ne.
On Mon, 22 Jan 2001, Arnaud De Timmerman wrote:
> All,
>
> I've read that 3 types of certificates exist. From "class 1" to "class
> 3" (the
> higher the safer). How could I find, in a certificate created thanks to
> openssl,
> the number of the class i
http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
--
What we have here is a failure to communicate.
_
llot wrote:
> I'd like to know the date format used in the index.txt? It seems it's
> milliseconds since 1/1/1970, but i always get a date dated back to 1970.
>
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
--
When uncertain, or in dou
PKCS#11v1. Each token can have it's own set of extra functions, object
attributes, limitations, ...
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
--
Common sense isn't.
__
OpenSSL Project
chols [SMTP:[EMAIL PROTECTED]]
> > Sent: Tuesday, December 19, 2000 1:56 PM
> > To: [EMAIL PROTECTED]
> > Subject:Re: Kurt Seifred's article on securityportal
> >
> > Also, there is no crypto-board.
> >
> > Erwann ABALEA wrote:
> >
h the actual server.
> There's no other route to take. Even if what you suggest would be attempted, or even
> possible, the user's browser would get the correct certificate, albeit a second cert.
>
> Erwann ABALEA wrote:
>
> > No. A MITM attack can also occur even
On 19 Dec 2000, Eric Rescorla wrote:
> Erwann ABALEA <[EMAIL PROTECTED]> writes:
> > Software could be written to help solve this problem, for example to not
> > allow any connection from untrusted host, instead of asking the customer
> > if he's knowledgeab
ind
> the accelerator.
> Erwann ABALEA wrote:
>
> > On Tue, 19 Dec 2000, Thomas Nichols wrote:
> >
> > > The best method is to not have the SSL certificate and key on the server to
> > > begin with. I use a non-ip based ssl accelerator.
> >
> > This not
so much that software can do.
Software could be written to help solve this problem, for example to not
allow any connection from untrusted host, instead of asking the customer
if he's knowledgeable enough to accept the risks of accepting something
that c
t[EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing
w.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
__
X.208 is ASN.1, X.209 is DER and others
You can buy them at the ITU-T web site (www.itu.ch or www.itu.int)
On Wed, 5 Jul 2000, Ѧΰ wrote:
> Hi all,who can tell me about DER? Which recommendation was it defined in?
>
> [EMAIL PROTECTED]
--
Erwann ABALEA
System and De
-MD5 is 128 bit .
There shouldn't be any output impact on choosing 40 vs 128 bits In
fact, a 40 bits key is really a 128 bits key with only 40 of them
secret the 88 other ones are known...
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PG
d solution or they will continue
> > to go with the flow.
> >
> > Consentration of economic power like we see in Verisign at this point is
> > NEVER healthy - or am I overreacting?
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROT
org
> > User Support Mailing List[EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing
A servers (for production and testing),
able to deliver certificates for CardHolders, Merchants, Payment
Gateways...
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
__
#x27;t seem to be
> implemented properly.
>
> The whole hash thing is IMHO a bit of a hack anyway, it relies on
> symbolic links which wont work under e.g. Windows and it can only look
> up by a broken hash calculation on subject name. We should have
> something better that hand
On Mon, 13 Dec 1999, Dr Stephen Henson wrote:
> Erwann ABALEA wrote:
> >
> > Could I suggest to add this in the default .h files?:
> >
> > #define d2i_PrivateKey_bio(bp,x) (EVP_PKEY *)ASN1_d2i_bio(\
> > (char *(*)())EVP_PKEY_new, (char *(*)())d2i_Privat
... I didn't find the macro/function to do it... Unfortunately, my
definition doesn't handle encrypted keys...
On Fri, 10 Dec 1999, Dr Stephen Henson wrote:
> Erwann ABALEA wrote:
> >
> > I found how to do that
> >
> > pkcs8privkeyinfo=(PKCS8_PR
1999, Erwann ABALEA wrote:
> Hello,
>
> Is there a way to read PKCS#8 keys? I need to generate RSA private keys in
> software and store them as PKCS#8, and then later use them, but I can't
> find the function I need to read back my pkey...
>
> To store my pkey, I use PEM
e key,
and the result is the same...
Any idea?
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
__
OpenSSL Project http://www.openss
ree SSLified
> IMAP server, please? ;-)
Just take a "classic" IMAP server, and place an stunnel in front of
it... It works perfectly...
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- R
.conf file, you should see some comments about the process
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
__
OpenSSL Project htt
Pierre Blanchet.
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
__
OpenSSL Project http://www.openssl.org
User
hout download it??
You cannot... As you should have noted, an application/x-x509-user-cert is
not the same thing as a PKCS#12 object...
Using Netscape, there's no way to do what you want.
I know that it's possible with MSIE4 (certainly using that xenroll3.dll).
--
Erwann ABALEA
other attribute, if it is not present in the [ca policy] section. (And
> uniqueID attribute is supported OK by OpenSSL. Besides, if x509_NAME_oneline()
> encounters an unknown attribute, it simply prints the OID - as it should.)
Is uniqueIdentifier allowed in a DistinguishedName?
--
Erwan
errors.
> I think it can give rise to more conflicts with other guys'
> naming convention.
> I suggest the openSSL group should define Malloc, Realloc..,
> as functions, not macros.
I also have VC5, and was always able to compile the whole stuff without
any problem
--
Erwann
he
certificate, but to the DAY and TIME...
To check this, just change your time to some hours in the future, and
check. I did that for my certificates (I had the exact same problem as
you), and putting my PC clock 1 hour in the future solved the problem...
Please note that I live i
ay the certificate properties again.
- the server/client certificate has a notAfterDate that falls AFTER the
CA's one... It's strange, but I noticed this behaviour with my own CA.
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Ke
the request goes through fine. If the certificates are not
> protected, everything works fine.
Maybe it takes too much time to enter your password? ;-)
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PG
ze even
a 12KB block with a 16bit key Mathematically, there's no
limitation
But if you use a block bigger than the key size, you won't be able to
decrypt and retrieve the original message
In fact, the data you want to encrypt, when expressed as a bigint, MUST be
at mo
see in the draft I sent.
These requests are for IPSEC certificates, of course.
BTW: the IPSEC implementation by Cisco is not yet fully compliant with
IPSEC... For example, there's no way to extract the CSR to perform a
manual request, the Cisco routers can accept a single CA, ...
--
Erwann A
saw a message in a mailinglist from a guy who said that
he managed to make PGP and SSH work with a smartcard. He gave a URL to get
his paper... I retrieved this paper, and the way it worked was that the
smartcard was used just like a diskette, from which the private key was
loaded... :-(
That
ke -f ms\ntdll.mak
Maybe you missed one step? Or your VC++6.0 is the problem?
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
__
OpenSSL Project
ake -f ms\ntdll.mak", run "ms\do_ms.bat".
It's stated in the INSTALL.W32 file...
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
_
ke to use the SSLeay (0.9.0b) or OpenSSL,
> however I'm unable to get them compiled in djgpp under MSDOS (Linux
> version works fine).
> Did anybody succeeded to compile it with djgpp?
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTE
On Tue, 9 Mar 1999, Wade L. Scholine wrote:
> Erwann ABALEA writes:
> >
> > On Thu, 4 Mar 1999, Wade L. Scholine wrote:
> >
> > > What does NS mean by 'Personal Certificate' in this
> > context? I would have
> > > thought that the En
ust kidding...
Anyway, that's a good question, there's a real need to perform PKCS#7
signing, or S/MIME signing... or anything that could be useful in this
sense...
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
__
cceptable CAs, and sends this list to the
browser, which then asks the user to choose into a list of certificates
signed directly or indirectly by the server's CA certs...
What you have to do is get a user certificate for your Netscape, and put
the CA certs into your s_server configuration...
--
ws
only libraries You have to get a diffreent library for your Macintosh,
and try to do the job with this new one...
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
Telephone: +33 1 34 38 29 50
_
to be accepted by MSIE4, but I
don't remember what...
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
Telephone: +33 1 34 38 29 50
__
OpenSSL Project http://www.openssl.
if you plan to
produce something to run with Windows, you'd better have a Visual C++ (you
can compile the stuff with another compiler, I did it with Borland C++
Builder, but it's a real pain...).
And finally, you need to have a project in mind... Something you want to
create or adapt
g special is required from OpenSSL, it works perfectly.
What I'd like to try is the PKCS#11 stuff with these smartcards (there's a
PKCS#11 module for Netscape browsers).
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
Teleph
>
> Is there a simple way to say accept both alternatives
> of the ASN.1 CHOICE?
>
> Or: is there a patch which fixes this bug?
Just go to http://www.openssl.org, then read the changes that will be
operational for OpenSSL v0.9.2, you'll see something about UTCTime and
Generaliz
301 - 344 of 344 matches
Mail list logo