Re: Fw: Failing in Verifying CRL
Hi, Yes if I place the CA file in the root directory i.e. where openssl is present, it verifies. If I place in some dir it won't. Thanks for the help Regards, Wahaj - Original Message - From: Olaf Gellert [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 09, 2004 12:00 PM Subject: Re: Fw: Failing in Verifying CRL Wahaj wrote: I am using OpenSSL 0.9.7d and using the following command to verify a CRL but failing. Why is it failing ? OpenSSL crl -inform DER -in crl/mycrl-2mb.crl -CApath crl *Note: crl is a dir where TestCA.cer file is present. mycrl-2mb.crl file is present in the same directory.* Would be helpful if you submitted the error message that OpenSSL gives you. I would guess that it is not able to find the CA certificate. Try the option -CAfile instead (or make sure that in the directory is a symbolic link to the certificate, generated by the utility chash). It may be (I am not sure about that) that the CA-certificate needs to be in pem-format. You can always convert the certificate using: openssl x509 -inform DER -in TestCA.cer -outform PEM -out TestCA.pem So then this should work: openssl crl -inform DER -in crl/mycl-2mb.crl -CAfile crl/TestCA.pem Does this help? Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Consultant, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re:Random number seed in RSA
You can use these functions: void RAND_seed(const void *buf, int num); void RAND_add(const void *buf, int num, double entropy); int RAND_status(void); int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam); void RAND_screen(void); You need to seed PRNG before the function RSA_generate_key(...). a good explanation you will find in: http://www.openssl.org/docs/crypto/RAND_add.html Hi, I have a snippet that encrypts/decrypts using RSA. #include stdio.h #include openssl/rsa.h #include string.h // RSATest: Program illustrating Simple RSA Encryption/Decryption int main() { char *plain=Sample text; //Sample text (plain text) to Encrypt/Decrypt char *ciphertext; char *plain1; int enclen,i,declen; printf(%s\n,plain); // Generate RSA key RSA *rsa1= RSA_generate_key(1024,65537,NULL,NULL); // RSA_size() will determine how much memory must be allocated for an RSA encrypted value ciphertext = (char *)malloc(RSA_size(rsa1)); printf(RSA size %d,RSA_size(rsa1)); I am using Cygwin. My question is thisWhere and How do I seed the random number generator? Thanks, Joe - Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! Leandro Barros de Figueiredo Eng. Controle e Automação - UFMG __ Acabe com aquelas janelinhas que pulam na sua tela. AntiPop-up UOL - É grátis! http://antipopup.uol.com.br/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE : Random number seed in RSA
You can also use the RAND_status() function that implicitly calls RAND_poll(). RAND_poll() actually uses memory state, processes, handles, screen state... to initialize the PRNG. If it is not sufficiant (it usually is), you can read some entropy from a file using RAND_read() function. Marc. -Message d'origine- De : lbfi [mailto:[EMAIL PROTECTED] Envoyé : mardi 10 août 2004 12:59 À : openssl-users Objet : Re:Random number seed in RSA You can use these functions: void RAND_seed(const void *buf, int num); void RAND_add(const void *buf, int num, double entropy); int RAND_status(void); int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam); void RAND_screen(void); You need to seed PRNG before the function RSA_generate_key(...). a good explanation you will find in: http://www.openssl.org/docs/crypto/RAND_add.html Hi, I have a snippet that encrypts/decrypts using RSA. #include stdio.h #include openssl/rsa.h #include string.h // RSATest: Program illustrating Simple RSA Encryption/Decryption int main() { char *plain=Sample text; //Sample text (plain text) to Encrypt/Decrypt char *ciphertext; char *plain1; int enclen,i,declen; printf(%s\n,plain); // Generate RSA key RSA *rsa1= RSA_generate_key(1024,65537,NULL,NULL); // RSA_size() will determine how much memory must be allocated for an RSA encrypted value ciphertext = (char *)malloc(RSA_size(rsa1)); printf(RSA size %d,RSA_size(rsa1)); I am using Cygwin. My question is thisWhere and How do I seed the random number generator? Thanks, Joe - Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! Leandro Barros de Figueiredo Eng. Controle e Automação - UFMG __ Acabe com aquelas janelinhas que pulam na sua tela. AntiPop-up UOL - É grátis! http://antipopup.uol.com.br/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Random number seed in RSA
Title: Message HI., You can use /dev/random as a seed generator..I belive that cygwin has the support for /dev/random device.. For that u can use RAND_load_file("/dev/random", no_of_bytes) for programming the seed. or otherwise you can use the static character buffer (rnd_seed)as a seed and use RAND_seed(rnd_seed, sizeof rnd_seed); to program the seed. In the second case you need to store the seed such a way hackers should not break the seed.. Hope this helps.. Sakthi S G -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe smithSent: Tuesday, August 10, 2004 3:21 AMTo: [EMAIL PROTECTED]Subject: Random number seed in RSA Hi, I have asnippet that encrypts/decrypts using RSA. #include stdio.h #include openssl/rsa.h #include string.h // RSATest: Program illustrating Simple RSA Encryption/Decryption int main() { char *plain="Sample text"; //Sample text (plain text) to Encrypt/Decrypt char *ciphertext; char *plain1; int enclen,i,declen; printf("%s\n",plain); // Generate RSA key RSA *rsa1= RSA_generate_key(1024,65537,NULL,NULL); // RSA_size() will determine how much memory must be allocated for an RSA encrypted value ciphertext = (char *)malloc(RSA_size(rsa1)); printf("RSA size %d",RSA_size(rsa1)); I am using Cygwin. My question is thisWhere and How do I seed the random number generator? Thanks, Joe Do you Yahoo!?New and Improved Yahoo! Mail - Send 10MB messages! Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately and destroy all copies of this message and any attachments.
New engines.
Hi, I would like to develop a new engine with some crypto functions to with OpenSSL. Wherecan I getinformation about the API? Where should I start? Thank you, Roberto Gallo BEGIN:VCARD VERSION:2.1 N:Gallo;Roberto;;Msc FN:Roberto Gallo NICKNAME:Gallo ORG:kryptus Tecnologias Ltda. TITLE:President TEL;WORK;VOICE:+55 19 9167 9080 TEL;WORK;FAX:+55 19 3289 4377 ADR;WORK:;+55 19 3289 4377;R. Francisca Rezende Merciai, 112. Sala 6.;Campinas;São Paulo;13500-000;Brazil LABEL;WORK;ENCODING=QUOTED-PRINTABLE:+55 19 3289 4377=0D=0AR. Francisca Rezende Merciai, 112. Sala 6.=0D=0ACampin= as, S=E3o Paulo 13500-000=0D=0ABrazil URL;WORK:http://www.kryptus.com.br EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20040810T182048Z END:VCARD
Re: New engines.
man 3 engine --- Juan Segarra Montesinos http://spisa.act.uji.es/~juan/ On Tue, 10 Aug 2004, Roberto Gallo wrote: Hi, I would like to develop a new engine with some crypto functions to with OpenSSL. Where can I get information about the API? Where should I start? Thank you, Roberto Gallo __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: New engines.
Roberto Gallo wrote: Hi, I would like to develop a new engine with some crypto functions to with OpenSSL. Wherecan I getinformation about the API? Where should I start? Thank you, Roberto Gallo look at crypto/engine directory . there several engines in there. Take deep look at engine.h (definition of engine structure in eng_int.h file)
Avoiding Certificates for Server/Client approach
Hello list, i am currently trying to get rid of all the certificate stuff, that i've seen often before in many applications using the openssl library. basically my server/client model should only handshake without certificate exchange. the cipher is choosen by the client. after that the two programs are supposed to transfer encrypted data with SSL_read and SSL_write. now, is it possible to avoid building/exchanging/verifying certificates on the client AND serverside but still have the data channel encrypted with the cipher picked by the client? thanks for your time best regards threadhead ___ WEB.DE Video-Mail - Sagen Sie mehr mit bewegten Bildern Informationen unter: http://freemail.web.de/?mc=021199 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Avoiding Certificates for Server/Client approach
Try using Diffie Helleman to derive the private key by exchanging public keys. Encrypt/Decrypt with the derived private key at the respective ends. On Tue, 2004-08-10 at 16:47, [EMAIL PROTECTED] wrote: Hello list, i am currently trying to get rid of all the certificate stuff, that i've seen often before in many applications using the openssl library. basically my server/client model should only handshake without certificate exchange. the cipher is choosen by the client. after that the two programs are supposed to transfer encrypted data with SSL_read and SSL_write. now, is it possible to avoid building/exchanging/verifying certificates on the client AND serverside but still have the data channel encrypted with the cipher picked by the client? thanks for your time best regards threadhead ___ WEB.DE Video-Mail - Sagen Sie mehr mit bewegten Bildern Informationen unter: http://freemail.web.de/?mc=021199 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Avoiding Certificates for Server/Client approach
I know about DH key exchange and its use in the openssl library. But how would i use the private session keys from DH to encrypt and decrypt the data flowing from peer to peer with highlevel hooks like SSL_read and SSL_write? Or is it required to use completely different functions like the EVP_* family to set up the cipher routines? best regards threadhead Try using Diffie Helleman to derive the private key by exchanging public keys. Encrypt/Decrypt with the derived private key at the respective ends. ___ WEB.DE Video-Mail - Sagen Sie mehr mit bewegten Bildern Informationen unter: http://freemail.web.de/?mc=021199 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OpenSSL function for pure base64 encoding.....
Hi all!! Thanks a lot for your answers!!! they were really useful !!! Now I have another question. Is there an OpenSSL function to perform a pure base64 (not PEM)encoding of a buffer?? I've read in OpenSSL docs that the bio's filterscould be useful but I made a little test and this fails next my code: BIO *bio=NULL, *b64=NULL; char mensaje[] = "Mensaje de Pruebabase64\n"; char mensaje_b64[64]; int res; int main (void) { OpenSSL_add_all_algorithms(); OpenSSL_add_all_ciphers(); b64 = BIO_new(BIO_f_base64()); bio = BIO_new(BIO_s_mem()); b64 = BIO_push(b64, bio); res = BIO_write (b64, mensaje, strlen(mensaje)); res = BIO_read (bio, mensaje_b64, res); printf("%d\n%s\n",res,mensaje_b64); } res is always -1, so ... what do I'm making wrong??? Thanks a lot for your answers in advance! ZainosDo You Yahoo!? Yahoo! Net: La mejor conexión a internet y 25MB extra a tu correo por $100 al mes.
Re: Avoiding Certificates for Server/Client approach
On Tue, Aug 10, 2004, [EMAIL PROTECTED] wrote: I know about DH key exchange and its use in the openssl library. But how would i use the private session keys from DH to encrypt and decrypt the data flowing from peer to peer with highlevel hooks like SSL_read and SSL_write? Or is it required to use completely different functions like the EVP_* family to set up the cipher routines? The anonymous DH ciphersuites (disabled by default) can perform SSL/TLS without using certificates. To use these you need to set appropriate DH parameters on the server side and enable the ciphersuites using an appropriate cipher string. However without some form of authentication the connection is vulnerable to man in the middle attacks. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
creating postfix certs
I am having very much trouble making the correct certs for postfix as i what to become my own CA and sign my own certs. Also i would like to have my clients click a link on my webpage to import the cert. Does anyone know of an easy way to do this i have tried many online howto's and searched the archives i know there is lots of ways to do it but none of them see to work for me. please point me the right direction to some good doc or a step by step process. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OpenSSL and JAVA
Good day! I'm having problems importing my OpennSSL certificates to my keystore. I created my root certificate in cacert.pem and I'm trying to import this now to my keystore. keytool -import -trustcacerts -file cacert.pem -keystore myKeystore I'm getting keytool error: java.lang.Exception: Public keys in reply and keystore don't match Anyone have any experience with this? Thanks. Liam _ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]