Hell,I've got a question regarding self-signed X509v3 certificates used in a TLS1.0 server/client environment. A communication partner uses a self-signed certificate as attached to this mail (can be retrieved from the TLS server87.236.105.37:6619). My TLS client uses the following options:
Hello Dave,
Am 03.08.2012 um 03:55 schrieb Dave Thompson:
Aside: it's a good thing you gave the server, because Outlook
(which we use) blocks *.cer. I wish it didn't, but it does.
I've reached this great functionality last week, too. There's a possibility
to allow filename extensions ins
Hello Jakob,
Am 03.08.2012 um 09:52 schrieb Jakob Bohm:
My assumption of a chain of trust is that the end of a trust chain is
reached (=a server or client certificate is seen as valid and secure) if the
whole chain of certificates ends in an entifiy where subject=issuer and
CA:true (and
is Joerg
Walter ([EMAIL PROTECTED]) or contact me ([EMAIL PROTECTED]) for openSSL
specific topics.
Regards,
Harald Latzko
c-works GmbH
Hi Stephen,
We are developing a secure communication on OFTP(RFC-5024), as per the RFC
we need to sign the file, compress the file , encrypt the file.
that can
Hi Shankar,
if you're dealing with OFTP2 (I assume you're implementing this
because of older posts refering to the protocol and its RFC), you may
inspect the field SFIDSEC. Taken from the RFC 5024, ch. 5.3.3:
Value: '00' No security services
'01' Encrypted
Hi!
Please correct me if I'm wrong, but afaik the -stream option doesn't
work for the openssl smime commands decrypt and verify (tested
with openssl-1.0.0-stable-SNAP-20090511, openssl-SNAP-20090511 and
openssl-1.0.0-beta2).
Regards,
Harald
Am 08.05.2009 um 12:07 schrieb
Hello list!
I have problems encrypting files with the following command:
openssl smime -encrypt -in /tmp/infile -out /tmp/testencrypted -nodetach
-binary -des3 -outform DER /tmp/mypub.cer
This command is running in several versions of openSSL successfully on
several platforms (Linux, MacOS X,
Hi!
I encrypt files via openssl on commandline using the following command:
openssl smime -encrypt -in /tmp/testfile -out /tmp/testfile.enc -
nodetach -binary -aes256 -outform DER -engine padlock /tmp/public.pem
Since I use the engine padlock on a VIA CPU (openssl speed show an
enormous
Hello again,
can anybody even confirm that encrypting files via openssl smime
command consumes very much memory?
Regards,
Harald
Am 22.03.2007 um 19:29 schrieb Harald Latzko:
Hi!
I encrypt files via openssl on commandline using the following
command:
openssl smime -encrypt -in /tmp
Hello!
Am 23.03.2007 um 20:01 schrieb Marco Roeland:
can anybody even confirm that encrypting files via openssl smime
command consumes very much memory?
Yes. The PKCS7_encrypt(3ssl) function needs to hold all the data in
memory as specified in the BUGS section of its man page. As far as I
know
Hello,
Am 24.03.2007 um 14:39 schrieb Dr. Stephen Henson:
No, sorry I do not know how to enable the streaming encryption
support
and it very probably will not be in the command line tool.
I only know beginnings of streaming encryption support exist from
posts
by Dr. Stephen Henson on this
:-)
Thank you very much for the great work. I'm testing at the moment
with encoding files, resulting in an extremely good performance using
hardware engines.
If anything is open or unclear, I will reply to this message.
Regards,
Harald Latzko
Hello,
Am 14.04.2007 um 00:04 schrieb Dr. Stephen Henson:
'tis done.
I found a quiet period to look into it and test it a little. Check
out the new
-stream option in the smime utility for OpenSSL 0.9.9.
Support in the API is quite simple too, just include the
PKCS7_STREAM flag in
the
Hello!
Am 14.04.2007 um 00:04 schrieb Dr. Stephen Henson:
Sorry to have given you false hopes. The issue that all the data
has to
be in working memory to be encrypted is indeed starting to become
a real
annoyance in some practical circumstances. So perhaps if Stephen
Henson
should develop
Hi!
I use for big file encryption the new stream support of openSSL
0.9.9, it works perfectly. For decryption (and signature
verification), the stream support is not implemented yet. So we have
to wait until it's implemented, or find another solution. If you have
found another way to do
.:
Here are examples, from my code, of both 3DES and AES. Any
questions, ask away.
Chaz.
Harald Latzko wrote:
Hi!
Do you have a solution for deryption of big files using des3 and/
or aes256, too? The openSSL command line smime utility eats up all
my memory and crashes after a while
a model to work from. Which
would you like me to do: AES, 3DES or BLOWFISH?
Peace,
Charles
Harald Latzko wrote:
Hi!
I tried to compile your code, but the following include files are
missing (or not included in MacOS, Linux and openSSL distribution):
- portable.h
- exception.h
- ltscrypto.h
:
The memory consumption raised about 1.5GB on this machine before no
more memory was available, so I think the OS (Debian Linux) had no
more memory available for allocation (which explains the error message).
Is there a way to decrypt large files encrypted this way?
Regards,
Harald Latzko
Hello,
after having read several documents, howtos, READMEs etc., i wasn't
able to compile actual daily snapshots of openssl 0.9.9 on AIX5.3
64bit with GCC 4.0.0. I've tried various combinations of ./Configure-
options, linker options and others, but none worked. It always stops
at the
Hello!
Am 14.04.2007 um 00:04 schrieb Dr. Stephen Henson:
'tis done.
I found a quiet period to look into it and test it a little. Check
out the new
-stream option in the smime utility for OpenSSL 0.9.9.
Support in the API is quite simple too, just include the
PKCS7_STREAM flag in
the
oh, I forgot to mention that this behaviour appears in the latest
snapshot (20070816) of openssl-0.9.9-dev.
Am 16.08.2007 um 10:30 schrieb Harald Latzko:
Hello!
Am 14.04.2007 um 00:04 schrieb Dr. Stephen Henson:
'tis done.
I found a quiet period to look into it and test it a little
Hi!
I cannot confirm these performance differences between 0.9.8d and
0.9.8e. My results on a Via CPU are:
0.9.8d
==
engine padlock set.
Doing aes-256-cbc for 3s on 16 size blocks: 11906104 aes-256-cbc's in
3.00s
Doing aes-256-cbc for 3s on 64 size blocks: 9088256 aes-256-cbc's in
versions
and not going up to over 600MB/s like you posted. Any clues?
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im
Auftrag von Harald Latzko
Gesendet: Dienstag, 25. September 2007 20:25
An: openssl-users@openssl.org
Betreff: Re: via padlock support much slower
Hello Pankaj,
Am 09.11.2007 um 23:33 schrieb Pankaj Mathur:
Hi ,
I am trying to encrypt and decrypt a large file using the Openssl
API.
I am doing this by calling EVP_EncryptUpdate / EVP_DecryptUpdate
iteratively for a block size of 1024 and then calling the
EVP_EncryptFinal_ex/
Hello,
I've read the following in the latest CHANGES file of the openSSL
0.9.9 snapshot 20071220:
*) Add option -stream to use PKCS#7 streaming in smime utility. New
function i2d_PKCS7_bio_stream() and PEM_write_PKCS7_bio_stream()
to output in BER and PEM format.
Does this work
25 matches
Mail list logo