Hi ALL,
I have a question ? can we have one public key and two private keys.
Thanks and regards
naveen
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenss
Thanks for the answer. The API is not very specific about this operation.
Please see inline comment.
2009/5/18
> > Hello,
> >
> > Does anybody has any experience with generating a certificate from a
> > certificate request, by signing it with an nCipher HSM (the CA key being
> > stored on the HS
Hi All,
I'm having a bit of an issue with OpenSSL and "blank" shells. This is
kind of a cross-product issue, but I'll do my best to describe.
Basically, I'm working with a product called RealBasic. It has a
SHELL class that allows direct access to the local system's shell
(whether it be
You mean that client should do the encryption??
On 5/19/09, Neetu Agrawal wrote:
> Thanks for suggestion but may be i didnt put my query in right way . I want
> that client initiate the request and server listen the request but the
> roles of server and client get exchanged during the key genrat
On Tue, May 19, 2009 at 09:44:23AM +0530, Neetu Agrawal wrote:
> Thanks for suggestion but may be i didnt put my query in right way . I want
> that client initiate the request and server listen the request but the
> roles of server and client get exchanged during the key genration to
> offload th
Thanks for suggestion but may be i didnt put my query in right way . I want
that client initiate the request and server listen the request but the
roles of server and client get exchanged during the key genration to
offload the server from key decryption operation.
On Mon, May 18, 2009 at 11:23 PM
Joao Tavora wrote:
> Certainly! I never said it did. TCP ensures delivery to the host,
> not the application. But it does ensure it up to the host, or if
> that cant be achieved the peer host is appropriately notified.
Right, none of which has any application-level consequences. These are all
in
David,
I think we're drifting a little bit from my original question here. I
certainlly don't mean to imply that there's anything wrong with SSL or
the OpenSSL's implementation, I just want to discover if it does what
I want.
TCP specifically does *not* communicate ACKs up to the applic
* Victor Duchovni wrote on Mon, May 18, 2009 at 13:53 -0400:
> On Mon, May 18, 2009 at 10:24:55AM -0700, Kyle Hamilton wrote:
> > 'reverse SSL'?
> >
> In other words, the TCP initiator and passive listener are not
> necessarily also the SSL client and server respectively.
I think stunnel already
On Mon, May 18, 2009, Kyle Hamilton wrote:
>
> Both of which are described as "hard problems". It's not known
> whether they qualify as NP-complete, but they definitely qualify as
> NP-hard (NP meaning 'nonpolynomial time', or 'the amount of time
> required to do it is logarithmic with how much
On Mon, May 18, 2009 at 10:24:55AM -0700, Kyle Hamilton wrote:
> 'reverse SSL'?
>
> You get the OpenSSL source code from http://www.openssl.org/source/ .
> You can 'exchange' the role of client and server by having the client
> connect a TCP session to the listener and then passing that descripto
'reverse SSL'?
You get the OpenSSL source code from http://www.openssl.org/source/ .
You can 'exchange' the role of client and server by having the client
connect a TCP session to the listener and then passing that descriptor
to a properly-setup SSL context with SSL_server_method, and the
listener
This is an Apache Tomcat question, not an OpenSSL question. Please
direct your request to the appropriate Apache support group. (I will
note that it'll be easier for them to diagnose it if you tell them the
exact error message you're getting, instead of simply saying "it
doesn't work".)
-Kyle H
2009/5/18 Nikos Balkanas :
> It would require a lot of effort, but a transparent proxy, can rewrite IP
> source headers, sequence numbers, ACKs and if it has followed all algos and
> key exchanges, even regenerate those. HMAC is nothing more than a glorified
> CRC encoded with some secret exchanged
On Mon, May 18, 2009 at 6:26 PM, David Schwartz wrote:
[...]
Whoops. I was writing my response while David's made it already
across. His is shorter and saying exactly the same.
ACKs are not important. There's message, there's stream and the
security breach. The latter does not happen due to any
On Sun, May 17, 2009 at 8:22 PM, João Távora wrote:
> Maybe I didn't really fully explain myself, the problem is not really
> ensuring secrecy and integrity, it's ensuring delivery.
[...]
> In this case the attacker would have tampered with the delivery assurance of
> TCP but none of the sides wou
> Hello,
>
> Does anybody has any experience with generating a certificate from a
> certificate request, by signing it with an nCipher HSM (the CA key being
> stored on the HSM), through the nCore API?
> I am specifically interested by the actual data stream that I need to
> provide to the HSM for
João wrote:
> > TCP does not provide "delivery assurance". If the application needs
> > to know
> > the data got through, it must use application-level
> > ackwowledgements. SSL
> > does not change this and provides the same set of guarantees and
> > assurances
> > TCP does.
> I'm sorry to disag
Hi ,
I am getting problem in configuring ssl on tomcat 5.5
I genrated private key and certificate using openssl then i copied these in
top directory of tomcat. And enable the 8443 connector in server.xml file in
following way
But its not working . suggest me where i m making an error
* Nikos Balkanas wrote on Mon, May 18, 2009 at 15:29 +0300:
> Wikipedia is right in principle, but doesn't cover the case of TCP
> hijacking.
I think this is out of scope,
TCP is said to be reliable, not neccesarily secure.
oki,
Steffen
--[ end of message ]-
Wikipedia is right in principle, but doesn't cover the case of TCP
hijacking. By reliable delivery guarantee, it means the transport layer,
once the data has left the application layer (i.e when is placed on the
wire). Of course no guarantees are offerred for the application layer, where
the ap
Hi everyone
I just start to work on openssl using command window utility . I want to
work on Reverse SSL where the roles of client and server will be exchanged .
I wanna know how to get openssl source code as well as how can i modifiy the
code so that now server encrypt the key and client decrypt t
-
> What this article says is this: if you *received* data from TCP
> connection it will be "without duplication or losing data". It doesn't
> say: if you *send* data it will be received correctly by other host.
> It's impossible to garantee.
>
> --
> Andrey Koltsov
With TCP you basically don't k
Hello,
Does anybody has any experience with generating a certificate from a
certificate request, by signing it with an nCipher HSM (the CA key being
stored on the HSM), through the nCore API?
I am specifically interested by the actual data stream that I need to
provide to the HSM for it to sign.
T
On 2009.05.15 at 21:16:12 +0200, Lasse Kliemann wrote:
> Ok. There is another thing that I do not understand. The output
> of 'openssl smime -verify ...' is rather sparse in case that
> verification is successful. How can I know which certificate was
> responsible? I cannot see why verification w
25 matches
Mail list logo