]
Automated List Manager [EMAIL PROTECTED]
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
--
What we have here is a failure to communicate.
__
OpenSSL Project
ng a PKCS#11 handler isn't enough. I use several PKCS#11 compliant
tokens, and I often need to write some extra code to be able to use
them. There's 2 versions of the PKCS#11, and even 2 sub-versions of
PKCS#11v1. Each token can have it's own set of extra functions, object
attributes, limitations, ..
http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
--
Computers can
er
if he's knowledgeable enough to accept the risks of accepting something
that could be potentially insecure... ;-)
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
--
I can't be stupid, I completed third grade!
.
Erwann ABALEA wrote:
On Tue, 19 Dec 2000, Thomas Nichols wrote:
The best method is to not have the SSL certificate and key on the server to
begin with. I use a non-ip based ssl accelerator.
This not a protection against this attack.
This attack doesn't steal the private key
On 19 Dec 2000, Eric Rescorla wrote:
Erwann ABALEA [EMAIL PROTECTED] writes:
Software could be written to help solve this problem, for example to not
allow any connection from untrusted host, instead of asking the customer
if he's knowledgeable enough to accept the risks of accepting
.
There's no other route to take. Even if what you suggest would be attempted, or even
possible, the user's browser would get the correct certificate, albeit a second cert.
Erwann ABALEA wrote:
No. A MITM attack can also occur even if you're using a crypto
accelerator. The only way
: Tuesday, December 19, 2000 1:56 PM
To: [EMAIL PROTECTED]
Subject:Re: Kurt Seifred's article on securityportal
Also, there is no crypto-board.
Erwann ABALEA wrote:
No. A MITM attack can also occur even if you're using a crypto
accelerator. The only way this attack cannot
EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
__
OpenSSL Project htt
X.208 is ASN.1, X.209 is DER and others
You can buy them at the ITU-T web site (www.itu.ch or www.itu.int)
On Wed, 5 Jul 2000, Ѧΰ wrote:
Hi all,who can tell me about DER? Which recommendation was it defined in?
[EMAIL PROTECTED]
--
Erwann ABALEA
System and Development
.
There shouldn't be any output impact on choosing 40 vs 128 bits In
fact, a 40 bits key is really a 128 bits key with only 40 of them
secret the 88 other ones are known...
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5
Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID
Gateways...
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
hould have
something better that handles multiple lookups. E.g. an index file which
will work on all platforms and GDBM on platforms that support it. Not in
0.9.5 though...
Steve.
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID:
... I didn't find the macro/function to do it... Unfortunately, my
definition doesn't handle encrypted keys...
On Fri, 10 Dec 1999, Dr Stephen Henson wrote:
Erwann ABALEA wrote:
I found how to do that
pkcs8privkeyinfo=(PKCS8_PRIV_KEY_INFO *)PEM_ASN1_read_bio((char
On Mon, 13 Dec 1999, Dr Stephen Henson wrote:
Erwann ABALEA wrote:
Could I suggest to add this in the default .h files?:
#define d2i_PrivateKey_bio(bp,x) (EVP_PKEY *)ASN1_d2i_bio(\
(char *(*)())EVP_PKEY_new, (char *(*)())d2i_PrivateKey, bp, \
(unsigned char **)x
,
and the result is the same...
Any idea?
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
__
OpenSSL Project http://www.openssl.org
1999, Erwann ABALEA wrote:
Hello,
Is there a way to read PKCS#8 keys? I need to generate RSA private keys in
software and store them as PKCS#8, and then later use them, but I can't
find the function I need to read back my pkey...
To store my pkey, I use PEM_write_bio_PKCS8PrivateKey(out
server, please? ;-)
Just take a "classic" IMAP server, and place an stunnel in front of
it... It works perfectly...
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID:
.
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL
have noted, an application/x-x509-user-cert is
not the same thing as a PKCS#12 object...
Using Netscape, there's no way to do what you want.
I know that it's possible with MSIE4 (certainly using that xenroll3.dll).
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA
uniqueID attribute is supported OK by OpenSSL. Besides, if x509_NAME_oneline()
encounters an unknown attribute, it simply prints the OID - as it should.)
Is uniqueIdentifier allowed in a DistinguishedName?
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA
he problem...
Please note that I live in Paris, which is GMT+1... I think there's a lot
of products unable to deal with TimeZones...
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID:
through fine. If the certificates are not
protected, everything works fine.
Maybe it takes too much time to enter your password? ;-)
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5
But if you use a block bigger than the key size, you won't be able to
decrypt and retrieve the original message
In fact, the data you want to encrypt, when expressed as a bigint, MUST be
at most equal to the modulus-1 if you want to decrypt the data...
--
Erwann ABALEA
System and Development
Or your VC++6.0 is the problem?
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
__
OpenSSL Project http://www.openssl.org
User Suppo
the INSTALL.W32 file...
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
) or OpenSSL,
however I'm unable to get them compiled in djgpp under MSDOS (Linux
version works fine).
Did anybody succeeded to compile it with djgpp?
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5
On Tue, 9 Mar 1999, Wade L. Scholine wrote:
Erwann ABALEA writes:
On Thu, 4 Mar 1999, Wade L. Scholine wrote:
What does NS mean by 'Personal Certificate' in this
context? I would have
thought that the Entrust and Verisign samples would qualify.
Your server has a list
/$user.der
Any Idea...
I think you're using the export version of MSIE4 It cannot accept
1024bits keys.
Apart from this, I've heard of a few things that need to be present in the
X509v3 extensions of the certificate for it to be accepted by MSIE4, but I
don't remember what...
--
Erwann ABALEA
something to run with Windows, you'd better have a Visual C++ (you
can compile the stuff with another compiler, I did it with Borland C++
Builder, but it's a real pain...).
And finally, you need to have a project in mind... Something you want to
create or adapt...
--
Erwann ABALEA
System
from OpenSSL, it works perfectly.
What I'd like to try is the PKCS#11 stuff with these smartcards (there's a
PKCS#11 module for Netscape browsers).
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
Telephone: +33 1 34 38 29 50
301 - 332 of 332 matches
Mail list logo