Re: [openssl-users] Loading engines recursively and crypto engine lock

On 10 August 2016 at 16:19, Jakob Bohm <jb-open...@wisemo.com> wrote: > On 10/08/2016 15:49, Krzysztof Konopko wrote: > >> On 10 August 2016 at 15:31, Jakob Bohm <jb-open...@wisemo.com > jb-open...@wisemo.com>>wrote: >> ​ >> 1. Create a third en

Re: [openssl-users] Loading engines recursively and crypto engine lock

On 10 August 2016 at 15:31, Jakob Bohm wrote: > I am not part of the OpenSSL team and have no idea what their > thinking or suggestions are. > ​Thanks for responding! ​ > > However the following should be a generic workaround: > > 1. Create a third engine3 which loads

[openssl-users] Loading engines recursively and crypto engine lock

Hi, TL;DR; Is it allowed to initialise engines recursively, ie. call `engine2->init` from `engine1->init`? -- I have a solution in a consumer product based on OpenSSL 1.0.2 series that uses two engines: one (engine1) for selecting client certificate chain (TLS client auth) and another one

Re: signing data

On 7 June 2013 07:06, Michael Wild them...@users.sourceforge.net wrote: Dear all I'm quite the noob in all things OpenSSL, and I'm struggling getting started with signing a piece of data. The thing is that on the command line your data is subtly different than in your C program. Hash

Re: signing data

On 7 June 2013 12:09, Salz, Rich rs...@akamai.com wrote: The printf command appends a newline to the data so it's different from what your program has. /r$ That's not true. It behaves pretty much like standard C printf(), i.e. it doesn't print any characters unless you ask it for

Re: Apply signature to X509 certificate

2013/5/10 Cristian Thiago Moecke cont...@cristiantm.com.br You have two ways to follow. 2) In some situations that is not possible (e.g. you need it to be signed on a different remote system). And I just had the same need this week, but for Certificate Requests. There are a lot of small

C14N for signed XML

Hi, If anyone is interested, I published a blog post about c14n (programming tips). This is not directly related to OpenSSL but as an example it uses generated sample signed XML files (XMLDSig) where `openssl' tool comes very handy.

Re: Key usage at openssl

2013/5/1 Rajeswari K raji.kotamr...@gmail.com Hello openssl-users, We have two different keypairs such as signature keypair and encryption keypair on our device. Hence, two different certificates (signature and encryption) were issued by CA server. Query : To perform openssl handshake,

Re: Data and Signature (envelope)

2013/4/24 redpath redp...@us.ibm.com I have a piece of data like a JPG and a MD from it and a signature PKCS#1 from the MD. int rc= RSA_sign(NID_sha1, md, 20, sigret, siglen, rsapriv) I send the data and the signature to someone to verify the data and they use it. Now maybe there is

X509_LOOKUP_hash_dir() for CRLs

In the OpenSSL API there's a method for looking up certificates/CRLs in the given directory based on a hash. Namely X509_LOOKUP_hash_dir() (see x509_vfy.h). The typical usage is to add X509_LOOKUP_hash_dir() to the X509_STORE store and then add directories to the lookup object. Usually the

Re: EVP_EncryptFinal_ex

Kris. Will do. On Mon, Apr 8, 2013 at 9:31 AM, Krzysztof Konopko krzysztof.kono...@gmail.com wrote: I think of it as all EVP_*Update() functions are always ready to consume more data and you can call them multiple times until all data is digested. All EVP_*Final and EVP_*Final_ex

Re: EVP_EncryptFinal_ex

I think of it as all EVP_*Update() functions are always ready to consume more data and you can call them multiple times until all data is digested. All EVP_*Final and EVP_*Final_ex() functions are commit and finalize and quite often they are the core of the operation (like producing a signature

Re: compile openssl 1.0.1e failed on Ubuntu 12.10 x64

It reminds me this FAQ: http://www.openssl.org/support/faq.html#MISC5 Kris 2013/4/8 Hailei Hu neverloseyourpass...@gmail.com Thank you, Viktor. I compile it successfully using target linux-x86_64. Thanks again. On Mon, Apr 8, 2013 at 12:34 AM, Viktor Dukhovni openssl-us...@dukhovni.org