On 8/3/12, Dr. Stephen Henson st...@openssl.org wrote:
On Fri, Aug 03, 2012, Saurabh Pandya wrote:
Hi all,
I am using server certificate X problematically with following API for
each
SSL * session. X is dynamically generated for each client, when its CA(s)
as always same.
Hi Steve! What exactly does not work for you?
On Sat, 2012-08-04 at 19:58 -0700, Steven Madwin wrote:
Has anyone been able to get OCSP working with version 1.0 or later? It works
for me with version 0.9, but not 1.0.1c. I did see where someone suggested
using an IPv6 style port address (i.e.
Hi list,
I'm quite puzzled and hope somebody can help me. I'm handling a large
number of certificates and for generating testcases for the software I
employ, I wrote a small script that downloaded web server certificates
en bulk and then processed them, to check for irregularities.
My software
Bonjour,
The given certificate is correctly self-signed, you can manually check
it by extracting the signature block and playing with openssl rsautl
..., dd ... | openssl dgst -sha1, etc.
It fails the validation path check probably because it's not declared as
a CA. There's some ongoing
Bonjour,
Which part of the examples did you mimic?
32 bytes is the length of a SHA256, it's also the max message length of
a 256bits ECDSA key. Whence, I assume you're doing straight
ECDSA_do_sign() without hashing and padding the message.
--
Erwann ABALEA
-
paléogallicisme: style
Yes, it's correct.
Now I try to feed the ECDSA_do_sign with the output buffer of SHA256. Based on
my security knowledge, I thought that the signing algorithms perform hashing
internally, while in this case it is not true.
Thanks for the response.
From:
Hi all,
I want to ask, is openssl supporting NSA suite B crypto? If yes, what version
of openssl contains it, does any compiling option for it?
Among the requirement, aes-gcm is one of the algorithms , is the file
ec_curve.c mapping to gcm?
Thanks
Hi Steve,
Thanks, that certainly corrected it. I guess I'm perplexed as to why using
ecgroup = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
would not automatically set that flag since I'm explicitly giving the curve
name already?
Thanks,
Erik
Use the EVP_* interface for high-level functions.
Use ECDSA_do_sign() or other low-level functions if you're absolutely
sure about what you're doing.
--
Erwann ABALEA
Le 06/08/2012 14:31, Mohammad khodaei a écrit :
Yes, it's correct.
Now I try to feed the ECDSA_do_sign with the output
On 8/6/2012 2:25 PM, Bruce (Riji) Cai wrote:
Hi all,
I want to ask, is openssl supporting NSA suite B crypto? If yes, what
version of openssl contains it, does any compiling option for it?
Among the requirement, aes-gcm is one of the algorithms , is the file
ec_curve.c mapping to gcm?
Thanks
Thanks for the comment. I am searching on the net to find a sample to start. Do
you know any sample to start working with EVP_* interfaces for elliptic curve?
Thanks
From: Erwann Abalea erwann.aba...@keynectis.com
To: openssl-users@openssl.org
Cc: Mohammad
On Mon, Aug 06, 2012, Jakob Bohm wrote:
Much (maybe all, I don't know) of suite B is probable in OpenSSL
1.0.1 too, but I don't have an algorithm by algorithm breakdown
of inclusion status, others on this list probably have such a
list.
All the required suite B algorithms are supported
Thanks all,
I don't know if there is any document file or any material saying what
additional requirements are not in OpenSSL 1.01 for now?
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent:
From: owner-openssl-us...@openssl.org On Behalf Of Erwann Abalea
Sent: Monday, 06 August, 2012 08:06
The given certificate is correctly self-signed, you can
manually check
it by extracting the signature block and playing with openssl rsautl
..., dd ... | openssl dgst -sha1, etc.
It
14 matches
Mail list logo