Hello!
Thanks for the support.
On 2017-09-28 01:06, Dr. Stephen Henson wrote:
On Thu, Sep 28, 2017, ch wrote:
Hello!
I am working on a tool for verifying SMIME-messages.
Because cms and smime is only able to verify base64 pkcs7-signatures
I try to do it "manually" and I now have a problem wi
On Thu, Sep 28, 2017, ch wrote:
> Hello!
>
> I am working on a tool for verifying SMIME-messages.
> Because cms and smime is only able to verify base64 pkcs7-signatures
> I try to do it "manually" and I now have a problem with the
> signing-timestamp.
>
I'm not sure what you mean by "only able
Hello!
I am working on a tool for verifying SMIME-messages.
Because cms and smime is only able to verify base64 pkcs7-signatures I
try to do it "manually" and I now have a problem with the signing-timestamp.
Lets do an example:
openssl smime -sign -md sha1 -in plain.txt -inkey mykey -signer
On 9/27/2017 2:19 PM, Dirk-Willem van Gulik wrote:
On 27 Sep 2017, at 20:02, Michael Wojcik
The tokens / HSMs I've used don't let you generate a key somewhere
else and install it on the token. They insist on doing the key
generation locally. That is, after all, part of the point of using
a tok
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Jeffrey Walton
> Sent: Wednesday, September 27, 2017 13:15
> To: OpenSSL Users
> Subject: Re: [openssl-users] Hardware client certificates moving to Centos 7
>
> >
> > Heck, MD4 and MDC2 are still available in 1.0.2 -
On 09/27/2017 10:10 PM, Michael Wojcik wrote:
> On Behalf Of Jochen Bern
> Sent: Wednesday, September 27, 2017 06:51
>> I don't know offhand which OpenSSL versions did away with MD5, but you
>> *can* install an 0.9.8e (+ RHEL/CentOS backported security patches)
>> straight off CentOS 7 repos
>
> U
FIPS mode is a policy decision in my opinion also but since RedHat prides
itself in security e.g. SELinux, etc. I believe that is a RedHat decision
as opposed to the OpenSSL community. The alternative would be to use a
different Linux distro like Ubuntu, etc. which does not compile their
OpenSSL wi
>> I don't know offhand which OpenSSL versions did away with MD5, but you
>> *can* install an 0.9.8e (+ RHEL/CentOS backported security patches)
>> straight off CentOS 7 repos:
>
> Ugh. No need for 0.9.8e (which is from, what, the early Industrial
> Revolution?). MD5 is still available in OpenSSL
Not sure if this helps but the native installation for CentOS7 by default
installs OpenSSL with FIPS mode compiled in which means deprecated
algorithms such as MD5 and the like will not work. If you tried to generate
a certificate you should have received an error or not have seen that
algorithm in
> On 27 Sep 2017, at 20:02, Michael Wojcik
> wrote:
>
>> What is the most natural way to generate private keys using openssl but
>> store them on a specific hardware tokens?
>> Reading/writing is implemented via engine mechanism.
>
> The tokens / HSMs I've used don't let you generate a key s
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Dmitry Belyavsky
> Sent: Wednesday, September 27, 2017 06:22
> To: openssl-users@openssl.org
> Subject: [openssl-users] Storing private key on tokens
> What is the most natural way to generate private keys using opens
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Jason Qian via openssl-users
> Sent: Wednesday, September 27, 2017 07:00
> To: openssl-users@openssl.org
> Subject: [openssl-users] DH_generate_key Hangs
> Need some help, one of our application that hangs when calli
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Jochen Bern
> Sent: Wednesday, September 27, 2017 06:51
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] Hardware client certificates moving to Centos 7
>
> I don't know offhand which OpenSSL versions did
On 27 Sep 2017, at 14:22, Dmitry Belyavsky wrote:
> What is the most natural way to generate private keys using openssl but store
> them on a specific hardware tokens? Reading/writing is implemented via engine
> mechanism.
>
> I suppose that it should be added support of -outform ENGINE to the
On 09/27/2017 02:07 PM, Stuart Marsden wrote:
> Is there a way a can install a version of openssl on a dedicated standalone
> Centos 7 server which will support these phones?
> That would be preferable to me than having to leave Centos 6 servers just
> for this
I don't know offhand which OpenSSL
Hi,
Need some help, one of our application that hangs when calling
DH_generate_key (openssl-0.9.8y). This occurs randomly under loaded
condition.
Not sure, if anyone know this issue ?
Thanks
Jason
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-us
AFAIK, at this point pkcs11 engine doesn't support key generation.
The only viable options AFAIK are OpenSC (pkcs11-tool) and vendor-specific
applications like yubico-piv-tool.
Regards,
Uri
Sent from my iPhone
> On Sep 27, 2017, at 08:23, Dmitry Belyavsky wrote:
>
> Hello,
>
> What is the
On 09/27/2017 08:07 AM, Stuart Marsden wrote:
Hi
I think I know what you are going to say - MD5?
Lots of problems with that cert. If you have some connection with the
vendor, have them read IEEE 802.1AR-2009 standard for Device Identity
credentials. You will be supporting this phone diff
Hello,
What is the most natural way to generate private keys using openssl but
store them on a specific hardware tokens? Reading/writing is implemented
via engine mechanism.
I suppose that it should be added support of -outform ENGINE to the genpkey
command, but do not understatnd how to deal wit
Hi
I think I know what you are going to say - MD5?
I ran openssl s_server -verify , then ran the x509 command as you suggested
using the captured client certificate
This phone model has only just gone into production, and I am using a "preview
version" of the hardware
Is there a way a can in
Hello,
I usually use strace for this purpose.
On Wed, Sep 27, 2017 at 12:53 AM, Blumenthal, Uri - 0553 - MITLL <
u...@ll.mit.edu> wrote:
> I’m debugging programmatic access to a (modified) pkcs11 engine. My system
> has several OpenSSL installations: Apple-provided OpenSSL-0.9.8 (kept as
> that
21 matches
Mail list logo