> From: owner-openssl-us...@openssl.org On Behalf Of Erwann Abalea
> Sent: Monday, 06 August, 2012 08:06
> The given certificate is correctly self-signed, you can
> manually check
> it by extracting the signature block and playing with "openssl rsautl
> ...", "dd ... | openssl dgst -sha1", etc.
Thanks all,
I don't know if there is any document file or any material saying what
"additional requirements" are not in OpenSSL 1.01 for now?
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: 2012年8月
On Mon, Aug 06, 2012, Jakob Bohm wrote:
>
> Much (maybe all, I don't know) of suite B is probable in OpenSSL
> 1.0.1 too, but I don't have an algorithm by algorithm breakdown
> of inclusion status, others on this list probably have such a
> list.
>
All the required suite B algorithms are suppor
Thanks for the comment. I am searching on the net to find a sample to start. Do
you know any sample to start working with EVP_* interfaces for elliptic curve?
Thanks
From: Erwann Abalea
To: openssl-users@openssl.org
Cc: Mohammad khodaei
Sent: Monday, August
On 8/6/2012 2:25 PM, Bruce (Riji) Cai wrote:
Hi all,
I want to ask, is openssl supporting NSA suite B crypto? If yes, what
version of openssl contains it, does any compiling option for it?
Among the requirement, aes-gcm is one of the algorithms , is the file
ec_curve.c mapping to gcm?
Thanks
Use the EVP_* interface for high-level functions.
Use ECDSA_do_sign() or other low-level functions if you're absolutely
sure about what you're doing.
--
Erwann ABALEA
Le 06/08/2012 14:31, Mohammad khodaei a écrit :
Yes, it's correct.
Now I try to feed the ECDSA_do_sign with the output buffer
Hi Steve,
Thanks, that certainly corrected it. I guess I'm perplexed as to why using
ecgroup = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
would not automatically set that flag since I'm explicitly giving the curve
name already?
Thanks,
Erik
Eri
Hi all,
I want to ask, is openssl supporting NSA suite B crypto? If yes, what version
of openssl contains it, does any compiling option for it?
Among the requirement, aes-gcm is one of the algorithms , is the file
ec_curve.c mapping to gcm?
Thanks
Yes, it's correct.
Now I try to feed the ECDSA_do_sign with the output buffer of SHA256. Based on
my security knowledge, I thought that the signing algorithms perform hashing
internally, while in this case it is not true.
Thanks for the response.
From: Erwa
Bonjour,
Which part of the examples did you mimic?
32 bytes is the length of a SHA256, it's also the max message length of
a 256bits ECDSA key. Whence, I assume you're doing straight
ECDSA_do_sign() without hashing and padding the message.
--
Erwann ABALEA
-
paléogallicisme: style "vieill
Bonjour,
The given certificate is correctly self-signed, you can manually check
it by extracting the signature block and playing with "openssl rsautl
...", "dd ... | openssl dgst -sha1", etc.
It fails the validation path check probably because it's not declared as
a CA. There's some ongoing
Hi list,
I'm quite puzzled and hope somebody can help me. I'm handling a large
number of certificates and for generating testcases for the software I
employ, I wrote a small script that downloaded web server certificates
en bulk and then processed them, to check for irregularities.
My software ba
Hi Steve! What exactly does not work for you?
On Sat, 2012-08-04 at 19:58 -0700, Steven Madwin wrote:
> Has anyone been able to get OCSP working with version 1.0 or later? It works
> for me with version 0.9, but not 1.0.1c. I did see where someone suggested
> using an IPv6 style port address (i.e.
13 matches
Mail list logo