X509 certificate algorithm

I call these: d2i_X509() X509_print_fp() which calls pkey_set_type() EVP_PKEY_asn1_find() and that call fails. I've traced the following error down to the rsaOAEP algorithm, which has a nid of 919. I've included both the openssl and dumpasn1 dump of the X509

Re: asn1 parsing tutorial

: . . . . . . D7 . 504 3: . . . . . INTEGER 65537 : . . . . . } : . . . . } : . . . } -- Ken Goldman kgold...@us.ibm.com 914-945-2415 (862-2415) From: Peter Sylvester peter.sylves...@edelweb.fr To: Cc: Kenneth Goldman/Watson/IBM@IBMUS Date: 09/05/2012

Parsing X509 certificate subjectAltName

I'm 90% deep into parsing an X509 certificate, but I can't find sample code for the last piece. I found the extension, and located the ASN1_OBJECT with nid 85, OID 2.5.29.17, the subjectAltName. From the dumpasn output, I see that this is an octet string of a sequence, etc. I have to pull

Re: Parsing X509 certificate subjectAltName

If I shouldn't use GEN_IPADD, what should I use? The goal is to extract the text value associated with several OIDs. dumpasn1 says the values are PrintableString. -- Ken Goldman kgold...@us.ibm.com 914-945-2415 (862-2415) From: Dr. Stephen Henson st...@openssl.org To:

Re: openssl RSA_sign() and Java verify how

I'd suggest as a next step to see if you're using the same public key for both the Java and openssl verify. After that, the next step would be, in Java, to do a raw public key operation and examine the result. That will tell you whether it's the public key, the padding, the OID, or the hash

Re: What does RSA_public_encrypt use for hash and mgf

The documentation says: RSA_PKCS1_OAEP_PADDING EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty encoding parameter. This mode is recommended for all new applications. -- Ken Goldman kgold...@us.ibm.com 914-945-2415 (862-2415) From: Dereck Hurtubise

Re: RSA_public_decrypt error

[EMAIL PROTECTED] wrote on 02/11/2008 10:22:00 AM: I'm not that good in OpenSSL. How do I create a RSA file if I only have a modulus and exponent. Programmatically I have set the 2 values with BN_bin2bn(), but how do I save this to a file? I use PEM_write_RSAPublicKey() It's interesting that

Re: OPENSSL_Uplink(00509010,07): no OPENSSL_Applink

http://www.openssl.org/docs/crypto/OPENSSL_Applink.html -- Ken Goldman [EMAIL PROTECTED] 914-784-7646 (863-7646) [EMAIL PROTECTED] wrote on 02/16/2008 03:17:10 PM: hello, I use the functions: r=RSA_generate_key(bits,e,NULL,NULL) oFile = fopen(MyKey.txt,w); if (oFile!=0) {

X509 certificates through API

Is there sample code anywhere for how to construct X509 certificates programmatically, through the API, not the command line? The documentation includes the serialization API's, but? little else. I assume, since it can be done from the command line, that the code exists and is just not

Failing to read password protected pem file

I'm having trouble programmatically reading a password protected .pem file. With the same openssl library, I can read it using the openssl command line. Based on the below failure call stack, it seems to be failing getting the nid for the cipher. I suspect some compiler or linker option, but

Strategy for freeing EVP and RSA keys

I'd like confirmation that I understand how to free RSA keys. I create an RSA *key. I then use it to create an EVP_PKEY using EVP_PKEY_new() and EVP_PKEY_assign_RSA(). Later, want to free everything. I _think_ that EVP_PKEY_free() will free both the EVP_PKEY and the RSA objects. Is that

Debugging i2d_X509() segfault

Subject says it: What a good approach to debugging a segfault in i2d_X509()? The X509 certificate succeeds when I use X509_sign(). But when I sign by hand, adding the two signature algorithms, signing with RSA_Sign(), and adding the signature to the structure, X509_print_fp() segfaults. The

Re: R: PEM_read_RSAPublicKey problem

Perhaps the problem is that you're reading the public key and trying to sign. Signing uses a private key. Try: PEM_read_RSAPrivateKey() RSA_sign() [EMAIL PROTECTED] wrote on 06/27/2008 11:31:42 AM: Excuse me, I'm trying, using C, to do a simple sign and verify with RSA public and private

Re: Compiling static vs. dynamic and building a universal binary

[EMAIL PROTECTED] wrote on 07/16/2008 10:08:31 AM: 2) using static builds has a benefit: you know exactly what your application is going to get SSL-wise: you will be sure it is installed on the target system because you brought it along. The drawback is that you have to provide your own

Re: Compiling static vs. dynamic and building a universal binary

[EMAIL PROTECTED] wrote on 07/17/2008 12:16:18 PM: Has this ever been (in recent history) an issue within a given release branch? Ie. has 0.9.8(n+1) ever broken apps that were running ok against 0.9.8n? 0.9.8x is of course not backwards compatible with 0.9.7y, and 0.9.9 will not be backwards

Re: SSL_connect failure when switching from 0.9.7 to 0.9.8

In my experience, openssl releases routinely break compatibility. This occurs for letter as well as number changes. Compiling against the new version is not enough. You must link with the same version. Dynamic linking offers a third possibility for inconsistency. The symptom I typically see is

RE: Basic question on version number..

The decision in the case of OpenSSL was that 1.x would have a stable API, permitting shared libraries to be used interchangeably. OpenSSL does not have a stable API yet, officially. If that's the rationale, I eagerly await 1.0. The lack of a stable API has hurt me far too many times. I

Re: Problem generating csr

The rpm manager will only update if you install through rpm. 1.5 gb sounds absurd for a csr. Perhaps dump the beginning of it to see if a particular field is incorrect. [EMAIL PROTECTED] wrote on 09/11/2008 02:34:04 PM: I am running Red Hat Enterprise 5.2 with OpenSSL 0.9.8h. The version of

Re: Do you have to pre-pend 16 bytes to a raw value before RSA encryption

[EMAIL PROTECTED] wrote on 09/17/2008 08:10:09 AM: I just completed writing my first program using libcrypto to handle RSA encryption sing a public key extracted from a X509 certificate. This program communicates with a service created by our parent company. The first attempts that I made to

Re: OpenSSL Version Compatabitlity issues

In general, I find that openssl routinely breaks backward compatibility. Even header files are incompatibly - compiling with one version and linking with another will cause errors. It would be wonderful to finally get to a version 1.0 which would freeze the existing API and guarantee backward

Linking with mingw on Windows

What's the linker format when using [gcc / mingw] on Windows? I am not using cygwin! I assume I should use the libraries in .../OpenSSL/lib/MinGW, but maybe not. I've tried -leay32 -LC:/program files/openssl/lib/mingw/libeay32.a and even copying libeay32.a to libcrypto.a and

Re: Linking with mingw on Windows

- From: Kenneth Goldman To: openssl-users@openssl.org Sent: Monday, March 09, 2009 8:26 PM Subject: Linking with mingw on Windows What's the linker format when using [gcc / mingw] on Windows? I am not using cygwin! I assume I should use the libraries in .../OpenSSL/lib/MinGW

Re: OpenSSL 1.0.0 beta 1 released

Assuming it's not a joke, what's the meaning of a 1.0 as opposed to 0.9.something. My hope is that you'll say the API is frozen and that there's a commitment not to break backward compatibility in future releases. -- Ken Goldman kg...@watson.ibm.com 914-784-7646 (863-7646)

Re: Does AES_cbc_encrypt remove PKCS5 padding

I use that function, and it does not remove padding. 1 - How would it even know what is padding and what is your data? 2 - Why do you think it removes the padding? The function does not return a length. Here's a really wild guess: Are you perhaps padding your data with zeros and then

Re: How to create a non exportable private key certificate using openssl

It sounds like the question is how do I lock the client private key, so the user/attacker can't move it off the office PC? For the casual user, If you do this, you'll lose your job might work. For a determined attacker, I can't see how any software-only solution would work. Consider a hardware

Re: Encrypting 32/64 bit integers

owner-openssl-us...@openssl.org wrote on 09/30/2009 03:27:56 AM: On Fri, Sep 18, 2009 at 01:59:12PM -0700, musikit wrote: again works awesome for strings. however we are realizing there are sometimes we just want a 32 bit int or a 64 bit int encrypted and nothing else. You could just

Re: General question about documentation

owner-openssl-us...@openssl.org wrote on 11/26/2009 06:35:42 PM: Finally, the source code IS the only reliable source of documentation (assuming you can trust your compiler, OS, and hardware to do the right thing). It isn't the most CONVENIENT, which is why we desire other forms. Two

MGF1 not exported in 1.0.0

Between 0.9.8 and 1.0.0, the function rsa_oaep.c:MGF1() was changed to static. This breaks backward compatibility. IMHO, the static keyword should be removed. (Copying the users mailing list. My hope is that I can gather some community support for the importance of backward compatibility.)

Re: OpenSSL 1.0.0 released

Is there any significance to the 1.0.0.value other than it's the next number after 0.9.9? (Hoping that someone will answer that openssl will guarantee backward compatibility from here on.) -- Ken Goldman kg...@watson.ibm.com 914-784-7646 (863-7646)

Openssl tarball SHA1 checksum

This is an openssl security meta-question. I notice that the tarballs also include a SHA1 digest. What's the point? 1 - If anyone has authority to update the tarball with a counterfeit, can't they also update the SHA1. 2 - The web site isn't protected by ssl (ironic). A MIM altering the

Re: Openssl tarball SHA1 checksum

owner-openssl-us...@openssl.org wrote on 04/11/2010 01:38:14 PM: * Kenneth Goldman wrote on Fri, Apr 09, 2010 at 08:12 -0400: I notice that the tarballs also include a SHA1 digest. What's the point? To have a check whether the FTP download was successful to avoid accidentally using

1.0.0 EVP_PKEY_assign_RSA() segfault

I have some fairly basic code that is now segfaulting reliably with 1.0.0. It has worked for years with all 0.9.8 releases. 1 - Did something change that I should know about? Before I compile openssl for debug and step through it, is there something I should look for? 2 - The meta-question:

Re: Why 2 DLL's for building OpenSSL

An argument against combining the two DLL's with a custom build is that your configuration will be different from everyone else. Whoever maintains your code after you move on will have to learn your non-standard configuration. More likely, they'll waste time undoing your strange setup and going

OpenSSL state and suspend/resume

How does one handle a suspend/resume power cycle when using OpenSSL? Specifically, suppose one is in the middle of a SHA-1 Init/Update/Final sequence when the suspend signal occurs? What happens to SHA_CTX? I know I can save and restore SHA_CTX by peering into the structure. I also know that

Re: Install openssl without root rights

It depends what you mean by 'install'. You can certainly install it under your home directory and use it or link to it. I often do that when testing with a new version. If you want to install it in a standard place like e.g. /usr/lib, then you need rights to write that directory, often root

PEM_write_PUBKEY segfault with 1.0.0 on windows

I'm getting a PEM_write_PUBKEY() segfault. This is existing code that works with 0.9.8 with Windows or 1.0.0. with Linux, but fails with 1.0.0. and Windows. What's my latent bug? Here's a small sample that fails: RSA *rsa = RSA_generate_key(512, 65537, NULL, NULL); EVP_PKEY *pkey =

Re: rsa_sign versus RSA_private_encrypt

owner-openssl-us...@openssl.org wrote on 10/28/2010 03:07:18 AM: From: Bob Dijck di...@turnhout.tokheim.com I am trying to implement a signing function in C++ using RSA. Here’s how I wanted to do this: - First I calculate the SHA1 hash (not using openssl but another implementation).

Legal RSA exponents

OpenSSL will hang if one asks it to create a key with an illegal (e.g., even) public exponent. Is there a simple test for a legal public exponent? If not, is there a list of commonly used ones. 3,17,65537, ...

openssl version constants - question and request

Question: OPENSSL_VERSION_TEXT is undocumented. Can I count on it being there and up to date, or is it for internal use only? Request: OPENSSL_VERSION_NUMBER varies between a long and an int constant, Could it please be standardized?

Re: Building OpenSSL vs Downloaded

I use the precompiled openssl from http://www.slproweb.com/products/Win32OpenSSL.html I typically build with gcc, although I've used Microsoft VC++ in the past. Perhaps post the linker error. I can send you a link to a sample makefile if you like. -- Ken Goldman kg...@watson.ibm.com

Re: TPM engine

I'd try a trousers mailing list as well. I just compiled trousers and linked with openssl 1.0.0 and it works. But I didn't try the TPM engine, which I understand to be a layer on top of trousers. Did you 'discover' that it doesn't work through documentation or did you try to link. My

Re: minor version compatibility

My experience is more probably than yes. I recall cases where it did not. It's also hard to test, because it might fail some corner case that you don't use often. owner-openssl-us...@openssl.org wrote on 05/10/2011 05:12:33 PM: From: Ken Dreyer ktdre...@ktdreyer.com To:

Re: minor version compatibility

owner-openssl-us...@openssl.org wrote on 05/10/2011 06:52:26 PM: From: Dr. Stephen Henson st...@openssl.org To: openssl-users@openssl.org Date: 05/10/2011 06:57 PM The answer is probably yes but with some caveats. If the application is well behaved and doesn't rely on undocumented

FYI openssl documentation

FYI: I've been using http://www.openssl.org/docs/crypto/crypto.html as a starting point for openssl man pages. Today, I stumbled upon http://www.openssl.org/docs/crypto/ which is much more complete. Is there someone I should email to request an update to the publically visible

ECDSA public key token to/from binary

I have to extract a binary (unsigned char *) representation of a public key from an ECDSA openssl key structure. Later, I want to use that binary to reconstruct an openssl public key structure that I can use to verify a signature. The curve is fixed - P521. I don't need any certificates,

Re: ECDSA public key token to/from binary

owner-openssl-us...@openssl.org wrote on 07/18/2011 09:49:33 AM: From: Billy Brumley bbrum...@gmail.com To: openssl-users@openssl.org Date: 07/18/2011 10:00 AM Subject: Re: ECDSA public key token to/from binary Sent by: owner-openssl-us...@openssl.org Dear Ken, One way to accomplish

Code pattern for EC_KEY read and write

I can create and use an EC_KEY, but I need utilities to write and read it to a file. 1 - I assume I should use PEM format, like I do for RSA. Correct? 2 - Can someone post the call sequence? There's nothing in the html doc yet. I see some clues in the openssl source, but I'd prefer not to

Re: Simple question: Maximum length of PEM file?

Is that possible in general? There's no maximum key size or signature size, and certificates can have extensions. I typically read the file size first, then allocate memory, then read the file. In general, hard coding a maximum length is used to enable a buffer overflow attack. :-)

Re: Req with ECDSA key and CA with RSA key

I am doing ECDSA signing and verification of SHA-512 digests. 1.0.0a. I don't know about 0.9.8. From: Rick Lopes de Souza dragonde...@gmail.com Does Openssl support ecdsa with sha256 and sha512? Only above of 1.0.0 ?

out range error compiling fips 1.2.3

I'm getting this error compiling openssl-fips-1.2.3.tar.gz, which seems to be the latest. It seems to be well known on openssl-dev, but I don't know what to do about it. Any ideas? gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN

Re: out range error compiling fips 1.2.3

...@openssl.org To: openssl-users@openssl.org Date: 09/09/2011 09:45 AM Subject: Re: out range error compiling fips 1.2.3 Sent by: owner-openssl-us...@openssl.org On Thu, Sep 08, 2011, Kenneth Goldman wrote: I'm getting this error compiling openssl-fips-1.2.3.tar.gz, which seems

Re: out range error compiling fips 1.2.3

From: Jakob Bohm jb-open...@wisemo.com Date: 09/09/2011 05:36 AM Subject: Re: out range error compiling fips 1.2.3 On 9/8/2011 9:35 PM, Kenneth Goldman wrote: ... A second question. In researching this error, I saw someone compile with ./config fipscanisterbuild That's

Compiling for 32-bit on 64-bit Linux

I'm trying to compile a 32-bit openssl 1.0.0d on Intel 64-bit Linux RHEL 6.1. This was the only combination of many I tried that seems to work. Was I right? Was there a better way? ./Configure linux-generic32 -shared -m32 -- Ken Goldman kg...@watson.ibm.com 914-784-7646 (863-7646)

FIPS vs ECDSA

I have a preinstalled Linux OpenSSL package, where openssl version says OpenSSL 1.0.0-fips 29 Mar 2010. I have the development libraries, but ECDSA headers like e.g., ecdsa.h are missing. In the library, I don't see e.g., EC_KEY_new(). Is this expected? Do I have a fips build? Is ECDSA

Re: Error While Signature verification ..

A failed signature verification can have many causes. E.g., - bad digest - bad signature - bad public key - bad OID I debug by doing a raw public key operation on the signature. If you see obvious padding and a good OID, and the digest doesn't match, then you have to debug why the hash that

Re: Why RSA considers Hash algorithm

I think it's because RSA adds an object identifier (OID) to the hash before padding and signing. The OID describes the hash algorithm. ECDSA apparently doesn't do that. I don't know DSA, but perhaps it's the same. From: Lucas Martins lucasgm...@gmail.com To: openssl-users@openssl.org Date:

Re: Problem with signature verification on microchip embedded controller

Yes, you can verify 'by hand' by doing the raw public key operation, stripping off the padding and OID (what you call the asn1 formatting), and then comparing the hashes. When you say this is what I got from the PIC controller, I assume you mean the result of applying the public key to the

Re: Openssl version compatibility [0.9.8r vs. 1.0.0e]

From: Hasan Rezaul-CHR010 rezaul.ha...@nsn.com To: openssl-users@openssl.org, Date: 10/19/2011 12:44 PM Subject: Openssl version compatibility [0.9.8r vs. 1.0.0e] Sent by: owner-openssl-us...@openssl.org We have a bunch of Linux Boxes (Clients) that would run openssl 0.9.8r. We will

Re: Is there another way to load RSA public than from a file?

From: Väinö Leppänen narcomaco...@gmail.com Date: 10/21/2011 03:27 AM I'm just starting with openssl and public key encryption. I'm trying to encrypt certain knowledge in a C++ application, and I already have a working code but functions such as PEM_read_RSA_PUBKEY read the public key

Re: decrypt with a public key

When you use public key algorithms: You encrypt with the recipient's public key and the recipient decrypts with their private key. You sign with your private key and the recipient verifies with your public key. owner-openssl-us...@openssl.org wrote on 12/28/2011 01:43:17 PM: From: Ireneusz

Re: 100 bits of entropy with FIPS/EAL4 certified hw RNG?

From: Magosányi Árpád m...@magwas.rulez.org To: openssl-users@openssl.org, Date: 01/18/2012 03:38 AM Subject: 100 bits of entropy with FIPS/EAL4 certified hw RNG? 1. (yes, I realise that RTFM, but which one?): The openssl crypto library manual. How should I/can I seed 100 bits of

Re: openssl and SHA256

From: Scott Wilson excell...@hotmail.com Date: 01/18/2012 01:52 PM Does openssl support SHA256? Yes If SHA256 is supported, how do I get it to work? Thanks!! SHA256_Init/Update/Final()

Re: Separating the digest and signature steps of RSA signing

From: Peter Eckersley peter.eckers...@gmail.com To: openssl-users@openssl.org, Date: 01/26/2012 04:42 PM Subject: Separating the digest and signature steps of RSA signing I have an offline system that needs to compute RSA signatures over large blobs of data, given only hashes of the data

Re: weak key check?

From: John Hascall j...@iastate.edu To: openssl-users@openssl.org, Date: 02/16/2012 09:54 AM Richard writes: Well, seeding the PRNG correctly seems not to be a trivial task, Which is really sad, because you can buy a hardware RNG for diddly-squat these days, for example

Re: Custom free routine is invoked with NULL argument in openssl 1.0.1

From: Jakob Bohm jb-open...@wisemo.com Which version of the ANSI Spec, and where did you get a copy? I have to rely on secondary sources and experience using various implementations that claim conformance. I generally refer to Plauger's The Standard C Library, where he quotes the spec

[openssl-users] Openssl and floating point

We have a platform that does not support floating point operations. We discovered that openssl uses floating point in the random number generator. Is there any build or compile time flag that uses an alternative to floating point? -- Ken Goldman kgold...@us.ibm.com 914-945-2415 (862-2415)

Re: [openssl-users] Openssl 1.1 RSA_get0_key() documentation -> needs-cla

"openssl-users" wrote on 07/31/2017 09:20:59 AM: > From: Matt Caswell > To: openssl-users@openssl.org > Date: 07/31/2017 09:21 AM > > Click "New Issue" on this page: > > https://github.com/openssl/openssl/issues > > You'll need a github

[openssl-users] I failed to add a git pull request for openssl

What is the process for adding a pull request to an openssl branch? I tried from the web site, selecting 102stable and clicking 'new pull request'. It uploaded but said "kgoldman wants to merge 4,027 commits into master from OpenSSL_1_0_2-stable". I wanted to push one patch to 102stable.

RE: Using (not building) openssl with mingw on Windows 10

> From: Michael Wojcik > Without picking at the problem files myself, not really. It's > probably something that will be fairly obvious in retrospect but I'm > not seeing it from here. > > The import libraries (I'm assuming libssl.lib is one as well, on > your system) basically tell the linker

Re: ECC keypair generation with password

> From: Viktor Dukhovni > > > > In the script, I used this: > > > > openssl ec -aes128 -passout pass: -in tmpecprivkeydec.pem > -out tmpecprivkey.pem > > I try to avoid putting sensitive information in command-line arguments. > > If you're using "bash" (which has "printf" as a built-in)

Re: Issue in linking Openssl1.1.1b to application

> From: vin > To: openssl-users@openssl.org > Date: 05/09/2019 01:24 PM > Subject: Re: Issue in linking Openssl1.1.1b to application > Sent by: "openssl-users" > > Hi Ken > > Thanks for the reply.If I am not wrong ,You are asking me to set the path of > the dll in set path environment variable

Re: Issue in linking Openssl1.1.1b to application

> From: vin > To: openssl-users@openssl.org > Date: 05/10/2019 12:44 AM > Subject: Re: Issue in linking Openssl1.1.1b to application > Sent by: "openssl-users" > > Hi Ken > > I am almost struck in registering the built dll to windows 7 32 bit machine. > > Can you provide me the details on which

RE: SOLVED: Force use of engine all the time

From: Frederick Gotham To: openssl-users@openssl.org Date: 11/07/2019 10:39 AM Subject:[EXTERNAL] Re: SOLVED: Force use of engine all the time Sent by:"openssl-users" Frederick Gotham wrote: > I don't think any code other than "libcrypto.so" is using the TPM2,

Re: get data from X509_EXTENSION in openSSL 1.1.1.

> From: prudvi raj > To: openssl-users@openssl.org > Date: 07/10/2020 07:55 AM > Subject: [EXTERNAL] get data from X509_EXTENSION in openSSL 1.1.1. > Sent by: "openssl-users" > > Hi All, > > we are upgrading our codebase to 1.1.1 from 1.0.2k.Here's a code > snippet causing error : > >  ext =

Re: Compiling OpenSSL shared libraries with custom name on Unix platforms

> From: shivaramakrishna chakravarthula > > Is it possible to compile OpenSSL shared libraries with custom > names on Linux/ Unix platforms to avoid conflicts with installed > OpenSSL libraries? > I have tried to modify the SHLIB_EXT in Configure script but it is > not working. I am sure it is a

RE: Random and rare Seg faults at openssl library level

From: Gimhani Uthpala To: Ken Goldman Cc: openssl-users@openssl.org Date: 01/07/2021 05:53 PM Subject:[EXTERNAL] Re: Random and rare Seg faults at openssl library level I only have this 1.0.2.k-fips one version installed in both compiling and running

Documentation on openssl 1.0.2 / FIPS module version support for PPC LE

> From: "Bhadri Madapusi" > > Is there any documentation on which version of openssl are supported > on PPC LE. I am trying to figure out which version of 1.0.2 source > and FIPS module to use to compile my nginx with openssl and FIPS. Thank you. Not documentation, but my power machines run

RE: EVP_PKEY_get_int_param is not getting degree from EC key -> man page use of integer for BIGNUM

> From: openssl-users On Behalf Of > Blumenthal, Uri - 0553 - MITLL > Sent: Wednesday, January 5, 2022 6:41 PM > To: Dr Paul Dale ; openssl-users@openssl.org > Subject: [EXTERNAL] Re: EVP_PKEY_get_int_param is not getting degree from > EC key > > The problem that I see is that there's a set of

RE: RSA and DES encryption and decryption with C++ on Windows

Anyway, I'm trying to encrypt/decrypt using RSA and DES schemes. I've tried some of the older code examples I could find, but some of the functions weren't recognized by my header files. [kgold] You cannot encrypt long streams with RSA. DES is deprecated. Can anyone help me with this? I

RE: OpenSSL version 3.1.0-alpha1 published

The changes show a jump from 3.0 to 3.2 https://github.com/openssl/openssl/blob/master/CHANGES.md smime.p7s Description: S/MIME cryptographic signature