Need some basic level example that will demonstrate how to load keys and
certificates from a smart-card or any other PKCS #11 token. I want to write
and read encryption key from smart card.
If any one has used smart cards with there applications kindly share some
beginners level
openssl can use a PKCS#11 interface in some scenarios, but you won't need it
for what you want to do.
I'd advise you to get the actual PKCS#11 standard document. For each function,
there is always some sample code included.
cheers
Mat
On Monday 28. April 2014 23:32:21 you wrote:
Need some
What is the current state of EBCDIC support in OpenSSL?
While there are CHARSET_EBCDIC #ifdefs all over the source, a build on
z/OS Unix System Services is possible and creation of signatures
apparently works, there are several problems we ran into:
- the openssl s_client command cannot be
On 29/04/2014 5:38 PM, Stephan Mühlstrasser wrote:
... or is the EBCDIC port essentially dead?
Bug reports on EBCDIC with patches are definitely interesting as there
is an active community of OpenSSL z/OS users - at the very least the
other users will benefit from any work you have already done.
Am 29.04.14 10:28, schrieb Tim Hudson:
Bug reports on EBCDIC with patches are definitely interesting as there
is an active community of OpenSSL z/OS users - at the very least the
other users will benefit from any work you have already done.
I can provide bug reports, but at the moment I cannot
We are active and continuing users of the z/OS port of OpenSSL, have just
rebuilt 1.0.1c without heartbeats on a maintenance stream and are upgrading to
1.0.g on a future release stream. Just as example of staying current on z/OS.
We use z/OS on the server side only, and generates server certs
On 4/25/2014 9:33 PM, Awi wrote:
As a US based organization, Apache is unsuited and (given fairly recent
public news) untrusted to have any power of a project such as OpenSSL.
Additionally, the Apache foundation has accumulated so many important
projects over the last few years that it they
On 4/25/2014 11:19 PM, summer wrote:
Furthur investigation shows the slowness is happening at _ssl.c line 306,
self-ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
Is this line code involving client/server communication yet?
I haven't checked, but maybe SSL_CTX_new() is
On 4/28/2014 10:53 AM, Mat Arge wrote:
I agree with Walter, that it is not exactly good practise to have a CA key
lying around on multiple servers. But anyway, if you need to do it you have to
create the random serial number externally by some script and write it into
the serial file (as set in
On 29.04.2014 20:15, Jakob Bohm wrote:
I seem to (vaguely) recall that there was once an option or standard for
using a certificate-contents-related hash as the serial number, but I
can't seem to find it right now.
Hi,
could you please try to find this; I would be interested in such - a way
The involvement of Microsoft, makes this initiative highly suspect, and
I wish the Linux Foundation had told them to get lost. Ever since its
foundation, Microsoft has used every underhanded trick in the book to
sabotage open source projects (just remember Bill Gates open letter
on the
Thanks for the reply. What I found is that it's always slow first time
running from a particular application, but not other applications, no matter
which applications I run first.
--
View this message in context:
On 29.04.2014 20:15, Jakob Bohm wrote:
I seem to (vaguely) recall that there was once an option or standard for
using a certificate-contents-related hash as the serial number, but I
can't seem to find it right now.
Hi,
could you please try to find this; I would be interested in such - a way
On 29.04.2014 21:38, d...@deadhat.com wrote:
This all seems unecessarily complex. Make the serial number a 256 bit or
greater true random number. There will be no collisions.
the serial number has maximum length ..., 256 bit is quite too big ..
smime.p7s
Description: S/MIME Cryptographic
On 30/04/2014 4:23 AM, Blibbet wrote:
The TianoCore.org project maintains a patch of OpenSSL (0.9x, not 1.x).
https://github.com/tianocore/edk2/blob/master/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
BTW, it's a shame that OpenSSL doesn't integrate that patch, and have
some UEFI-targetting
On 30/04/2014 6:05 AM, Walter H. wrote:
On 29.04.2014 21:38, d...@deadhat.com wrote:
This all seems unecessarily complex. Make the serial number a 256 bit or
greater true random number. There will be no collisions.
the serial number has maximum length ..., 256 bit is quite too big ..
In
All of these approaches have already been suggested in this thread. Is it
really necessary that we go through them again?
Rich Salz's suggestion of using a UUID for the serial number makes collisions
sufficiently improbable that the possibility can be ignored, and it's simpler
than any of the
On Wed, Apr 30, 2014 at 6:59 AM, Michael Wojcik
michael.woj...@microfocus.com wrote:
All of these approaches have already been suggested in this thread. Is it
really necessary that we go through them again?
What hasn't been suggested is giving each server, etc. its own sub-CA signed by
the
18 matches
Mail list logo
