Hi,
I need help on how to do RSA encryption using Openssl in C language. Is there a
code snippet on how to do this?
Also, how do I extract or get the key from RSA_generate_key_ex()? Is the key
generated from this function a private/public key
Thanks,
Adrian
OK thanks a lot
> Subject: Re: Verify signed text
> From: w...@omnigroup.com
> Date: Wed, 30 Mar 2011 14:01:24 -0700
> To: openssl-users@openssl.org
>
>
> On 30 Mar 2011, at 12:02 PM, luis hernandez wrote:
> > Thanks Wim,
> >
> > i know that cer pem files have the public key in it like:
> >
On 30 Mar 2011, at 12:02 PM, luis hernandez wrote:
> Thanks Wim,
>
> i know that cer pem files have the public key in it like:
>
> -BEGIN PUBLIC KEY-
> MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD0ltQNthUNUfzq0t1GpIyapjz...
> -END PUBLIC KEY-
> -BEGIN CERTIFICATE-
> MIIE/TC
Thanks Wim,
i know that cer pem files have the public key in it like:
-BEGIN PUBLIC KEY-
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD0ltQNthUNUfzq0t1GpIyapjz...
-END PUBLIC KEY-
-BEGIN CERTIFICATE-
MIIE/TCCA+WgAwIBAgIUMzAwMDEwMDAwMDAxMDAwMDA4MDAwDQYJKoZIhvcNAQEF...
-END
On 30 Mar 2011, at 6:19 AM, ikuzar wrote:
> I 'd like to know if it is a security issue when p ( a DH param ) is not a
> safe prime ?
> is it more easier to attack DH algorithm with a non safe prime ... ?
Yes. If p-1 does not have large factors, then it is easier to compute the
discrete logarith
On 30 Mar 2011, at 9:59 AM, luis hernandez wrote:
> i get a file with a signed base64 string produced using the following
> commands:
>
> openssl dgs -md5 -sign key.pem stringtosign.txt | openssl enc -base64 -A >
> signedbase64string.txt
>
> that signed string is part of a text file that inc
Hi all,
i get a file with a signed base64 string produced using the following commands:
openssl dgs -md5 -sign key.pem stringtosign.txt | openssl enc -base64 -A >
signedbase64string.txt
that signed string is part of a text file that includes the certificate in pem
format without the public
On 3/30/11 8:33 AM, Crypto Sal wrote:
David:
Firefox caches that information, so that it can use them later if you
view a similar certificate hierarchy.
If you view the Firefox Certificate Manager you should see "Software
Security Device" vs. that of "Built in Object" next to each of the
Hi,
I 'd like to know if there are other values of codes in DH_check(dh, &codes)
? This program prints "Other result of check" :
int codes = 0;
dh_check_ret = DH_check(dh, &codes);
if(dh_check_ret == 1){
if(codes == DH_CHECK_P_NOT_SAFE_PRIME)
printf("\nDH_CHECK_P_NOT_SAFE_PRIME\n
So what, or where, is the other half? All sites that explain this for
ColdFusion say that this is all you need to do! I restarted the java
service and tested the ssl connection.
_
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Lou Picciano
Sure, at that point you've only handled one half of the handshake. You gotta
find the corresponding command to install or 'present' the client cert now...
- Original Message -
From: "David Patricola"
To: openssl-users@openssl.org
Sent: Wednesday, March 30, 2011 9:32:36 AM
Subject: R
Ok, I've modified my import as follows: E:\JRun4\jre\bin>keytool -importcert
-alias dca -file E:\Jrun4\jre\lib\security\root.crt -keystore
E:\Jrun4\jre\lib\security\cacerts
But I still get a failed connection connecting:
"org.postgresql.util.PSQLException: The connection attempt failed."
Lo
Hi,
I 'd like to know if it is a security issue when p ( a DH param ) is not a
safe prime ?
is it more easier to attack DH algorithm with a non safe prime ... ?
Thanks for your help
Ha, flex-fuel!
The postgres side of this is 100% functional, so I'm not concerned about
this side anymore (thankfully). As Tomas mentioned, only the root.crt file
should go in, and I hope this is it. If not then it looks like I'm going to
find some Java-based message lists to subscribe to!
David,
You may get some ambiguous answers to - ultimately - a PG question on the SSL
list... Yes, in a _standard_ PostgreSQL SSL setting, in which libpq is reading
the certs from _default_ positions, the root.crt, postgresql.crt and
postgresql.key are all in the same 'folder'. (I believce you
Do the other two stay in the same folder as root.crt, but only root.crt
actually gets installed in the cacerts file?
-Original Message-
From: Tomas Gustavsson [mailto:to...@primekey.se]
Sent: Wednesday, March 30, 2011 3:49 AM
To: openssl-users@openssl.org
Cc: David Patricola
Subject: Re:
On 03/29/2011 01:16 PM, David Coulson wrote:
On 3/29/11 12:58 PM, Bruce Stephens wrote:
Add the -showcerts option to the s_client commands and you'll see the
first server returns a chain of certificates where the second offers
only the end server certificate.
Okay, I see that - Makes sense. When
I 'd like to know to if these calls are correct :
RSA_sign(NID_sha1, md1, md1_len, u_sigret, &siglen, privkey->pkey.rsa)
RSA_verify(NID_sha1, md1, md1_len, u_sigret, siglen, pubkey->pkey.rsa)
knowing that :
int RSA_sign(int type, unsigned char *m, unsigned int m_len, unsigned char
*sigret, unsigne
Ok thanks. It works now. I use these functions :
-- to obain public key :
X509 *myCert = SSL_get_certificate(cli_ssl);
EVP_PKEY *pubkey = X509_get_pubkey(myCert);
-- to obtain private key :
EVP_PKEY *privkey = SSL_get_privatekey(cli_ssl);
Then to sign and verify:
RSA_sign(NID_sha1, md1, md1_len,
CA certificates, i.e. root.crt goes in to the cacerts file.
Cheers,
Tomas
http://www.ejbca.org/
On 03/29/2011 09:26 PM, David Patricola wrote:
I’ve found plenty of google results but I am having a disconnect with
the install. My server has it’s own server.crt, server.key and root.crt
fil
Hi!
I'm from Vietnamese, my name Bin. I install openTSA complete but when I was
editing tsa.conf file. I can't know how to create TSACertificate,
TSACertificateChain, TSAKey files. I'm newbize. pls help me create then with
openssl ts! Thank You very much!
Sorry for spoor my English.
--
#cat /dev/
21 matches
Mail list logo
