-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Kyle Hamilton
Sent: Wednesday, August 19, 2009 10:42 AM
To: openssl-users@openssl.org
Subject: Re: Prevent concurrent operator in FIPS mode
The API does not prevent concurrent
How did you make your EC certificates?
Here is the result (truncated as yours is) by using OpenSSL - I had to
use a Name Constraint and a prime curve @ 384 for a proof-of-concept:
...
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
EC Public Key:
pub:
the remainder of the BodyCipherValue.bin (len-16 - this was where I
messed up)
7) Decrypt with cipher -in BodyCipherValueRemainder.bin with -K and -iv values
The -K is RSA encrypted with the public key, but the IV is in cleartext,
prepended to the AES/bulk encrypted part.
___
Carlo
Try LinkedIn - a business-oriented social networking site.
- Original Message -
From: owner-openssl-us...@openssl.org owner-openssl-us...@openssl.org
To: openssl-users@openssl.org openssl-users@openssl.org
Sent: Sun Aug 09 10:12:58 2009
Subject: Non-technical question on entrepreneurship
I'm trying to illustrate how to take an OASIS WSSE SOAP Message and
operate on it with the commands in OpenSSL.
The SOAP Message encrypts the contents of an element in the Body with
AES-256-CBC with a key that was encrypted with RSA-1_5 using a public
key. We have an RSA encryption of a key for
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of gao yi
Sent: Tuesday, December 30, 2008 5:14 AM
To: openssl-users@openssl.org
Subject: vs2008 express + openssl 0.98i error when nmake
OS: windows vista ultimate
visual studio 2008 express
For example: set emailAddress in [ req_distinguished_name ] of your
configuration, then direct it in [ usr_cert ] with subjectAltName=email:copy
...
X509v3 Subject Alternative Name:
email:[EMAIL PROTECTED]
...
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
...and the relevant doc is here:
http://www.openssl.org/docs/apps/x509v3_config.html#Subject_Alternative_Name_
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carlo Milono
Sent: Monday, December 08, 2008 1:48 PM
To: openssl-users@openssl.org
Cc: mohammed
I can sympathize with Steve, having gone through a Common Criteria
certification and finally understanding that what I considered the
truth was misleading to the validators, leading to numerous
inconclusive verdicts.
As to the real-worldness aspect, this is often a 'checkbox' that gives
assurance
am getting this on Linux RHEL4
and on MSYS for WindowsXP:
make[2]: *** No rule to make target
`/usr/local/ssl/lib/fips-1.0/fipscanister.o'
The builds for 0.9.8i complete fine.
---___
Carlo Milono
, November 24, 2008 12:52 PM
To: openssl-users@openssl.org
Subject: Re: Building fipscanister.o 1.2 with 0.9.8i
On Mon, Nov 24, 2008, Carlo Milono wrote:
A couple of questions:
Is there a new User's Guide for OpenSSL FIPS Object Module Version
1.2?
I don't see it in the openssl.org or in the oss
]
[mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: Monday, November 24, 2008 2:47 PM
To: openssl-users@openssl.org
Subject: Re: Building fipscanister.o 1.2 with 0.9.8i
On Mon, Nov 24, 2008, Carlo Milono wrote:
The error is in making fips - (config fips, followed by make) -
not
even
How curious that this topic would come up today as I had a discussion on
it just two days earlier.
The OpenSSL FIPS 140-2 Security Policy Version 1.1.2 states:
The FIPS Object Module is not a static library. It may be incorporated
into shared library files or runtime executable application
I have built several platforms of 0.9.8h, including some with asm and a
few with the fips container for FIPS 140-2; all tests pass.
I see the EC and ECPARAMS functions and all of those tests
(ecdhtest/ecdsatest) pass as well, but I don't see the ECDHE ciphers.
I'm trying to get a build that is
I made a self-serve model with a simple form POST and a script - I
received four input parameters and assembled a text file and passed the
parameters to the script:
REM set the basic configuration parameters
set OPENSSL_CONF=C:\OpenSSL\bin\OpenSSL.cnf
REM %1 is emailAddress, %2 is password,
-Original Message-
From: [EMAIL PROTECTED] [mailto:owner-openssl-
[EMAIL PROTECTED] On Behalf Of Jeremiah Martell
Sent: Friday, July 06, 2007 6:03 AM
To: openssl-users@openssl.org
Subject: Re: Question: ASCII Armored text signature
On 7/5/07, Carlo Milono [EMAIL PROTECTED] wrote
Radix-64 - if you want the PGP/GPG stuff.
See: http://en.wikipedia.org/wiki/Binary_to_text_encoding
-Original Message-
From: [EMAIL PROTECTED] [mailto:owner-openssl-
[EMAIL PROTECTED] On Behalf Of Jeremiah Martell
Sent: Thursday, July 05, 2007 12:02 PM
To: openssl-users@openssl.org
DH is used for the Key Agreement or Key Exchange. Here is another
article - by cisco - that is more detailed.
http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-1/ssl.h
tml
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
PROTECTED] [mailto:owner-openssl-
[EMAIL PROTECTED] On Behalf Of Troy Monaghen
Sent: Friday, June 01, 2007 7:20 AM
To: openssl-users@openssl.org
Subject: Re: Q's on making 0.9.8e with FIPS 1.1.1 andno-cipher/enable-
cipher
On Thu, 2007-05-31 at 22:09 -0700, Carlo Milono wrote:
On a Linux
On a Linux AS4 machine, I was able to successfully build both 0.9.8.e and FIPS
1.1.1 and have both pass all tests :-)
The VERSION in the FIPS Makefile is different than the version of the base
OpenSSL, and the only way to change the output of openssl version is to
change the header file. I've
20 matches
Mail list logo