Re: RSA OAEP with sha256

2012-08-16 Thread Mounir IDRASSI
these limitations by implementing my own version of RSA_padding_add_PKCS1_OAEP that accepts any hash and any MGF implementation. I guess you should do the same. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 8/16/2012 11:27 PM, Martin Kaiser wrote: Dear all, I'd like to encrypt some bytes

Re: OpenSSL ECCN #

2012-08-20 Thread Mounir IDRASSI
Hi, There was a similar question years ago. Here is a link to its answer : http://marc.info/?l=openssl-usersm=123357572413547 I don't know if it is still relevant. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 8/20/2012 8:38 PM, Alona Rossen wrote: Hello, We need OpenSSL ECCN

Re: 0.9.8h failing to build with VS 2005

2008-05-29 Thread Mounir IDRASSI
Hi, This is a bug that has been reported on openssl-dev. It's due to a bug in the file x86ms.pl responsible for the generation of MASM assembly code. To be corrected, the line 273 of this file containing $extra should be removed. -- Mounir IDRASSI IDRIX http://www.idrix.fr

Re: cert already in hash table

2008-05-29 Thread Mounir IDRASSI
as in the previous loop. Can you confirm that the code is really like this? Does the working application have the same code? Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On Thu, May 29, 2008 8:24 pm, Francis GASCHET wrote: Sorry for the double ;-) Hello, I getting crazy ! In one application

Re: SSL

2008-06-02 Thread Mounir IDRASSI
certificate. To find what key is Apache using, look in your httpd.conf file to see where the SSL configuration is store and there you will find the path of the SSL key and certificate. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On Sun, June 1, 2008 11:25 pm, Billy Chan Ting wrote: Hi

Re: OpenSSL 0.9.8h and Win64A

2008-06-07 Thread Mounir IDRASSI
, -- Mounir IDRASSI IDRIX http://www.idrix.fr On Thu, June 5, 2008 11:47 pm, Melnick, Jeff wrote: I've been trying to build OpenSSL 0.9.8h for WIN64A. I have Visual Studio 2005, SP1 and the Server 2008 SDK (6.1) on 32 bit Windows XP. I run: perl Configure VC-WIN64A

Re: Please help: very urgent: Query on patented algorithms

2008-06-16 Thread Mounir IDRASSI
Hi, Use the tool Dependency Walker (http://www.dependencywalker.com/) to look at the exported functions of libeay32.dll. If it exports RC5, you will see exported symbols starting with RC5. For MDC2, you'll find symbols starting with MDC2 and etc... Cheers, -- Mounir IDRASSI IDRIX http

Re: PKI Application

2008-07-06 Thread Mounir IDRASSI
You must also check for RootKits which are harder to detect and always run under an account with no privilege. As far as I am concerned, I will use Wine under Linux to try this executable. -- Mounir IDRASSI IDRIX http://www.idrix.fr On Sun, July 6, 2008 2:54 pm, Jim Lynch wrote: Open an XP

Re: Errors while building OpenSSL in Windows

2008-07-10 Thread Mounir IDRASSI
Hi, This error have been already reported. Check the following link : http://www.mail-archive.com/[EMAIL PROTECTED]/msg24173.html I'm not sure if my fix have been put into cvs. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On Thu, July 10, 2008 10:50 pm, Panthers Rock wrote: I am

Re: openssl on symbian

2008-12-01 Thread Mounir IDRASSI
://discussion.forum.nokia.com/forum/showpost.php?p=303576postcount=12) It's two years old but I think the hints there still apply. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On Mon, 1 Dec 2008 03:40:10 -0800, waleed hassn [EMAIL PROTECTED] wrote: hi all how can i compile

Re: Read a PEM

2008-12-18 Thread Mounir IDRASSI
Hi, Your code doesn't crash for me (and it should not). Do you have a stack trace of the crash? What version of openssl are you using? Can you post the pem file you are using? Maybe it has some special content encoding. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Moribius wrote: Hi

Re: Read a PEM

2008-12-18 Thread Mounir IDRASSI
Hi, Another simpler possibility is that fopen is returning NULL and PEM_read_X509 crashes because fp is NULL. I suppose you already checked that... Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Mounir IDRASSI wrote: Hi, Your code doesn't crash for me (and it should not). Do you have

Re: Read a PEM

2008-12-18 Thread Mounir IDRASSI
Hi, In this case, you should post the stack trace when the crash happens: It will show us where the problem is located. Use gdb or VisualStudio for that, depending on your platform. -- Mounir IDRASSI IDRIX http://www.idrix.fr Moribius wrote: fp is not NULL; But perhaps my certificate has

Re: RSA signature and padding

2009-01-07 Thread Mounir IDRASSI
, -- Mounir IDRASSI IDRIX http://www.idrix.fr Chevalier Dev wrote: Dear all: I have just implemented an RSA signature using openssl. What I observe is that signing the same data (a SHA-256 hash) multiple times with the same RSA key always yields the same signature. I thought the data to be signed

Re: Extract public key from certificate

2009-01-08 Thread Mounir IDRASSI
to save the public key to a file. Regards, -- Mounir IDRASSI IDRIX http://www.idrix.fr Vincent CLUZAUD wrote: Dear users, I want to extract public key from certificate (*.cer file) in C++ (with visual C++). In command, I can do that with this command : c:\OpenSSL\bin\openssl x509 -inform

Re: RSA signature and padding

2009-01-08 Thread Mounir IDRASSI
sample code. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Chevalier Dev wrote: Hi Mounir: Thanks a lot for the sample code, it answers all my questions! Do you know if PSS is going to be part of the next release for RSA signatures? Cheers -- Chev

Re: Problem with BN_mod_exp

2009-01-16 Thread Mounir IDRASSI
is 66694e28fdca0bb1f34fe13e3b38088180766f8cc4283ef6a9c1e427f364d7e2 in big-endian or E2D764F327E4C1A9F63E28C48C6F76808108383B3EE14FF3B10BCAFD284E6966 in little endian.as you mention it in your message. So, it's your expected result that is false. How did you compute this value? Cheers, -- Mounir IDRASSI IDRIX http

Re: Problem with BN_mod_exp

2009-01-17 Thread Mounir IDRASSI
is the same as the output of BN_mod_exp when all inputs are initialized correctly. I didn't check the results in case you are using a little-endian representation... Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Sargeras wrote: I'm working in a client for authentication of SRP6 and I have

Re: Ver 0.9.8 j compiled

2009-01-20 Thread Mounir IDRASSI
Hi, If you are looking for windows binaries, you could search using Google. The first result is the following link : http://www.slproweb.com/products/Win32OpenSSL.html Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr rfx wrote: I find url to download openssl ver 0.9.8 j compiled

Re: RSASSA-PSS Signature Question

2009-03-19 Thread Mounir IDRASSI
Hi, Just to confirm what Ger Hobbelt said in his previous answer: the openssl command line doesn't support RSASSA-PSS signature generation. Maybe it will be added in a future release. In the mean time, you have to use the library to perform this. Cheers, -- Mounir IDRASSI IDRIX http

Re: Loading a public RSA key from a DER file

2009-05-06 Thread Mounir IDRASSI
Hi, Your file pk.der contains a public key encoded as a SubjectPublicKeyInfo and NOT as a PKCS#1 encoding. So, you should use the function d2i_RSA_PUBKEY instead of d2i_RSAPublicKey in order to read the public key. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Dear all, I am working

Re: Loading a public RSA key from a DER file

2009-05-08 Thread Mounir IDRASSI
: it can hold any public key (RSA, DSA, ECC) as it contains a field indentifing the corresponding algorithm. It's described in the PKCS#6 spec from RSA, section A.1, ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-6.asc. Hope this will help. Mounir IDRASSI IDRIX http://www.idrix.fr Sébastien

Re: Read DER-encoded RSA public key in memory?

2009-07-20 Thread Mounir IDRASSI
the same variables of your code : BIO* keyBio = BIO_new_mem_buf(TESTING_PUBLIC_KEY, sizeof(TESTING_PUBLIC_KEY)); public_key = d2i_PUBKEY_bio(keyBio, NULL); That's it! I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Jeremy R. wrote: I'm trying to make a simple application

Re: Read DER-encoded RSA public key in memory?

2009-07-20 Thread Mounir IDRASSI
Yes, d2i_PUBKEY is sufficient. -- Mounir IDRASSI IDRIX http://www.idrix.fr Jeremy R. wrote: Thanks. I switched to using d2i_PUBKEY (it really is hard-coded, so I don't think there's a reason to use BIO – if I'm mistaken, please tell me) and it now returns a valid address in memory. On 20

Re: A PKI in a web page

2009-09-10 Thread Mounir IDRASSI
. I have been using it for a year now and it was easy to modify it to accommodate my own requirements (like supporting SHA1 instead of the default MD5 and adding new templates). I hope it can be useful for you as it is for me. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr jehan procaccia wrote

Re: about the big number xor

2009-09-13 Thread Mounir IDRASSI
Hi, There is no explicit function for this but you can use the function BN_GF2m_add to perform the XOR of two BIGNUMs : for GF2m polynomials, the addition is a simple bitwise XOR. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr jaze lee wrote: I want to implement xor function of large

Re: Compile dlls with Borland compiler OR avoid using VC 2008 Redistributable

2009-10-05 Thread Mounir IDRASSI
linked to the MS CRT and so they don't require any reditribuable on the target machine. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Max Terentiev wrote: Hi, I suspect BC will have its own runtime libraries to provide similar generic C runtime functionality

Re: aes_256_cbc decryption

2009-10-27 Thread Mounir IDRASSI
SHA-256 instead for this purpose. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr himas wrote: Hello, I wrote a source for encrypting and decrypting some text data with aes_256_cbc: -- CODE -- void aes256cbc_encrypt(char *text, char *hkey) { int

Re: aes_256_cbc decryption

2009-10-27 Thread Mounir IDRASSI
into the chash parameter without converting it to ASCII and never call printf directly on byte arrays. Once you have done these changes and if you still have errors, post your code and we will try to help you. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr himas wrote: Mounir IDRASSI wrote

Re: export custom key in a PEM format

2009-11-01 Thread Mounir IDRASSI
. Most of the work is done by the macros DECLARE_PEM_rw_const and IMPLEMENT_PEM_rw_const. You can get the source code from the following link : http://www.idrix.fr/Root/Samples/custom_pem.c I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr denot...@libero.it wrote: Hi all

Re: Signature Verification

2009-11-07 Thread Mounir IDRASSI
. Is this correct? Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Jim Welch wrote: Hello Again, The code is there to check for a non-null pkey. It wasn't copied to keep the original message shorter. I've now made sure that I've Base64'd the xml string and Base64'd the signature string

Re: Padding mode for RSA_private_decrypt()...

2009-11-07 Thread Mounir IDRASSI
Hi, You simply can't guess the padding mode if you don't know it in advance. Imagine the security consequences if this was possible : it would mean that an attacker can have information about the clear text without having access to the private key!! Cheers, -- Mounir IDRASSI IDRIX http

Re: Padding mode for RSA_private_decrypt()...

2009-11-08 Thread Mounir IDRASSI
, -- Mounir IDRASSI IDRIX http://www.idrix.fr barcaroller wrote: Mounir IDRASSI wrote in message ... You simply can't guess the padding mode if you don't know it in advance. Imagine the security consequences if this was possible : it would mean that an attacker can have information about the clear

Re: Padding mode for RSA_private_decrypt()...

2009-11-09 Thread Mounir IDRASSI
of the ssl2_state_st structure. This member is set in the function ssl23_get_client_hello in the file s23_srv, depending on the options of the SSL options. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr barcaroller wrote: Michael S. Zick wrote in message The padding is added to the **plain text

Re: About Crypto Library usage and...

2009-11-15 Thread Mounir IDRASSI
this will help. Cheers -- Mounir IDRASSI IDRIX http://www.idrix.fr Gaurav Kumar wrote: Hi, I want to port few MS Crypto Api's on Linux. Here are api's which i want to port. CryptSetKeyParam CryptDecrypt CryptEncrypt CryptGetKeyParam CryptHashData CryptCreateHash I want to use the same parameters

Re: OpenSSL Ca

2010-01-12 Thread Mounir IDRASSI
it will access your private key. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 1/12/2010 12:35 PM, Anton Xuereb wrote: Hi, I'm trying to create a private CA with openssl for my enterprise. I have generated the CA private key and certificate. I have created a key pair and a certificate signing

Re: Unable to decrypt without Chinese Remainder Theorem factors ?

2010-02-08 Thread Mounir IDRASSI
lines 534 and 539). I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/8/2010 10:12 AM, JB Van Puyvelde wrote: Hi, I would like to import and use in OpenSSL RSA key pairs generated by an other program. This program can export public and private keys to PEM files

Re: Verify with RSA Public Key Fails

2010-02-27 Thread Mounir IDRASSI
are using by the value of the corresponding public exponent. If my guess is correct, then you should be able to verify the signature correctly. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/27/2010 3:00 AM, Paul Suhler wrote: Hi, everyone. In Openssl 0.9.8i, I'm trying to take

Re: need help on: openssl pkcs12 --- avoid or manipulate propmpts

2010-03-20 Thread Mounir IDRASSI
Hi John, To avoid the password prompt, you can add the argument -password pass: to the command line. This will use an empty password for the PKCS12 file. For a non empty value, for example 1234, use -password pass:1234 instead. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http

Re: Need help on: openssl pkcs12 --- avoid or in batch mode

2010-03-22 Thread Mounir IDRASSI
-password pass:1234 instead. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 3/22/2010 3:00 PM, John Chen wrote: Hi Dr Stephen Henson, I really could not solve this issue and need your help. When I run openssl pkcs12 -in new.crt -inkey new.key -certfile .CA/cacert.pem

Re: Need help on: openssl pkcs12 --- avoid or in batch mode

2010-03-24 Thread Mounir IDRASSI
Hi John, I have already answered your question twice on the list but it seems that you didn't receive them for an unknown reason. Look at the link below of OpenSSL list archive to reader what I wrote : http://marc.info/?t=12690119749r=1w=2 Have a nice day, -- Mounir IDRASSI IDRIX http

Re: pkcs7 cert loading, why this code doesn't work?

2010-04-03 Thread Mounir IDRASSI
(NULL, ptr, inlen); I hope this will help. -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/3/2010 3:06 AM, sean wang wrote: Hello, I have a pkcs7 encoded cert which i want to load. the following code block works fine: ( I am doing a base64 decoding first, will explain the reason

Re: Decrypting with key and initialization vector don't decrypt the first 8 bytes?

2010-04-04 Thread Mounir IDRASSI
, if you encrypt using a password, you should decrypt using a password and if you encrypt using a specific key and IV, then you should decrypt using the same key and IV: You can't mix the two approaches without extra processing. I hope this will help. -- Mounir IDRASSI IDRIX http://www.idrix.fr Hello

Re: openSSL and PKCS #12 certificates

2010-04-13 Thread Mounir IDRASSI
certificate. The first solution is the easiest because you can simply use the OPENSSL command line utility in order to extract the private key and its certificate from the PKCS#12 file as PEM files and then give them as input to your python module. I hope this will help. -- Mounir IDRASSI IDRIX

Re: openSSL and PKCS #12 certificates

2010-04-13 Thread Mounir IDRASSI
to perform your client authentication. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/13/2010 6:45 PM, Rémi Després-Smyth wrote: Mounir, Thank you so much for your answer. I did extract the key into a pem file (using command: c:\openssl\bin\openssl pkcs12 -in cert.pfx -nocerts -out

Re: openSSL and PKCS #12 certificates

2010-04-14 Thread Mounir IDRASSI
Bon courage pour la suite! -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/14/2010 3:01 PM, Rémi Després-Smyth wrote: Merci beaucoup, Mounir, but I got the same error. Given the time constraints I have, I think my path moving forward is to try another library or two to see if I can find one

Re: possible user error / memory leak using RSA_new() and RSA_free();

2010-04-19 Thread Mounir IDRASSI
Hi, Remove the unecessary call to RSA_new and the memory leak will disappear!! (The variable p est allocated by PEM_read_RSA_PUBKEY) Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/19/2010 11:07 PM, Stuart Weatherby wrote: Hi List, I am trying to figure out why there is a memory

Re: some VC++ help wanted: can not step into SSL_xxx functions (debug libeay32.dll and ssleay32.dll)

2010-04-25 Thread Mounir IDRASSI
Hi, Try adding the switch /Zi to the CFLAG in the makefile and rebuild the dlls. This is mandatory to create a full program database. I come across the same problem and I solved it with this. The perl scripts should be updated to include this flag for the debug build. Cheers, -- Mounir

Re: Crash bug in 0.9.8n

2010-04-26 Thread Mounir IDRASSI
handler using the function _set_invalid_parameter_handler. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Thomas J. Hruska schrieb: Running 'openssl s_client' on 0.9.8n without any additional arguments crashes openssl.exe. There is very different behavior between 0.0.8 and 1.0.0 on WinXP Pro

Re: Detect CRL format

2010-06-03 Thread Mounir IDRASSI
file is either PEM or DER encoded and that the encoded object is an ASN.1 Sequence. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 6/3/2010 10:48 AM, Arunkumar Manickam wrote: Hi, Given a CRL file, how to detect its format. whether it is in PEM encoded format or ASN1. Thanks, Arun

Re: OpenSSL with OpenPGP

2010-06-06 Thread Mounir IDRASSI
Hi, I have written a small program that demonstrates how an RSA public key can be extracted from an OpenPGP public key file and used in OpenSSL. You can get the source from the following link : http://www.idrix.fr/Root/Samples/pgp_pubkey.c I hope this will help. Cheers, -- Mounir IDRASSI IDRIX

Re: questions about RSASSA-PSS

2010-06-21 Thread Mounir IDRASSI
other give their hints. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 6/22/2010 3:26 AM, 芦翔 wrote: Hi all, Could anybody please tell me the support status of RSASSA-PSS in openssl with the version after 0.9.8l. If there is the implementation, could you please tell me which functions

Re: Integrating OpenSSL as a DLL in Windows

2010-06-23 Thread Mounir IDRASSI
Hi Robert, Take a look at the OpenSSL.NET project on SourceForge : http://openssl-net.sourceforge.net/ They have implemented a managed wrapper around libeay32.dll and ssleay32.dll. I think this is what you are looking for. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 6/23/2010 8

Re: build an application with the openssl source code (not the shared libraries)

2010-06-24 Thread Mounir IDRASSI
Hi Andrei, What about building the modified OpenSSL as static libraries and then link your apps with libcrypto.a and libssl.a? This way you will have no external dependency. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 6/24/2010 12:24 PM, Andrei Dumitrescu wrote: Hello, I have

Re: Compiling a native code using DES

2010-07-03 Thread Mounir IDRASSI
Hi, libcrypto is enough for basic cryptographic operations like encryption/decryption with DES, AES, ...etc Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Hello all, I have a C Code which is making use of DES.h in a JNI Environment. I wanted to know if compiling this code

Re: verify certificate in c

2010-07-03 Thread Mounir IDRASSI
Hi, Just add a call to *OpenSSL_add_all_algorithms* at the beginning of your main and the certificate verification will be OK. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Hi, I'm a newbie user of OpenSSL. I want to create a simple C program that verify a certificate chain like

Re: encrypting long strings

2010-07-09 Thread Mounir IDRASSI
will decrypt your string. I hope this clarifies things to you. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Hi, Thanks for the reply Phillip. One quick question. Is the randomly-generated key PUBLIC? I know the public RSA key to encrypt the key is public, but is the randomly-generated key PUBLIC

Re: Issue with clients Operating System on certs

2010-07-16 Thread Mounir IDRASSI
SNI under XP and that surprises me because it's supposed to work starting from 2.0 and up, independently from the OS. What version of Firefox are using under XP? -- Mounir IDRASSI IDRIX http://www.idrix.fr On 7/16/2010 3:31 PM, Richard Buskirk wrote: I sent this situation off to the help

Re: RSA_private_encrypt does not work with RSA_NO_PADDING option

2010-07-19 Thread Mounir IDRASSI
of padding to your data before feeding it to RSA_private_encrypt. The other option is to use a standard padding by calling RSA_private_encrypt with RSA_PKCS1_PADDING. I hope this clarifies things to you. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 7/19/2010 2:51 PM, anhpham wrote: Hi all

Re: Wildcard certs?

2010-07-23 Thread Mounir IDRASSI
-certificates/ - http://www.verisign.com/ssl-certificates/wildcard-ssl-certificates/ Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 7/24/2010 2:02 AM, Luis Daniel Lucio Quiroz wrote: Just wondering who i must do request for a wildcard cert, for example to accept all the *.mydomain.com Regards

Re: Wildcard certs?

2010-07-24 Thread Mounir IDRASSI
Well, your question was who i must do request for... that's why we gave you links for outside CAs. If you are dealing with your own CA, then using a wildcard character in the DN will do the job. -- Mounir IDRASSI IDRIX http://www.idrix.fr Le vendredi 23 juillet 2010 22:06:44, Kyle Hamilton

Re: RSA_generate_key

2010-08-03 Thread Mounir IDRASSI
and the other is called CRT). The RSA size is actually the size of the modulus. I encourage you to read more about RSA before trying to use OpenSSL resources for this. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr yes ..i am not able to find the 128 byte RSA key.. how should get those information

Re: OpenSSL assistance

2010-08-11 Thread Mounir IDRASSI
able to open it using this password. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 8/11/2010 5:14 PM, Sashi Dutt wrote: Hello, I was wondering if any of you guys ran into the below error and provide some guidance/assistance? 8980:error:23076071:PKCS12 routines:PKCS12_parse:mac verify

Re: Check the private key

2010-08-20 Thread Mounir IDRASSI
); goto end; } A more correct version would be to change || in the if test by , and thus there will be no misleading error. I hope this clarifies things. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 8/20/2010 4:25 PM, Ingo Naumann wrote: Vladimir, To me, your key

Re: Verify X.509 certificate, openssl verify returns bad signature

2010-08-28 Thread Mounir IDRASSI
, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 8/28/2010 10:43 PM, Goran Rakic wrote: Hi all, I have two X.509 certificates MUPCAGradjani.crt and MUPCARoot.crt downloaded from http://ca.mup.gov.rs/sertifikati-lat.html Certificate path is MUPCARoot MUPCAGradjani and I would like to validate

Re: Verify X.509 certificate, openssl verify returns bad signature

2010-08-29 Thread Mounir IDRASSI
. Concerning the specific issue here, it's clear that OpenSSL is too restrictive compared to other major libraries since this is a minor deviation from the BER specs (i.e. minimal bytes representation) and thus hurts deployments of real-world certificates. -- Mounir IDRASSI IDRIX http://www.idrix.fr

Re: Intermediate root CA's -- lost and confused :(

2010-09-13 Thread Mounir IDRASSI
Primary Root CA to Thawte Premium Server CA. -- Mounir IDRASSI IDRIX http://www.idrix.fr On 9/14/2010 3:32 AM, Paul B. Henson wrote: On Mon, 13 Sep 2010, Tim Hudson wrote: Try gnutls without the TLS extensions processing occurring and you will see that the server is not sending back

Re: Loading and using PKCS#12 in runtime

2010-09-17 Thread Mounir IDRASSI
at the start of your program. Which means in your case that you should dlsym for OPENSSL_add_all_algorithms_noconf and then call it. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Hello, For certain reasons I want to load the OpenSSL libraries at run-time (rather

Re: How to convert RSA public key XML format to PEM or ASCII format

2010-09-17 Thread Mounir IDRASSI
n) { EVP_PKEY* pRsaKey = EVP_PKEY_new(); RSA* rsa = RSA_new(); rsa-e = e; rsa-n = n; EVP_PKEY_assign_RSA(pRsaKey, rsa); return pRsaKey; } else { if (n) BN_free(n); if (e) BN_free(e); return NULL; } } /CODE Cheers, -- Mounir

Re: How to convert RSA public key XML format to PEM or ASCII format

2010-09-18 Thread Mounir IDRASSI
Hi, The code is a generic OpenSSL C source that will compile using the favorite compiler of your platform. Did I understand your question correctly? -- Mounir IDRASSI IDRIX http://www.idrix.fr Hi Thanks for your response. In which platform do I compile/execute the below CODE? I only have

Re: Error while trying to get text output from x509 cert file

2010-09-18 Thread Mounir IDRASSI
Hi, The error says that it didn't find the expected start line for a certificate which is -BEGIN CERTIFICATE- . So, check that your certificate is indeed BASE64 encoded and that the first line is -BEGIN CERTIFICATE- and the last is -END CERTIFICATE- . Cheers, -- Mounir

Re: cannot create p12 file

2010-09-18 Thread Mounir IDRASSI
Hi, It hangs because it is waiting for the input certificate that has to be put with the given key inside the PKCS#12 file. Replace the -certfile option with -in and everything will be OK. Actually -certfile is for adding additional certificate, not the main one. -- Mounir IDRASSI IDRIX http

Re: How to convert RSA public key XML format to PEM or ASCII format

2010-09-19 Thread Mounir IDRASSI
Hi, The code is a generic OpenSSL C source that will compile using the favorite compiler of your platform. Did I understand your question correctly? -- Mounir IDRASSI IDRIX http://www.idrix.fr Hi Thanks for your response. In which lplatform do I compile/execute the below CODE? I only have

Re: CA cert from .p12 file

2010-09-20 Thread Mounir IDRASSI
and from there copy the CA that signed your certificate to a file (Base64 encoded). You can then transfert this file to your Linux box. I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr Your On 9/20/2010 12:45 PM, Sergey Sedov wrote: Hi, My ISP provides to me .p12 file

Re: PEM_write_PUBKEY segfault with 1.0.0 on windows

2010-10-06 Thread Mounir IDRASSI
Hi, Your sample runs perfectly here: compiled using VC++ 2008 against 1.0.0a in Release and Debug modes and ran on Windows 7 system (hardware DEP enabled). What compiler are you using? Can you perform a debug build and give us a crash trace? -- Mounir IDRASSI IDRIX http://www.idrix.fr

Re: How to sign new certificates

2010-10-11 Thread Mounir IDRASSI
and then configure your webserver to accept only client certificates issued by your CA. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 10/12/2010 5:41 AM, Ariel wrote: Hi again, I could enable my site to use SSL with a wildcard certificate bought to GoDaddy by concatening the mysite.com.crt

Re: SSL Negotiation Command Failed when sending mail via TLS

2010-10-13 Thread Mounir IDRASSI
problems can arise because conflicting versions of the OpenSSL dlls exist on different directories belonging to the PATH. try checking if the machine where the problem exists has only the version of dlls you are targeting. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 10/13/2010 11:23

Re: Suspicious Cert - Nokia cell phone refuses to accept the Cert

2010-10-13 Thread Mounir IDRASSI
of their own, like in any normal PKI architecture. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 10/13/2010 7:11 PM, Stefan Bauer wrote: Dear Openssl-Users, i recently came across a problem with the offered ssl-cert on www.mastersnet.de It's a self signed cert and all of the nokia

Re: [patch] LNK4078 and LNK4210 linking with x64 static libs

2010-10-19 Thread Mounir IDRASSI
openssl-dev to be kept updated. That being said, I understand your frustration but the others certainly thought you were aware of their discussion in the other list. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 10/19/2010 1:20 PM, Jakob Bohm wrote: On 19-10-2010 12:32, per frykenvall

Re: error: unable to get local issuer certificate

2010-10-22 Thread Mounir IDRASSI
for the intermediate CA programs offered by commercial CAs. This involves being audited and vetted and this comes with some limitations. Of course, the price for such a program can be very high depending on your needs. I hope this clarifies things for you. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr

Re: error: unable to get local issuer certificate

2010-10-22 Thread Mounir IDRASSI
Hi Ariel, The simple answer to your questions is no. There is no way to workaround this. Others have already explained why. -- Mounir IDRASSI IDRIX http://www.idrix.fr Well, I'm trying to do SSL Client Authentication for my website. So I bought a wildcard cert from GoDaddy and it works

Re: s_server crashes in version 1.0.0a

2010-11-14 Thread Mounir IDRASSI
. Maybe you have some malformed key. Can you please check that? Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 11/14/2010 8:57 PM, Marcus Carey wrote: I tried the latest snap shot before I sent the first email. OpenSSL 1.0.1-dev xx XXX . Also, when I ran the test, they all passed

Re: OpenSSL 1.0.0b testssl fails

2010-11-16 Thread Mounir IDRASSI
Under Windows (32bit and 64bit) with VC++ 2008, all tests are OK. But under Ubuntu 8.04 LTS with gcc 4.2.4, I have the same error. I don't see anything OS specific in the changes introduced in t1_lib.c or s3_srvr.c. Could it be a gcc bug? -- Mounir IDRASSI IDRIX http://www.idrix.fr On 11/16

Re: kEECDH handshake failure with invalid ecpointformatlist?

2010-11-24 Thread Mounir IDRASSI
that this solves the failures you are seeing? Here is the link on RT with the description of the issue and the patch : http://rt.openssl.org/Ticket/Display.html?id=2240user=guestpass=guest Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 11/24/2010 11:37 PM, Victor Duchovni wrote: I see

Re: kEECDH handshake failure with invalid ecpointformatlist?

2010-11-25 Thread Mounir IDRASSI
. I'll start a discussion about this on the dev list. -- Mounir IDRASSI IDRIX http://www.idrix.fr __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users

Re: contribution

2010-11-26 Thread Mounir IDRASSI
OpenSSL with this interesting engine. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 11/26/2010 10:11 AM, flavio vella wrote: Hello, we are a team of the department of Computer Science at the University of Perugia (Italy). Recently, we have developed an engine that implements AES

Re: creating RSA structure when Private key(E,D,N) known

2010-11-26 Thread Mounir IDRASSI
as described on his 1976 paper). By the way, is this kind of functionality interesting enough to be integrated into OpenSSL code? I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 11/25/2010 1:32 PM, Chir wrote: Hi guys, i want to create a RSA structure to pass

Re: OpenSSL 1.0.0c released

2010-12-02 Thread Mounir IDRASSI
http://www.openssl.org/news/secadv_20101202.txt -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/2/2010 9:03 PM, Erik Tkal wrote: Can someone point to details on CVE-2010-4180 and CVE-2010-4252? CVE-2010-3864 was the reason 1.0.0b was released, but I cannot find any references

Re: opensll-0.9.8q.tar.gz corrupted.

2010-12-03 Thread Mounir IDRASSI
Hi, There is no problem with the archive. If you are under Windows, use the latest 7zip (version 9.20). You will get a warning but the decompression is OK. The previous version of 7zip had a limitation for tar support. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/3/2010 2:28 PM

Re: Private Key from Windows Cert Store

2010-12-03 Thread Mounir IDRASSI
, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/3/2010 6:21 PM, Fili, Tom wrote: Ok, so I realized if I run Configure with no-static-engine I'll get the separate dlls. These are the commands I run C:\Documents and Settings\tfili\Desktop\openssl-0.9.8kperl Configure VC-WIN32 --prefix=c:\temp

Re: nist_cp_bn issue

2010-12-03 Thread Mounir IDRASSI
Hi, What compiler are you using under Windows? From my side, I have compiled and tested binaries produced by VC++ 2008 SP1 (cl version 15.00.30729.01) and the latest standalone native MinGW (gcc 4.5.0), and in both cases everything is OK (no crash and all tests succeed) -- Mounir IDRASSI

Re: Pls some basic c code to generate key pair using openssl

2010-12-20 Thread Mounir IDRASSI
)); Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/19/2010 8:47 AM, akdin wrote: I am a new user of openssl. If anybody post basic C code to generate ecc key pairsusing openssl it will give me an insight to produce further . Ur help will be highly appreciable., regards akdin

Re: components of RSA keys?

2010-12-23 Thread Mounir IDRASSI
Take a look at : http://en.wikipedia.org/wiki/RSA#Using_the_Chinese_remainder_algorithm exponent1 = dp exponent2 = dq coefficient = qInv -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/23/2010 9:48 PM, Mike Mohr wrote: Good afternoon, When generating an RSA key, several components

Re: components of RSA keys?

2010-12-23 Thread Mounir IDRASSI
Start at function rsa_builtin_keygen in file crypto/rsa/rsa_gen.c. Good hack, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/24/2010 12:35 AM, Mike Mohr wrote: Thanks much for the clarification. I'm interested in re-implementing RSA for my own education; can someone point me

Re: Building OpenSSL vs Downloaded

2010-12-24 Thread Mounir IDRASSI
Hi, Use IMPLIB on the OpenSSL Dlls (e.g implib.exe -a libeay32.lib libeay32.dll) in order to create OMF export libraries instead of the COFF ones produced by VC++. With them, the link will be successful. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/23/2010 11:30 PM, hpenaguz

Re: Question on SHA1 Functions

2011-01-10 Thread Mounir IDRASSI
Hi, SHA1_Init is indeed defined in sha_locl.h as HASH_INIT, whereas SHA1_Update and SHA1_Final are defined in md32_common.h (under crypto folder) as HASH_UPDATE and HASH_FINAL respectively. Happy hacking, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 1/10/2011 4:40 PM, Stan Joyner wrote

Re: How exactly is symmetric key constructed from a passphrase?

2011-01-14 Thread Mounir IDRASSI
Hi, The function EVP_BytesToKey is used internally by this command (and others) in order to create a key from a password. The iteration count is set to 1. Look at the following link for more information : http://www.openssl.org/docs/crypto/EVP_BytesToKey.html Cheers, -- Mounir IDRASSI

Re: problem with creating and signing certificate via API

2011-01-20 Thread Mounir IDRASSI
(oldCertificate), caKey, clientCert); With these modifications, everything will be OK. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 1/20/2011 2:36 PM, Bret McDanel wrote: I am trying to load an old certificate, take the subject line and make a new certificate signed

Re: Adding non-root certificates to the list of trusted certificates?

2011-02-10 Thread Mounir IDRASSI
of the verify callback. That being said, I remember vaguely a post by Dr Stephen Henson related to this where he mentioned a planned change in this direction, but I can't find a link to it. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/10/2011 4:46 PM, Lou Picciano wrote: Matthias

Re: Verify return code: 20 (unable to get local issuer certificate)

2011-02-10 Thread Mounir IDRASSI
elsewhere (for example in /usr/local/ssl) On the other hand, if it is /etc/ssl, then you need just to update the CAs hashs in /etc/ssl/certs. For that, issue the following command : c_rehash /etc/ssl/certs. I hope this will help. -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/10/2011 5:07 PM

  1   2   >