Create openssl key from key elements
Hello! If I have an generated key and write openssl rsa -pubout -in private_key.pem -out public_key.pem I will get the contents of the key listing modulus, publicExponent, privateExponent, prime12 and Exponent12. I wonder how I do the reverse operation, that is from the 7 parameters create the .pem file. Can I do that with openssl or do I have to to it manually. Thanks, Amanda
Re: ostrich head in the sand... Please stop sending the virus!
Well, no. The list servers job should be to provide subscribers with information. I'd say that it just as irresponsible of Majordomo to redistribute viruses as it is by any other mail agent. You shouldn't blame Microsoft for selling insane mail agents if your own software is just as silly. I just got my RedHat 7 Professional Server. On the box it says that Sophos Anti-Virus is included. You can probably install it as a plug-in to Majordomo. (and while somebody fixes majordomo@openssl, *please* remove reply-to, the list gets enough off topic posts anyway) Amanda. On Mon, 6 Nov 2000 [EMAIL PROTECTED] wrote: What do you mean "stop sending this virus"? The list servers job is to forward what comes in.
Re: Avoiding man in the middle attacks
That is impossible. If you can't secure your Win9x client then you can never ever establish any kind of secure communication from that client. Security has to begin at the end points. After you secure the client's cerificate store you then use those certificates to secure the communication. Amanda. On Thu, 26 Oct 2000, Darío Mariani wrote: I'm still learning SSL. I still do no understand how does or if SSL/TSL prevents from a "man in the middle" attack. If the certificates are good, no problem. But, how does a client, or what must I do for a client to check the validity of a certificate, even a signed one from a trusted CA? My problem is this: I'm developing a client-server application (not web based), the clients will be in computers with Win9x, and for simplicity, the users won't know to wich server they are connecting to (they do not need to). I could have the server certificate and the server address in files in the client computer, but as Win9x security does not exist, nothing prevents someone from replacing these file for another server. I would apreciate any coments, thanks.
Re: Release schedule
How about Sep21? Just to make a point. :-) Amanda. On Fri, 18 Aug 2000, Richard Levitte - VMS Whacker wrote: jjw And more generally when do we expect openSSL v1.0? We don't have a schedule for that. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Out of office autoreply
Actually it is not Benny's fault. You should blame the genius who added the Reply-To field on the list server. http://www.unicom.com/pw/reply-to-harmful.html Amanda. On Tue, 15 Aug 2000, Douglas Wikström wrote: This is clearly not good for Bennys karma... (irritating a lt of people :-) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSL my last hope...
On Tue, 25 Jan 2000 [EMAIL PROTECTED] wrote: Hi, my name is Marion I try to develop a SSL I live in France and I have to generate a key in 40 bits Didn't France remove that 40-bit restriction a year ago? http://cwis.kub.nl/~frw/people/koops/cls2.htm#fr A. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
MajorDomo looping
Will somebody please turn off the Reply-To field in MajorDomo. If people want to reply to the list then they can use the Reply-to-all command in their mail clients. Users who can't figure out how to reply to the list probably have nothing important to say anyhow... If you don't understand why, then here is the long explanation: http://www.unicom.com/pw/reply-to-harmful.html A. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Alert
On Thu, 14 Oct 1999, Robert Sandilands wrote: The best idea is to educate users to -not- run anything without the administrators say so, and the administrator should by default say no. It is a well known fact that you can't educate users. Virii has to be dealt with at the firewall, which means that e-mail can't be encrypted, which brings this back on topic! :-) (well, almost) A. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: RNGs
The seed generation *is* the RNG. What happens later is a PRNG, not an RNG. An RNG with a poor seed is always a poor RNG. A. On Fri, 8 Oct 1999, Reni G. Eberhard wrote: I was analyzing the RNG routines of OpenSSL, especially those related with Windows environment, RAND_screen seeds the random generator with the contents of the screen. It seems to be a poor RNG. Anybody has a better RNG for Windows? Any ideas, suggestions, or help would be most appreciated. Do you mean the RNG or the generation of the seed? In case of seed there are some techniques to generate a good software seed and I've implemented one (not in openssl) which has been approved by a "big company". __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OS support
On Tue, 22 Jun 1999, Steffen Dettmer wrote: Your IIS has integrated SSL support. You don't need OpenSSL for this purpose. But IIS is developed in US, and so it uses only "weak" chiphers, ain't? True, if you buy/download IIS outside of US. This problem is easily fixed though. Just install the US version of the latest service pack. You can find it at replay (Amsterdam) and mirrors. After this upgrade you can use IIS and the Certificate Server with full strength crypto. It is probably legal in your jurisdiction. ftp://ftp.replay.com/pub/crypto/browsers/128bit/MS-NT-v40/SP_5/nt_40_sp5_128.exe A. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]