Re: [openssl-users] RSA sign using SHA256 with mgf1 padding

2016-08-31 Thread Mounir IDRASSI
Hi, I have written a sample few years ago that performs PSS signature using SHA256 like what you need. You can get it from https://www.idrix.fr/Root/Samples/openssl_pss_signature.c It uses the maximum salt length. You should check that the server expects this as well. Cheers, -- Mounir IDRASSI

Re: Schanner secu

2014-11-19 Thread Mounir IDRASSI
behavior unless it causes security issues for them (but I can't imagine how). Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 11/14/2014 10:02 PM, Gilles Vollant wrote: Microsoft just published a patch on their SChannel component (KB 2992611 ) https://technet.microsoft.com/library

Re: Leak in BN_rand_range?

2014-09-24 Thread Mounir IDRASSI
. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 9/24/2014 6:27 PM, Jeffrey Walton wrote: I've got a program that repeatedly calls BN_rand_range. Valgrind is reporting 2.4 MB of leaks. If I comment out the loop that generates the range value, then the leak summary drops to 0

Re: RSA_check_key failure 0x407b093 (value missing)

2014-06-08 Thread Mounir IDRASSI
Pentium III M it takes 1 second on average. I don't if there are many people who need use RSA SFM parameters but having such conversion functionality inside OpenSSL can be interesting. In such case, I can send a patch for it. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr

Re: OpenSSL ECCN #

2012-08-20 Thread Mounir IDRASSI
Hi, There was a similar question years ago. Here is a link to its answer : http://marc.info/?l=openssl-usersm=123357572413547 I don't know if it is still relevant. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 8/20/2012 8:38 PM, Alona Rossen wrote: Hello, We need OpenSSL ECCN

Re: RSA OAEP with sha256

2012-08-16 Thread Mounir IDRASSI
these limitations by implementing my own version of RSA_padding_add_PKCS1_OAEP that accepts any hash and any MGF implementation. I guess you should do the same. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 8/16/2012 11:27 PM, Martin Kaiser wrote: Dear all, I'd like to encrypt some bytes

Re: OpenSSL 1.0.1a tarball ckecksums

2012-04-22 Thread Mounir IDRASSI
Hi, Your browser is unzipping the archive on the fly. The file you are getting is the TAR and not the gzipped TAR. Try clicking save as on the link to see if you get the real gzipped file. By the way, all the ckecksums on the page are correct. Cheers, -- Mounir IDRASSI IDRIX http

Re: TLS/SSL Re-Negotiation Vulnerability [CVE-2011-1473]

2011-12-27 Thread Mounir IDRASSI
Hi, The following blog post explains different mitigation techniques for this vulnerability and among them is Rate Limiting : http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html#rate_limiting_ssl_handshakes I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr

Re: TLS 1.0 cracked...

2011-09-21 Thread Mounir IDRASSI
://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.61.5887rep=rep1type=pdf : a 2006 paper discribing the attack and the OpenSSL countermeasure. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 9/21/2011 4:48 PM, Thomas J. Hruska wrote: The Register published an article yesterday that some people

Re: Compile OpenSSL for debug and release in Windows with Visual C++

2011-06-21 Thread Mounir IDRASSI
Yes, this the target configuration for debug under Windows VC++. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 6/22/2011 7:38 AM, ml.vladimbe...@gmail.com wrote: Is “debug-VC-WIN32” option of configuration an answer to my question

Re: RSA_private_decrypt across processes

2011-05-04 Thread Mounir IDRASSI
these processes under Windows 7? -- Mounir IDRASSI IDRIX http://www.idrix.fr On 5/4/2011 7:02 AM, Ashwin Chandra wrote: I generate an RSA key using RSA_generate_key in one process. I then take the RSA structure that is generated and serialize it and send it to another process via an RPC mechanism

Re: RSA_private_decrypt across processes

2011-05-04 Thread Mounir IDRASSI
this mechanism more expensive than previous Windows versions. So, this issue won't be solved unless there is a major change to OpenSSL entropy gathering architecture, which doesn't appear to be coming any time soon. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 5/4/2011 6:14 PM, Ashwin

Re: RSA_private_decrypt across processes

2011-05-04 Thread Mounir IDRASSI
is to implement an engine that exports its own RNG implementation through a custom RAND_METHOD structure. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 5/4/2011 7:02 PM, carlyo...@keycomm.co.uk wrote: Start second process as a daemon so it only does the entropy gathering at process

Re: issue with p12 creation and network solutions EV SSL

2011-04-26 Thread Mounir IDRASSI
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= -END CERTIFICATE- == I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http

Re: issue with p12 creation and network solutions EV SSL

2011-04-26 Thread Mounir IDRASSI
are not aware of this update...This issue should not have existed at the first place! Good luck, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/26/2011 7:07 PM, James Chase wrote: You've got the wrong chain file. I understand that NetSol switched to a new EV Issuing CA a few months

Re: What Random number generator is used in the OpenSSL library?

2011-03-26 Thread Mounir IDRASSI
specific PRNG helper functions. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 3/26/2011 10:05 AM, Vladimir Belov wrote: Hello, What Random number generator is used in the OpenSSL library? __ OpenSSL Project

Re: HELP!!!! mod_tsa:could not load X.509 certificate

2011-02-24 Thread Mounir IDRASSI
just modified the usr_cert section in the default one in order to add extendedKeyUsage = critical,timeStamping and set keyUsage to nonRepudiation, digitalSignature. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/23/2011 3:32 PM, Yessica De Ascencao wrote: Hello! Thanks for your help

Re: ecdsa_method missing?

2011-02-23 Thread Mounir IDRASSI
Yes, you should open a ticket on the issue tracker. However, I'm not sure if Dr. Stephen Henson will agree to add this change to the current stable versions (0.9.8x and 1.0.0x) as he usually delays header changes till the 1.1.0 release. -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/23

Re: RSA_private_decrypt without e and d

2011-02-23 Thread Mounir IDRASSI
://rsaconverter.sourceforge.net/ . Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/24/2011 5:48 AM, Victor Duchovni wrote: On Wed, Feb 23, 2011 at 09:03:13PM -0600, Shaheed Bacchus (sbacchus) wrote: Just to be clear, below is not the actual code, but what I would *like* to be able to do

Re: RSA_private_decrypt without e and d

2011-02-23 Thread Mounir IDRASSI
/ . Thanks to it, you can check that these 5 parameters give you the correct d and e. In your case, I'm sure you'll get the wrong d and e. Swap the parameters and see if you get the correct d this time. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/24/2011 4

Re: HELP!!!! mod_tsa:could not load X.509 certificate

2011-02-22 Thread Mounir IDRASSI
that the problem is coming from the certificate Key Usage : it MUST NOT contain Key Encipherment. So, to resolve your problem, set the Key Usage to ONLY Digital Signature, Non Repudiation. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/22/2011 2:40 PM, Patrick

Re: HELP!!!! mod_tsa:could not load X.509 certificate

2011-02-22 Thread Mounir IDRASSI
certificate) that I used. Can you see if it is working for you? Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/22/2011 3:11 PM, Yessica De Ascencao wrote: Hi Mounir IDRASSI! I generated the certificate with ONLY Digital Signature, Non Repudiation but I still have the same problem

Re: ecdsa_method missing?

2011-02-22 Thread Mounir IDRASSI
. That explains why you are getting the compile error. I don't know why it was done like this, but if you really need this structure then you'll have to copy its definition from the header I mentioned above. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/22/2011 6:14 PM, Kent Yoder

Re: RSA public/private keys only work when created programatically.

2011-02-17 Thread Mounir IDRASSI
files. I hope this will help, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/18/2011 4:59 AM, David Henry wrote: I've written a bare bones enveloping example that takes a string, seals it in an envelope, and then goes about opening it. Everything works just fine if I generate my RSA keys

Re: OpenSSL and MinGW - Error report

2011-02-16 Thread Mounir IDRASSI
Hi, Add -leay32 to the end of the gcc command line of order to suppress the link errors you are seeing. This will help the gcc linker find the missing symbols exported by libeay32.a. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/16/2011 8:07 PM, Rui Fernandes wrote: I've

Re: Adding non-root certificates to the list of trusted certificates?

2011-02-10 Thread Mounir IDRASSI
of the verify callback. That being said, I remember vaguely a post by Dr Stephen Henson related to this where he mentioned a planned change in this direction, but I can't find a link to it. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/10/2011 4:46 PM, Lou Picciano wrote: Matthias

Re: Verify return code: 20 (unable to get local issuer certificate)

2011-02-10 Thread Mounir IDRASSI
elsewhere (for example in /usr/local/ssl) On the other hand, if it is /etc/ssl, then you need just to update the CAs hashs in /etc/ssl/certs. For that, issue the following command : c_rehash /etc/ssl/certs. I hope this will help. -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/10/2011 5:07 PM

Re: problem with creating and signing certificate via API

2011-01-20 Thread Mounir IDRASSI
(oldCertificate), caKey, clientCert); With these modifications, everything will be OK. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 1/20/2011 2:36 PM, Bret McDanel wrote: I am trying to load an old certificate, take the subject line and make a new certificate signed

Re: How exactly is symmetric key constructed from a passphrase?

2011-01-14 Thread Mounir IDRASSI
Hi, The function EVP_BytesToKey is used internally by this command (and others) in order to create a key from a password. The iteration count is set to 1. Look at the following link for more information : http://www.openssl.org/docs/crypto/EVP_BytesToKey.html Cheers, -- Mounir IDRASSI

Re: Question on SHA1 Functions

2011-01-10 Thread Mounir IDRASSI
Hi, SHA1_Init is indeed defined in sha_locl.h as HASH_INIT, whereas SHA1_Update and SHA1_Final are defined in md32_common.h (under crypto folder) as HASH_UPDATE and HASH_FINAL respectively. Happy hacking, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 1/10/2011 4:40 PM, Stan Joyner wrote

Re: Building OpenSSL vs Downloaded

2010-12-24 Thread Mounir IDRASSI
Hi, Use IMPLIB on the OpenSSL Dlls (e.g implib.exe -a libeay32.lib libeay32.dll) in order to create OMF export libraries instead of the COFF ones produced by VC++. With them, the link will be successful. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/23/2010 11:30 PM, hpenaguz

Re: components of RSA keys?

2010-12-23 Thread Mounir IDRASSI
Take a look at : http://en.wikipedia.org/wiki/RSA#Using_the_Chinese_remainder_algorithm exponent1 = dp exponent2 = dq coefficient = qInv -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/23/2010 9:48 PM, Mike Mohr wrote: Good afternoon, When generating an RSA key, several components

Re: components of RSA keys?

2010-12-23 Thread Mounir IDRASSI
Start at function rsa_builtin_keygen in file crypto/rsa/rsa_gen.c. Good hack, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/24/2010 12:35 AM, Mike Mohr wrote: Thanks much for the clarification. I'm interested in re-implementing RSA for my own education; can someone point me

Re: Pls some basic c code to generate key pair using openssl

2010-12-20 Thread Mounir IDRASSI
)); Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/19/2010 8:47 AM, akdin wrote: I am a new user of openssl. If anybody post basic C code to generate ecc key pairsusing openssl it will give me an insight to produce further . Ur help will be highly appreciable., regards akdin

Re: opensll-0.9.8q.tar.gz corrupted.

2010-12-03 Thread Mounir IDRASSI
Hi, There is no problem with the archive. If you are under Windows, use the latest 7zip (version 9.20). You will get a warning but the decompression is OK. The previous version of 7zip had a limitation for tar support. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/3/2010 2:28 PM

Re: Private Key from Windows Cert Store

2010-12-03 Thread Mounir IDRASSI
, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/3/2010 6:21 PM, Fili, Tom wrote: Ok, so I realized if I run Configure with no-static-engine I'll get the separate dlls. These are the commands I run C:\Documents and Settings\tfili\Desktop\openssl-0.9.8kperl Configure VC-WIN32 --prefix=c:\temp

Re: nist_cp_bn issue

2010-12-03 Thread Mounir IDRASSI
Hi, What compiler are you using under Windows? From my side, I have compiled and tested binaries produced by VC++ 2008 SP1 (cl version 15.00.30729.01) and the latest standalone native MinGW (gcc 4.5.0), and in both cases everything is OK (no crash and all tests succeed) -- Mounir IDRASSI

Re: OpenSSL 1.0.0c released

2010-12-02 Thread Mounir IDRASSI
http://www.openssl.org/news/secadv_20101202.txt -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/2/2010 9:03 PM, Erik Tkal wrote: Can someone point to details on CVE-2010-4180 and CVE-2010-4252? CVE-2010-3864 was the reason 1.0.0b was released, but I cannot find any references

Re: contribution

2010-11-26 Thread Mounir IDRASSI
OpenSSL with this interesting engine. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 11/26/2010 10:11 AM, flavio vella wrote: Hello, we are a team of the department of Computer Science at the University of Perugia (Italy). Recently, we have developed an engine that implements AES

Re: creating RSA structure when Private key(E,D,N) known

2010-11-26 Thread Mounir IDRASSI
as described on his 1976 paper). By the way, is this kind of functionality interesting enough to be integrated into OpenSSL code? I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 11/25/2010 1:32 PM, Chir wrote: Hi guys, i want to create a RSA structure to pass

Re: kEECDH handshake failure with invalid ecpointformatlist?

2010-11-25 Thread Mounir IDRASSI
. I'll start a discussion about this on the dev list. -- Mounir IDRASSI IDRIX http://www.idrix.fr __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users

Re: kEECDH handshake failure with invalid ecpointformatlist?

2010-11-24 Thread Mounir IDRASSI
that this solves the failures you are seeing? Here is the link on RT with the description of the issue and the patch : http://rt.openssl.org/Ticket/Display.html?id=2240user=guestpass=guest Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 11/24/2010 11:37 PM, Victor Duchovni wrote: I see

Re: OpenSSL 1.0.0b testssl fails

2010-11-16 Thread Mounir IDRASSI
Under Windows (32bit and 64bit) with VC++ 2008, all tests are OK. But under Ubuntu 8.04 LTS with gcc 4.2.4, I have the same error. I don't see anything OS specific in the changes introduced in t1_lib.c or s3_srvr.c. Could it be a gcc bug? -- Mounir IDRASSI IDRIX http://www.idrix.fr On 11/16

Re: s_server crashes in version 1.0.0a

2010-11-14 Thread Mounir IDRASSI
. Maybe you have some malformed key. Can you please check that? Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 11/14/2010 8:57 PM, Marcus Carey wrote: I tried the latest snap shot before I sent the first email. OpenSSL 1.0.1-dev xx XXX . Also, when I ran the test, they all passed

Re: error: unable to get local issuer certificate

2010-10-22 Thread Mounir IDRASSI
for the intermediate CA programs offered by commercial CAs. This involves being audited and vetted and this comes with some limitations. Of course, the price for such a program can be very high depending on your needs. I hope this clarifies things for you. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr

Re: error: unable to get local issuer certificate

2010-10-22 Thread Mounir IDRASSI
Hi Ariel, The simple answer to your questions is no. There is no way to workaround this. Others have already explained why. -- Mounir IDRASSI IDRIX http://www.idrix.fr Well, I'm trying to do SSL Client Authentication for my website. So I bought a wildcard cert from GoDaddy and it works

Re: [patch] LNK4078 and LNK4210 linking with x64 static libs

2010-10-19 Thread Mounir IDRASSI
openssl-dev to be kept updated. That being said, I understand your frustration but the others certainly thought you were aware of their discussion in the other list. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 10/19/2010 1:20 PM, Jakob Bohm wrote: On 19-10-2010 12:32, per frykenvall

Re: SSL Negotiation Command Failed when sending mail via TLS

2010-10-13 Thread Mounir IDRASSI
problems can arise because conflicting versions of the OpenSSL dlls exist on different directories belonging to the PATH. try checking if the machine where the problem exists has only the version of dlls you are targeting. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 10/13/2010 11:23

Re: Suspicious Cert - Nokia cell phone refuses to accept the Cert

2010-10-13 Thread Mounir IDRASSI
of their own, like in any normal PKI architecture. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 10/13/2010 7:11 PM, Stefan Bauer wrote: Dear Openssl-Users, i recently came across a problem with the offered ssl-cert on www.mastersnet.de It's a self signed cert and all of the nokia

Re: How to sign new certificates

2010-10-11 Thread Mounir IDRASSI
and then configure your webserver to accept only client certificates issued by your CA. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 10/12/2010 5:41 AM, Ariel wrote: Hi again, I could enable my site to use SSL with a wildcard certificate bought to GoDaddy by concatening the mysite.com.crt

Re: PEM_write_PUBKEY segfault with 1.0.0 on windows

2010-10-06 Thread Mounir IDRASSI
Hi, Your sample runs perfectly here: compiled using VC++ 2008 against 1.0.0a in Release and Debug modes and ran on Windows 7 system (hardware DEP enabled). What compiler are you using? Can you perform a debug build and give us a crash trace? -- Mounir IDRASSI IDRIX http://www.idrix.fr

Re: CA cert from .p12 file

2010-09-20 Thread Mounir IDRASSI
and from there copy the CA that signed your certificate to a file (Base64 encoded). You can then transfert this file to your Linux box. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Your On 9/20/2010 12:45 PM, Sergey Sedov wrote: Hi, My ISP provides to me .p12 file

Re: How to convert RSA public key XML format to PEM or ASCII format

2010-09-19 Thread Mounir IDRASSI
Hi, The code is a generic OpenSSL C source that will compile using the favorite compiler of your platform. Did I understand your question correctly? -- Mounir IDRASSI IDRIX http://www.idrix.fr Hi Thanks for your response. In which lplatform do I compile/execute the below CODE? I only have

Re: How to convert RSA public key XML format to PEM or ASCII format

2010-09-18 Thread Mounir IDRASSI
Hi, The code is a generic OpenSSL C source that will compile using the favorite compiler of your platform. Did I understand your question correctly? -- Mounir IDRASSI IDRIX http://www.idrix.fr Hi Thanks for your response. In which platform do I compile/execute the below CODE? I only have

Re: Error while trying to get text output from x509 cert file

2010-09-18 Thread Mounir IDRASSI
Hi, The error says that it didn't find the expected start line for a certificate which is -BEGIN CERTIFICATE- . So, check that your certificate is indeed BASE64 encoded and that the first line is -BEGIN CERTIFICATE- and the last is -END CERTIFICATE- . Cheers, -- Mounir

Re: cannot create p12 file

2010-09-18 Thread Mounir IDRASSI
Hi, It hangs because it is waiting for the input certificate that has to be put with the given key inside the PKCS#12 file. Replace the -certfile option with -in and everything will be OK. Actually -certfile is for adding additional certificate, not the main one. -- Mounir IDRASSI IDRIX http

Re: Loading and using PKCS#12 in runtime

2010-09-17 Thread Mounir IDRASSI
at the start of your program. Which means in your case that you should dlsym for OPENSSL_add_all_algorithms_noconf and then call it. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Hello, For certain reasons I want to load the OpenSSL libraries at run-time (rather

Re: How to convert RSA public key XML format to PEM or ASCII format

2010-09-17 Thread Mounir IDRASSI
n) { EVP_PKEY* pRsaKey = EVP_PKEY_new(); RSA* rsa = RSA_new(); rsa-e = e; rsa-n = n; EVP_PKEY_assign_RSA(pRsaKey, rsa); return pRsaKey; } else { if (n) BN_free(n); if (e) BN_free(e); return NULL; } } /CODE Cheers, -- Mounir

Re: Intermediate root CA's -- lost and confused :(

2010-09-13 Thread Mounir IDRASSI
Primary Root CA to Thawte Premium Server CA. -- Mounir IDRASSI IDRIX http://www.idrix.fr On 9/14/2010 3:32 AM, Paul B. Henson wrote: On Mon, 13 Sep 2010, Tim Hudson wrote: Try gnutls without the TLS extensions processing occurring and you will see that the server is not sending back

Re: Verify X.509 certificate, openssl verify returns bad signature

2010-08-29 Thread Mounir IDRASSI
. Concerning the specific issue here, it's clear that OpenSSL is too restrictive compared to other major libraries since this is a minor deviation from the BER specs (i.e. minimal bytes representation) and thus hurts deployments of real-world certificates. -- Mounir IDRASSI IDRIX http://www.idrix.fr

Re: Verify X.509 certificate, openssl verify returns bad signature

2010-08-28 Thread Mounir IDRASSI
, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 8/28/2010 10:43 PM, Goran Rakic wrote: Hi all, I have two X.509 certificates MUPCAGradjani.crt and MUPCARoot.crt downloaded from http://ca.mup.gov.rs/sertifikati-lat.html Certificate path is MUPCARoot MUPCAGradjani and I would like to validate

Re: Check the private key

2010-08-20 Thread Mounir IDRASSI
); goto end; } A more correct version would be to change || in the if test by , and thus there will be no misleading error. I hope this clarifies things. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 8/20/2010 4:25 PM, Ingo Naumann wrote: Vladimir, To me, your key

Re: OpenSSL assistance

2010-08-11 Thread Mounir IDRASSI
able to open it using this password. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 8/11/2010 5:14 PM, Sashi Dutt wrote: Hello, I was wondering if any of you guys ran into the below error and provide some guidance/assistance? 8980:error:23076071:PKCS12 routines:PKCS12_parse:mac verify

Re: RSA_generate_key

2010-08-03 Thread Mounir IDRASSI
and the other is called CRT). The RSA size is actually the size of the modulus. I encourage you to read more about RSA before trying to use OpenSSL resources for this. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr yes ..i am not able to find the 128 byte RSA key.. how should get those information

Re: Wildcard certs?

2010-07-24 Thread Mounir IDRASSI
Well, your question was who i must do request for... that's why we gave you links for outside CAs. If you are dealing with your own CA, then using a wildcard character in the DN will do the job. -- Mounir IDRASSI IDRIX http://www.idrix.fr Le vendredi 23 juillet 2010 22:06:44, Kyle Hamilton

Re: Wildcard certs?

2010-07-23 Thread Mounir IDRASSI
-certificates/ - http://www.verisign.com/ssl-certificates/wildcard-ssl-certificates/ Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 7/24/2010 2:02 AM, Luis Daniel Lucio Quiroz wrote: Just wondering who i must do request for a wildcard cert, for example to accept all the *.mydomain.com Regards

Re: RSA_private_encrypt does not work with RSA_NO_PADDING option

2010-07-19 Thread Mounir IDRASSI
of padding to your data before feeding it to RSA_private_encrypt. The other option is to use a standard padding by calling RSA_private_encrypt with RSA_PKCS1_PADDING. I hope this clarifies things to you. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 7/19/2010 2:51 PM, anhpham wrote: Hi all

Re: Issue with clients Operating System on certs

2010-07-16 Thread Mounir IDRASSI
SNI under XP and that surprises me because it's supposed to work starting from 2.0 and up, independently from the OS. What version of Firefox are using under XP? -- Mounir IDRASSI IDRIX http://www.idrix.fr On 7/16/2010 3:31 PM, Richard Buskirk wrote: I sent this situation off to the help

Re: encrypting long strings

2010-07-09 Thread Mounir IDRASSI
will decrypt your string. I hope this clarifies things to you. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Hi, Thanks for the reply Phillip. One quick question. Is the randomly-generated key PUBLIC? I know the public RSA key to encrypt the key is public, but is the randomly-generated key PUBLIC

Re: Compiling a native code using DES

2010-07-03 Thread Mounir IDRASSI
Hi, libcrypto is enough for basic cryptographic operations like encryption/decryption with DES, AES, ...etc Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Hello all, I have a C Code which is making use of DES.h in a JNI Environment. I wanted to know if compiling this code

Re: verify certificate in c

2010-07-03 Thread Mounir IDRASSI
Hi, Just add a call to *OpenSSL_add_all_algorithms* at the beginning of your main and the certificate verification will be OK. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Hi, I'm a newbie user of OpenSSL. I want to create a simple C program that verify a certificate chain like

Re: build an application with the openssl source code (not the shared libraries)

2010-06-24 Thread Mounir IDRASSI
Hi Andrei, What about building the modified OpenSSL as static libraries and then link your apps with libcrypto.a and libssl.a? This way you will have no external dependency. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 6/24/2010 12:24 PM, Andrei Dumitrescu wrote: Hello, I have

Re: Integrating OpenSSL as a DLL in Windows

2010-06-23 Thread Mounir IDRASSI
Hi Robert, Take a look at the OpenSSL.NET project on SourceForge : http://openssl-net.sourceforge.net/ They have implemented a managed wrapper around libeay32.dll and ssleay32.dll. I think this is what you are looking for. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 6/23/2010 8

Re: questions about RSASSA-PSS

2010-06-21 Thread Mounir IDRASSI
other give their hints. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 6/22/2010 3:26 AM, 芦翔 wrote: Hi all, Could anybody please tell me the support status of RSASSA-PSS in openssl with the version after 0.9.8l. If there is the implementation, could you please tell me which functions

Re: OpenSSL with OpenPGP

2010-06-06 Thread Mounir IDRASSI
Hi, I have written a small program that demonstrates how an RSA public key can be extracted from an OpenPGP public key file and used in OpenSSL. You can get the source from the following link : http://www.idrix.fr/Root/Samples/pgp_pubkey.c I hope this will help. Cheers, -- Mounir IDRASSI IDRIX

Re: Detect CRL format

2010-06-03 Thread Mounir IDRASSI
file is either PEM or DER encoded and that the encoded object is an ASN.1 Sequence. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 6/3/2010 10:48 AM, Arunkumar Manickam wrote: Hi, Given a CRL file, how to detect its format. whether it is in PEM encoded format or ASN1. Thanks, Arun

Re: Crash bug in 0.9.8n

2010-04-26 Thread Mounir IDRASSI
handler using the function _set_invalid_parameter_handler. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Thomas J. Hruska schrieb: Running 'openssl s_client' on 0.9.8n without any additional arguments crashes openssl.exe. There is very different behavior between 0.0.8 and 1.0.0 on WinXP Pro

Re: some VC++ help wanted: can not step into SSL_xxx functions (debug libeay32.dll and ssleay32.dll)

2010-04-25 Thread Mounir IDRASSI
Hi, Try adding the switch /Zi to the CFLAG in the makefile and rebuild the dlls. This is mandatory to create a full program database. I come across the same problem and I solved it with this. The perl scripts should be updated to include this flag for the debug build. Cheers, -- Mounir

Re: possible user error / memory leak using RSA_new() and RSA_free();

2010-04-19 Thread Mounir IDRASSI
Hi, Remove the unecessary call to RSA_new and the memory leak will disappear!! (The variable p est allocated by PEM_read_RSA_PUBKEY) Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/19/2010 11:07 PM, Stuart Weatherby wrote: Hi List, I am trying to figure out why there is a memory

Re: openSSL and PKCS #12 certificates

2010-04-14 Thread Mounir IDRASSI
Bon courage pour la suite! -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/14/2010 3:01 PM, Rémi Després-Smyth wrote: Merci beaucoup, Mounir, but I got the same error. Given the time constraints I have, I think my path moving forward is to try another library or two to see if I can find one

Re: openSSL and PKCS #12 certificates

2010-04-13 Thread Mounir IDRASSI
certificate. The first solution is the easiest because you can simply use the OPENSSL command line utility in order to extract the private key and its certificate from the PKCS#12 file as PEM files and then give them as input to your python module. I hope this will help. -- Mounir IDRASSI IDRIX

Re: openSSL and PKCS #12 certificates

2010-04-13 Thread Mounir IDRASSI
to perform your client authentication. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/13/2010 6:45 PM, Rémi Després-Smyth wrote: Mounir, Thank you so much for your answer. I did extract the key into a pem file (using command: c:\openssl\bin\openssl pkcs12 -in cert.pfx -nocerts -out

Re: Decrypting with key and initialization vector don't decrypt the first 8 bytes?

2010-04-04 Thread Mounir IDRASSI
, if you encrypt using a password, you should decrypt using a password and if you encrypt using a specific key and IV, then you should decrypt using the same key and IV: You can't mix the two approaches without extra processing. I hope this will help. -- Mounir IDRASSI IDRIX http://www.idrix.fr Hello

Re: pkcs7 cert loading, why this code doesn't work?

2010-04-03 Thread Mounir IDRASSI
(NULL, ptr, inlen); I hope this will help. -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/3/2010 3:06 AM, sean wang wrote: Hello, I have a pkcs7 encoded cert which i want to load. the following code block works fine: ( I am doing a base64 decoding first, will explain the reason

Re: Need help on: openssl pkcs12 --- avoid or in batch mode

2010-03-24 Thread Mounir IDRASSI
Hi John, I have already answered your question twice on the list but it seems that you didn't receive them for an unknown reason. Look at the link below of OpenSSL list archive to reader what I wrote : http://marc.info/?t=12690119749r=1w=2 Have a nice day, -- Mounir IDRASSI IDRIX http

Re: Need help on: openssl pkcs12 --- avoid or in batch mode

2010-03-22 Thread Mounir IDRASSI
-password pass:1234 instead. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 3/22/2010 3:00 PM, John Chen wrote: Hi Dr Stephen Henson, I really could not solve this issue and need your help. When I run openssl pkcs12 -in new.crt -inkey new.key -certfile .CA/cacert.pem

Re: need help on: openssl pkcs12 --- avoid or manipulate propmpts

2010-03-20 Thread Mounir IDRASSI
Hi John, To avoid the password prompt, you can add the argument -password pass: to the command line. This will use an empty password for the PKCS12 file. For a non empty value, for example 1234, use -password pass:1234 instead. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http

Re: Verify with RSA Public Key Fails

2010-02-27 Thread Mounir IDRASSI
are using by the value of the corresponding public exponent. If my guess is correct, then you should be able to verify the signature correctly. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/27/2010 3:00 AM, Paul Suhler wrote: Hi, everyone. In Openssl 0.9.8i, I'm trying to take

Re: Unable to decrypt without Chinese Remainder Theorem factors ?

2010-02-08 Thread Mounir IDRASSI
lines 534 and 539). I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/8/2010 10:12 AM, JB Van Puyvelde wrote: Hi, I would like to import and use in OpenSSL RSA key pairs generated by an other program. This program can export public and private keys to PEM files

Re: OpenSSL Ca

2010-01-12 Thread Mounir IDRASSI
it will access your private key. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 1/12/2010 12:35 PM, Anton Xuereb wrote: Hi, I'm trying to create a private CA with openssl for my enterprise. I have generated the CA private key and certificate. I have created a key pair and a certificate signing

Re: About Crypto Library usage and...

2009-11-15 Thread Mounir IDRASSI
this will help. Cheers -- Mounir IDRASSI IDRIX http://www.idrix.fr Gaurav Kumar wrote: Hi, I want to port few MS Crypto Api's on Linux. Here are api's which i want to port. CryptSetKeyParam CryptDecrypt CryptEncrypt CryptGetKeyParam CryptHashData CryptCreateHash I want to use the same parameters

Re: Padding mode for RSA_private_decrypt()...

2009-11-09 Thread Mounir IDRASSI
of the ssl2_state_st structure. This member is set in the function ssl23_get_client_hello in the file s23_srv, depending on the options of the SSL options. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr barcaroller wrote: Michael S. Zick wrote in message The padding is added to the **plain text

Re: Padding mode for RSA_private_decrypt()...

2009-11-08 Thread Mounir IDRASSI
, -- Mounir IDRASSI IDRIX http://www.idrix.fr barcaroller wrote: Mounir IDRASSI wrote in message ... You simply can't guess the padding mode if you don't know it in advance. Imagine the security consequences if this was possible : it would mean that an attacker can have information about the clear

Re: Signature Verification

2009-11-07 Thread Mounir IDRASSI
. Is this correct? Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Jim Welch wrote: Hello Again, The code is there to check for a non-null pkey. It wasn't copied to keep the original message shorter. I've now made sure that I've Base64'd the xml string and Base64'd the signature string

Re: Padding mode for RSA_private_decrypt()...

2009-11-07 Thread Mounir IDRASSI
Hi, You simply can't guess the padding mode if you don't know it in advance. Imagine the security consequences if this was possible : it would mean that an attacker can have information about the clear text without having access to the private key!! Cheers, -- Mounir IDRASSI IDRIX http

Re: export custom key in a PEM format

2009-11-01 Thread Mounir IDRASSI
. Most of the work is done by the macros DECLARE_PEM_rw_const and IMPLEMENT_PEM_rw_const. You can get the source code from the following link : http://www.idrix.fr/Root/Samples/custom_pem.c I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr denot...@libero.it wrote: Hi all

Re: aes_256_cbc decryption

2009-10-27 Thread Mounir IDRASSI
SHA-256 instead for this purpose. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr himas wrote: Hello, I wrote a source for encrypting and decrypting some text data with aes_256_cbc: -- CODE -- void aes256cbc_encrypt(char *text, char *hkey) { int

Re: aes_256_cbc decryption

2009-10-27 Thread Mounir IDRASSI
into the chash parameter without converting it to ASCII and never call printf directly on byte arrays. Once you have done these changes and if you still have errors, post your code and we will try to help you. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr himas wrote: Mounir IDRASSI wrote

Re: Compile dlls with Borland compiler OR avoid using VC 2008 Redistributable

2009-10-05 Thread Mounir IDRASSI
linked to the MS CRT and so they don't require any reditribuable on the target machine. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Max Terentiev wrote: Hi, I suspect BC will have its own runtime libraries to provide similar generic C runtime functionality

Re: about the big number xor

2009-09-13 Thread Mounir IDRASSI
Hi, There is no explicit function for this but you can use the function BN_GF2m_add to perform the XOR of two BIGNUMs : for GF2m polynomials, the addition is a simple bitwise XOR. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr jaze lee wrote: I want to implement xor function of large

  1   2   >