Hello,
I made gcc as a shell script and passed -mcpu and -Dmalloc=XXX_malloc
flags, then fipscanister build succeeds. I then use the fipscanister.o
in openssl tree which creates libcrypto.a .
Now for our system we need to build a shared object file. So I pass
export CC=/opt/bin/arm-linux-gcc;
There's a file that I want to encrypt using AES-192-CBC but with 19
rounds rather than the default 12-rounds.
Is there a way for me to specify the number of rounds that I would
like to use with the AES-192-CBC? (and override the algorithm
defaults)?
Is that something that I can within the
If you change the number of rounds, then it's not AES anymore, but a
custom Rijndael.
Reading the source code, it appears there's no support for that in
OpenSSL (and poking inside an AES_KEY to change the number of rounds
probably won't work).
--
Erwann ABALEA
Le 13/03/2013 14:32, Ewen Chan
So the algorithms include the number of rounds? I thought that it
would only describe the math process and that it would be independent
of the number of rounds (so long as you meed Rijndael's minimum -
which is what the current number of rounds is set/default as).
I did not know that.
The algorithm Rijndael has some knobs you can turn to tune.
The standard AES has these parameters fixed in stone.
AES-192 is effectively less secure than AES-256 because of the key
length and number of rounds.
But less secure may be secure enough. In fact, AES-128 is secure
enough for most
There's a file that I want to encrypt using AES-192-CBC but with 19 rounds
rather than the default 12-rounds.
Is there a way for me to specify the number of rounds that I would like to use
with the AES-192-CBC? (and override the algorithm defaults)?
Is that something that I can within the
Thanks.
On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea
erwann.aba...@keynectis.com wrote:
The algorithm Rijndael has some knobs you can turn to tune.
The standard AES has these parameters fixed in stone.
AES-192 is effectively less secure than AES-256 because of the key length
and number of
Would it be faster to encrypt/decrypt AES-256-CBC with an AES-NI
enabled CPU or would it faster do it with a GPGPU?
Does OpenSSL even support GPU acceleration?
On Wed, Mar 13, 2013 at 11:44 AM, Ewen Chan chan.e...@gmail.com wrote:
Thanks.
On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea
GPGPU isn't natively supported. You can write your own engine if you
want, but I think memory transfers will dominate the cost.
AES-NI is natively supported (I get about 550MB/s on my i5 M540 @2.53
GHz for 8k blocks).
--
Erwann ABALEA
Le 13/03/2013 16:49, Ewen Chan a écrit :
Would it be
I'm quite new to openSSL and AES and cryptography as a whole, so
please forgive my stupid questions.
I've read that because of the way that the AES-CBC works that it
depends on the result from the previous round in order to encrypt the
current round that it is inherently not well suited for
Le 13/03/2013 17:17, Ewen Chan a écrit :
I'm quite new to openSSL and AES and cryptography as a whole, so
please forgive my stupid questions.
You then may start by reading the different manpages, then. OpenSSL is a
large beast, and you won't do anything useful without reading.
I've read
Yea, I've tried reading the man pages, but it doesn't list all of the
options available on there (which would tend to indicate that it is a
little behind compared to the development and released versions of
OpenSSL).
Do you need the '-evp' flag to use '-engine aesni' or they operate
independent
You are right about AES-CBC. Palatalization of block encryption is not
really possible. If you want to encrypt blocks in parallel then you should
use AES-CTR.
Kris
- Original Message
From: openssl-users@openssl.org
To: Erwann Abalea erwann.aba...@keynectis.com
Cc:
If what you want is simply encrypt and decrypt files using command-line
openssl executable, then you don't need to play with engine or evp options.
openssl enc uses the EVP interface, which in turn will make use of
AES-NI instructions if available (or SSE3, SSE2, SSE, anything available
on the
I spend most of my day connected to two SSL-secured IRC servers and
one unsecured IRC server. The IRC servers both use GnuTLS. My IRC
client uses OpenSSL.
After upgrading my local system from openssl-1.0.1c-7.fc18.x86_64 to
openssl-1.0.1e-3.fc18.x86_64, I would frequently get disconnected from
Wouldn't enabling AES-NI during the encryption/decryption process make
it run faster?
So even if I'm just running the openssl command-line executable,
processing those files with AES-NI enabled (via '-engine aesni') would
be faster than if I left that part out?
(I'm still a little fuzzy as to
Le 13/03/2013 19:10, Ewen Chan a écrit :
Wouldn't enabling AES-NI during the encryption/decryption process make
it run faster?
Of course.
So even if I'm just running the openssl command-line executable,
processing those files with AES-NI enabled (via '-engine aesni') would
be faster than if
I'm asking about the '-engine aesni' flag because when I google
openssl aes-ni - that's what comes up.
I've never used it before, but I'm about to as I've recently aquired a
system that supports AES-NI.
I'm also asking because I'm about to encrypt a whole bunch of files
and some of them are
Le 13/03/2013 20:06, Ewen Chan a écrit :
I'm asking about the '-engine aesni' flag because when I google
openssl aes-ni - that's what comes up.
I've never used it before, but I'm about to as I've recently aquired a
system that supports AES-NI.
I'm also asking because I'm about to encrypt a
I'm running on a 30 TB server with about 1.4 million files.
I think that at last audit, the single largest file is 45 GB (as an example).
And I'm prepping to run AES-256-CBC.
The host system has a SATA 6 Gbps, 10 drive, RAID5 array; so I'm
pretty sure that I can peg (or at least supply) the
Hello,
I have implemented static and dynamic locking functions but have a
lingering question. It is not clear to me whether the same thread would ever
create more than one lock before previous locks created by that thread had been
destroyed. In other words, is the thread id intended to
On Wed, Mar 13, 2013 at 04:00:48PM -0400, Ewen Chan wrote:
I'm running on a 30 TB server with about 1.4 million files.
I think that at last audit, the single largest file is 45 GB (as an example).
And I'm prepping to run AES-256-CBC.
The host system has a SATA 6 Gbps, 10 drive, RAID5
The problem that I initially ran into when I was creating the volume
was that there wasn't a Linux file system that could handle a 27 TB
volume. The closest that I got was Btrfs and the time, it was still in
I think 0.98alpha or something like that.
Also as a result of that, there were no data
Gordon,
Not sure how your question relates OpenSSL, but in general, thread id is
not a unique identifier for locks.
On Thu, Mar 14, 2013 at 3:40 AM, Betsy Gordon bgor...@companioncorp.comwrote:
Hello,
I have implemented static and dynamic locking functions but have a
lingering
On Thu, Mar 14, 2013 at 11:34:12AM +0800, cellecial wrote:
I'm frustrated that I can't get correct result from such a simple API(on
openssl 1.0.1c),just like below.
md = EVP_get_digestbynid(NID_ecdsa_with_SHA256); //NID_md5
This is because ECDSA-WITH-SHA256 is a signature algorithm, and
but I tried md = EVP_get_digestbynid(NID_md5), still NULL
On Thu, Mar 14, 2013 at 11:54 AM, Viktor Dukhovni
openssl-us...@dukhovni.org wrote:
On Thu, Mar 14, 2013 at 11:34:12AM +0800, cellecial wrote:
I'm frustrated that I can't get correct result from such a simple API(on
openssl
On Thu, Mar 14, 2013 at 01:05:25PM +0800, cellecial wrote:
but I tried md = EVP_get_digestbynid(NID_md5), still NULL
PBKAC?
$ cat md.c
#include openssl/ssl.h
#include openssl/evp.h
#include stdio.h
int main()
{
int nids[] = {
Is this the right place to ask ? Please suggest
-- Forwarded message --
From: azhar jodatti azhar...@gmail.com
Date: Mar 13, 2013 11:14 PM
Subject: Diffie algorithm in openssl
To: openssl-users@openssl.org
Cc:
I am very much new to openssl and trying to explore...
I was trying to
28 matches
Mail list logo
