On 05/15/2014 05:11 PM, Stephen Henson via RT wrote:
On Thu May 15 16:54:47 2014, jens.hiller.c...@hotmail.de wrote:
Hi,
I was testing aes ccm encryption when I stumbled over a segmentation
fault.
I was able to reproduce this error using code from the openssl demos.
I started with
Hi,
The man page for the smime utility documents this about the symmetric
cipher selection:
If not specified 40 bit RC2 is used. Only used with -encrypt.
This policy is implemented at line 545 of apps/smime.c as of openssl-1.0.1g.
This algorithmic default is unreasonable today.
Hi,
Currently, openssl creates private RSA keys with the default
permissions:
leon@lagrange /tmp % openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
leon@lagrange /tmp % openssl genrsa -out foobar.key
Generating RSA private key, 1024 bit long modulus
...++
...++
e is 65537
Stephen, Hanno, thank you for your comments. Your answers guided us to find a
solution (however, it wasn't possible to post the certificate here).
We solved it finally using Microsoft's Crypto API. It was a further hint,
that CertUtil can read such RSA-PSS certificates. Instead of using
Reading at previous post of Mr. Seth Schoen about using 40 bits RC2 for
the smime utility, it comes to my mind that PKCS12_create() also default
to RC2, even when OpenSSl is compile with -no-rc2 command line option.
I do not know what is the best solution, but I am guessing it is not as
i'm just forwarding this followup message to the relevant bug report so
that it stays tracked with it.
--dkg
Reading at previous post of Mr. Seth Schoen about using 40 bits RC2 for
the smime utility, it comes to my mind that PKCS12_create() also default
to RC2, even when OpenSSl is
Hello.
We found bug in openssl CA certificate loading. This important bug for us in
Estonia ( http://id.ee/?lang=en http://id.ee/?lang=enid id= ) because we
use openssl as base library in digital signature verification. In digital
signature world it is normal that you want to verify signatures