command smime and RFC 3851
Dear folks, I created X.509 signed mail by an application then I tried to verify signature by 'openssl smime -verify ...' command. It did not work first time. S/MIME standard RFC 3851 and predecessors show a sample multipart/signed message in section 3.4.3.3.: Content-Type: multipart/signed; protocol=application/pkcs7-signature; micalg=sha1; boundary=boundary42 --boundary42 --Content-Type: text/plain This is a clear-signed message. --boundary42 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4 7GhIGfHfYT64VQbnj756 --boundary42-- See the marked MIME sub-header in part2. My application that uses MIME::Tools PERL library produces similar format: Content-Type: multipart/signed; protocol=application/pkcs7-signature; micalg=sha1; boundary=--=_1215093708-16004-0 Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.420 (Entity 5.420) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Hello, nurse! This is an S/MIME signed message =_1215093708-16004-0 --Content-Type: text/plain --Content-Disposition: inline --Content-Transfer-Encoding: binary -- This is a message =_1215093708-16004-0 Content-Type: application/pkcs7-signature; name=signature-cr.p7s Content-Disposition: attachment; filename=signature-cr.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEH AQAAoIIFbjCCBWowggRSoAMCAQICAgNWMA0GCSqGSIb3DQEBBQUAMFUxCzAJ ... I found that 'openssl smime' refuses to verify signature until I delete the marked lines. Probably it computes hash not only the cleartext but on header and separator too. Is this normal? Why openssl could not figure out where the cleartext begins? Gabor __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: [FWD] request UP UX openssl A.00.09.07l
You could update to the latest OpenSSL from HP-UX: http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I This contains FIPS 1.1.2 OpenSSL FIPS OpenSSL, used in FIPS mode, does restrict the algorithms used to a subset of the normal list of OpenSSL algorithms. See: http://oss-institute.org/fips-faq.html#a6 for a list of algorithms supported in FIPS mode. Regards, -Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lutz Jaenicke Sent: Monday, June 30, 2008 12:04 AM To: openssl-users@openssl.org Cc: Soverini Luca Subject: [FWD] request UP UX openssl A.00.09.07l Forwarded to openssl-users for public discussion. Best regards, Lutz - Forwarded message from Soverini Luca [EMAIL PROTECTED] - Importance: normal Priority: normal From: Soverini Luca [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Fri, 27 Jun 2008 15:46:56 +0200 Subject: request UP UX openssl A.00.09.07l Thread-Topic: request UP UX openssl A.00.09.07l thread-index: AcjYXEOhcfCnezkxSVmEAjNRSa5lIQ== Accept-Language: it-IT, en-US acceptlanguage: it-IT, en-US Can i have a help? How I can disable in openssl, HPUX platform SSV2 and weak cipher in favour of large encryption keys? Cordiali saluti Luca Soverini T.IO.DC.NE Delivery Operations/Server Unix Le informazioni contenute o allegate alla mail sono classificate :TELECOM S.p.A. - Uso interno - e sono dirette unicamente al destinatario in indirizzo che si impegna a mantenere riservate le informazioni relative alla presente. Chiunque riceva questa mail per errore รจ tenuto ad informare immediatamente il mittente ed a distruggere le informazioni in essa contenute. Si ringrazia per la collaborazione. CONFIDENTIALITY NOTICE This message and its attachments are addressed solely to the persons above and may contain confidential information. If you have received the message in error, be informed that any use of the content hereof is prohibited. Please return it immediately to the sender and delete the message. Should you have any questions, please contact us by replying to [EMAIL PROTECTED] Thank you www.telecomitalia.it - End forwarded message - -- Lutz Jaenicke [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~jaenicke/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
[FWD] Not able to use openssl
Forwareded to openssl-users for public discussion Best regards, Lutz - Forwarded message from Satya Narayan [EMAIL PROTECTED] - DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type; bh=Yvc6CBMi1XB9hiQM+9Mo/A9oXYcu+HfjaMI3XLLMLt0=; b=IDKXR2yk6MKxDtLZugwdLbjbPehvOx9UycmLMUvKvJAuW8qCdHmWCW8/D9pm+sKt/P MsoEE5qLLVL/WTiTnj1GurBR+F2eiri4YyMpWDyCC4xUaVgnRpkSXWHF3JpBSp4CF7Hn Xp0GPfsW1Ffrmk9ISDK31J9dD89brhWJy/22s= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=mqQZ2rjxCTMOHUeMuJgq+31i9cbgx2ZRpuFBi/JDl7BaFBHyxl/HFI8JnWhSi4QTGu 8QczVwLhs4XNJuX7vFeuiFm/JermjMD76A8wci4Q25zWUtL4Gz1zYFdc3eb7LtNxWw6O BtUv+aetnf0WOrrUT9bdaLDBasvVoDq5fb8DI= Date: Tue, 1 Jul 2008 17:12:41 +0200 From: Satya Narayan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Not able to use openssl Hi i have downloaded OpenSSL'Win32 OpenSSL v0.9.8hhttp://www.slproweb.com/download/Win32OpenSSL-0_9_8h.exe' for windows(XP) and installed on my local machine, now i am trying to open 'openSSL.exe' from command prompt it is giving the error like: the application has failed to start, the application configuration is incorrect. Is there any system requirement VC++ ? or any extra thingy i need to perform? Please help me out Thanks Regards Satya N Tailor - End forwarded message - -- Lutz Jaenicke [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~jaenicke/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
[FWD] openssl command propt
Forwarded to openssl-users for public discussion Best regards, Lutz - Forwarded message from richard jonik [EMAIL PROTECTED] - DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Conte nt-Transfer-Encoding:Message-ID; b=vBBzEPZaiZTIah8JHRbzeAxZJVAr0wUKpTQtpm8NPuq2kS5PXMll/twaYA909NIud5TxJV mTNcygBfqD9MEbJv6OukLsdWu0RbxiYewUoRFEWWR+ASvYbdvhiu8Hrdsua5VEY7SH9sL3eZ AcQPtdnpq08UmGxyvkpDyDkSLSzxY=; Date: Tue, 1 Jul 2008 13:19:07 -0700 (PDT) From: richard jonik [EMAIL PROTECTED] Subject: openssl command propt To: [EMAIL PROTECTED] i am trying to use the a sandbox account with paypal. my command propt wont allow me to enter a password at all ! for: openssl pkcs12 -export -in cert_key_pem.txt -out fileout.p12 when asked for the password my keyboard is completely frozen. this also happens for passwd -1 i have tried all versions and cannot get this to work? how frustrating. any ideas. version 0.9.8g 19 oct 2007. __ Not happy with your email address?. Get the one you really want - millions of new email addresses available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html - End forwarded message - -- Lutz Jaenicke [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~jaenicke/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [FWD] openssl command propt
Need information on the environment (NT, or which version of *nix). For *nix, try running 'stty sane', and then also try hitting ctrl+j and ctrl+m as alternatives to your 'enter' key. Also, openssl allows you to put the passphrase into an environment variable if necessary. The fact that passwd gives the same result makes me think that it is simply terminal misconfiguration. -Kyle H On Thu, Jul 3, 2008 at 11:15 PM, Lutz Jaenicke [EMAIL PROTECTED] wrote: Forwarded to openssl-users for public discussion Best regards, Lutz - Forwarded message from richard jonik [EMAIL PROTECTED] - DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Conte nt-Transfer-Encoding:Message-ID; b=vBBzEPZaiZTIah8JHRbzeAxZJVAr0wUKpTQtpm8NPuq2kS5PXMll/twaYA909NIud5TxJV mTNcygBfqD9MEbJv6OukLsdWu0RbxiYewUoRFEWWR+ASvYbdvhiu8Hrdsua5VEY7SH9sL3eZ AcQPtdnpq08UmGxyvkpDyDkSLSzxY=; Date: Tue, 1 Jul 2008 13:19:07 -0700 (PDT) From: richard jonik [EMAIL PROTECTED] Subject: openssl command propt To: [EMAIL PROTECTED] i am trying to use the a sandbox account with paypal. my command propt wont allow me to enter a password at all ! for: openssl pkcs12 -export -in cert_key_pem.txt -out fileout.p12 when asked for the password my keyboard is completely frozen. this also happens for passwd -1 i have tried all versions and cannot get this to work? how frustrating. any ideas. version 0.9.8g 19 oct 2007. __ Not happy with your email address?. Get the one you really want - millions of new email addresses available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html - End forwarded message - -- Lutz Jaenicke [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~jaenicke/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [FWD] openssl command propt
Lutz Jaenicke wrote: Forwarded to openssl-users for public discussion Best regards, Lutz - Forwarded message from richard jonik [EMAIL PROTECTED] - DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Conte nt-Transfer-Encoding:Message-ID; b=vBBzEPZaiZTIah8JHRbzeAxZJVAr0wUKpTQtpm8NPuq2kS5PXMll/twaYA909NIud5TxJV mTNcygBfqD9MEbJv6OukLsdWu0RbxiYewUoRFEWWR+ASvYbdvhiu8Hrdsua5VEY7SH9sL3eZ AcQPtdnpq08UmGxyvkpDyDkSLSzxY=; Date: Tue, 1 Jul 2008 13:19:07 -0700 (PDT) From: richard jonik [EMAIL PROTECTED] Subject: openssl command propt To: [EMAIL PROTECTED] i am trying to use the a sandbox account with paypal. my command propt wont allow me to enter a password at all ! for: openssl pkcs12 -export -in cert_key_pem.txt -out fileout.p12 when asked for the password my keyboard is completely frozen. this also happens for passwd -1 i have tried all versions and cannot get this to work? how frustrating. any ideas. version 0.9.8g 19 oct 2007. Your keyboard probably isn't frozen. There is no visual feedback when entering a password. Type in a password and press enter. -- Thomas Hruska Shining Light Productions Home of BMP2AVI, Nuclear Vision, ProtoNova, and Win32 OpenSSL. http://www.slproweb.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [FWD] Not able to use openssl
Lutz Jaenicke wrote: Forwareded to openssl-users for public discussion Best regards, Lutz - Forwarded message from Satya Narayan [EMAIL PROTECTED] - DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type; bh=Yvc6CBMi1XB9hiQM+9Mo/A9oXYcu+HfjaMI3XLLMLt0=; b=IDKXR2yk6MKxDtLZugwdLbjbPehvOx9UycmLMUvKvJAuW8qCdHmWCW8/D9pm+sKt/P MsoEE5qLLVL/WTiTnj1GurBR+F2eiri4YyMpWDyCC4xUaVgnRpkSXWHF3JpBSp4CF7Hn Xp0GPfsW1Ffrmk9ISDK31J9dD89brhWJy/22s= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=mqQZ2rjxCTMOHUeMuJgq+31i9cbgx2ZRpuFBi/JDl7BaFBHyxl/HFI8JnWhSi4QTGu 8QczVwLhs4XNJuX7vFeuiFm/JermjMD76A8wci4Q25zWUtL4Gz1zYFdc3eb7LtNxWw6O BtUv+aetnf0WOrrUT9bdaLDBasvVoDq5fb8DI= Date: Tue, 1 Jul 2008 17:12:41 +0200 From: Satya Narayan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Not able to use openssl Hi i have downloaded OpenSSL'Win32 OpenSSL v0.9.8hhttp://www.slproweb.com/download/Win32OpenSSL-0_9_8h.exe' for windows(XP) and installed on my local machine, now i am trying to open 'openSSL.exe' from command prompt it is giving the error like: the application has failed to start, the application configuration is incorrect. Is there any system requirement VC++ ? or any extra thingy i need to perform? Please help me out Thanks Regards Satya N Tailor Install the VC++ 2008 Redistributable. There happens to be a link right below the link you used to download 0.9.8h. -- Thomas Hruska Shining Light Productions Home of BMP2AVI, Nuclear Vision, ProtoNova, and Win32 OpenSSL. http://www.slproweb.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Subtract betwen two EC_POINT
Hi all, I'm newby on openssl coding, I developing Elgamal chiper , i need subtract two EC_POINT who can help me? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Subtract betwen two EC_POINT
Pietro: OpenSSL seems to provide add, double, invert and multiply routines for EC points. There does not seem to be an explicit routine for subtract in the include files. The book Implementing Eliptic Curve Cryptography by Michael Rosing has routines esub and poly_esub for doing a subtraction of two EC points depending on the type of underlying curve. Essentially these routines first perform a negation of the subtrahend followed by an addition. Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pietro Albano Sent: July 4, 2008 10:17 AM To: openssl-users@openssl.org Subject: Subtract betwen two EC_POINT Hi all, I'm newby on openssl coding, I developing Elgamal chiper , i need subtract two EC_POINT who can help me? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Subtract betwen two EC_POINT
Thanks for the interest, i resolved with EC_POINT_invert(). EC-Elgamal work fine :) Il giorno ven, 04/07/2008 alle 11.56 -0600, Bill Colvin ha scritto: Pietro: OpenSSL seems to provide add, double, invert and multiply routines for EC points. There does not seem to be an explicit routine for subtract in the include files. The book Implementing Eliptic Curve Cryptography by Michael Rosing has routines esub and poly_esub for doing a subtraction of two EC points depending on the type of underlying curve. Essentially these routines first perform a negation of the subtrahend followed by an addition. Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pietro Albano Sent: July 4, 2008 10:17 AM To: openssl-users@openssl.org Subject: Subtract betwen two EC_POINT Hi all, I'm newby on openssl coding, I developing Elgamal chiper , i need subtract two EC_POINT who can help me? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
