Client for a server with self-signed ECDSA certificate
Hi ,I was looking for a client which can support my https server which uses ECDSA. I have looked into http://dev.experimentalstuff.com:8082/mozilla/index.html but the link to download the binaries are down. If anyone can provide me a browser with that cipher suite supported so that a handshake with the server can be possible and hence i can test my application.Btw how i test this server with s_client feature of open-ssl . I think we have to provide some option for a self signed certificate. A example of the same will be nice. -- Regards,Puneet BaturaOpen Source Developer
Re: ECC in Openssl!
Hi Nils, Yes i have tried that but it says that 'ecparam' is not a valid argument.i am using openssl-0.9.8aversion. Is this supported for this version or i have to go with some other version. Thanks! On 5/11/06, Nils Larsch [EMAIL PROTECTED] wrote: puneet batura wrote: Hi, I am trying to generate a 163 bit key in openssl using ECC but was not been able to do so. I am using openssl-0.9.8a version can anyone show me a example how to do that?for example openssl ecparam -name sect163k1 -out eckey.pem -genkey -nooutshould work ... Cheers,Nils__OpenSSL Project http://www.openssl.orgUser Support Mailing List openssl-users@openssl.orgAutomated List Manager [EMAIL PROTECTED] -- Regards,Puneet BaturaOpen Source Developer
Re: Generating certificate
On 5/11/06, Luc Perthuis [EMAIL PROTECTED] wrote: puneet batura wrote: Hi, I am generating a self signed certificate for my application using rsa but i want to generate the certificate using ecc. This is what i am doing: openssl genrsa -out MilitaryGpsKey.pem 2048 openssl req -new -x509 -key MilitaryGpsKey.pem -out MilitaryGpsCert.pem -days 365 now converting the format so tomcat use it: openssl pkcs12 -export -in MilitaryGpsCert.pem -inkey MilitaryGpsKey.pem -out MilitaryGpsCert.p12 -name tomcat i am using openssl-0.9.8aversion.Please tell me how to generate a ecc keyI am using the same version : openssl versionOpenSSL 0.9.8a 11 Oct 2005For a list of usable curves, just do :openssl ecparam -list_curvesWhen i ry to run the above command i get:[EMAIL PROTECTED] bin]# openssl ecparam -list_curves openssl:Error: 'ecparam' is an invalid command.Why so?And chose one to pass it to -name parameter as above. openssl ecparam -genkey -text -name c2pnb163v3ASN1 OID: c2pnb163v3-BEGIN EC PARAMETERS-BggqhkjOPQMAAw==-END EC PARAMETERS-Loading 'screen' into random state - done-BEGIN EC PRIVATE KEY- (...) [key value]-END EC PRIVATE KEY-Add -out file_name for ease of use ;-)The rest of the procedure remains the same ... Thanks -- Regards, Puneet Batura Open Source Developer--Regards,Luc-- Regards,Puneet BaturaOpen Source Developer
Re: Generating certificate
On 5/11/06, Victor Duchovni [EMAIL PROTECTED] wrote: On Thu, May 11, 2006 at 11:19:08PM +0530, puneet batura wrote: I am using the same version : openssl version OpenSSL 0.9.8a 11 Oct 2005 For a list of usable curves, just do : openssl ecparam -list_curves When i ry to run the above command i get: [EMAIL PROTECTED] bin]# openssl ecparam -list_curves openssl:Error: 'ecparam' is an invalid command. Why so?What does running openssl version report?[EMAIL PROTECTED] miladmin]# openssl versionOpenSSL 0.9.8a 11 Oct 2005 --Viktor.__OpenSSL Project http://www.openssl.orgUser Support Mailing List openssl-users@openssl.orgAutomated List Manager [EMAIL PROTECTED] -- Regards,Puneet BaturaOpen Source Developer
Re: Generating certificate
On 5/12/06, Victor Duchovni [EMAIL PROTECTED] wrote: On Fri, May 12, 2006 at 01:23:23AM +0530, puneet batura wrote: On 5/11/06, Victor Duchovni [EMAIL PROTECTED] wrote: On Thu, May 11, 2006 at 11:19:08PM +0530, puneet batura wrote: I am using the same version :openssl version OpenSSL 0.9.8a 11 Oct 2005For a list of usable curves, just do :openssl ecparam -list_curvesWhen i ry to run the above command i get: [EMAIL PROTECTED] bin]# openssl ecparam -list_curves openssl:Error: 'ecparam' is an invalid command. Why so? What does running openssl version report? [EMAIL PROTECTED] miladmin]# openssl version OpenSSL 0.9.8a 11 Oct 2005O.K. What about openssl version -a -v -b -o -f -p? [EMAIL PROTECTED] miladmin]# openssl version -a -v -b -o -f -pOpenSSL 0.9.8a 11 Oct 2005built on: Sun Feb 12 03:25:32 EST 2006platform: linux-elfoptions: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -I/usr/kerberos/include -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=generic -fasynchronous-unwind-tables -Wa,--noexecstack -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM OPENSSLDIR: /etc/pki/tlsengines: dynamic ibmca-- Viktor.__OpenSSL Project http://www.openssl.orgUser Support Mailing List openssl-users@openssl.orgAutomated List Manager [EMAIL PROTECTED] -- Regards,Puneet BaturaOpen Source Developer
Re: ECC in Openssl!
# define DES_RISC2# define DES_UNROLL#elif defined( __osf1__ ) /* Alpha */# define DES_PTR# define DES_RISC2 #elif defined ( _AIX ) /* RS6000 */ /* Unknown */#elif defined( __hpux ) /* HP-PA */ /* Unknown */#elif defined( __aux ) /* 68K */ /* Unknown */#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ # define DES_UNROLL#elif defined( __sgi ) /* Newer MIPS */# define DES_PTR# define DES_RISC2# define DES_UNROLL#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ # define DES_PTR# define DES_RISC1# define DES_UNROLL#endif /* Systems-specific speed defines */#endif#endif /* DES_DEFAULT_OPTIONS */#endif /* HEADER_DES_LOCL_H */It dosent contain that line? On 5/12/06, Nils Larsch [EMAIL PROTECTED] wrote: puneet batura wrote: Hi Nils, Yes i have tried that but it says that 'ecparam' is not a valid argument.i am using openssl-0.9.8a version. Is this supported for this version or i have to go with some other version. it should be supported in 0.9.8a but perhaps it has been disabledin your version (in case you've installed the openssl header fileslook at opensslconf.h, if there's a OPENSSL_NO_EC ec support has beendisabled) = try building a new version of openssl 0.9.8[a,b]Cheers,Nils__OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.orgAutomated List Manager [EMAIL PROTECTED] -- Regards,Puneet BaturaOpen Source Developer
ECC in Openssl!
Hi,I am trying to generate a 163 bit key in openssl using ECC but was not been able to do so. I am using openssl-0.9.8a version can anyone show me a example how to do that?Thanks a Ton!-- Regards,Puneet BaturaOpen Source Developer
Generating certificate
Hi,I am generating a self signed certificate for my application using rsa but i want to generate the certificate using ecc. This is what i am doing: openssl genrsa -out MilitaryGpsKey.pem 2048 openssl req -new -x509 -key MilitaryGpsKey.pem -out MilitaryGpsCert.pem -days 365now converting the format so tomcat use it: openssl pkcs12 -export -in MilitaryGpsCert.pem -inkey MilitaryGpsKey.pem -out MilitaryGpsCert.p12 -name tomcat i am using openssl-0.9.8a version. Please tell me how to generate a ecc keyThanks-- Regards,Puneet BaturaOpen Source Developer