Re: RAND_seed & RAND_bytes on Windows. How many random bytes I must give for function RAND_seed to seed PRNG properly?
Thanks for answers, Jeff. But I still have questions: Why not allow OpenSSL to auto seed itself? Because on Windows we have not /dev/random and that's why I think that auto seed will be worse. But if OpenSSL seed PRNG automatically and I must not do anything else, why in FAQ I see: "On other systems, applications have to call the RAND_add() or RAND_seed() function with appropriate data before generating keys or performing public key encryption."? During debugging my program, I saw that RAND_poll is called only once after first calling RAND_bytes or SSL_CTX_new. After that I called several RAND_bytes and got at least 2 bytes but RAND_poll isn't called. It's worth saying that ssleay_rand_add(RAND_add) operates with internal ring buffer named "state" and it's size is only 1039 bytes(1023+MD_DIGEST_LENGTH). This is an entropy pool I think. That's why senselessly to give more than 1024 bytes of random data to RAND_seed function, because entropy pool will be overwritten. And that's why I think we must explicitly call RAND_seed from time to time - when RAND_bytes is used. The question is: when do internal functions of OpenSSL library use RAND_bytes and how many bytes they are use. Having received the answer to it, I can exactly know when and how often I must explicitly call RAND_seed. If you have an overwhelming desire to provide entropy, why not use Windows (http://msdn.microsoft.com/en-us/library/aa379942(v=vs.85).aspx)? I know CryptGenRandom function. But somewhere I read that this function only seeds PRNG with cryptographically random value and after that it gives data generated by the typical random number generator such as the one shipped with C compiler(rand,random). It is far more random only because random seeding. May be I am wrong. It will be very easy to seed PRNG on Windows if I am wrong. CryptGenRandom is easy to use. But what about my assumptions, Jeffrey? As for the number of bytes required, I don't recall reading anything for asymmetric key generation. For symmetric ciphers, Gutmann recommends [key size in bits] + 64 bits (though Gutmann wrote the paper, I believe I read it from NIST's site). Thanks for answer. http://www.openssl.org/docs/crypto/RAND_bytes.html "RAND_pseudo_bytes() returns 1 if the bytes generated are cryptographically strong, 0 otherwise". But what about RAND_bytes? Is it also return 0 if the bytes generated are already not cryptographically strong? Is there a limit or no? I think must be a limit because entropy pool is limited to 1039 bytes. And how about SSL-TLS programming? Where in my program and how often I must explicitly call RAND_seed to be sure that all internal functions use good(cryptographically strong and unpredictable) data? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How is key calculated from passphrase
On Fri July 1 2011, Jeffrey Walton wrote: > On Fri, Jul 1, 2011 at 8:58 AM, Daniel Wambold wrote: > > Hello list. Sorry for what is likely a simple question but I'm running out > > of time and could use a quick hand. I have a program that encrypts data > > using AES256 CBC mode and a 256 bit (obviously) key provided directly to > > the encryption engine as-is. openssl enc -help unknown option '-help' options are -in input file -out output file -pass pass phrase source -e encrypt -d decrypt -a/-base64 base64 encode/decode, depending on encryption flag -k key is the next argument -kfile key is the first line of the file argument -K/-iv key/iv in hex is the next argument -[pP] print the iv/key (then exit if -P) -bufsizebuffer size -engine e use engine e, possibly a hardware device. Cipher Types -aes-128-cbc -aes-128-cfb -aes-128-ecb -aes-128-ofb -aes-192-cbc -aes-192-cfb -aes-192-ecb -aes-192-ofb -aes-256-cbc -aes-256-cfb -aes-256-ecb -aes-256-ofb -aes128-aes192-aes256 -bf-bf-cbc-bf-cfb -bf-ecb-bf-ofb-blowfish -cast -cast-cbc -cast5-cbc -cast5-cfb -cast5-ecb -cast5-ofb -des -des-cbc -des-cfb -des-ecb -des-ede -des-ede-cbc -des-ede-cfb -des-ede-ofb -des-ede3 -des-ede3-cbc -des-ede3-cfb -des-ede3-ofb -des-ofb -des3 -desx -desx-cbc -idea -idea-cbc -idea-cfb -idea-ecb -idea-ofb -rc2 -rc2-40-cbc-rc2-64-cbc -rc2-cbc -rc2-cfb -rc2-ecb -rc2-ofb -rc4 -rc4-40 -rc5 -rc5-cbc -rc5-cfb -rc5-ecb -rc5-ofb For details, remember that "man" is your friend: $ >man enc If your Windows install does not support the manual command - then ask Google, Google knows many "man" sites. Mike > > I need our Windows-using counterpart to encrypt a file in exactly the same > > way, with exactly the same key. OpenSSL seems to provide command-line > > access to all the parameters we need (pkcs7, CBC), I need to ask it to use > > an encryption key rather than a passphrase (which is, presumably, converted > > to a 256 bit key). I started poring over the source but I haven't yet found > > the conversion from passphrase to key. Could someone point me to the code > > snippet or simply summarize the procedure for me so I can code the same > > thing into my app? Alternatively, if there's a way to give OpenSSL a key > > directly, that would be very helpful. Thanks in advance! > http://www.openssl.org/docs/crypto/evp.html > http://www.openssl.org/docs/crypto/EVP_EncryptInit.html > > Perhaps you should enlist some help from someone familiar with > OpenSSL. OpenSSL's consulting page is at > http://www.openssl.org/support/consulting.html. Shining Light offers a > lot of OpenSSL/Windows stuff at no charge. It would probably be > appreciated if you engaged Thomas at > http://www.slproweb.com/products/Win32OpenSSL.html. > > Jeff > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How is key calculated from passphrase
On Fri, Jul 1, 2011 at 8:58 AM, Daniel Wambold wrote: > Hello list. Sorry for what is likely a simple question but I'm running out of > time and could use a quick hand. I have a program that encrypts data using > AES256 CBC mode and a 256 bit (obviously) key provided directly to the > encryption engine as-is. I need our Windows-using counterpart to encrypt a > file in exactly the same way, with exactly the same key. OpenSSL seems to > provide command-line access to all the parameters we need (pkcs7, CBC), I > need to ask it to use an encryption key rather than a passphrase (which is, > presumably, converted to a 256 bit key). I started poring over the source but > I haven't yet found the conversion from passphrase to key. Could someone > point me to the code snippet or simply summarize the procedure for me so I > can code the same thing into my app? Alternatively, if there's a way to give > OpenSSL a key directly, that would be very helpful. Thanks in advance! http://www.openssl.org/docs/crypto/evp.html http://www.openssl.org/docs/crypto/EVP_EncryptInit.html Perhaps you should enlist some help from someone familiar with OpenSSL. OpenSSL's consulting page is at http://www.openssl.org/support/consulting.html. Shining Light offers a lot of OpenSSL/Windows stuff at no charge. It would probably be appreciated if you engaged Thomas at http://www.slproweb.com/products/Win32OpenSSL.html. Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:293
On Fri July 1 2011, islam wrote: > Hi Guys > > i have some problems using openssl to implement a pop3s (over tls). The > code is here : > > http://stackoverflow.com/questions/6520676/pop3s-implementation-using-openssl-library > > pls this is very urgent. > Then send money. Open Source software developers respond very well to cash. Mike > > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
How is key calculated from passphrase
Hello list. Sorry for what is likely a simple question but I'm running out of time and could use a quick hand. I have a program that encrypts data using AES256 CBC mode and a 256 bit (obviously) key provided directly to the encryption engine as-is. I need our Windows-using counterpart to encrypt a file in exactly the same way, with exactly the same key. OpenSSL seems to provide command-line access to all the parameters we need (pkcs7, CBC), I need to ask it to use an encryption key rather than a passphrase (which is, presumably, converted to a 256 bit key). I started poring over the source but I haven't yet found the conversion from passphrase to key. Could someone point me to the code snippet or simply summarize the procedure for me so I can code the same thing into my app? Alternatively, if there's a way to give OpenSSL a key directly, that would be very helpful. Thanks in advance! Best Regards, Dan__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:293
Hi Guys i have some problems using openssl to implement a pop3s (over tls). The code is here : http://stackoverflow.com/questions/6520676/pop3s-implementation-using-openssl-library pls this is very urgent. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
extracting and decrypting certificate digest
Hi all, For common uses with PKI I would like to do the following with openssl command line tool: 1. Create CA 2. Create Client 3. Verify Client in One Way Authentication (OWA) Now, I have successfully did first 2 steps using: ./CA.sh -newca ./CA.sh -newreq ./CA.sh -sign got private and public keys for both sides CA and Client, now as a part of OWA procedure the third side device called Server gets Client certificate. Server needs to: - extract sha1 hash signed with client private RSA key (Signature Alg: sha1RsaEncrypted) from the certificate - decrypt sha1 hash using client public RSA key - regenerate sha1 hash on the original message to check if it is correct Once got familiar with the OWA I thought the above are ones of most common things anyone will want to do with openssl, however google is unable to find any examples for it so far. what openssl commands will do the above things for me? It would also help me a lot to know the routines I need to use to do the same from within C program. Any help would be much appreciated. regards, Mike The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communicati...@s3group.com. Thank You. Silicon and Software Systems Limited. Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18
Re: State Machine with Managed C++
I am using Managed Sockets, and the socket is not hanging, BeginReceive function sets the callback function receive data, and that callback function is printing the log entry, so i assume the callback setting was successful, but the BeginReceive function call never returns. On Fri, Jul 1, 2011 at 1:03 PM, Gayathri Sundar wrote: > Did you implement fd timeouts and appropriate cleanups after some > expiration? It's impossible for non blocking sockets to hang..so I am > assuming ur having a lot of unused fds on ur poll table. > > On Friday, July 1, 2011, Harshvir Sidhu wrote: > > Hi, > > I have implemented the state machine in my managed C++ application. > Everything works fine for sometime, but after a while Asynchronous socket > call beginreceive hangs, it never come out of that. I do not see any > relation to this with SSL but this happens only when i am calling SSL > routines in between. When i disable SSL function calls, then this issue dont > happen. > > > > > > Have anyone else seen this issue? If Yes, Any suggestions on how to get > past this issue? > > > > Thanks. > > > > // Harshvir > > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org >
Re: RAND_seed & RAND_bytes on Windows. How many random bytes I must give for function RAND_seed to seed PRNG properly?
On Fri, Jul 1, 2011 at 1:14 PM, Vladimir Belov wrote: > Hello. > I'll collect entropy(random bytes) myself on Windows. How many random > bytes I must give for function RAND_seed to seed PRNG properly in two cases: Why not allow OpenSSL to auto seed itself? If you have an overwhelming desire to provide entropy, why not use Windows (http://msdn.microsoft.com/en-us/library/aa379942(v=vs.85).aspx)? As for the number of bytes required, I don't recall reading anything for asymmetric key generation. For symmetric ciphers, Gutmann recommends [key size in bits] + 64 bits (though Gutmann wrote the paper, I believe I read it from NIST's site). > 1) Generating RSA keys. > > 2) Programming SSL-TLS. And where I must call RAND_seed during SSL-TLS > programming? > > I think internal functions of OpenSSL call RAND_bytes when they need random > data. So, it is very important for me to understand how RAND_seed and > RAND_bytes work together. I don't understand how it works. http://www.openssl.org/docs/crypto/RAND_bytes.html > For example, if I have seeded PRNG with 256 bytes, how many random bytes I > can get with RAND_bytes after that and be sure that they are unpredictable > enough (good for cryptographic operations)? http://groups.google.com/group/mailing.openssl.users/search?group=mailing.openssl.users&q=rand_bytes+entropy&qt_g=Search+this+group Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: State Machine with Managed C++
Did you implement fd timeouts and appropriate cleanups after some expiration? It's impossible for non blocking sockets to hang..so I am assuming ur having a lot of unused fds on ur poll table. On Friday, July 1, 2011, Harshvir Sidhu wrote: > Hi, > I have implemented the state machine in my managed C++ application. > Everything works fine for sometime, but after a while Asynchronous socket > call beginreceive hangs, it never come out of that. I do not see any relation > to this with SSL but this happens only when i am calling SSL routines in > between. When i disable SSL function calls, then this issue dont happen. > > > Have anyone else seen this issue? If Yes, Any suggestions on how to get > past this issue? > > Thanks. > > // Harshvir > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RAND_seed & RAND_bytes on Windows. How many random bytes I must give for function RAND_seed to seed PRNG properly?
Hello. I'll collect entropy(random bytes) myself on Windows. How many random bytes I must give for function RAND_seed to seed PRNG properly in two cases: 1) Generating RSA keys. 2) Programming SSL-TLS. And where I must call RAND_seed during SSL-TLS programming? I think internal functions of OpenSSL call RAND_bytes when they need random data. So, it is very important for me to understand how RAND_seed and RAND_bytes work together. I don't understand how it works. For example, if I have seeded PRNG with 256 bytes, how many random bytes I can get with RAND_bytes after that and be sure that they are unpredictable enough(good for cryptographical operations)? I would be grateful for help and advices. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
State Machine with Managed C++
Hi, I have implemented the state machine in my managed C++ application. Everything works fine for sometime, but after a while Asynchronous socket call beginreceive hangs, it never come out of that. I do not see any relation to this with SSL but this happens only when i am calling SSL routines in between. When i disable SSL function calls, then this issue dont happen. Have anyone else seen this issue? If Yes, Any suggestions on how to get past this issue? Thanks. // Harshvir
Re: ECDH parameters
2011/7/1 yyy : > Hello! > > s_server (and probably other TLS servers), requires ECDH parameters, if > using ECDH ciphersuites. (probably similarily as for DH parameters with DH > ciphersuites). > It seems, that these are supposed to be generated using: > ecparam -name 'name_of_named_curve', > but this always generates the same output (it seems to be somehow encoded > name of that curve). Generating a curve (ie, 'domain parameters') can be tricky business due to point counting. In practice, one uses a standard curve observed by ANSI, IETF, IEEE, NIST, etc. For example, http://tools.ietf.org/html/rfc5349. If you want a custom curve, I recommend a tool such as Marcel Martin's Elliptic Curve Builder (ECB). A private key (and public) are selected once domain parameters have been chosen. The private key is 'x' or 'd' (a multiplier), which results in a public key 'Q' (a point). The relationship is Q = x*G, where G is the base point. > DH parameters contained randomly changing data. ECDH, for key exchange, only > needs specified curve and nothing else? During key establishment, ephemeral keys (throw away public and private keys) will be used. If you want to generate a private key, try: $ openssl ecparam -name secp256k1 -genkey -param_enc explicit -outform DER -out ec-openssl.der To get the public key: $ openssl ecparam -param_enc explicit -name secp256k1 -genkey -outform PEM -out ec-openssl.pem $ openssl ec -param_enc explicit -inform PEM -in ec-openssl.pem -pubout -outform DER -out ec-openssl.der Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
ECDH parameters
Hello! s_server (and probably other TLS servers), requires ECDH parameters, if using ECDH ciphersuites. (probably similarily as for DH parameters with DH ciphersuites). It seems, that these are supposed to be generated using: ecparam -name 'name_of_named_curve', but this always generates the same output (it seems to be somehow encoded name of that curve). Is this intended behavior? DH parameters contained randomly changing data. ECDH, for key exchange, only needs specified curve and nothing else? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org