RE: [openssl-users] Re: Blowfish output using openssl is too long
-Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Erwann ABALEA Sent: 20 March 2009 10:58 To: openssl-users@openssl.org Subject: Re: [openssl-users] Re: Blowfish output using openssl is too long Hi, Hodie XIII Kal. Apr. MMIX, carlyo...@keycomm.co.uk scripsit: I would suspect that an 8 byte IV has been appended/prefixed Carl On Thu 19/03/09 9:16 PM , Dick Hollenbeck d...@softplc.com sent: I am using on Ubuntu Hardy: $ openssl enc -bf-cbc -K 012221222F2D9E459E41001291222 \ -iv 552279BBB1A9 -in file.raw -out file.enc and the output file is 8 bytes longer than the input file! The input file is 144 bytes long and the output file is 152 bytes Doing this in pycrypto, I do not get this result, the output file is the same length. The added bytes are padding ones. Padding is necessary, since a block cipher operates on fixed-size blocks of bytes (here, 8 bytes or 64 bits). It is therefore quasi mandatory, since a generic decryption operation doesn't know in advance the size of the decrypted data, so the padding is also used to indicate how many bytes should be removed at the end. In your case, you're encrypting a 144 bytes long file, multiple of 8 bytes, so the padding consists of 8 bytes, each one being 0x08. Test the encryption of a 145 bytes long file, you'll also end with e 152 bytes encrypted file. There will be 7 padding bytes, each one being 0x07. If you need to suppress the padding, and your source data is already a multiple of the block size, you can try adding the -nopad option to your invocation of openssl. Alistair. Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OpenSSL command line HMAC
-Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: 07 February 2009 01:59 To: openssl-users@openssl.org Subject: RE: OpenSSL command line HMAC Without the quotes, if my hmac key contains a space or tab character, it seems that somewhere along the way, the two halves of the key are treated as separate parameters. So, if my key was £$% £$%*, attempting to execute the command simply results in OpenSSL giving a £$%* not found error. Are those pounds in 8859-1, as posted? I don't use any non-US charsets here and so can't easily test that, but with $% $%* (minus quotes) it (still) works for me. (I previously lazily tested on my local Windows instead of Linux, but this time to be certain I used a convenient Linux box, which actually has an older jre, 1.5.0_06-b05 .) Sorry - those were intended to be indicative of non-printable characters. The actual key is a string of bytes, effectively chosen at random (i.e. in the range 0x00-0xff). snip Incidentally, the simple approach (simply passing the key as a parameter, regardless of its content) worked flawlessly under Windows (using non-FIPS OpenSSL). That makes me really suspicious. I wonder if it might be an issue with high-half signed characters somewhere, or Unicode encoding, or such. Could you try passing the desired arguments to instead a simple program that just shows you exactly what it's getting, something like: [snip] Yes, I think you've hit the nail on the head there. One of the problems seems to lie in the byte[] - String conversion. In some test code I have a block like this: byte[] key = {... 32 bytes ...} String keyString = new String(key); System.out.println(key.length); System.out.println(keyString.length()); Under Windows, for my test key, key.length and keyString.length are both 32. Under Linux, the former is 32, but the latter is 29. I can (try to) force the same encoding: String keyString = new String(key, Cp1252); Now the lengths match, but the resulting hash differs between Linux and Windows (and from the test data I'm using, I know that the Windows hash is correct). If the key contains a zero-byte, then the command fails under both Linux and Windows. Ultimately, I've opted for Steffan's suggestion, with the Java code generating an escaped character sequence and passing this to a bash script. As far as I can determine, there's no way of forcing Java to produce a String which contains exactly the desired set of bytes. Thanks to everyone for the suggestions. Alistair. Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OpenSSL command line HMAC
Hi Steffen! -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Steffen DETTMER Sent: 06 February 2009 13:33 To: Everyone Subject: Re: OpenSSL command line HMAC Hi all, Hi Alistair! * Young, Alistair wrote on Fri, Feb 06, 2009 at 10:16 +: Ultimately I settled on the use of a shell script to act as an intermediary: #!/bin/bash If you can use bash you could pass the key in \xNN form [... snip ...] Thanks for the suggestion, Steffen - that would at least remove the need to write the key to a file. (This does not mean that I'd recommend to do such things! Crypto via shell scripts and stuff invitest potential security flaws etc.) Indeed - the presence of 'eval' alone is probably enough to give security experts a few sleepless nights! :) But, assuming that all the data we feed in is done in escaped form (\xNN) that should prevent injection-style attacks. Cheers for tip! Alistair. Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OpenSSL command line HMAC
Hi Dave - thanks for your reply! -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: 06 February 2009 00:29 To: openssl-users@openssl.org Subject: RE: OpenSSL command line HMAC From: owner-openssl-us...@openssl.org On Behalf Of Young, Alistair Sent: Wednesday, 04 February, 2009 09:52 I seem to have some success if I place quotes around the [Linux] command line: $ cat message.bin | openssl dgst -sha256 -hmac `cat key.bin` -binary mac.bin (Don't need cat here, just on the openssl. But that's not your question.) Yes, indeed - this just struck me as the closest analog to what I'm doing in Java: writing the message to the process's input stream. (In fact, from the command line I think that you can just supply the message file as a parameter without need for piping or redirection). But, to complicate things further, I'm trying to invoke this from Java. So I have something like: byte[] key = ; Runtime.getRuntime().exec(openssl, dgst, -sha256, -hmac, \ + new String(key) + \, -binary); I then pipe my message in, and collect the output from the output stream. In the Java I have (SDK5=jre1.6.0_02) I can't Runtime.exec multiple strings like that, I have to put them in an array with {}. (Or a single String, but then I'm not sure whose parsing rules are used and when.) With a String [], don't add quotes around the key value. In a shell command, ' \ are processed by the shell before being passed to the program. As are the ` above. Then it works for me. You're right about the array, of course - this was some poorly transcribed code! :) Without the quotes, if my hmac key contains a space or tab character, it seems that somewhere along the way, the two halves of the key are treated as separate parameters. So, if my key was £$% £$%*, attempting to execute the command simply results in OpenSSL giving a £$%* not found error. Adding the quotes didn't work because, if I understand things correctly, the notion of quotes (or escaping characters with \) is a shell concept - hence my attempt to force the command to run under a shell. But no joy. I believe this may be because Java does not run the command within a shell. I can try to force the use of the shell: Runtime.getRuntime().exec(/bin/bash, -c, openssl, dgst, -sha256, -hmac, \ + new String(key) + \, -binary); But now my piped message either seems to get interpreted as an openssl command (so I just get something like %$£$ is an invalid command followed by a list of the standard openssl commands) or I get an unexpected EOF while looking for matching `' error. You don't need a shell, but if you want one, -c takes the entire command (line) as the single next argument. Your call is telling bash to do just openssl, so it runs openssl with no arguments, and openssl tries to interpret stdin. Here you WOULD need around non-text key so shell parses it correctly, and I think actually ' if it contains $ or ` which shell does interpret inside , and I think you need to \ any quote or \ in it. I would avoid that. Yes, I tried various permutations - including passing the openssl command as a single parameter to the shell, and preceding each character of the key with an escaping '\' - but no luck! Ultimately I settled on the use of a shell script to act as an intermediary: #!/bin/bash /usr/local/ssl/fips-1.0/bin/openssl dgst -sha256 -hmac `cat $1` -binary My Java code then writes the key to a file, and then invokes the scripts passing the filename as a parameter. The Java code can then pipe the message through and collect the MAC before deleting the key file. I don't really like having to write the key to disk, but I couldn't make it work any other way. Incidentally, the simple approach (simply passing the key as a parameter, regardless of its content) worked flawlessly under Windows (using non-FIPS OpenSSL). Alistair. Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users
RE: OpenSSL command line HMAC
-Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: 04 February 2009 15:20 To: openssl-users@openssl.org Subject: Re: OpenSSL command line HMAC On Wed, Feb 04, 2009, Young, Alistair wrote: Well, having been trying this for a while, I'm having serious problems using this on a Linux platform. Do you *have to* use FIPS? If not then using Java's crypto functions would be by far the easiest option. I could extend the openssl utility to support a hex key on the command line: it makes sense to do that anyway. JNI looks like the most effective option possibly round a very simple wrapper function but I'm not familiar with it. Steve. Thanks Steve. Unfortunately we need to something with FIPS validation behind it, so the standard Java crypto libraries (or something like BouncyCastle) are out. It also means that we can't modify the OpenSSL source so would have to add wrappers if we wanted to extend its functionality. JNI is looking increasingly inevitable - but, of course, while I believe that the general OpenSSL libraries can be built with JNI bindings, this is not true of the FIPS build - so we'll have to write those ourselves too. If I find an alternative approach, I'll post it back to this list. Regards, Alistair. Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OpenSSL command line HMAC
-Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: 05 February 2009 12:29 To: openssl-users@openssl.org Subject: Re: OpenSSL command line HMAC On Thu, Feb 05, 2009, Young, Alistair wrote: Thanks Steve. Unfortunately we need to something with FIPS validation behind it, so the standard Java crypto libraries (or something like BouncyCastle) are out. It also means that we can't modify the OpenSSL source so would have to add wrappers if we wanted to extend its functionality. Well you can modify the OpenSSL source just not the validated source. OpenSSL 0.9.8j is an example of that. I'm not a JNI expert but if the bindings use the shared libraries you should just be able to use 0.9.8j+fips shared libraries. The only addition you'd need is FIPS_mode_set(). Many thanks for the advice, Steve - I'll bear this in mind. Cheers, Alistair. Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OpenSSL command line HMAC
Well, having been trying this for a while, I'm having serious problems using this on a Linux platform. I seem to have some success if I place quotes around the command line: $ cat message.bin | openssl dgst -sha256 -hmac `cat key.bin` -binary mac.bin But, to complicate things further, I'm trying to invoke this from Java. So I have something like: byte[] key = ; Runtime.getRuntime().exec(openssl, dgst, -sha256, -hmac, \ + new String(key) + \, -binary); I then pipe my message in, and collect the output from the output stream. But no joy. I believe this may be because Java does not run the command within a shell. I can try to force the use of the shell: Runtime.getRuntime().exec(/bin/bash, -c, openssl, dgst, -sha256, -hmac, \ + new String(key) + \, -binary); But now my piped message either seems to get interpreted as an openssl command (so I just get something like %$£$ is an invalid command followed by a list of the standard openssl commands) or I get an unexpected EOF while looking for matching `' error. Can anybody offer any practical suggestions? I was hoping to avoid JNI (particularly on the FIPS build), but it seems to be looming ever closer. Thanks, Alistair. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Young, Alistair Sent: 30 January 2009 09:31 To: openssl-users@openssl.org Subject: OpenSSL command line HMAC Hi, To generate an HMAC key using SHA-256, I can issue the following command: openssl dgst -sha256 -hmac key -binary message.bin mac.bin I realised (eventually!) that the key is not supplied as a hex string (0a0b34e5.. etc.) but in a binary format. Obviously this leads to some fairly unpleasant command lines when the key contains non-printable characters. Can anybody comment on whether this is likely to cause problems for Windows or Linux? Looking at the source code, there doesn't appear to be any other mechanism for passing the key via the command line. I'm using the FIPS 1.2 flavour of OpenSSL. Many thanks, Alistair. Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
OpenSSL command line HMAC
Hi, To generate an HMAC key using SHA-256, I can issue the following command: openssl dgst -sha256 -hmac key -binary message.bin mac.bin I realised (eventually!) that the key is not supplied as a hex string (0a0b34e5.. etc.) but in a binary format. Obviously this leads to some fairly unpleasant command lines when the key contains non-printable characters. Can anybody comment on whether this is likely to cause problems for Windows or Linux? Looking at the source code, there doesn't appear to be any other mechanism for passing the key via the command line. I'm using the FIPS 1.2 flavour of OpenSSL. Many thanks, Alistair. Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
RE: ECDSA signature verification
Thank you, Emanuele. We really need to use the FIPS version of OpenSSL, so updating the code isn't a possiblity. However, looking into the source it looks as though all of the functions that we need are there, so hopefully we can get the functionality we require by writing a bit of code ourselves which links to the FIPS library. Regards, Alistair. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Emanuele Cesena Sent: 23 January 2009 08:24 To: openssl-users@openssl.org Subject: Re: ECDSA signature verification On Mon, 2009-01-19 at 11:22 +, Young, Alistair wrote: * is it possible to define our own curves (rather than using one of the predefined curves)? if you want to play with your EC, check crypto/ec/ectest.c if you want to add a new curve to openssl, have a look at crypto/ec/ec_curve.c, crypto/objects/object.txt I opened a thread in openssl-dev: Adding an EC to OpenSSL. * how configurable is the hashing step? I see that there are parameters like -ecdsa-with-SHA1 - can arbitrary hashing functions be used? there is only sha1. You have to add more EVP, I think... OpenSSL 0.9.9 is required for public-key EVP. * where can I find some good (= simple!) documentation on using OpenSSL for this task. I've not had much luck finding anything relevant in the man page. source code? ECDSA has also doxygen comments :-) bye! -- Emanuele Cesena emanuele.ces...@gmail.com http://ecesena.dyndns.org Il corpo non ha ideali __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: ECDSA signature verification
... though I notice that the Security Policy document does not explicitly mention ECDSA in the table of FIPS approved algorithms. It does mention DSA with 1024-bit keys (but has a confusing footnote which states that DSA supports a key size of less than 1024 bits except when not in FIPS mode - is there an extra 'not' in this statement?), but that perhaps doesn't cover ECDSA. Alistair. -Original Message- From: Young, Alistair Sent: 23 January 2009 10:13 To: 'openssl-users@openssl.org' Subject: RE: ECDSA signature verification Thank you, Emanuele. We really need to use the FIPS version of OpenSSL, so updating the code isn't a possiblity. However, looking into the source it looks as though all of the functions that we need are there, so hopefully we can get the functionality we require by writing a bit of code ourselves which links to the FIPS library. Regards, Alistair. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Emanuele Cesena Sent: 23 January 2009 08:24 To: openssl-users@openssl.org Subject: Re: ECDSA signature verification On Mon, 2009-01-19 at 11:22 +, Young, Alistair wrote: * is it possible to define our own curves (rather than using one of the predefined curves)? if you want to play with your EC, check crypto/ec/ectest.c if you want to add a new curve to openssl, have a look at crypto/ec/ec_curve.c, crypto/objects/object.txt I opened a thread in openssl-dev: Adding an EC to OpenSSL. * how configurable is the hashing step? I see that there are parameters like -ecdsa-with-SHA1 - can arbitrary hashing functions be used? there is only sha1. You have to add more EVP, I think... OpenSSL 0.9.9 is required for public-key EVP. * where can I find some good (= simple!) documentation on using OpenSSL for this task. I've not had much luck finding anything relevant in the man page. source code? ECDSA has also doxygen comments :-) bye! -- Emanuele Cesena emanuele.ces...@gmail.com http://ecesena.dyndns.org Il corpo non ha ideali __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: ECDSA signature verification
-Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: 23 January 2009 13:07 To: openssl-users@openssl.org Subject: Re: ECDSA signature verification On Fri, Jan 23, 2009, Young, Alistair wrote: ... though I notice that the Security Policy document does not explicitly mention ECDSA in the table of FIPS approved algorithms. It does mention DSA with 1024-bit keys (but has a confusing footnote which states that DSA supports a key size of less than 1024 bits except when not in FIPS mode - is there an extra 'not' in this statement?), but that perhaps doesn't cover ECDSA. That is correct, ECDSA is not an approved algorithm in FIPS mode. Steve. Thanks for confirming this for me, Steve. Off the top of your head, are you aware of any ECDSA implementations which have been FIPS validated? Alistair. Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
ECDSA signature verification
Hi, I'm new to OpenSSL, having just installed openssl-fips-1.2. I'm looking for some guidance in how to use OpenSSL (from the command line) to verify ECDSA signatures. In particular, I have the following questions: * is it possible to define our own curves (rather than using one of the predefined curves)? * how configurable is the hashing step? I see that there are parameters like -ecdsa-with-SHA1 - can arbitrary hashing functions be used? * where can I find some good (= simple!) documentation on using OpenSSL for this task. I've not had much luck finding anything relevant in the man page. Apologies for any dumb questions there - thanks in advance for any assistance! Alistair. Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Hashing bit-oriented data
Hello, Using the OpenSSL command line, is it possible to compute hashes of data which is not a whole number of bytes in length? For example, a block of data consisting of (say) 110 bits? Padding the data is not an option, because we need to be able to verify hashes which have been computed externally. If this is not an option from the command line, can it be achieved through use of the OpenSSL APIs? Thanks, Alistair. Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Hashing bit-oriented data
-Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Ger Hobbelt Sent: 19 January 2009 14:00 To: openssl-users@openssl.org Subject: Re: Hashing bit-oriented data On Mon, Jan 19, 2009 at 1:48 PM, Young, Alistair alistair.yo...@logica.com wrote: Hello, Using the OpenSSL command line, is it possible to compute hashes of data which is not a whole number of bytes in length? For example, a block of data consisting of (say) 110 bits? ... snip ... Since all [supported] secure hash algorithms are byte, pardon, *word*-based, the mere definition of those algorithms precludes the possiblity of hashing 110 bit data bursts without any [bit-]padding. Here, 'word' size depends on the secure hash algorithm used. So the oversimplified answer is: no can do. Given that you don't ask whether particular bit-data-stream oriented secure hash algorithm XYZ is supported by OpenSSL, while it's not listed in the feature set, I have a question in return: are you sure you are ware what you are asking here? If yes, please specify required hash algorithm and other specifics and we might be able to help you out. Hi Ger - many thanks for the reply. My experience in this area is limited - so I may well be asking a silly question! :) My understanding, however, is that the hashing algorithms (I am specifically thinking of SHA-256) do not place any restrictions on the length of the data being hashed. For example, the pseudocode for SHA-256 given at http://en.wikipedia.org/wiki/SHA_hash_functions states that the first steps are: * append bit '1' to the message * append k bits '0' to the message until the length of the message is congruent to 448 (mod 512) * append length (before pre-processing) in bits as a 64-bit integer There appears to be nothing intrinsically byte- or word-based about that logic. So, to take my 110-bit message example, I would hope to be able to pass this in and have the hashing logic append a '1', then 337 '0's, and then the number 110 as a 64-bit integer. This then gives 512-bits (16*32-bit words) for the main hashing algorithm to work with. Am I missing a subtle point somewhere? Cheers, Alistair. Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org