We are using OpenSSL version 0.9.8l
And what we find is that the DSA private key formats are different in FIPS
and non-FIPS mode
In FIPS mode it starts with
-BEGIN PRIVATE KEY-
Whereas in non-FIPS mode it starts with
-BEGIN DSA PRIVATE KEY-
I understand that this is expected
Also I found that this works fine with openssl 1.0.1
Where keys are generated in FIPS mode with the following line.
Can someone let me know why this change in behavior between 0.9.8l and
1.0.1?
-BEGIN DSA PRIVATE KEY-
Thanks,
Anamitra
On 6/12/13 12:01 PM, Anamitra Dutta Majumdar
Hello Steve ,
Thanks for your response.
Is there a corresponding API where we can impose this descert option?
-Anamitra
On 5/29/13 6:15 PM, Dr. Stephen Henson st...@openssl.org wrote:
On Wed, May 29, 2013, Anamitra Dutta Majumdar (anmajumd) wrote:
We are trying to create pkcs12 keystore
We are trying to create pkcs12 keystore in FIPS mode using OpenSSL 1.0.1
and it fails with the following error
9uo8bYe2YpDmqEgC[root@vos-i/usr/local/platform/bin/openssl pkcs12 -export
-in tomcat.pem -inkey ../keys/tomcat_priv.pem -out tomcat.keystore
Enter Export Password:
Verifying - Enter
We are getting the following error in the syslogs
secure:Nov 9 19:32:04 cls2-pub authpriv 3 sshd[9526]: error:
openssh_DSA_verify_inFIPS EVP_VerifyFinal BAD SIG code:-1
when we connect between two servers using ssh key based authentication.
This issue happens only in FIPS mode and not in non
Hi Dave,
This is a close box without a server operator.
Is there a way to determine why the cert chain was
Disliked.
Thanks,
Anamitra
On 10/26/12 3:14 PM, Dave Thompson dthomp...@prinpay.com wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Anamitra Dutta
Majumdar
(anmajumd)
Sent
Have not seen a response to this.
The FIPS_selftest() API does not perform any selt-tests on
diffie-Hellman algorithm. Is it because it is a non-approved security
function in the FIPS module?
Do we need self tests on DH if DH key exchange is used by SSH in the
system running in FIPS mode?