RE: OpenSSL PKCS #7 supports AES SHA-2 ?

2006-10-13 Thread Tolga Acar
Read RFC4055 for RSA with various hashes, OAEP, and PSS combinations.

- Tolga

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of Alex Alten
 Sent: Tuesday, October 10, 2006 9:47 AM
 To: Russ Housley; cryptography@metzdowd.com
 Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; 
 [EMAIL PROTECTED]; [EMAIL PROTECTED]; 
 [EMAIL PROTECTED]; [EMAIL PROTECTED]; 
 [EMAIL PROTECTED]
 Subject: Re: OpenSSL PKCS #7 supports AES  SHA-2 ?
 
 Russ,
 
 OK.  I found SHA-2 in RFC 4634 (only 3 months old), which 
 refers back to FIPS 180-2.
 
 But I reach a dead-end with PKCS #7 (now RFC 3852).  There's 
 no support for
 SHA-2
 algorithm types (RFC 3279). Also PKCS #1 (now RFC 3447) needs 
 an update for
 SHA-2 with RSA encryption (OIDs, etc.).
 
 Did I miss something or do you need help in updating these, 
 since I, and probably others too, need them?
 
 - Alex
 
 
 At 01:19 PM 10/9/2006 -0400, Russ Housley wrote:
 PKCS#7 has been turned over to the IETF for maintenance.  The most 
 recent version is RFC 3852.  Since the protocol is more 
 stable than the 
 cryptographic algorithms, the algorithm discussion appear in 
 separate RFCs.
 
 TLS 1.2 is under development in the IETF.  It is being done 
 in such a 
 way that none of the ciphersuites that have already been 
 defined need 
 to be updated, including the ones that use AES and the SHA-2 family.
 
 Russ
 
 
 At 01:28 AM 10/7/2006, Alex Alten wrote:
 After reading PKCS #1 v2 more closely and SHA-2 is not even in the 
 specs, therefore OpenSSL PKCS #7 functions won't support 
 SHA-2.  This 
 spec was last updated in 1998.
 
 PKCS Editor, is there a new update in progress by RSA Labs to 
 incorporate
 SHA-2 and AES?
 
 Does OpenSSL implement PKCS #1 v2 or just v1.5?  If the latter then 
 not even
 SHA-1 is supported.
 
 PKCS editor, is there any timeline as to when PKCS #7 will then be 
 updated with references to official OIDs, etc., for 
 specifying SHA-2 and AES?
 
 Dr. Ron Rivest, are you going to publish new message-digest 
 IETF RFCs 
 for
 SHA-1
 and SHA-2?  (So that they can be referenced by an updated PKCS #7.)
 
 Mr. Russ Housley, can you weigh in with what happening in 
 the IETF WG 
 security area?  I know that Mr. Eric Rescorla is working on 
 a new TLS 
 v1.2 draft.  Will this be done/ratified soon?  I assume 
 OpenSSL will 
 incorporate this soon thereafter?
 
 This mess with the MD5 and SHA-1 hashes is really starting 
 to becoming 
 a problem.
 It's certainly impacting new development projects/products I'm 
 involved with using SSL and PKI certificates.  My customers are 
 concerned about using MD5 and SHA-1, and they don't want to keep 
 paying for implementations repeatedly as the standards catch up to 
 reality.  Updating these various heavily used standards quickly is 
 quite important.
 
 Sincerely (and thanks in advance for all of your replies),
 
 - Alex
 
 
 At 09:05 AM 10/6/2006 -0700, Alex Alten wrote:
 Does anyone know if the OpenSSL PKCS #7 functions support 
 AES and SHA-2?
 (I assuming OpenSSL 0.9.7 or later.)
 
 Thanks,
 
 - Alex
 
 --
 
 Alex Alten
 Alten Security Engineering, Inc.
 [EMAIL PROTECTED]
 
 
 
 
 -
 The Cryptography Mailing List
 Unsubscribe by sending unsubscribe cryptography to 
 [EMAIL PROTECTED]
 


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: OpenSSL PKCS #7 supports AES SHA-2 ?

2006-10-12 Thread Alex Alten

Russ,

OK.  I found SHA-2 in RFC 4634 (only 3 months old), which refers back to 
FIPS 180-2.


But I reach a dead-end with PKCS #7 (now RFC 3852).  There's no support for 
SHA-2

algorithm types (RFC 3279). Also PKCS #1 (now RFC 3447) needs an update for
SHA-2 with RSA encryption (OIDs, etc.).

Did I miss something or do you need help in updating these, since I, and 
probably

others too, need them?

- Alex


At 01:19 PM 10/9/2006 -0400, Russ Housley wrote:
PKCS#7 has been turned over to the IETF for maintenance.  The most recent 
version is RFC 3852.  Since the protocol is more stable than the 
cryptographic algorithms, the algorithm discussion appear in separate RFCs.


TLS 1.2 is under development in the IETF.  It is being done in such a way 
that none of the ciphersuites that have already been defined need to be 
updated, including the ones that use AES and the SHA-2 family.


Russ


At 01:28 AM 10/7/2006, Alex Alten wrote:

After reading PKCS #1 v2 more closely and SHA-2 is not even in the specs,
therefore OpenSSL PKCS #7 functions won't support SHA-2.  This spec was
last updated in 1998.

PKCS Editor, is there a new update in progress by RSA Labs to incorporate
SHA-2 and AES?

Does OpenSSL implement PKCS #1 v2 or just v1.5?  If the latter then not even
SHA-1 is supported.

PKCS editor, is there any timeline as to when PKCS #7 will then be updated
with references to official OIDs, etc., for specifying SHA-2 and AES?

Dr. Ron Rivest, are you going to publish new message-digest IETF RFCs for 
SHA-1

and SHA-2?  (So that they can be referenced by an updated PKCS #7.)

Mr. Russ Housley, can you weigh in with what happening in the IETF WG 
security
area?  I know that Mr. Eric Rescorla is working on a new TLS v1.2 
draft.  Will this
be done/ratified soon?  I assume OpenSSL will incorporate this soon 
thereafter?


This mess with the MD5 and SHA-1 hashes is really starting to becoming a 
problem.
It's certainly impacting new development projects/products I'm involved 
with using

SSL and PKI certificates.  My customers are concerned about using MD5 and
SHA-1, and they don't want to keep paying for implementations repeatedly 
as the

standards catch up to reality.  Updating these various heavily used standards
quickly is quite important.

Sincerely (and thanks in advance for all of your replies),

- Alex


At 09:05 AM 10/6/2006 -0700, Alex Alten wrote:

Does anyone know if the OpenSSL PKCS #7 functions support AES and SHA-2?
(I assuming OpenSSL 0.9.7 or later.)

Thanks,

- Alex


--

Alex Alten
Alten Security Engineering, Inc.
[EMAIL PROTECTED]




-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: OpenSSL PKCS #7 supports AES SHA-2 ?

2006-10-12 Thread Whyte, William
PKCS#7 has been superseded by the IETF's Cryptographic Message Syntax, CMS.
You should check within the S/MIME working group for updates.

William 

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of Alex Alten
 Sent: Saturday, October 07, 2006 12:29 AM
 To: cryptography@metzdowd.com
 Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; 
 [EMAIL PROTECTED]; [EMAIL PROTECTED]; 
 [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; 
 [EMAIL PROTECTED]; [EMAIL PROTECTED]
 Subject: Re: OpenSSL PKCS #7 supports AES  SHA-2 ?
 
 After reading PKCS #1 v2 more closely and SHA-2 is not even 
 in the specs,
 therefore OpenSSL PKCS #7 functions won't support SHA-2.  
 This spec was
 last updated in 1998.
 
 PKCS Editor, is there a new update in progress by RSA Labs to 
 incorporate
 SHA-2 and AES?
 
 Does OpenSSL implement PKCS #1 v2 or just v1.5?  If the 
 latter then not even
 SHA-1 is supported.
 
 PKCS editor, is there any timeline as to when PKCS #7 will 
 then be updated
 with references to official OIDs, etc., for specifying SHA-2 and AES?
 
 Dr. Ron Rivest, are you going to publish new message-digest 
 IETF RFCs for 
 SHA-1
 and SHA-2?  (So that they can be referenced by an updated PKCS #7.)
 
 Mr. Russ Housley, can you weigh in with what happening in the 
 IETF WG security
 area?  I know that Mr. Eric Rescorla is working on a new TLS v1.2 
 draft.  Will this
 be done/ratified soon?  I assume OpenSSL will incorporate 
 this soon thereafter?
 
 This mess with the MD5 and SHA-1 hashes is really starting to 
 becoming a 
 problem.
 It's certainly impacting new development projects/products 
 I'm involved 
 with using
 SSL and PKI certificates.  My customers are concerned about 
 using MD5 and
 SHA-1, and they don't want to keep paying for implementations 
 repeatedly as 
 the
 standards catch up to reality.  Updating these various 
 heavily used standards
 quickly is quite important.
 
 Sincerely (and thanks in advance for all of your replies),
 
 - Alex
 
 
 At 09:05 AM 10/6/2006 -0700, Alex Alten wrote:
 Does anyone know if the OpenSSL PKCS #7 functions support 
 AES and SHA-2?
 (I assuming OpenSSL 0.9.7 or later.)
 
 Thanks,
 
 - Alex
 
 
 -
 The Cryptography Mailing List
 Unsubscribe by sending unsubscribe cryptography to 
 [EMAIL PROTECTED]
 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: OpenSSL PKCS #7 supports AES SHA-2 ?

2006-10-08 Thread Alex Alten

After reading PKCS #1 v2 more closely and SHA-2 is not even in the specs,
therefore OpenSSL PKCS #7 functions won't support SHA-2.  This spec was
last updated in 1998.

PKCS Editor, is there a new update in progress by RSA Labs to incorporate
SHA-2 and AES?

Does OpenSSL implement PKCS #1 v2 or just v1.5?  If the latter then not even
SHA-1 is supported.

PKCS editor, is there any timeline as to when PKCS #7 will then be updated
with references to official OIDs, etc., for specifying SHA-2 and AES?

Dr. Ron Rivest, are you going to publish new message-digest IETF RFCs for 
SHA-1

and SHA-2?  (So that they can be referenced by an updated PKCS #7.)

Mr. Russ Housley, can you weigh in with what happening in the IETF WG security
area?  I know that Mr. Eric Rescorla is working on a new TLS v1.2 
draft.  Will this

be done/ratified soon?  I assume OpenSSL will incorporate this soon thereafter?

This mess with the MD5 and SHA-1 hashes is really starting to becoming a 
problem.
It's certainly impacting new development projects/products I'm involved 
with using

SSL and PKI certificates.  My customers are concerned about using MD5 and
SHA-1, and they don't want to keep paying for implementations repeatedly as 
the

standards catch up to reality.  Updating these various heavily used standards
quickly is quite important.

Sincerely (and thanks in advance for all of your replies),

- Alex


At 09:05 AM 10/6/2006 -0700, Alex Alten wrote:

Does anyone know if the OpenSSL PKCS #7 functions support AES and SHA-2?
(I assuming OpenSSL 0.9.7 or later.)

Thanks,

- Alex



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]