Re: [openssl-users] PKCS#7

2017-03-14 Thread valéry
Hi, thank you very much for your response. Say someone would be able to gather several clear text AES keys and their respective asymmetrically encrypted RSA blocks. Would it weakens the security of the RSA key pair ? I mean could it be easier for someone using that information to brute force an

[openssl-users] Doubt regarding Export keying material

2017-03-14 Thread Raja ashok
Hi All, I am having a doubt in usage of Exporting keying material API (SSL_export_keying_material) in OpenSSL. Please provide your suggestions. As per Section 4 in RFC 5705, context length should be passed as uint16_t to PRF function. In that case we should allow only upto max of 2^16 (65535).

Re: [openssl-users] X25519: how to generate public key?

2017-03-14 Thread Olivier Meunier
Thank you for your quick answer. Olivier Le 14/03/2017 à 13:43, Dr. Stephen Henson a écrit : On Tue, Mar 14, 2017, Olivier Meunier wrote: Hi, using openSSL 1.1.0e, I generate my private key using: openssl genpkey -algorithm x25519 -out x25519.key.pem But I cannot find how to generate the

Re: [openssl-users] PKCS#7

2017-03-14 Thread Salz, Rich via openssl-users
> If so, would it be possible in principle to decrypt an encrypted PKCS#7 > envelope only knowing which AES key was used ? Yes. But maybe not with the openssl api's :) -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] PKCS#7

2017-03-14 Thread valéry
Hi, is the following picture correct ? when creating an encrypted PKCS#7 envelope, a random AES key is generated and encrypted with the provided RSA private key. The AES key is used to encrypt the envelope content. The X509 certificate containing the associated public key is included in the

Re: [openssl-users] Cannot read exported PKCS12 cert and private key

2017-03-14 Thread Dr. Stephen Henson
On Mon, Mar 13, 2017, Michael Wojcik wrote: > I'll assume you mean you exported it "from a mainframe system" using RACF. > RACF has half a dozen export formats for certificates and keys; they're not > all supported by OpenSSL. > > In particular (and despite the PEM delimiters), I suspect what

Re: [openssl-users] X25519: how to generate public key?

2017-03-14 Thread Dr. Stephen Henson
On Tue, Mar 14, 2017, Olivier Meunier wrote: > Hi, > > using openSSL 1.1.0e, I generate my private key using: > openssl genpkey -algorithm x25519 -out x25519.key.pem > > But I cannot find how to generate the public key. I tried: > openssl ec -in x25519.key.pem -pubout -out x25519.key.pub.pem >

[openssl-users] X25519: how to generate public key?

2017-03-14 Thread Olivier Meunier
Hi, using openSSL 1.1.0e, I generate my private key using: openssl genpkey -algorithm x25519 -out x25519.key.pem But I cannot find how to generate the public key. I tried: openssl ec -in x25519.key.pem -pubout -out x25519.key.pub.pem but got the errors: read EC key unable to load Key