout writing RSA key ##snip## Now, I can distribute the private keys to the client machines and keep the public in the server. However, it's possible to extract the public key from the private key. Which means, anyone with access to the client machine can extract the public key and can create other encrypted messages/content which can be decrypted using the private key there. * * I just want to have the private key without the public key in it. That way, I can just send the private key alone to the client machines and only I will have access to the public key. So, only I can create files that can be decrypted using the private key. Basically, it reverses the usage, the name public and private means. But it works for my requirement, provided it's possible to have a private key with no public key in it :) There's a tutorial about using the modulus/exponent directly to encrypt/decrypt over at http://www.dsm.fordham.edu/~mathai/openssl.html. So, it must definitely be possible to do it. cheers, skar.
A PKI in a web page
>From my blog, at https://www.ibm.com/developerworks/mydeveloperworks/blogs/soma/entry/a_pki_in_a_web_page10 I'm making available my small set of web pages and Perl script that implement a self-service PKI built around OpenSSL. The Perl script and config are under 250 lines and the couple of web pages involved are under 200 lines; there's also a couple of screen shots to guide someone through installing a cert on Microsoft Windows. It's all in the public domain. Enjoy. -- STSM, DataPower CTO WebSphere Appliance Architect http://www.ibm.com/software/integration/datapower/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Building library for my platform
Hi to everybody. I am a very newbie into the subject that I am going to describe you, so sorry in advance if I say something that doesn't have any sense. What I would like to do is build the library for a microprocessor (texas instrument dsp). Would this be possible? If it is, I would like to know some tips of how to achieve it, I think I would need to use in someway the compiler of my dsp instead of gcc, that's for sure. But I do not know exactly how to build all the library and how to collect all the files. Another questions that I am wondering is if I need to build the whole library or if I just may build the RSA module (which is the only thing that I need). Thanks in advance, and it hopes that this have any sense for something _ Hay tantos ordenadores como personas. ¡Descubre ahora cuál eres tú! http://www.quepceres.com/
Re: send encrypted data to remote server
skar writes: [...] > I have a file on my server which needs to reach several client machines > safely and to remain encrypted there. You may want to consider using PGP for this, it sounds like your scenario is exactly what it was designed for. Each client would generate its own private and public key, then the sender would add the public keys to its PGP keychain and encrypt and sign a message to all of them. PGP would take care of making this work (IIRC it would encrypt the file using a symmetric key, then include copies of the symmetric key encrypted with each recipient's public key). An alternative would be to use straight symmetric cryptography, where there is one secret key which is known by the server and all the clients. Then you could just encrypt the data with something like: openssl enc -aes-256-cbc and on the other end use: openssl dec -aes-256-cbc Hope this helps! -Scott. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: DecryptUpdate "Segmentation Fault"
...ok, thank you very much, I appreciate everything you said to me...I've learn a lot... I've used a source code I've found on internet, but obviously, it was a toy more than mine... :) Ah, allright, this is just a toy used to understand how works openssl and it's cypher/decypher routines, so DES is perfect...just as a lesson... Thank you so much again...you've been so helpful, not only with openssl, but also with C... ...has been passed so much since the last time I used it, but I wasn't thinking that I've lost even the most basic of programmationwell Cheers, -Spike -- View this message in context: http://www.nabble.com/DecryptUpdate-%22Segmentation-Fault%22-tp25335141p25365128.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Is openssl crypto library thread-safe?
Hi, We are planning to make use of openssl crypto library in multithreaded environment. We call OpenSSL_add_all_algorithms() before creating threads and will create BIO, EVP_KEY, SHA256 , SHA1 and RSA object in each thread and makes use of the following functions: SHA1_Init BIO_new_mem_bufEVP_PKEY_get1 RSA_size SHA1_Final BIO_free EVP_PKEY_free RSA_PKCS1_PADDING SHA1_Update BIO_write EVP_cleanup RSA_free SHA256_InitBIO_flush RSA_verify SHA256_FinalBIO_new SHA256_UpdateBIO_s_mem We found in the openssl website that "OpenSSL can safely be used in multi-threaded applications provided that at least two callback functions are set, locking_function and threadid_func." And from FAQ, its stated that "Openssl is thread safe with limitations [ SSL connections may not be used concurrently in many threads]" . So, can someone let us know that the functions mentioned above are MT safe without implementing the two callback functions. Thanks in advance, Deiva Shanmugam
Re: MAC address binding to the certificate
Just a thought. If the MAC is part of the client certifcate, why would that prevent anything? If you want to check the MAC, do that somewhere else, because if the client can see it is in the cert, it can be spoofed HTH Regards, Serge Fonville On Wed, Sep 9, 2009 at 2:32 PM, Anoop C wrote: > Hi Patrik > > Thanks for the quick response. > I totally agree on your point. Our associates often used to try others > certificate .So I want to remove that threat also by incorporating MAC > address also into the certificates apart from the existing set up. > > Often Wimax CPE vendors used to bind the MAC along with the certificate so > that ones certificate cannot be installed to another CPE. > > I want to remove the risk of certificate stealing. Of course I am usin CRL > for revoking. Still want to know any possibility of adding MAC also to > certificate > > Regards > Anoop C > Access Network Engineering > Sify Technologies Ltd. > Chennai > > Mobile: +91 - 9884015161 > Xtn:2867 > > -Original Message- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Patrick Patterson > Sent: Wednesday, September 09, 2009 5:50 PM > To: openssl-users@openssl.org > Subject: Re: MAC address binding to the certificate > > Hi there: > > Anoop C wrote: >> Hi all >> >> I am using certificates generated by openssl for authenticating the >> WiFi useres using EAP-TLS 802.1x authentication. >> I would like to add MAC address of the user machines into each user >> certificates so that the certificates used by one machine cannot be used > in >> another machine/PC. >> >> Could anyone please help how to create certificate with MAC address >> binded to it. >> > I think that you may want to revisit your assumptions here - it is > rather trivial to spoof a MAC address, so basing your security on that > is not very good. > > Besides, as long as the user has a valid certificate, why do you care > which machine they log in from? If you can't trust the holder of the > certificate to keep it safe, then you have a different set of issues > that MAC address binding will not save you from. > > Have fun. > > Patrick. > >> Regards >> Anoop >> >> >> >> Get your world in your inbox! >> >> Mail, widgets, documents, spreadsheets, organizer and much more with your > Sifymail WIYI id! >> Log on to http://www.sify.com >> >> ** DISCLAIMER ** >> Information contained and transmitted by this E-MAIL is proprietary to >> Sify Limited and is intended for use only by the individual or entity to >> which it is addressed, and may contain information that is privileged, >> confidential or exempt from disclosure under applicable law. If this is a >> forwarded message, the content of this E-MAIL may not have been sent with >> the authority of the Company. If you are not the intended recipient, an >> agent of the intended recipient or a person responsible for delivering > the >> information to the named recipient, you are notified that any use, >> distribution, transmission, printing, copying or dissemination of this >> information in any way or in any manner is strictly prohibited. If you > have >> received this communication in error, please delete this mail & notify us >> immediately at ad...@sifycorp.com >> __ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-us...@openssl.org >> Automated List Manager majord...@openssl.org > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 8.5.409 / Virus Database: 270.13.83/2353 - Release Date: 09/08/09 > 20:45:00 > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: MAC address binding to the certificate
Hi Patrik Thanks for the quick response. I totally agree on your point. Our associates often used to try others certificate .So I want to remove that threat also by incorporating MAC address also into the certificates apart from the existing set up. Often Wimax CPE vendors used to bind the MAC along with the certificate so that ones certificate cannot be installed to another CPE. I want to remove the risk of certificate stealing. Of course I am usin CRL for revoking. Still want to know any possibility of adding MAC also to certificate Regards Anoop C Access Network Engineering Sify Technologies Ltd. Chennai Mobile: +91 - 9884015161 Xtn:2867 -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Patrick Patterson Sent: Wednesday, September 09, 2009 5:50 PM To: openssl-users@openssl.org Subject: Re: MAC address binding to the certificate Hi there: Anoop C wrote: > Hi all > > I am using certificates generated by openssl for authenticating the > WiFi useres using EAP-TLS 802.1x authentication. > I would like to add MAC address of the user machines into each user > certificates so that the certificates used by one machine cannot be used in > another machine/PC. > > Could anyone please help how to create certificate with MAC address > binded to it. > I think that you may want to revisit your assumptions here - it is rather trivial to spoof a MAC address, so basing your security on that is not very good. Besides, as long as the user has a valid certificate, why do you care which machine they log in from? If you can't trust the holder of the certificate to keep it safe, then you have a different set of issues that MAC address binding will not save you from. Have fun. Patrick. > Regards > Anoop > > > > Get your world in your inbox! > > Mail, widgets, documents, spreadsheets, organizer and much more with your Sifymail WIYI id! > Log on to http://www.sify.com > > ** DISCLAIMER ** > Information contained and transmitted by this E-MAIL is proprietary to > Sify Limited and is intended for use only by the individual or entity to > which it is addressed, and may contain information that is privileged, > confidential or exempt from disclosure under applicable law. If this is a > forwarded message, the content of this E-MAIL may not have been sent with > the authority of the Company. If you are not the intended recipient, an > agent of the intended recipient or a person responsible for delivering the > information to the named recipient, you are notified that any use, > distribution, transmission, printing, copying or dissemination of this > information in any way or in any manner is strictly prohibited. If you have > received this communication in error, please delete this mail & notify us > immediately at ad...@sifycorp.com > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.409 / Virus Database: 270.13.83/2353 - Release Date: 09/08/09 20:45:00 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: MAC address binding to the certificate
Hi there: Anoop C wrote: > Hi all > > I am using certificates generated by openssl for authenticating the > WiFi useres using EAP-TLS 802.1x authentication. > I would like to add MAC address of the user machines into each user > certificates so that the certificates used by one machine cannot be used in > another machine/PC. > > Could anyone please help how to create certificate with MAC address > binded to it. > I think that you may want to revisit your assumptions here - it is rather trivial to spoof a MAC address, so basing your security on that is not very good. Besides, as long as the user has a valid certificate, why do you care which machine they log in from? If you can't trust the holder of the certificate to keep it safe, then you have a different set of issues that MAC address binding will not save you from. Have fun. Patrick. > Regards > Anoop > > > > Get your world in your inbox! > > Mail, widgets, documents, spreadsheets, organizer and much more with your > Sifymail WIYI id! > Log on to http://www.sify.com > > ** DISCLAIMER ** > Information contained and transmitted by this E-MAIL is proprietary to > Sify Limited and is intended for use only by the individual or entity to > which it is addressed, and may contain information that is privileged, > confidential or exempt from disclosure under applicable law. If this is a > forwarded message, the content of this E-MAIL may not have been sent with > the authority of the Company. If you are not the intended recipient, an > agent of the intended recipient or a person responsible for delivering the > information to the named recipient, you are notified that any use, > distribution, transmission, printing, copying or dissemination of this > information in any way or in any manner is strictly prohibited. If you have > received this communication in error, please delete this mail & notify us > immediately at ad...@sifycorp.com > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
error 40 at 0 depth lookup:proxy certificates not allowed
Hi, I am trying to install OpenSSL 0.9.8k on Solaris 8. I'm a newbie with OpenSSL. When running 'make test' an error is detected : see below : "error 40 at 0 depth lookup:proxy certificates not allowed, please set the appropriate flag" Does anybody know how to correct ? Thanks a lot Bye. Didier > part of the 'make test' output make a proxy certificate request using 'req' sign proxy certificate request with the just created user certificate via 'x509' certP1.ss: /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 error 40 at 0 depth lookup:proxy certificates not allowed, please set the appropriate flag Certificate details subject= /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 issuer= /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 notBefore=Sep 8 13:04:14 2009 GMT notAfter=Oct 8 13:04:14 2009 GMT make another proxy certificate request using 'req' sign second proxy certificate request with the first proxy certificate via 'x509' certP2.ss: /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 error 40 at 0 depth lookup:proxy certificates not allowed, please set the appropriate flag Certificate details subject= /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy 2 issuer= /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 notBefore=Sep 8 13:04:15 2009 GMT notAfter=Oct 8 13:04:15 2009 GMT
Real-time synchronized multi-node SSI
Hi, I've been googling for a while now and have read alle the fora and wiki I can found and there are still a couple of things I can not quite get clear. I'm looking for an SSI solution (I think) that runs everything on every node in parallel. So any command issued on the SSI is in the bacground done on all machines. So basically everything is handled by all machines (which sucks performance wise, again I think) My machines are specced more than enough for the expected load The only thing different on the machines (currently two) would possibly be a load balancer (due to the type of switch and the resulting ARP requests) I do not want MAC flooding on my switch ;-) Every node has a bonded interface for synchronization and heartbeats and a serial for failback hearteats With total of 4 NICs All disks are RAID1 I was thinking about (possibly) using DRBD for storage, but that might also complicate things The services I intend to provide: DNS (named) SMTP (postfix) IMAP (not sure Database (postgresql) LDAPv3Howto required software (http://www.bayour.com/LDAPv3-HOWTO.html) Proxy (squid) Monitoring (nagios) Backup (Amanda?) HTTP(S) (Apache/PHP/Dav) Firewalling (iptables) Is this at all possible? (using OpenSSI) Thanks a lot in advance Regards, Serge Fonville __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: send encrypted data to remote server
David Schwartz wrote: > You're really not doing a good job of stating your requirements. But, again, > it sounds like SSL does exactly what you want. > > > You are not using a valuable resource though as we've gone several emails > now and you're still telling us about new requirements that totally change > the picture. > Sorry for being vague. And thanks for the pointers so far :) I'll try to be more clear now. My requirement is this: I have a file on my server which needs to reach several client machines safely and to remain encrypted there. My s/w on those machines should be able to decrypt the file and use the contents of the file, but it shouldn't be easy to anyone else to decrypt the file or generate similar encrypted files which fool my app on the client machines. I understand that I need to use SSL/TLS sessions to send the file over. I can even use off the shelf HTTP/IMAP/SMTP etc with SSL/TLS for that. Now the remaining part is, how do I encrypt a file on my machine, so that only the client machines with the right key can decrypt them? I could keep the public key with me and have the private key on the client machines. But I don't know of a way to have only the private key alone, as openssl also allows extracting the public key from the private key. More over, I'd be giving away the private key away while keeping the public key for myself, which is ridiculous. Any ideas? cheers, skar. -- -- The life so short, the craft so long to learn. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
MAC address binding to the certificate
Hi all I am using certificates generated by openssl for authenticating the WiFi useres using EAP-TLS 802.1x authentication. I would like to add MAC address of the user machines into each user certificates so that the certificates used by one machine cannot be used in another machine/PC. Could anyone please help how to create certificate with MAC address binded to it. Regards Anoop Get your world in your inbox! Mail, widgets, documents, spreadsheets, organizer and much more with your Sifymail WIYI id! Log on to http://www.sify.com ** DISCLAIMER ** Information contained and transmitted by this E-MAIL is proprietary to Sify Limited and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If this is a forwarded message, the content of this E-MAIL may not have been sent with the authority of the Company. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the named recipient, you are notified that any use, distribution, transmission, printing, copying or dissemination of this information in any way or in any manner is strictly prohibited. If you have received this communication in error, please delete this mail & notify us immediately at ad...@sifycorp.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: send encrypted data to remote server
skar wrote: > Thanks David and Dave :) So signing is the reverse of what I need. > I need to encrypt. In that case, I need to have only the private key > on the other side and have the public key with me to encrypt the data. You're really not doing a good job of stating your requirements. But, again, it sounds like SSL does exactly what you want. > Is that possible? I can't use SSL/TLS alone, as I also want the data > to stay encrypted on the other side and be decrypted only when needed. So encrypt it before you send it over the SSL/TLS link. Use SSL/TLS to authenticate the end that's not originating the connection and to protect the data in transport. Use anything else you like to permit the data to stay encrypted on the other end -- what method is most appropriate for that depends on your requirements, when you haven't stated. (Who is supposed to be able to decrypt it and when? Is the key used to decrypt it a secret from the server? Must data from different sessions use the same key?) > Any good material that I can read to learn more on this? Not really. It's a skill and not really something you can read and pick up very well. The best bet may be this: 1) The client knows the server's public key (or a CA that signs the server's certificate). 2) The client connects to the server, establishes a TLS link, and verifies the public key. 3) You now have a secure TLS link between the server and the client, and the client knows it is talking to the server and only the server can decrypt the data. (The server has no idea who it is talking to yet.) 4) The client sends some kind of credentials to the server, so the server knows that it is talking to an authorized client. (This can even be a user name and password. Or the client can have a certificate. It depends.) 5) The client sends the server its public key over the SSL link. 6) The server then encrypts data with the client's public key and sends it over the SSL link. The data can then be encrypted with the client's private key whenever needed. You are not using a valuable resource though as we've gone several emails now and you're still telling us about new requirements that totally change the picture. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RSA OAEP encrypt with a label
Hi all, How is it possible to RSA OAEP encrypt using a label in addition to the public encryption key and the message width libcrypto? The operation would be that of RSAES-OAEP-ENCRYPT((n, e), M, L), as specified in the RSA Cryptography Standard version 2.1. I do not find any possibility to add the label to the RSA_public_encrypt() function, but it could perhaps be achieved otherwise? - Einar __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
