Hi,
Based on information and suggestions you have given me, I came at the
problem from a different direction. Instead of trying to verify the
signature, I tried using out private key to sign the original data. After a
couple of hours, I suceeded in getting the same signature as was supplied
The ChangeLog entry:
Version 4.28, 2009.11.08, urgency: MEDIUM:
* New features
- Win32 DLLs for OpenSSL 0.9.8l.
- Transparent proxy support on Linux kernels =2.6.28.
See the manual for details.
- New socket options to control TCP keepalive on Linux:
TCP_KEEPCNT, TCP_KEEPIDLE,
Hello people,
since all of you seem quite familiary with criptography and its tools I
would like to ask u something.
I'm implementing a server/client application: the client has to collect data
and send them to the server in a frame format (unidirectional connection).
In any frame, I added a
Hello,
we use PKCS#7 signature format; please see attachement of my initial
mail (there are signing certificate, signature, signed data and issuer
certificate) - http://marc.info/?l=openssl-usersm=125751029707705w=1
(attachment.zip).
There are calling openssl for signature ano
On Mon, Nov 09, 2009, Bene? Vladimr wrote:
I'am afraid we cann't call no modified openssl by command line for
verification signature with purpose verification certificate if
certificate includes both X509v3 Key Usage and X509v3 Extended Key
Usage.
JongAm Park wrote:
Hello, I am just a beginner at using OpenSSL library.
I write in C/C++ and Objective-C. After looking up the OpenSSL web
site, I found out that there was no document for studying how to use it.
Is there any good source like sample codes, tutorial and so on?
Hi Kirk,
I'm pretty sure that the weakness of all the mechanism is the key-length and
I'd like to avoid the brute force attack or the worst birthday attack...so
here's my questions.
There's no need to find collisions on the hash. The key is the weak
point. Your attacker will factor N, change
Jeffrey Walton-3 wrote:
1. For how many days can I use a 512-bit key?
0
Does a individual hackers have the NASA's PC? lol, I mean I'm looking about
the integer factorization problem and, from a SW point of view, I think only
a comunity of PCs can solve the problem in few time (less than
It was a mistake.
Any help on the actual issue?
- Original Message -
From: Michael S. Zick open...@morethan.org
To: openssl-users@openssl.org
Sent: Sunday, November 8, 2009 5:51:45 AM GMT -07:00 US/Canada Mountain
Subject: Re: Linking and execution problems with a FIPS-capable OpenSSL
Kirk81 wrote:
Does a individual hackers have the NASA's PC?
assume they can have clusters of 100s/1000s of computers at their
bidding (aka 'botnets' of trojan-infected PC's scattered around the world.)
__
OpenSSL Project
Another mistake I made was specifying FIPSLD_CC=gcc instead of FIPSLD_CC=g++.
Now, when I link, I get the following error:
/usr/local/src/openssl-fips-1.2/fips/fipsld -Wl,-O3 -D_REENTRANT
-DACE_HAS_AIO_CALLS -D_GNU_SOURCE
-I/home/linuxbuild/ntsdev/3rdParty/ACE_wrappers$
Hi Kirk,
I've already implemented the ECDSA scheme in my application:
using SHA-1 and secp160k1.
In that case, consider using ECDSA.
I'm pretty faster on the signer's side, but i'm actually
much slower on the verification side.
Compare apples to apples: use an appropriate RSA moduli. Since
From: owner-openssl-us...@openssl.org On Behalf Of dutchman1
Sent: Friday, 06 November, 2009 09:11
thanks for your reply. The cert was located on a hardware
device and I'm
trying to write it to file through C code so something might
be lost in
translation. I've attached the cert to the
On Mon, Nov 09, 2009, Daugherty wrote:
Another mistake I made was specifying FIPSLD_CC=gcc instead of FIPSLD_CC=g++.
Now, when I link, I get the following error:
/usr/local/src/openssl-fips-1.2/fips/fipsld -Wl,-O3 -D_REENTRANT
-DACE_HAS_AIO_CALLS -D_GNU_SOURCE
Mounir IDRASSI wrote in message
To my knowledge, SSLV2, SSLV3 and TLS1.0 all use PKCS#1 Block Type 2
padding.
Are you sure about this? I'm writing a server and I occasionally get the
error I reported; however, if what you are saying is true, the error may be
indicative of another problem.
Michael S. Zick wrote in message
The padding is added to the **plain text**
After decryption, the server can determine the padding present.
I'm writing a server and I usually just call RSA_private_decrypt(...,
RSA_PKCS1_PADDING). Everything works fine most of the time but sometimes I
get
On Mon, Nov 09, 2009, barcaroller wrote:
Mounir IDRASSI wrote in message
To my knowledge, SSLV2, SSLV3 and TLS1.0 all use PKCS#1 Block Type 2
padding.
Are you sure about this? I'm writing a server and I occasionally get the
error I reported; however, if what you are saying is
Hi,
Take a look at function get_client_master_key in the file s2_srv.c, and
specifically at the line where a call to ssl_rsa_private_decrypt is made
: in it, the decision to use RSA_PKCS1_PADDING or RSA_SSLV23_PADDING is
made depending on the value of the member ssl2_rollback of the
I am using an IMAP library, which supports only blocking SSL IO.
I am planning to convert my that to do non-blocking SSL IO.
Which is the best place to set the flag to non-blocking?
These are my concerns:
1. What areas of the program will have to be converted because of
this? re SSL_read and
19 matches
Mail list logo
