Re: [openssl-users] Some S/MIME CMS encrypted messages produce invalid key length when using the debug_decrypt option

The message is first signed then encrypted. Commands are as follows /usr/bin/openssl cms -encrypt -aes128 -in /tmp/OpenSSL5294490400891792656.eml -out /tmp/OpenSSL3519826551660167644.eml -subject 'subject' -from sen...@sender.com -to recipi...@recipient.com,recipie...@recipient.com -recip

Re: [openssl-users] Dumb question about DES

(keeping TOFU style to keep thread consistent). You can also just use the cipher-list configuration option string that an OpenSSL 1.0.x should allow passing to OpenSSL. On 11/05/2017 22:17, Scott Neugroschl wrote: So if I’m using 1.0.2, and want to deprecate 3DES, I need to do that as part

Re: [openssl-users] Dumb question about DES

On 05/11/2017 03:17 PM, Scott Neugroschl wrote: > > So if I’m using 1.0.2, and want to deprecate 3DES, I need to do that > as part of my build? > > Yes. -Ben -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Dumb question about DES

So if I'm using 1.0.2, and want to deprecate 3DES, I need to do that as part of my build? From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Scott Neugroschl Sent: Thursday, May 11, 2017 11:13 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] Dumb question

Re: [openssl-users] Dumb question about DES

On Thu, May 11, 2017 at 2:13 PM, Scott Neugroschl wrote: > OK. Are the 3DES CBC ciphers still part of DEFAULT? >From OpenSSL 1.0.1t: $ openssl ciphers "DEFAULT" ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-

Re: [openssl-users] Dumb question about DES

> On May 11, 2017, at 2:13 PM, Scott Neugroschl wrote: > > OK. Are the 3DES CBC ciphers still part of DEFAULT? Normal builds of OpenSSL 1.1.0 disable the TLS 3DES ciphersuites at compile time. To make use of 3DES in TLS you need to configure your OpenSSL 1.1.0 build with

Re: [openssl-users] Dumb question about DES

The triple-DES ciphers are not part of DEFAULT in 1.1.0e(what I happened to check). Though, the specific list of ciphers there does not quite match with your list below, so you should double-check if necessary. -Ben On 05/11/2017 01:13 PM, Scott Neugroschl wrote: > > OK. Are the 3DES CBC

Re: [openssl-users] Dumb question about DES

OK. Are the 3DES CBC ciphers still part of DEFAULT? From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Benjamin Kaduk via openssl-users Sent: Thursday, May 11, 2017 9:18 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] Dumb question about DES Those ciphers

Re: [openssl-users] Dumb question about DES

Those ciphers are triple-DES, not single-DES. (The "CBC3" gives it away ... well, not exactly.) The single-DES ciphers were removed in release 1.1.0 (they are included in the "40 and 56 bit cipher support removed from libssl" item in the release notes), though the raw crypto primitives remain in

[openssl-users] Dumb question about DES

Has DES been deprecated in OpenSSL? If so, what release? In particular the following ciphers 0.19 EDH-DSS-DES-CBC3-SHA 0.22 EDH-RSA-DES-CBC3-SHA 192.13 ECDH-RSA-DES-CBC3-SHA 192.3 ECDH-ECDSA-DES-CBC3-SHA 192.18 ECDHE-RSA-DES-CBC3-SHA 192.8

Re: [openssl-users] RSA_PKCS1_OAEP_PADDING

On Thu, May 11, 2017, RudyAC wrote: > Hello, > > I have the requirement to encrypt e-mails using RSA-OAEP padding. I use the > library openssl-1.0.2k and encrypt with CMS container. The following > function describes my method. My problem is that I'm not sure if this method > really uses the

[openssl-users] RSA_PKCS1_OAEP_PADDING

Hello, I have the requirement to encrypt e-mails using RSA-OAEP padding. I use the library openssl-1.0.2k and encrypt with CMS container. The following function describes my method. My problem is that I'm not sure if this method really uses the RSA-OAEP padding. bool smime_encrypt_cms(const