[no subject]
Hi all, Iam new to the community.I have a query regarding encyption methods in SSL. Is it possibile to use some custom built encryption algorithm(apart from those it supports) with SSL? If possible, How can we do it? Thanks Ramakrishna. Special deal for Yahoo! users friends - No Cost. Get a month of Blockbuster Total Access now http://tc.deals.yahoo.com/tc/blockbuster/text3.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Need info
Hi, I am looking for Sample c++ code that connects with a certificate to a ssl server, performs hand shake and reads and writes data. I could not find much in openssl.org and google. If any body has some sample code, it will be great. Thanks, Saleem
Two independent libraries that use openssl
Hi, I use two independent libraries that use openssl. When the first library is initialized it inits locking function (it is set by CRYPTO_set_locking_callback()). After that the second library is initialized and locking function is rewritten by the second library. When my application is shutting down, the second library erases internal data of lock function. After that the first library uses openssl but data of lock function has been erased and my application crashes. Does anybody have any idea how can I fix it? I am not author of these libraries. Thanks, Jiri Uncovsky. Jiri Uncovsky, developer / analyst OptimSys, s.r.o. [EMAIL PROTECTED] Tel: +420 541 143 065 Fax: +420 541 143 066 http://www.optimsys.cz __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
OpenSSL not linking during compilation
When I try and compile OpenSSL via Visual Studio 2005 (using the cl compiler) during the build process it eventually echo's the error Microsoft (R) Program Maintenance Utility Version 8.00.50727.42 Copyright (C) Microsoft Corporation. All rights reserved. Building OpenSSL link /nologo /subsystem:console /opt:ref /dll /out:out32dll\libeay32.dll /def :ms/LIBEAY32.def @C:\DOCUME~1\ggrant\LOCALS~1\Temp\nm5A.tmp Creating library out32dll\libeay32.lib and object out32dll\libeay32.exp cryptlib.obj : error LNK2019: unresolved external symbol _OPENSSL_ia32_cpuid referenc ed in function _OPENSSL_cpuid_setup out32dll\libeay32.dll : fatal error LNK1120: 1 unresolved externals NMAKE : fatal error U1077: 'C:\Program Files\Microsoft Visual Studio 8\VC\BIN\link.E XE' : return code '0x460' Stop. Does anyone know why this is? I've been spending a lot of time on trying to solve this so any help will be greatly appreciated, cheers. -- View this message in context: http://www.nabble.com/OpenSSL-not-linking-during-compilation-tp16396924p16396924.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Issue with newline
Hi all, I'm new to OpenSSL coding and am finding a behaviour that I cannot understand. Using the example code from the man page, when I try to encrypt a single line, it works fine. But if I encrypt something like 123\n\r12345\n\r, then I get a bad decrypt error: bad decrypt 8788:error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt:evp_enc.c:445: The file that the code generated looks correct, as in it's got the correct size. Since block size is 8, and 123\n\r12345\n\r is two blocks long. $ ls -l a -rw-r--r--1 68835 6883516 Apr 1 08:52 a I've attached the code that I used for encryption (no error checkings), can someone tell me why it is behaving the way it is? Thanks, Andrew #include stdio.h #include stdlib.h #include openssl/evp.h int do_crypt(char *outfile, char *intext) { unsigned char outbuf[1024]; int outlen, tmplen; unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; unsigned char iv[] = {1,2,3,4,5,6,7,8}; EVP_CIPHER_CTX ctx; FILE *out; EVP_CIPHER_CTX_init(ctx); EVP_EncryptInit_ex(ctx, EVP_bf_cbc(), NULL, key, iv); if(!EVP_EncryptUpdate(ctx, outbuf, outlen, intext, strlen(intext))) { /* Error */ return 0; } if(!EVP_EncryptFinal_ex(ctx, outbuf + outlen, tmplen)) { /* Error */ return 0; } outlen += tmplen; EVP_CIPHER_CTX_cleanup(ctx); out = fopen(outfile, ab); fwrite(outbuf, 1, outlen, out); fclose(out); return 1; } int main(int argc, char *argv[]) { char *s; s = malloc(80); while(fgets(s, 80, stdin)) do_crypt(/tmp/a, s); return 0; }
OpenSSL compatibility with Vista
Hello, Can you please let me know whether OpenSSL is compatible with Microsoft Vista? Or is there any documentation or online article regarding the same with respect to the compatibility or validation of OpenSSL on Microsoft Vista? Any article w.r.t the same would be really very helpful. Right now, I am using OpenSSL 0.9.6l. We are moving to Microsoft Vista as the operating system and Visual Studio 8. So, will someone kindly let me know whether the same version (OpenSSL 0.9.6l) would work fine for Vista and VS 8. If not, which version of OpenSSL should be used? and whether its compatible with Vista and VS 8? Any information regarding the same would be useful. Thanks in advance, Medini Important notice:This e-mail and any attachment thereto contains corporate proprietary information. If you have received it by mistake, please notify us immediately by reply e-mail and delete this e-mail and its attachments from your system. Thank You.
nodetach and certfile
I use this function with success to sign a message and add a cert file : openssl smime -sign -in message.txt -text -out mail.msg -signer mycert.pem -inkey mykey.pem -certfile othercert.pem But when i try to sign with opaque function nodetach it don't want to add cert file : openssl smime -sign -in message.txt -text -out mail.msg -nodetach -signer mycert.pem -inkey mykey.pem -certfile othercert.pem = no success openssl smime -sign -in message.txt -text -out mail.msg -nodetach -signer mycert.pem -inkey mykey.pem = success Thanks Dr Franck ROUSSIA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL not linking during compilation
Sorted this problem out eventually. Recompiled a fresh copy of the code and it seems to work. The problem may have been caused by the build previously failing (due to incomplete directory paths set in the environment) and causing bad references. If you're having similar problems make sure all the paths are set properly and compile from a fresh build. GGrant wrote: When I try and compile OpenSSL via Visual Studio 2005 (using the cl compiler) during the build process it eventually echo's the error Microsoft (R) Program Maintenance Utility Version 8.00.50727.42 Copyright (C) Microsoft Corporation. All rights reserved. Building OpenSSL link /nologo /subsystem:console /opt:ref /dll /out:out32dll\libeay32.dll /def :ms/LIBEAY32.def @C:\DOCUME~1\ggrant\LOCALS~1\Temp\nm5A.tmp Creating library out32dll\libeay32.lib and object out32dll\libeay32.exp cryptlib.obj : error LNK2019: unresolved external symbol _OPENSSL_ia32_cpuid referenc ed in function _OPENSSL_cpuid_setup out32dll\libeay32.dll : fatal error LNK1120: 1 unresolved externals NMAKE : fatal error U1077: 'C:\Program Files\Microsoft Visual Studio 8\VC\BIN\link.E XE' : return code '0x460' Stop. Does anyone know why this is? I've been spending a lot of time on trying to solve this so any help will be greatly appreciated, cheers. -- View this message in context: http://www.nabble.com/OpenSSL-not-linking-during-compilation-tp16396924p16417396.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
CMS usage with OpenSSl
Hi all/ I am shiva, working on security issues using Openssl Api's. Our requirement is we need to Sign the file, compress the file , encrypt the file as a CMS(crypto graphic message syntax) package. I am able to do the signing, compression, encryption using the OpenSSl Api's in C language. But our requirement is we need to envelope the signed , compressed and encrypted files as a CMS package. Basically we are using RSA_sign EVP_EncryptUpdate RSA_public_encrypt for signing and encryption of the data. But we did not understand how to implement those as a CMS package. I am thinking Implementing the above functions it self implementation of CMS, but I am not sure about it, can you please conform whether I am correct or not ? if I am wrong, is there any functions that I need to implement for the CMS. And one more doubt is does using of openssl Api's will implement the CMS or not ? If all my understating is wrong please let me know what are the implementations for the CMS using the openssl. Please help me in this regard… Thanks in advance
Re: CMS usage with OpenSSl
On Tue, Apr 01, 2008, shankar ks wrote: Hi all/ I am shiva, working on security issues using Openssl Api's. Our requirement is we need to Sign the file, compress the file , encrypt the file as a CMS(crypto graphic message syntax) package. I am able to do the signing, compression, encryption using the OpenSSl Api's in C language. But our requirement is we need to envelope the signed , compressed and encrypted files as a CMS package. Basically we are using RSA_sign EVP_EncryptUpdate RSA_public_encrypt for signing and encryption of the data. But we did not understand how to implement those as a CMS package. I am thinking Implementing the above functions it self implementation of CMS, but I am not sure about it, can you please conform whether I am correct or not ? if I am wrong, is there any functions that I need to implement for the CMS. And one more doubt is does using of openssl Api's will implement the CMS or not ? If all my understating is wrong please let me know what are the implementations for the CMS using the openssl. The functions above have nothing to do with CMS. They just handle raw data. OpenSSL has supported PKCS#7 for some time but not CMS. CMS support is currently under development in HEAD and the API is not currently documented other than the cms utility. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
AW: CMS usage with OpenSSl
Hi, As far as I know OpenSSL does not support CMS in the way you need it. We had to use a self developed library to create a CMS file. The main problem is, that there was no private key for input when creating PKCS#7-files (a.k.a. CMS-files). Parsing this file is possible with OpenSSL. Maybe I'm wrong a someone can tell me the right version, but this is how we did it. Best regards Frank Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von shankar ks Gesendet: Dienstag, 1. April 2008 11:36 An: openssl-users@openssl.org Betreff: CMS usage with OpenSSl Hi all/ I am shiva, working on security issues using Openssl Api's. Our requirement is we need to Sign the file, compress the file , encrypt the file as a CMS(crypto graphic message syntax) package. I am able to do the signing, compression, encryption using the OpenSSl Api's in C language. But our requirement is we need to envelope the signed , compressed and encrypted files as a CMS package. Basically we are using RSA_sign EVP_EncryptUpdate RSA_public_encrypt for signing and encryption of the data. But we did not understand how to implement those as a CMS package. I am thinking Implementing the above functions it self implementation of CMS, but I am not sure about it, can you please conform whether I am correct or not ? if I am wrong, is there any functions that I need to implement for the CMS. And one more doubt is does using of openssl Api's will implement the CMS or not ? If all my understating is wrong please let me know what are the implementations for the CMS using the openssl. Please help me in this regard... Thanks in advance
Re: CMS usage with OpenSSl
Hi Frank, You mean to say there is no pre-defined library API's are available in the Openssl (my understanding is right?). You told that you already did it , So can I know in which language you have done?. and do we need to implement it separatly , or is there any source already avilable in the net?... if so can you please give me some example programs ... and Openssl supports PKCS#7 means it also support the CMS ?.. if that is the case can we use the PKCS#7 for the CMS envelope.. -- Best regrads Shankar On 4/1/08, Wockenfuß, Frank [EMAIL PROTECTED] wrote: Hi, As far as I know OpenSSL does not support CMS in the way you need it. We had to use a self developed library to create a CMS file. The main problem is, that there was no private key for input when creating PKCS#7-files (a.k.a. CMS-files). Parsing this file is possible with OpenSSL. Maybe I'm wrong a someone can tell me the right version, but this is how we did it. Best regards Frank -- *Von:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *Im Auftrag von *shankar ks *Gesendet:* Dienstag, 1. April 2008 11:36 *An:* openssl-users@openssl.org *Betreff:* CMS usage with OpenSSl Hi all/ I am shiva, working on security issues using Openssl Api's. Our requirement is we need to Sign the file, compress the file , encrypt the file as a CMS(crypto graphic message syntax) package. I am able to do the signing, compression, encryption using the OpenSSl Api's in C language. But our requirement is we need to envelope the signed , compressed and encrypted files as a CMS package. Basically we are using RSA_sign EVP_EncryptUpdate RSA_public_encrypt for signing and encryption of the data. But we did not understand how to implement those as a CMS package. I am thinking Implementing the above functions it self implementation of CMS, but I am not sure about it, can you please conform whether I am correct or not ? if I am wrong, is there any functions that I need to implement for the CMS. And one more doubt is does using of openssl Api's will implement the CMS or not ? If all my understating is wrong please let me know what are the implementations for the CMS using the openssl. Please help me in this regard… Thanks in advance
Re: nodetach and certfile
On Tue, Apr 01, 2008, rfx wrote: I use this function with success to sign a message and add a cert file : openssl smime -sign -in message.txt -text -out mail.msg -signer mycert.pem -inkey mykey.pem -certfile othercert.pem But when i try to sign with opaque function nodetach it don't want to add cert file : openssl smime -sign -in message.txt -text -out mail.msg -nodetach -signer mycert.pem -inkey mykey.pem -certfile othercert.pem = no success openssl smime -sign -in message.txt -text -out mail.msg -nodetach -signer mycert.pem -inkey mykey.pem = success What happens? Do you get an error message or do you think it isn't adding the certificates? I've just tried OpenSSL 0.9.8 from CVS and can't see any obvious problems. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: CMS usage with OpenSSl
I haven't used it yet, but the latest CVS source tree at least contains a new CMS API, plus documentation and a 'cms' test tools in ./apps/ You might want to go and have look, because to me at least this looks like the material you're looking for. Cheers, Ger Hi all/ I am shiva, working on security issues using Openssl Api's. Our requirement is we need to Sign the file, compress the file , encrypt the file as a CMS(crypto graphic message syntax) package. I am able to do the signing, compression, encryption using the OpenSSl Api's in C language. But our requirement is we need to envelope the signed , compressed and encrypted files as a CMS package. Basically we are using RSA_sign EVP_EncryptUpdate RSA_public_encrypt for signing and encryption of the data. But we did not understand how to implement those as a CMS package. I am thinking Implementing the above functions it self implementation of CMS, but I am not sure about it, can you please conform whether I am correct or not ? if I am wrong, is there any functions that I need to implement for the CMS. And one more doubt is does using of openssl Api's will implement the CMS or not ? If all my understating is wrong please let me know what are the implementations for the CMS using the openssl. Please help me in this regard… Thanks in advance -- Met vriendelijke groeten / Best regards, Ger Hobbelt -- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: [EMAIL PROTECTED] mobile: +31-6-11 120 978 -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Weird behavior of salt in 64 bits machine.
Hello all. This is my first mail to the list as I'm not any kind of advanced user of openssl. I'm doing my homework about openssl, but this question have nothing to do with it. It's just a doubt that arised while doing it. There is one exercise with the following text: Con el comando “openssl enc” y la siguiente clave AES: 188458A6D15034DFE386F23B61D43774 se puede descifrar cierta información. Podrías decir cual? Using the command openssl enc and the following AES key: 188458A6D15034DFE386F23B61D43774 you can decode some information, could you say what? So I started playing with openssl enc and thought the only thing I could guess was the salt (Surely I'm wrong). So I ran the command with a random IV: openssl enc -aes128 -K 188458A6D15034DFE386F23B61D43774 -iv 1 -P I found that the salt varies as it should on two machines with 32 bit CPU (not my main one): Office's computer (openssl 0.9.8g-4ubuntu2): salt=4075DFB76496F2B7 salt=4045D8B76466EBB7 salt=40C5DAB764E6EDB7 salt=4015DEB76436F1B7 salt=4025DFB76446F2B7 A server I have somewhere else (openssl 0.9.8c-4etch1): salt=50D882BF0C00 salt=B05DD9BF0C00 salt=A0CCC7BF0C00 salt=E0C88BBF0C00 salt=204190BF0C00 But when I run it on my main computer, it always outputs the same salt! This machine is a 64bit CPU, running a 64bits linux distribution (openssl 0.9.8g-4ubuntu2): salt=0004 salt=0004 salt=0004 salt=0004 I've searching the openssl lists and found nothing about this behavior. What can be happening? Is it about the 64 bit versionof openssl? Thanks a lot for your attention. Regards. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Flaw (IMO) in openssl 0.9.8g make install
make install created .../openssl.0.9.8g/include as 744. That means that other non-root build efforts will fail because they can't read the openssl header files. What is worse is that the resulting errors from make may be somewhat misleading. I ran in to this trying to build Apache 2.2.8 with --enable-ssl and --with-ssl=/... and it took me a good while to figure out the problem. Suggestion: openssl make install should create .../openssl.0.9.8g/include with 755 permissions instead of 744 (might be umask related?). Will the openssl developers pick up on this posting to this list? I hope this helps someone else. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: CMS usage with OpenSSl
Hi Stephen, ThanQ for your information. let me conform your information as : CMS is still under development and there is no document or material is available for CMS in OpenSSl . if that is the case is there any thing availble right now for using CMS along with openssl. and what you can suggest me to do what explained in my earlier mail... Does the TLS will support the CMS ? --Best Regards Shankar On 4/1/08, Dr. Stephen Henson [EMAIL PROTECTED] wrote: On Tue, Apr 01, 2008, shankar ks wrote: Hi all/ I am shiva, working on security issues using Openssl Api's. Our requirement is we need to Sign the file, compress the file , encrypt the file as a CMS(crypto graphic message syntax) package. I am able to do the signing, compression, encryption using the OpenSSl Api's in C language. But our requirement is we need to envelope the signed , compressed and encrypted files as a CMS package. Basically we are using RSA_sign EVP_EncryptUpdate RSA_public_encrypt for signing and encryption of the data. But we did not understand how to implement those as a CMS package. I am thinking Implementing the above functions it self implementation of CMS, but I am not sure about it, can you please conform whether I am correct or not ? if I am wrong, is there any functions that I need to implement for the CMS. And one more doubt is does using of openssl Api's will implement the CMS or not ? If all my understating is wrong please let me know what are the implementations for the CMS using the openssl. The functions above have nothing to do with CMS. They just handle raw data. OpenSSL has supported PKCS#7 for some time but not CMS. CMS support is currently under development in HEAD and the API is not currently documented other than the cms utility. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
SHA support
HI, Can SHA be used without compiling in SHA512 support? Are there any caveats with this approach? Thx -- View this message in context: http://www.nabble.com/SHA-support-tp16418445p16418445.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SHA support
Hello, [EMAIL PROTECTED] wrote on 04/01/2008 03:58:31 PM: HI, Can SHA be used without compiling in SHA512 support? Yes, SHA is independent of SHA256/SHA384/SHA512 Are there any caveats with this approach? You will not be able to use SHA256/SHA384/SHA512 algorithms but SSL3/TLS1 will work fine. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
What scenario will cause openssl can't send client hello request?
Hi all, Our program that use openssl can't work normally with 'https' protocol. Then we use ethereal to sniff data on the port 443 and find that client doens't send client hello message to server after it finish tcp handshake. Does anyone known about this? BTW: the openssl lib is fine under another environment. Does anyone have any idea? Any suggestion and help are welcome and greatly appreciated. Thanks. BRs Javen
Re: CMS usage with OpenSSl
On Tue, Apr 01, 2008, shankar ks wrote: Hi Stephen, ThanQ for your information. let me conform your information as : CMS is still under development and there is no document or material is available for CMS in OpenSSl . if that is the case is there any thing availble right now for using CMS along with openssl. and what you can suggest me to do what explained in my earlier mail... It can be used with the command line utility cms. The API is similar to the documented PKCS7 API in many respects. It however isn't at all clear from your description what you want to precisely want to do. Does the TLS will support the CMS ? CMS and TLS are two different things entirely. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: What scenario will cause openssl can't send client hello request?
Hello, [EMAIL PROTECTED] wrote on 04/01/2008 04:57:18 PM: Hi all, Our program that use openssl can't work normally with 'https' protocol. Then we use ethereal to sniff data on the port 443 and find that client doens't send client hello message to server after it finish tcp handshake. Does anyone known about this? BTW: the openssl lib is fine under another environment. Does anyone have any idea? Any suggestion and help are welcome and greatly appreciated. Thanks. You should look at your application log files (OpenSSL library messages). Establishing tcp connection is one thing while initializing OpenSSL library, creating client_hello packet is another. Log files may answer your question. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: nodetach and certfile
Yes, it's my fault ... in fact i use a PKCS11 engine to sign and there is a problem with it. Thank you Dr Franck ROUSSIA Dr. Stephen Henson a écrit : On Tue, Apr 01, 2008, rfx wrote: I use this function with success to sign a message and add a cert file : openssl smime -sign -in message.txt -text -out mail.msg -signer mycert.pem -inkey mykey.pem -certfile othercert.pem But when i try to sign with opaque function nodetach it don't want to add cert file : openssl smime -sign -in message.txt -text -out mail.msg -nodetach -signer mycert.pem -inkey mykey.pem -certfile othercert.pem = no success openssl smime -sign -in message.txt -text -out mail.msg -nodetach -signer mycert.pem -inkey mykey.pem = success What happens? Do you get an error message or do you think it isn't adding the certificates? I've just tried OpenSSL 0.9.8 from CVS and can't see any obvious problems. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SHA support
Thanks Marek, So SHA256/SHA384/SHA512 are not independant of eachother? Embedded wrote: HI, Can SHA be used without compiling in SHA512 support? Are there any caveats with this approach? Thx -- View this message in context: http://www.nabble.com/SHA-support-tp16418445p16420923.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Engines compilation.
-- View this message in context: http://www.nabble.com/Engines-compilation.-tp16421932p16421932.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Engines compilation.
Lets try again... ;) I'm looking into the sources and I don't believe I need the engines or apps libs. Can someone clarify engines (or point me to the proper documentation)? I'm under the impression that it's for HW support. I'm mainly interested in SSL and some crypto algorithms. I presume it's safe enough to just use these libraries in order to get teh SSL/TLS support needed. Thx -- View this message in context: http://www.nabble.com/Engines-compilation.-tp16421932p16421934.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SHA support
Hello, [EMAIL PROTECTED] wrote on 04/01/2008 08:42:45 PM: So SHA256/SHA384/SHA512 are not independant of eachother? Depends. SHA224 uses the same algorithm as SHA256 but with different init constants witch initiates 8 32-bit state variables and output (8 32-bit state variables after transformations) is truncated to 224 bytes. SHA384 uses the same algorithm as SHA512 but with different init constants witch initiates 8 64-bit state variables and output (8 64-bit state variables after transformations) is truncated to 384 bytes. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: What scenario will cause openssl can't send client hello request?
Our program that use openssl can't work normally with 'https' protocol. Then we use ethereal to sniff data on the port 443 and find that client doens't send client hello message to server after it finish tcp handshake. Does anyone known about this? BTW: the openssl lib is fine under another environment. Does anyone have any idea? Any suggestion and help are welcome and greatly appreciated. Thanks. You're asking us to find the bug in a program we can't see. All we can do is guess. FWIW, I once had this exact same problem when I was writing my very first piece of code to implement OpenSSL and BIO pairs. The problem was that nothing triggered by code to send data on the socket. No data had been received on the socket, no data had been sent by the application, so there seemed to be no reason to do anything at all. Your problem may be a deadlock issue where you are waiting for something to happen (on the socket or the application I/O side) and everything else is waiting for you to call some OpenSSL function that will trigger the sending of the client hello. Are you calling into the OpenSSL library? If not, how is the client hello going to get sent?! (Some code has to run in order to send any data.) If so, what function and what is it returning? DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Help: problem with handshaking
OK, I think there might be something wrong with my certificates. So, I tried to follow the document and create all of the certificates. But I am encountering a problem. Can someone tell me if I am doing the right thing. Here is how I create certificates. (attached is my openssl.cnfand all certificate files) 1. generate root certificate and private key. # openssl req -x509 -newkey rsa -out cacert.pem -outform PEM (this will generate root certificate cacert.pem and private key cakey.pem ) 2. generate a certificate request # openssl req -newkey rsa:1024 -keyout testkey.pem -key form PEM -out testreq.pem (this will generate private key testkey.pem and certificate request testreq.pem) 3. Issue a certificate from a certificate request # openssl x509 -req -in testreq.pem -sha1 -extfile /opt/exampleca/openssl.cnf -extensions certificate_extensions -CA cacert.pem -CAkey cakey.pem -CAcreateserial -out clientcert.pem (this will generate a certificate clientcert.pem) 4. generate another certificate request # openssl req -newkey rsa:1024 -keyout testkey2.pem -key form PEM -out testreq2.pem (this will generate private key testkey2.pem and certificate request testreq2.pem) 5. Issue another certificate from a certificate request, testreq2.pem # openssl x509 -req -in testreq2.pem -sha1 -extfile /opt/exampleca/openssl.cnf -extensions certificate_extensions -CA cacert.pem -CAkey cakey.pem -CAcreateserial -out servercert.pem (this will generate a certificate servercert.pem) 6. import cacert.pem, cakey.pem and clientcert.pem to my client CPE (in linux) 7. import root certificate, cacert.pem, to Tomcat server in winXP # keytool -import -alias root -keystore acs.keystore -trustcacerts -file cacert.pem 8. import certificate, servertcert.pem, to Tomcat server in winXP # keytool -import -alias tomcat -keystore acs.keystore -trustcacerts -file servercert.pem My problem is when I do step 8, an error encountered: keytool error: java.security.SignatureException: Signature does not match. Couldn't I create both certificates for client and server in same linux machine? I am confused. Did I do anything wrong? Can anyone help? Thanks in advance. HH On Fri, Mar 28, 2008 at 1:41 AM, jimmy bahuleyan [EMAIL PROTECTED] wrote: 陳秀虹 wrote: Thanks for the explanation. I am having problem with Encrypted Alert. At first I thought it's because the Session ID length 0 is not correct. If this is not the problem, I really can't tell where it went wrong from packets I captured. I searched the web and I think Encrypted Alert means that the alert is being encrypted. Is there any way I can decrypted the alert message? Can someone give me any hint? Attached is the .cap file. Thanks in advance. Here is what I have. from Client : Client Hello from Server: Server Hello, Certificate, Server Hello Done from Client : Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message from Server: Change Cipher Spec from Server: Encrypted Handshake Message from Server: Encrypted Alert From your capture file, - I can see that your server certificate has a few problems (expiry date, name, etc.). Well if your client ignores all this and the key is good then we may progress. - Probably the server is failing in the Client_Pre_Master check, so it maybe using a random value and then eventually failing when verifying the Client Finished message, and sends an alert. So either the client doesn't send a proper pre-master encrypted with server's RSA public key; or you have a problem on the server side. If so, you can check the server logs or better if you can debug server (then you could check what happens in ssl3_get_client_key_exchange()). -jb -- Real computer scientists don't comment their code. The identifiers are so long they can't afford the disk space. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] openssl.cnf Description: Binary data cacert.pem Description: Binary data cakey.pem Description: Binary data clientcert.pem Description: Binary data servercert.pem Description: Binary data
Re: CMS usage with OpenSSl
Hi Stephen, We are developing a secure communication on OFTP(RFC-5024), as per the RFC we need to sign the file, compress the file , encrypt the file. that can be done with the OpenSSl .. ok, Next the consern is : 1)Files that are to be signed are enveloped according to the file enveloping format i.e as a CMS package. 2) Files that are to be copressed are enveloped according to the file enveloping format i.e as a CMS package. 3) Files that are to be encrypted are enveloped according to the file enveloping format i.e as a CMS package. here we are not understand how to implement the CMS package and struck... Best Regards --Shankar On 4/1/08, Dr. Stephen Henson [EMAIL PROTECTED] wrote: On Tue, Apr 01, 2008, shankar ks wrote: Hi Stephen, ThanQ for your information. let me conform your information as : CMS is still under development and there is no document or material is available for CMS in OpenSSl . if that is the case is there any thing availble right now for using CMS along with openssl. and what you can suggest me to do what explained in my earlier mail... It can be used with the command line utility cms. The API is similar to the documented PKCS7 API in many respects. It however isn't at all clear from your description what you want to precisely want to do. Does the TLS will support the CMS ? CMS and TLS are two different things entirely. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
openssl/crypto/cms/
*Hi all,* ** *When i refer to the Openssl CVS, I did not find the file related to* *openssl/crypto/cms/ , * All files in this folder are showing the difference , but not the exact files... where can i get the cms files. and one more thing is i downloaded the OpenSSl kit of 0.9.8f version, but i did not find any files or folders with the specified names in the kit, means there is no folder availble with the name openssl/crypto/cms/... --Best Regards Shankar