Hi,
there's currently a mistake in the SOD, I'll probably be able to
send it when it's fixed.
Thx,
Stef
On 09/13/2011 12:07 AM, Dr. Stephen Henson wrote:
Can you include the DER format message itself instead of the ASN1 dump? This
will be very useful when CMS+PSS is implemented.
Hi,
we have an SOD (a CMS for e-passports and e-ID cards) file that we can read
out and verify nicely if the signature algo is RSA_PKCS1_PADDING.
But if the algo is RSA_PKCS1_PSS_PADDING (see attached txt for an asn1
dump),
the verification fails.
Below is a part of the stack trace, it looks
Hello,
After getting back an OCSP repsonse, OCSP_basic_verify() says
it can't find the responder cert in the OCSP response.
However, the responder cert is present in the response.
Some more investigation shows that the parts of the DN are inversed:
- subject name in the responder ID: /CN=Test
Hi,
CMS_verify() works fine if you have the signer cert, but now we have
a CMS file for which only the (trusted) signer public key is available.
Q: is there a high level function like CMS_verify() that works with a
public key?
If not: what would be the best alternative for us?
-
Hi,
CMS_verify() works fine if you have the signer cert, but now we have
a CMS file for which only the (trusted) signer public key is available.
Q: is there a high level function like CMS_verify() that works with a
public key?
If not: what would be the best alternative for us?
- Rewrite the
Hi,
it looks like the BN_gcd() doesn't implement the 'full-strength'
Euclidean algorithm (do a - k.b in each loop) but instead
a simplification (do a - b in each loop).
So if the initial a and b differ by e.g. a factor 1, you'll
get 1 iterations instead of 1; and also afterwards much
Hi Tom,
here's the code of a little cmd line tool we use to test our CSPs.
Cheers,
Stef
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Fili, Tom
Sent: zondag 28 november 2010 18:19
To: openssl-users@openssl.org
...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Victor Duchovni
Sent: dinsdag 9 november 2010 22:11
To: openssl-users@openssl.org
Subject: Re: EC domain params instead of the OID in the pkcs8 key
file?
On Tue, Nov 09, 2010 at 09:34:42PM +0100, Stef Hoeben wrote:
Hi
Hi,
using the openssl tool, we generated an Elliptic Curve key pair
and put it into a pkcs8 file:
0 48: SEQUENCE {
32: INTEGER 0
6 48: SEQUENCE {
86: OBJECT IDENTIFIER ecPublicKey (1 2 840 10045 2 1)
176: OBJECT IDENTIFIER '1 2 840 10045 3 1 7'
To: openssl-users@openssl.org
Subject: Re: PKCS7 - SubjectKeyIdentifier CHOICE in SignerIdentifier
fails?
On Mon, Mar 22, 2010, Stef Hoeben wrote:
Hello,
subjectKeyIdentifier [0] SubjectKeyIdentifier }
Could it be that the SubjectKeyIdentifier CHOICE isn't supported
here
,
[...]
SignerIdentifier ::= CHOICE {
issuerAndSerialNumber IssuerAndSerialNumber,
subjectKeyIdentifier [0] SubjectKeyIdentifier }
Could it be that the SubjectKeyIdentifier CHOICE isn't supported here,
that the parser expects a IssuerAndSerialNumber only?
Thx, best regards,
Stef Hoeben
Software
Hi,
(sorry if you received this mail twice)
We want to make pkcs10 request with openssl -req, in which
the CN contains non-ASCII chars (greek, arab, chinese, ...)
Is there a way to do so with the openssl tool?
E.g. by using escape characters, or by specifying the CN in openssl.conf
in some
12 matches
Mail list logo