Hi And if the Modulud and exponent are in a textfile, in format modulusexponent ?Thanks Marek Marcola [EMAIL PROTECTED] wrote: Hello, I just want to find out if there is a function in openssl c++ libraries that can be used to create a public key object from a modulus and public exponent. I
Bhupendra Joshi wrote:
http://en.wikipedia.org/wiki/Privacy-enhanced_Electronic_Mail
On 8/1/06, *Bo Xie* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
I know openSSL supports .pem format. But what does PEM mean?
Persoanl Encrypto Management?
Thanks!
Best Regards,
Hello Hugo,
Thursday, August 10, 2006, 12:55:09 PM, you wrote:
Privacy Enhanced Mail
This is a base64 encoded format, for mailing, or other purposes...
And what is DER then?
Thank you in advance.
--
Best regards,
Tony mailto:[EMAIL PROTECTED]
On Thu, Aug 10, 2006, ??? ?? wrote:
And what is DER then?
Distinguished Encoding Rules. That's a set of rules which determine how ASN1
data is encoded such that each structure can only have one unique encoding
(hence the distinguished).
Steve.
--
Dr Stephen N. Henson. Email, S/MIME
On Wed, Aug 09, 2006, James Richard van den Berg wrote:
Hi
And if the Modulud and exponent are in a textfile, in format
modulusexponent ?
There isn't a function to do that directly though functions exist to convert
hex or decimal strings to a BIGNUM which can be used.
It is possible
Hello,
I recently read, that it is possible the have more than one ssl-host per
ip-address. This shall be possible with two special requirements:
- all ssl-hosts share the same key
- all certs for the hosts are bundled within one file
For the letter requirement I think it doesn't only have to
I merged some certs which were in PEM format just by putting them
together in the editor.
The openssl ocsp command has a param -CAfile fname where fname needs
the entire cert chain
back to the root. I did it in Notepad and it worked fine.
I haven't tried it with .DER format.
-Original
Ty che, prikalyvaeshsia?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of генерал Пурпоз
Sent: Thursday, August 10, 2006 2:44 PM
To: Hugo de Paix de Coeur
Subject: Re[2]: What does PEM mean?
Hello Hugo,
Thursday, August 10, 2006, 12:55:09
Hello,
I merged some certs which were in PEM format just by putting them
together in the editor.
so merging is really just the step of putting several certs like this in
one file?
-BEGIN CERTIFICATE-
[...]
-END CERTIFICATE-
-BEGIN CERTIFICATE-
[...]
-END
That part I can't help you with. Sorry.
However I did just merge them as you describe.
Good luck.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marten Lehmann
Sent: Thursday, August 10, 2006 3:31 PM
To: openssl-users@openssl.org
Subject: Re: merging
Thanks for helping me with forced external RSA keys.
Now I've dissected the example MiniCert and found where the user's
public key is stored. User's key is 512 bits.
I did a testing utility that takes both keys (the example
documentation provides the user's private key as well) and tryes to
On Thu, Aug 10, 2006, ?? wrote:
So, the remaining part of MiniCert must be the signature - exactly 128
bytes, which corresponds to the CA's key of 1024 bits.
Currently I'm stuck on guessing the algorithm they could use to obtain
that signature. I did try md5, sha1
PKI newbie in need of help.
When I sign a SSL cert with my CA, the certification path only lists the
web server. Not my SubCA or the Windows Root CA.
I am trying to stand up a SubCa under a Windows Certificate Authority
and I am having issues getting the Chain of Authority correct. I have
Hi Stewart,
Not sure if I have you right here but I came across a similar problem
when I was trying
to generate OCSP responses.
Firstly I assume you have this man page :
http://www.openssl.org/docs/apps/openssl.html
Some commands have a parameter -CAfile fname
This fname should have the full
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marten Lehmann schrieb:
Hello,
Hello Marten,
I recently read, that it is possible the have more than one ssl-host per
ip-address. This shall be possible with two special requirements:
- all ssl-hosts share the same key
- all certs for the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] schrieb:
PKI newbie in need of help.
Hello Steward,
When I sign a SSL cert with my CA, the certification path only lists the
web server. Not my SubCA or the Windows Root CA.
???
Which certification path do you mean ?
The
Are there any major advantages to using a third party packaged CA over
openssl's CA? The CA from openssl seems more than adequate for most uses. A
concern I am hearing is developing an interface to openssl CA would be time
consuming and might have security issues. Is this a valid concern or
This error is indicative that there is no error. You have simplyread the error buffer one more time than you should have. There is absolutely nothing wrong with your application state if you see this reported. In my experience it wont cause any application problems if you check the error queue
Hi Andrew,
Its pretty much the typical argument of commercial software vs. open
source. There are a few open source PKI initiatives underway. I
haven't really followed them in the last couple of years, but this is a
decent resource to read about them: http://ospkibook.sourceforge.net/
If your
I have a client that masquerades as different virtual
clients and thus needs to present a different certificate
to a server based on some internal policy.
For instance, consider a client that hosts two virtual
domains: foo.com and bar.com. When initiating requests
from a user in foo.com domain,
Does anyone know how to externally check what version of
OpenSSL is running a server? I mean without connecting to the server via the
shell but perhaps by a browser and checking the headers?
Mark T. Pearson
Assistant Manager of Web
Administration
UFT Welfare Fund
52 Broadway, 8th
You can't reuse a socket for a TCP connection, but you certainly can reuse the same TCP socket for an arbitrary number ofSSL connections as long as you don't compromise the TCP connection while you're doing it. I suspect that is the intention here and from the sounds of things (if all he is
Hey,
I'm on a CentOS 4.3 Linux system, and ssh-keygen is occasionally
crashing. The backtrace from the coredump shows that it's in openssl.
Core was generated by `/usr/bin/ssh-keygen -l -f /etc/ssh/ssh_host_key.pub'.
Program terminated with signal 11, Segmentation fault.
(no debugging symbols
Does anyone know how to externally check what version of
OpenSSL is running a server? I mean without connecting to the server via
the shell but perhaps by a browser and checking the headers?
Mark T. Pearson
Assistant Manager of Web
Administration
UFT Welfare Fund
52 Broadway, 8th
Hello,
Does anyone know how to externally check what version of OpenSSL is
running a server? I mean without connecting to the server via the
shell but perhaps by a browser and checking the headers?
If we are talking about HTTP servers then sometimes this
information MAY be available in Server:
I would probably consider the publishing of the openssl version on the web
server announcment message as a security issue.
Randy
-Original Message-
From: [EMAIL PROTECTED] on behalf of Marek Marcola
Sent: Thu 8/10/2006 2:45 PM
To: openssl-users@openssl.org
Subject: Re: CHecking the
Randy Turner wrote:
I would probably consider the publishing of the openssl version on the web
server announcment message as a security issue.
And some of us would laugh in your general direction ;-)
Exploiters don't need to know, they can just persist till they find
a known exploit.
Yes, nefarious types would eventually figure it out, but we probably shouldn't
lay out the red carpet for them either...:)
R.
-Original Message-
From: [EMAIL PROTECTED] on behalf of William A. Rowe, Jr.
Sent: Thu 8/10/2006 3:44 PM
To: openssl-users@openssl.org
Subject: Re: CHecking
On Wed, Aug 09, 2006, Carlo Agopian wrote:
Hello,
Has anybody seen the following runtime error message before?
error::lib(0):func(0):reason(0)
Yes. It normally means no error has been placed on the queue and the the
application wrongly thinks it has and can print it out..
I'm not entirely certain what you're asking here. Usually, clients
have a list of CAs that they trust, and a list of personal
certificates to which they have the private keys. If a server
requests a certificate and gives a certain CA, the client can
automatically send the certificate they have
--- Michael P. Soulier [EMAIL PROTECTED]
wrote:
Hey,
I'm on a CentOS 4.3 Linux system, and ssh-keygen is
occasionally
crashing. The backtrace from the coredump shows that
it's in openssl.
Core was generated by `/usr/bin/ssh-keygen -l -f
/etc/ssh/ssh_host_key.pub'.
Program terminated
31 matches
Mail list logo