RE: OpenSSL PKCS #7 supports AES SHA-2 ?

2006-10-13 Thread Tolga Acar
Read RFC4055 for RSA with various hashes, OAEP, and PSS combinations. - Tolga -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Alten Sent: Tuesday, October 10, 2006 9:47 AM To: Russ Housley; cryptography@metzdowd.com Cc: [EMAIL PROTECTED];

RE: Exponent 3 damage spreads...

2006-09-21 Thread Tolga Acar
Anton, Here is what I compute in Maple. I wonder if you are running into an old BC bug. I don't remember the details, but bc had a bug some 10 years or so ago with big numbers. with(numtheory): s:=convert(`00D3CDA91B578B6DF29AEB140272BD9198759F79FA10DC410B5D10362048AC7A

RE: Real World Exploit for Bleichenbachers Attack on SSL fromCrypto'06 working

2006-09-15 Thread Tolga Acar
You need to have one zero octet after bunch of FFs and before DER encoded has blob in order to have a proper PKCS#1v1.5 signature encoding. Based on what you say below, I used this cert and my key to sign an end-entity certificate which I used to set up an webserver, it appears that

RE: RSA Implementation in C language

2004-12-01 Thread Tolga Acar
Try Intel's open-sourced CDSA, available at SourceForge. - Tolga -Original Message- From: [EMAIL PROTECTED] [mailto:owner- [EMAIL PROTECTED] On Behalf Of Trei, Peter Sent: Tuesday, November 30, 2004 7:16 To: Sandeep N; [EMAIL PROTECTED] Subject: RE: RSA Implementation in C language

Re: OpenSSL *source* to get FIPS 140-2 Level 1 certification

2003-09-08 Thread Tolga Acar
On a second thought, that there is no key management algorithm certified, how would one set up a SSL connection in FIPS mode? It seems to me that, it is not possible to have a FIPS 140 certified SSL/TLS session using the OpenSSL's certification. - Tolga

Re: OpenSSL *source* to get FIPS 140-2 Level 1 certification

2003-09-06 Thread Tolga Acar
Joshua Hill wrote: On Fri, Sep 05, 2003 at 04:05:07PM -0400, Rich Salz wrote: It is the first *source code* certification. The ability to do this runs counter to my understanding of FIPS 140-2. . and to experiences with the previous FIPS 140-1 certifications I was involved in, including