Re: Cipher questions...
On Wed, 2 Jan 2002 22:53:50 -0600, Vincent Toms wrote: >Hello All, I have a question about what ciphers to use in an export ready >app. >I then watch the connection and it picks one of these ciphers and conducts >the interaction successfully. My question is do I need to do any more than >use one of these ciphers? I was also thinking of doing some stuff on the >server, but for now I'll let the client pick until I figure a better way to >check client location from the server. >Does any one have suggestions as to what I should do? How do you link to the OpenSSL library? And is this an open-source app? Which license exemption were you aiming for or were you planning to seek a license? DS __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
PKCS7 Singned and Enveloped
Hi, I have a few questions about the usage of the PKCS7 functions in OpenSSL. My code works: it creates a PKCS7 SignedAndEnveloped. I get the idea from the enc.c and dec.c files in crypto/pkcs7 directory. Before my code worked i wrote another code that seemed to be ok but didn't work. Let me explain, PKCS7 standard says that a SignerInfo is needed to create the PKCS7 so i called the next functions: X509 *cert = ... EVP_PKEY *pkey = ... PKCS7_SIGNER_INFO* signer = PKCS7_SIGNER_INFO_new(); PKCS7_SIGNER_INFO_set(signer, cert, pkey, EVP_sha1()); PKCS7_add_signer(p7, signer); PKCS7_add_recipient(p7, rec_cert); PKCS7_dataFinal(p7, bio); This seemed to be the most reasonable way to do it but it didn't work. The code i have now (the one that works) is: PKCS7_add_signature(p7, cert, pkey, EVP_sha1()); PKCS7_add_certificate(p7, cert); PKCS7_add_recipient(p7, rec_cert); PKCS7_dataFinal(p7, bio); Can anyone explain what are those PKCS7_add_signature and PKCS7_add_certificate calls? Do they set a PKCS_SignerInfo automatically? I do not really understand why my initial code didn't work. Any help would be really appreciated. Regards, Aleix __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Cipher questions...
I was under the impression that we didnt need to use export ciphers anymore? Could someone just glaze over this fact? - Andrew - Original Message - From: "David Schwartz" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, January 03, 2002 3:58 AM Subject: Re: Cipher questions... > > On Wed, 2 Jan 2002 22:53:50 -0600, Vincent Toms wrote: > >Hello All, I have a question about what ciphers to use in an export ready > >app. > > >I then watch the connection and it picks one of these ciphers and conducts > >the interaction successfully. My question is do I need to do any more than > >use one of these ciphers? I was also thinking of doing some stuff on the > >server, but for now I'll let the client pick until I figure a better way to > >check client location from the server. > >Does any one have suggestions as to what I should do? > > How do you link to the OpenSSL library? And is this an open-source app? > Which license exemption were you aiming for or were you planning to seek a > license? > > DS > > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Cipher questions...
The App itself is closed source but I use opensouce libs namely OpenSSL and a popular image manipulation library. The client is win32 and I am linking dynamicly. I just want it so that I can release the app both here and abroad with out fear of encryption law violations. Thanks again. Vincent T. On Thu, Jan 03, 2002 at 12:58:25AM -0800, David Schwartz wrote: > > On Wed, 2 Jan 2002 22:53:50 -0600, Vincent Toms wrote: > >Hello All, I have a question about what ciphers to use in an export ready > >app. > > >I then watch the connection and it picks one of these ciphers and conducts > >the interaction successfully. My question is do I need to do any more than > >use one of these ciphers? I was also thinking of doing some stuff on the > >server, but for now I'll let the client pick until I figure a better way to > >check client location from the server. > >Does any one have suggestions as to what I should do? > > How do you link to the OpenSSL library? And is this an open-source app? > Which license exemption were you aiming for or were you planning to seek a > license? > > DS > > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Cipher questions...
Andrew T. Finnell wrote: > I was under the impression that we didnt need to use export ciphers > anymore? Could someone just glaze over this fact? > There is no legal reason for US software to use export ciphers. You might have to support old browsers or apps, however. -- Zolera Systems, Your Key to Online Integrity Securing Web services: XML, SOAP, Dig-sig, Encryption http://www.zolera.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: MS-Dos support.
On Mon, 31 Dec 2001, John E. Lopez wrote: > I want to write a TCP(Watt-32 tcp/ip http://www.bgnett.no/~giva/) msdos > application that uses openssl. Openssl compiles with DJGPP just fine. It doesn't support the entropy gathering daemon, so you have to make sure that your program supplies a source of "random" data. To compile with DJGPP apply the patch I posted to openssl-dev and read the generated file "install.djgpp". The patch for the latest stable release (0.9.6c) can be found at: "http://www.mail-archive.com/openssl-dev@openssl.org/msg10318.html"; A patch for the development branch can be found at: "http://www.mail-archive.com/openssl-dev@openssl.org/msg10317.html"; After applying the patch, pick your configuration options, and run (from the bash shell) Configure, then make. I haven't heard of openssl being ported to the other DOS compilers. Doug __ Doug Kaufman Internet: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
NT with msvc 5/6 non MFC Wapper Class
Hi All About a 15 months ago i asked if there were any developers interested in creating a C++ wrapper class library using openssl for NT non MFC and coexisting with IIS, STL and Sql Server. If Interested please drop me a line robert
Wrong "CC" in Makefiles.
In OpenSSL 0.9.6b, for both SunOS 4 and Solaris 2.6, I have noticed that specifying gcc as the compiler is reflected in some of the Makefiles, but not all: in some of subdirectories "CC" is left set to the default "cc". I suspect this is really a problem with either the Configure script, or with the provided parameters, but I'm not sufficiently well-versed in either to see what's happening (or not). Any ideas? On our Solaris machine there isn't a problem because cc is linked to gcc, so it's all the same. And while I haven't seen any problems on our SunOS machine, I wonder if there is a prospect of incompatibilities. (Please respond directly, as I'm not on the openssl-users list.) === JJ = __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
