).
--
Erwann ABALEA erwann.aba...@keynectis.com
Département RD
KEYNECTIS
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated
that pushes programmers to allocate fixed
size fields in databases, and consider a certificate's serial number
to always fit the size. This is also bad in practice.
--
Erwann ABALEA erwann.aba...@keynectis.com
Département RD
KEYNECTIS
is correct, that's just
because a compliant implementation will ignore the OID used on the
Root. If a non compliant one takes the Root OID in consideration,
then it will fail
--
Erwann ABALEA erwann.aba...@keynectis.com
Département RD
KEYNECTIS
rejected by any correct validator
(human or machine) before going into production. The serial number is
encoded using 4 bytes as its value, it should be 1 byte only.
--
Erwann ABALEA erwann.aba...@keynectis.com
Département RD
KEYNECTIS
modify the source, you can do anything you want.
--
Erwann ABALEA erwann.aba...@keynectis.com
Département RD
KEYNECTIS
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
(and the protocol itself) need to be used differently
than what was done previously.
--
Erwann ABALEA erwann.aba...@keynectis.com
Département RD
KEYNECTIS
__
OpenSSL Project http://www.openssl.org
User Support
at all.
--
Erwann ABALEA erwann.aba...@keynectis.com
Département RD
KEYNECTIS
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Hodie V Id. Aug. MMX, Erwann ABALEA scripsit:
[...]
This is not possible, as the ciphersuites defined by RFC5246 all
use P_SHA256 as the PRF (paragraph 1.2).
In paragraph 5, it is said New cipher suites MUST explicitely specify
a PRF and, in general, SHOULD use the TLS PRF with SHA-256
if recognized.
--
Erwann ABALEA erwann.aba...@keynectis.com
-
When birds fly in the right formation, they need only exert half the
effort. Even in nature, teamwork results in collective laziness.
Demotivators, 2001 calendar
as a
basis. Strange. But they made other mistakes, much bigger ones, so :)
--
Erwann ABALEA erwann.aba...@keynectis.com
Département RD
KEYNECTIS
11-13 rue René Jacques - 92131 Issy les Moulineaux Cedex - France
Tél.: +33 1 55 64 22 07
http://www.keynectis.com
-
What we have here is a failure
phone, to use my
university WiFi account, via http://www.realmb.com/droidCert/ I would
need to install the GTE CyberTrust Root cert, but it is getting
registered as a client cert, not a CA one. If I try to install one
with CA:TRUE, then it's working properly.
--
Erwann ABALEA erwann.aba
).
--
Erwann ABALEA erwann.aba...@keynectis.com
-
I can't be stupid, I completed third grade!
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users
Hodie IV Id. Iun. MMIX, Satish Chandra Kilaru scripsit:
I found relevant information in RFC 3280. I recommend referring to
that RFC for any questions like mine.
http://www.ietf.org/rfc/rfc3280.txt
Switch to RFC5280, which obsoleted RFC3280 more than one year ago.
--
Erwann ABALEA erwann.aba
, and when verifying a signature, you
won't be able to distinguish which private key was used to sign.
In fact, it's exactly the same as copying the private key file without
changing it.
What are you trying to achieve?
--
Erwann ABALEA erwann.aba...@keynectis.com
from B, which may lead to Man in Middle attack.
Please correct me if I am wrong .
The intruder can *not* generate the private key from the public key.
--
Erwann ABALEA erwann.aba...@keynectis.com
__
OpenSSL Project
, including the public exponent (e), use this:
openssl x509 -pubkey -noout -in /home/certificates/MTA/MTA_DEVICE.cert.pem |
openssl rsa -noout -text -pubin
Then, do whatever is necessary to convert this output in something
useful for you.
--
Erwann ABALEA erwann.aba...@keynectis.com
. There will be 7 padding bytes, each one
being 0x07.
--
Erwann ABALEA erwann.aba...@keynectis.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users
been removed in the Corrigendum 1
published in 2007/01. Unfortunately also, it wasn't sufficient (the
sub-CA could place a valid dNSName, and place a CN in the subject with
another value).
--
Erwann ABALEA erwann.aba...@keynectis.com
-
Mammifère : se dit d'un animal à squelette, poilu, qui
handle non ISO8859-1 characters.
--
Erwann ABALEA erwann.aba...@keynectis.com
-
No wanna work. Wanna bang on keyboard.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
at
http://www.itu.int/rec/T-REC-X.509-200508-I/en;.
RFC2459 is waaa obsolete, it has been replaced by RFC3280, and
then by RFC5280. It can't discuss wildcards, since it's an SSL-only
use case. Same goes for the X.509 standard (which is free to download
in PDF format).
--
Erwann ABALEA [EMAIL
:
- either really revoke it, by changing the reason code while keeping
the date
- or completely remove it from the CRL, as you guessed.
If you plan to issue deltaCRLs, you MUST use the removeFromCRL
reason code for such certificates, only for the deltaCRLs.
--
Erwann ABALEA [EMAIL PROTECTED
certificate (a VeriSign one, it seems) to a file, and
checked its signature:
openssl verify -CAfile rootv1.pem rootv1.pem
which replied Ok.
Do you have a better example of a bad certificate?
--
Erwann ABALEA [EMAIL PROTECTED]
-
I can't be stupid, I completed third grade
.509 is free to download from the ITU-T website, as is the whole
X.5xx group of documents, and most of the X.6xx (680 and 690 comes to
mind, for ASN.1 and its encodings). That wasn't the case some
months/years ago.
--
Erwann ABALEA [EMAIL PROTECTED]
-
Keyboard not connected, press F1 to continue
(this term has nothing to do here) a serial number *can* be
negative, if you're looking at the X.509 recommendation. That's surely
not the reason of the problem. Only the RFC (starting with 3280)
states that the serialNumber MUST be a positive integer.
--
Erwann ABALEA [EMAIL PROTECTED]
-
``Do or do
mind, it allows me to write functions with only one exit
point, and group deallocations together. There's no spaghetti
symptom, in C, as a goto must span in the same function.
--
Erwann ABALEA [EMAIL PROTECTED]
-
If you're not part of the solution, there's good money to be made in
prolonging
certificate can be viewed as an ID, and has to map to the
real world the most possible. Being unable to represent the name of a
company or the name of an individual because of a one size fits it
all decision, in an electronic world, is a shame (that's my opinion).
--
Erwann ABALEA [EMAIL PROTECTED
is a little bit overkill,
and the fact that your certificate starting date predates the first X.509
recommendation, the largest RSA key size handled by OpenSSL is 16384
bits:
crypto/rsa.h: #define OPENSSL_RSA_MAX_MODULUS_BITS 16384
You can't even verify your root certificate with OpenSSL.
--
Erwann
the same
DN.
--
Erwann ABALEA [EMAIL PROTECTED]
-
If you never try anything new, you'll miss out on many of life's great
disappointments.
Demotivators, 2002 calendar
__
OpenSSL Project
signed by the same CA.
My guess is that the real name of your CA is the one we can see in the
extension, not the one set in the Issuer field. Could you check it?
--
Erwann ABALEA [EMAIL PROTECTED]
__
OpenSSL Project
.
Do you know of any utilities I can get/buy to do this?
Instead of reinventing the wheel, why haven't you started with the
xmlsec library? It can use OpenSSL, if you need it.
--
Erwann ABALEA [EMAIL PROTECTED]
-
When uncertain, or in doubt, run in circles and scream
the SSL_library_init() problem, this function should do what is
necessary, and an additional *init* function shouldn't be required.
--
Erwann ABALEA [EMAIL PROTECTED]
__
OpenSSL Project http
.
--
Erwann ABALEA [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL
, and ASN1_GENERALIZEDTIME entities, maybe using
(struct tm) types whenever possible (that way, you'll have a much
larger margin),
- modify the command-line tool to make use of these functions,
instead of relying on arithmetic with time_t types.
--
Erwann ABALEA [EMAIL PROTECTED
. That's the whole
purpose of
a certificate -- to associate a name with a particular key.
--
Erwann ABALEA [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
in 1997 (X.509v3) by the subjectKeyIdentifier
extension.
The subjectUniqueIdentifier and subjectKeyIdentifier are really meant
to be unique by themselves (wether it's truely unique or not is left
to the implementor), but the serialNumber is not unique alone, by
definition.
--
Erwann ABALEA [EMAIL
certificates):
serialNumber is an integer assigned by the CA to each certificate. The
value of serialNumber must be unique for each certificate issued by a given
CA (i.e., the issuer name and serial number identify a unique certificate).
--
Erwann ABALEA [EMAIL PROTECTED
exists to make it random from the outside, and still
make sure each serial number is unique among a CA.
--
Erwann ABALEA [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing
with the rest,
but you should now go a little farther.
--
Erwann ABALEA [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
your OCSP responder attacked?
--
Erwann ABALEA [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List
for that volume).
Not OpenSSL.
--
Erwann ABALEA [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List
::= SEQUENCE
{
version[0] EXPLICIT INTEGER { v1(0) } DEFAULT v1,
Here, the version is told to be OPTIONAL. As per the ASN.1 standard,
DEFAULT implies OPTIONAL.
--
Erwann ABALEA [EMAIL PROTECTED]
__
OpenSSL Project
usually create CRLs that are valid for several days, and update them
on a daily basis. For each CA you have, specify somewhere in your
application the retrieval period, and make sure the period is no
longer than the validity period of the CRL (don't less the 'next
update' happen to be today).
--
Erwann
() (that's normal), and eventually it'll return back
to me. Using blocking BIOs is not an option:
- I can't control the timeouts
- BIO_set_nbio() should be called before connecting (as per the
manpage)
--
Erwann ABALEA [EMAIL PROTECTED
Bonjour,
Hodie XV Kal. Apr. MMV est, François NOEL scripsit:
Hi everybody, I'm a french student and i would like to know how can I
generate a privete RSA key with a password ? ps : with openSSL command line
openssl genrsa --help
--
Erwann ABALEA [EMAIL PROTECTED
Bonjour,
Hodie pr. Id. Mar. MMV est, [EMAIL PROTECTED] scripsit:
[EMAIL PROTECTED] ~/Projekte/SSL
$ gcc -lcrypto -lssl -Wall foo.c -o foo
gcc -Wall -o foo foo.c -lcrypto -lssl
The order is important.
--
Erwann ABALEA [EMAIL PROTECTED
as a choosed message.
--
Erwann ABALEA [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
to check the revocation status of any certificate
(OCSP for example). That means an additional extension can be added to
all certificates (but the Root).
--
Erwann ABALEA [EMAIL PROTECTED]
__
OpenSSL Project
the thread, but digitalSignature is useless
for a cert and crl signing CA.
--
Erwann ABALEA [EMAIL PROTECTED] is now keynectis}.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
, for example.
--
Erwann ABALEA [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
, and it will
be correctly allocated for you.
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
``Average programmers should be rounded up and placed in internment
camps to keep them away from keyboards.''
Well known Linux personage
written to httpd
dgianndrea collect2: ld returned 1 exit status
dgianndrea make[2]: *** [target_static] Error 1
[...]
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
``Do or do not. There is no try.
Yoda
or privileged
information. If
you are not the intended recipient, please notify the sender at Wipro or [EMAIL
PROTECTED] immediately
and destroy all copies of this message and any attachments.
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
moi je veux bien lire les FAQ
Bonjour,
On Thu, 3 Jun 2004, Dr. Stephen Henson wrote:
On Thu, Jun 03, 2004, Erwann Abalea wrote:
I was looking at the RFC3739 for Qualified Certificates and the changes
with the RFC3039, and noticed (among other things) that the example
certificate changed.
What makes you think it has
Repost, it seems my contributions to openssl-* are redirected to
/dev/null...
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
moi je veux bien lire les FAQ, mais c'est pareil, je sait pas ou
elle sont...
Ne faudrait il pas faire une FAQ qui dit ou sont les FAQs ?
-+- M.D
the right certificate for serverca. The certificate for serverca can
be identified by the issuer name of serverca (that is, rootca), and the
serial number of serverca (which is unique among all the certificates
signed by rootca).
OpenSSL is right.
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID
On Wed, 20 Nov 2002, Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on
Wed, 20 Nov 2002 13:51:58 +0100 (CET), Erwann ABALEA [EMAIL PROTECTED] said:
eabalea To explain it easily, the authorityKeyIdentifier of servercert is here to
eabalea find the right certificate
On Wed, 20 Nov 2002, Gerd Schering wrote:
Erwann ABALEA wrote:
To explain it easily, the authorityKeyIdentifier of servercert is here to
find the right certificate for serverca. The certificate for serverca can
be identified by the issuer name of serverca (that is, rootca
System.
So nothing from the excellent www.sunfreeware.com website can be used on
such a system. ;)
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
``Do or do not. There is no try.
Yoda
given in the error messages:
http://www.openssl.org/support/faq.html
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
Un forum peut répondre à plusieurs besoins à la fois
Ici, le groupe des débutants dépasse en nombre le groupe des utilisateur
middle-class ce qui provoque
to ~/.rnd, but it will be easily usable only to
one particular user, while the others will have to use the -rand ...
equivalent
- set the random pool to the default, and set the RANDFILE environment
variable so that it points to the good pool
One of these things should work...
--
Erwann
, or acceptable practice?
How is that localKeyID calculated? Is it a hash of the public key? If yes,
then this sounds an acceptable practice, if you really *need* to keep
separate PKCS#12 files, which is uncommon.
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
Alors, remettons
On Thu, 25 Jul 2002, Ken Hoo wrote:
What happened to the rsaref directory in the 097 beta 2 version?
RSAREF is no more needed in the US, so you can safely ignore anything
about RSAREF.
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
Expliquez-moi, car je ne comprends
you
display it.
Please note that the digest is *not* a character string, it's an array or
chars, with no terminal zero, but with a constant and known length
(BUFSIZE).
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
- Bientot== Une rubrique membre avec photos
- Bientot== Un
than 128 bits, which is a ridiculous size. But the idea of
encrypting data with an RSA key is just a little bit less ridiculous.
A symetric key is not considered data in the common case, so you can
protect symetric keys with very large RSA keys, if you want.
--
Erwann ABALEA [EMAIL PROTECTED] - RSA
.
If you need some pricing, you can contact us (www.certplus.com), but this
solution is too expensive for a private use.
You can create your own private CA using OpenSSL command line tools.
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
Ça fait 5 jours que je pose des
for something that doesn't even concern OpenSSL?
Please think next time.
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
et sinon, quand on s'interesse a un media que l'on ne maitrise pas,
on essaye de le comprendre d'abord.
(Suivi par l'intégralité du message initial de 45 lignes
system.
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
moi je veux bien lire les FAQ, mais c'est pareil, je sait pas ou
elle sont...
Ne faudrait il pas faire une FAQ qui dit ou sont les FAQs ?
-+- M.D. in Guide du Neuneu Usenet : Oû sont les FQ
, and works perfectly on a very wide
platform range.
On Tue, 2002-05-14 at 08:51, Erwann ABALEA wrote:
On Tue, 14 May 2002, Franck Martin wrote:
+AD4 I can tell you, now it works...
+AD4
+AD4 What about your configurastion?
+AFs-snip+AF0
Why are you testing your stuff
to renew it. What else
would you like to renew?
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
``Do you want protocols that look nice or protocols that work nice?''
Mike Padlipsky, internet architect
Can you tell me what to do next ??
Since you're root, you can get the job done by creating a symbolic link of
your perl binary right into the /usr/local/bin directory. A quick hack
that is easier to do than modifying all the OpenSSL perl scripts.
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key
on
talking SSL with the server...
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
FB Ollivier, BOUM?
Fait.
-+- Roberto in GNU : Boum, quand notre Kontrol fait Boum -+-
__
OpenSSL Project
On 18 Apr 2002, Eric Rescorla wrote:
Erwann ABALEA [EMAIL PROTECTED] writes:
No. The client normally performs the verification of the challenge signed
by the server. But it can eventually skip this verification, and go on
talking SSL with the server...
No, this is incorrect most
if this is a duplicate.
I am wondering why the file size grows by 8 bytes when doing
openssl des-ecb -nosalt -in infile -out outfile -K $Key -iv 0 -p
What is in those 8 extra bytes? Is this a bug or a feature?
Best regards,
Jukka Alve
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID
direction would be appreciated,
Just look at the apps/rsa.c file, that could be interesting for you.
ot
Hello from a happy Chrysalis cards user! (VeriSign affiliate)
/ot
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
Connaîtriez-vous une adresse oû télécharger un mail
to encode PKCS8 keys but can't use this
class for keys generated with genrsa.
The output of 'openssl genrsa' is a PKCS#1 format file. You can later
convert it to PKCS#8 format with the 'openssl pkcs8' command.
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
No single raindrop
with crypto...
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
DM J'arrive seulement sur ce groupe de discussion .Que faut il faire ?
Rien, il n'y a absolument rien d'autres à faire que taper son message en
répondant au groupe, ou pourquoi pas un nouveau message. Rien d'autres
-+- E
On Wed, 27 Feb 2002, Michael Sierchio wrote:
Erwann ABALEA wrote:
On Wed, 27 Feb 2002 [EMAIL PROTECTED] wrote:
I have a quick question about encrypting with private key
That's what we call a signature, and even if it is possible to encrypt
data with whichever key you want, it's
On Thu, 14 Feb 2002, Dr S N Henson wrote:
Erwann ABALEA wrote:
Hi,
I'm facing a problem I can't manage to solve.
I need to create a structure like this one:
signed PKCS#7 {
signer certificate
authenticated attributes
content: enveloped PKCS#7 {
recipient
On Wed, 13 Feb 2002, Michael Sierchio wrote:
Erwann ABALEA wrote:
I'm facing a problem I can't manage to solve.
You don't *want* to do this. The correct approach is to envelope
signed data. See the RSALABS web page for a discussion of this.
Yes I *need* to do this, even if I don't
suspect it won't work at all, since the outter BIO sees cleartext data,
where it should have seen only ciphered data.
What is the correct way to do this? Was I correct but with something
important missing? (it must be huge, huge things are the ones you usually
forget ;) ).
Thanks,
--
Erwann
.
--
Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5
-
Excusez-moi pour ce message perso mais y'a urgence.
Régis X de Chambéry et Thierry Y de Strasbourg sont priés de prendre
contact avec le Bureau de LUCCAS par mail.
-+- In : GNU - Le bonheur c'est simple comme un coup de fil
On Thu, 24 Jan 2002, Krishnaswamy R. wrote:
Thanks a lot for the information. I checked out www.openssl.org.
It mentions OpenSSL 0.9.6c (21-Dec-2001) as the latest release.
Any idea when OpenSSL 0.9.7 is scheduled to be released?
No more than one day after it will be ready...
--
Erwann
Jan 2002, Erwann ABALEA wrote:
On Thu, 10 Jan 2002, Carlos mario Ospina Anzola wrote:
Anybody knows if openssl is FIPS 140-2 compliant?
I want to use it at work, but the law request a cryptographic module
that
should be FIPS 140-2 compliant.
OpenSSL is free software
,
someone has to pay a lot of $$.
So no, OpenSSL is not FIPS xxx-yyy compliant, whatever xxx and yyy are.
You can pay to let OpenSSL go through the process of FIPS validation, if
you want...
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
-
``The value of a technical conversation
to avoid someone getting
access to your PC. In some cases, the weakest link is the user itself, who
doesn't understand what it does...
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
-
(A)bort, (R)etry, (S)mack the @#$*! thing
to him or not).
You should provide a special link to let the user install the CA. The CA
certificate is a special one: the trust of all the chain is based on it.
So it *must* be treated differently. Unfortunately, this cannot be
automatized, you have to manually deploy it.
--
Erwann ABALEA
feature of SubjectAlternateName, but as far as I know,
this is not widely supported by client software (read this last statement:
I don't know of any client software supporting it).
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
-
Looking at Sun man pages versus Linux man
the value of the number.
If you thought you could perform a byte by byte comparison to test the
serial numbers, you're wrong. Remember that serial numbers are in fact
integers, not binary blobs. You have to perform an arithmetic comparison.
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID
in a 4k or 8k
smartcard).
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
-
If at first you don't succeed; Blame everyone else
__
OpenSSL Project http://www.openssl.org
User
clearly belongs to the user world, and I (personaly)
don't see the point in putting it into the kernel. Or maybe we should
put Kerberos, PAM, Nessus, and other security tools into the kernel?
No, thanks.
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
-
Stupidity has no limits
]
Automated List Manager [EMAIL PROTECTED]
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
-
That's not a bug, that's a feature.
__
OpenSSL Project http
Not After : Sep 13 09:57:24 2006 GMT
and immediately after signing:
Fri Sep 14 10:58:32 BST 2001
I don't know what timezone BST is, but if I were you, I'd look at this
first (the timeshift between BST and GMT).
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
-2
The last one on the first page is also interesting:
http://grifter.hektik.org/Crypto/DESCRYPT.TXT
It was posted 11 years ago.
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
-
Time never started at all. Chaos never died. The Empire was
never founded. We are not now never
-encrypt
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
-
Architect: Someone who knows the difference between that which could
be done and that which should be done.
Larry McVoy
laws of the US, since the US
have nothing to do with OpenSSL... If you can legally use 128bits ciphers
in China, then you can do it with OpenSSL.
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
-
OK to continue? Yes No Maybe
result?
I think that the RSA key generated by your smartcard is really a 1023 bits
one. That means that one of the 2 random primes used to compose the
modulus is not 512 bits long, but 511 bits.
There's nothing OpenSSL can do for this. Call your smartcard vendor to get
more info.
--
Erwann ABALEA
no bug, the leading 00 just indicates that the number is a
positive one...
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
-
Think carefully before wishing, it might just come true.
__
OpenSSL Project
2001, Evan Cross wrote:
How do I view the contents of a CRL? I need to be able to
see what certificates have been revoked.
Evan
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
-
Never underestimate the power of human stupidity
On Mon, 22 Jan 2001, Arnaud De Timmerman wrote:
All,
I've read that 3 types of certificates exist. From "class 1" to "class
3" (the
higher the safer). How could I find, in a certificate created thanks to
openssl,
the number of the class it belongs to ?
Many thanks.
:
I'd like to know the date format used in the index.txt? It seems it's
milliseconds since 1/1/1970, but i always get a date dated back to 1970.
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
--
When uncertain, or in doubt, run in circles and scream
201 - 300 of 332 matches
Mail list logo