Re: CMS usage with OpenSSl
Hello Shankar, as a member of the official OFTP2 working group and also a user of openSSL I can tell you that the PKCS#7 support is sufficient for file based operations in this context. If you need any further assistence for OFTP2 specific suppor I suggest you join the working group, whose head is Joerg Walter ([EMAIL PROTECTED]) or contact me ([EMAIL PROTECTED]) for openSSL specific topics. Regards, Harald Latzko c-works GmbH Hi Stephen, We are developing a secure communication on OFTP(RFC-5024), as per the RFC we need to sign the file, compress the file , encrypt the file. that can be done with the OpenSSl .. ok, Next the consern is : 1)Files that are to be signed are enveloped according to the file enveloping format i.e as a CMS package. 2) Files that are to be copressed are enveloped according to the file enveloping format i.e as a CMS package. 3) Files that are to be encrypted are enveloped according to the file enveloping format i.e as a CMS package. here we are not understand how to implement the CMS package and struck... Best Regards --Shankar On 4/1/08, Dr. Stephen Henson [EMAIL PROTECTED] wrote: On Tue, Apr 01, 2008, shankar ks wrote: Hi Stephen, ThanQ for your information. let me conform your information as : CMS is still under development and there is no document or material is available for CMS in OpenSSl . if that is the case is there any thing availble right now for using CMS along with openssl. and what you can suggest me to do what explained in my earlier mail... It can be used with the command line utility cms. The API is similar to the documented PKCS7 API in many respects. It however isn't at all clear from your description what you want to precisely want to do. Does the TLS will support the CMS ? CMS and TLS are two different things entirely. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: CMS usage with OpenSSl
HI Harald, ThanQ for your information. So implementing of PKCS#7 Api's will serve my purpose .. Ok, at last , a small doubt : I have implemented signing, encryption using RSA_sign EVP_EncryptUpdate RSA_public_encrypt , so where these will differ from the PKCS#7 API's as these PKCS#7 api's also do the same things as by the above functions. I did not find any difference of usage of those two. can you please tell me what is difference in b/w usage of those two. -- Shankar On 4/2/08, Harald Latzko [EMAIL PROTECTED] wrote: Hello Shankar, as a member of the official OFTP2 working group and also a user of openSSL I can tell you that the PKCS#7 support is sufficient for file based operations in this context. If you need any further assistence for OFTP2 specific suppor I suggest you join the working group, whose head is Joerg Walter ([EMAIL PROTECTED]) or contact me ([EMAIL PROTECTED]) for openSSL specific topics. Regards, Harald Latzko c-works GmbH Hi Stephen, We are developing a secure communication on OFTP(RFC-5024), as per the RFC we need to sign the file, compress the file , encrypt the file. that can be done with the OpenSSl .. ok, Next the consern is : 1)Files that are to be signed are enveloped according to the file enveloping format i.e as a CMS package. 2) Files that are to be copressed are enveloped according to the file enveloping format i.e as a CMS package. 3) Files that are to be encrypted are enveloped according to the file enveloping format i.e as a CMS package. here we are not understand how to implement the CMS package and struck... Best Regards --Shankar On 4/1/08, Dr. Stephen Henson [EMAIL PROTECTED] wrote: On Tue, Apr 01, 2008, shankar ks wrote: Hi Stephen, ThanQ for your information. let me conform your information as : CMS is still under development and there is no document or material is available for CMS in OpenSSl . if that is the case is there any thing availble right now for using CMS along with openssl. and what you can suggest me to do what explained in my earlier mail... It can be used with the command line utility cms. The API is similar to the documented PKCS7 API in many respects. It however isn't at all clear from your description what you want to precisely want to do. Does the TLS will support the CMS ? CMS and TLS are two different things entirely. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- --Best Regards Shankar
CMS usage with OpenSSl
Hi all/ I am shiva, working on security issues using Openssl Api's. Our requirement is we need to Sign the file, compress the file , encrypt the file as a CMS(crypto graphic message syntax) package. I am able to do the signing, compression, encryption using the OpenSSl Api's in C language. But our requirement is we need to envelope the signed , compressed and encrypted files as a CMS package. Basically we are using RSA_sign EVP_EncryptUpdate RSA_public_encrypt for signing and encryption of the data. But we did not understand how to implement those as a CMS package. I am thinking Implementing the above functions it self implementation of CMS, but I am not sure about it, can you please conform whether I am correct or not ? if I am wrong, is there any functions that I need to implement for the CMS. And one more doubt is does using of openssl Api's will implement the CMS or not ? If all my understating is wrong please let me know what are the implementations for the CMS using the openssl. Please help me in this regard… Thanks in advance
Re: CMS usage with OpenSSl
On Tue, Apr 01, 2008, shankar ks wrote: Hi all/ I am shiva, working on security issues using Openssl Api's. Our requirement is we need to Sign the file, compress the file , encrypt the file as a CMS(crypto graphic message syntax) package. I am able to do the signing, compression, encryption using the OpenSSl Api's in C language. But our requirement is we need to envelope the signed , compressed and encrypted files as a CMS package. Basically we are using RSA_sign EVP_EncryptUpdate RSA_public_encrypt for signing and encryption of the data. But we did not understand how to implement those as a CMS package. I am thinking Implementing the above functions it self implementation of CMS, but I am not sure about it, can you please conform whether I am correct or not ? if I am wrong, is there any functions that I need to implement for the CMS. And one more doubt is does using of openssl Api's will implement the CMS or not ? If all my understating is wrong please let me know what are the implementations for the CMS using the openssl. The functions above have nothing to do with CMS. They just handle raw data. OpenSSL has supported PKCS#7 for some time but not CMS. CMS support is currently under development in HEAD and the API is not currently documented other than the cms utility. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
AW: CMS usage with OpenSSl
Hi, As far as I know OpenSSL does not support CMS in the way you need it. We had to use a self developed library to create a CMS file. The main problem is, that there was no private key for input when creating PKCS#7-files (a.k.a. CMS-files). Parsing this file is possible with OpenSSL. Maybe I'm wrong a someone can tell me the right version, but this is how we did it. Best regards Frank Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von shankar ks Gesendet: Dienstag, 1. April 2008 11:36 An: openssl-users@openssl.org Betreff: CMS usage with OpenSSl Hi all/ I am shiva, working on security issues using Openssl Api's. Our requirement is we need to Sign the file, compress the file , encrypt the file as a CMS(crypto graphic message syntax) package. I am able to do the signing, compression, encryption using the OpenSSl Api's in C language. But our requirement is we need to envelope the signed , compressed and encrypted files as a CMS package. Basically we are using RSA_sign EVP_EncryptUpdate RSA_public_encrypt for signing and encryption of the data. But we did not understand how to implement those as a CMS package. I am thinking Implementing the above functions it self implementation of CMS, but I am not sure about it, can you please conform whether I am correct or not ? if I am wrong, is there any functions that I need to implement for the CMS. And one more doubt is does using of openssl Api's will implement the CMS or not ? If all my understating is wrong please let me know what are the implementations for the CMS using the openssl. Please help me in this regard... Thanks in advance
Re: CMS usage with OpenSSl
Hi Frank, You mean to say there is no pre-defined library API's are available in the Openssl (my understanding is right?). You told that you already did it , So can I know in which language you have done?. and do we need to implement it separatly , or is there any source already avilable in the net?... if so can you please give me some example programs ... and Openssl supports PKCS#7 means it also support the CMS ?.. if that is the case can we use the PKCS#7 for the CMS envelope.. -- Best regrads Shankar On 4/1/08, Wockenfuß, Frank [EMAIL PROTECTED] wrote: Hi, As far as I know OpenSSL does not support CMS in the way you need it. We had to use a self developed library to create a CMS file. The main problem is, that there was no private key for input when creating PKCS#7-files (a.k.a. CMS-files). Parsing this file is possible with OpenSSL. Maybe I'm wrong a someone can tell me the right version, but this is how we did it. Best regards Frank -- *Von:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *Im Auftrag von *shankar ks *Gesendet:* Dienstag, 1. April 2008 11:36 *An:* openssl-users@openssl.org *Betreff:* CMS usage with OpenSSl Hi all/ I am shiva, working on security issues using Openssl Api's. Our requirement is we need to Sign the file, compress the file , encrypt the file as a CMS(crypto graphic message syntax) package. I am able to do the signing, compression, encryption using the OpenSSl Api's in C language. But our requirement is we need to envelope the signed , compressed and encrypted files as a CMS package. Basically we are using RSA_sign EVP_EncryptUpdate RSA_public_encrypt for signing and encryption of the data. But we did not understand how to implement those as a CMS package. I am thinking Implementing the above functions it self implementation of CMS, but I am not sure about it, can you please conform whether I am correct or not ? if I am wrong, is there any functions that I need to implement for the CMS. And one more doubt is does using of openssl Api's will implement the CMS or not ? If all my understating is wrong please let me know what are the implementations for the CMS using the openssl. Please help me in this regard… Thanks in advance
Re: CMS usage with OpenSSl
I haven't used it yet, but the latest CVS source tree at least contains a new CMS API, plus documentation and a 'cms' test tools in ./apps/ You might want to go and have look, because to me at least this looks like the material you're looking for. Cheers, Ger Hi all/ I am shiva, working on security issues using Openssl Api's. Our requirement is we need to Sign the file, compress the file , encrypt the file as a CMS(crypto graphic message syntax) package. I am able to do the signing, compression, encryption using the OpenSSl Api's in C language. But our requirement is we need to envelope the signed , compressed and encrypted files as a CMS package. Basically we are using RSA_sign EVP_EncryptUpdate RSA_public_encrypt for signing and encryption of the data. But we did not understand how to implement those as a CMS package. I am thinking Implementing the above functions it self implementation of CMS, but I am not sure about it, can you please conform whether I am correct or not ? if I am wrong, is there any functions that I need to implement for the CMS. And one more doubt is does using of openssl Api's will implement the CMS or not ? If all my understating is wrong please let me know what are the implementations for the CMS using the openssl. Please help me in this regard… Thanks in advance -- Met vriendelijke groeten / Best regards, Ger Hobbelt -- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: [EMAIL PROTECTED] mobile: +31-6-11 120 978 -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: CMS usage with OpenSSl
Hi Stephen, ThanQ for your information. let me conform your information as : CMS is still under development and there is no document or material is available for CMS in OpenSSl . if that is the case is there any thing availble right now for using CMS along with openssl. and what you can suggest me to do what explained in my earlier mail... Does the TLS will support the CMS ? --Best Regards Shankar On 4/1/08, Dr. Stephen Henson [EMAIL PROTECTED] wrote: On Tue, Apr 01, 2008, shankar ks wrote: Hi all/ I am shiva, working on security issues using Openssl Api's. Our requirement is we need to Sign the file, compress the file , encrypt the file as a CMS(crypto graphic message syntax) package. I am able to do the signing, compression, encryption using the OpenSSl Api's in C language. But our requirement is we need to envelope the signed , compressed and encrypted files as a CMS package. Basically we are using RSA_sign EVP_EncryptUpdate RSA_public_encrypt for signing and encryption of the data. But we did not understand how to implement those as a CMS package. I am thinking Implementing the above functions it self implementation of CMS, but I am not sure about it, can you please conform whether I am correct or not ? if I am wrong, is there any functions that I need to implement for the CMS. And one more doubt is does using of openssl Api's will implement the CMS or not ? If all my understating is wrong please let me know what are the implementations for the CMS using the openssl. The functions above have nothing to do with CMS. They just handle raw data. OpenSSL has supported PKCS#7 for some time but not CMS. CMS support is currently under development in HEAD and the API is not currently documented other than the cms utility. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: CMS usage with OpenSSl
On Tue, Apr 01, 2008, shankar ks wrote: Hi Stephen, ThanQ for your information. let me conform your information as : CMS is still under development and there is no document or material is available for CMS in OpenSSl . if that is the case is there any thing availble right now for using CMS along with openssl. and what you can suggest me to do what explained in my earlier mail... It can be used with the command line utility cms. The API is similar to the documented PKCS7 API in many respects. It however isn't at all clear from your description what you want to precisely want to do. Does the TLS will support the CMS ? CMS and TLS are two different things entirely. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: CMS usage with OpenSSl
Hi Stephen, We are developing a secure communication on OFTP(RFC-5024), as per the RFC we need to sign the file, compress the file , encrypt the file. that can be done with the OpenSSl .. ok, Next the consern is : 1)Files that are to be signed are enveloped according to the file enveloping format i.e as a CMS package. 2) Files that are to be copressed are enveloped according to the file enveloping format i.e as a CMS package. 3) Files that are to be encrypted are enveloped according to the file enveloping format i.e as a CMS package. here we are not understand how to implement the CMS package and struck... Best Regards --Shankar On 4/1/08, Dr. Stephen Henson [EMAIL PROTECTED] wrote: On Tue, Apr 01, 2008, shankar ks wrote: Hi Stephen, ThanQ for your information. let me conform your information as : CMS is still under development and there is no document or material is available for CMS in OpenSSl . if that is the case is there any thing availble right now for using CMS along with openssl. and what you can suggest me to do what explained in my earlier mail... It can be used with the command line utility cms. The API is similar to the documented PKCS7 API in many respects. It however isn't at all clear from your description what you want to precisely want to do. Does the TLS will support the CMS ? CMS and TLS are two different things entirely. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]