Re: Openssl encrypt on UNIX, decrypt on Windows
On Nov 19, 2008, at 11:35 AM, Buicliu, Ion VSA:EX wrote: Our UNIX-based organization is preparing to send encrypted data to a Windows-based organization. We have openSSL 0.9.8 on UNIX. We create the keys and will send them to the client in one process, then encrypt the data files and send them to the client in a different process. I don't know much about openSSL on Windows. My question: - is it possible to configure Windows with openSSL to use the keys and decrypt the files encrypted on UNIX? Yes - how difficult is this operation? Are you using OpenSSL CLI tools on UNIX? If so do the same on windows; compile OpenSSL and use the transferred keys and decrypt the data. Since the client seems to think that this is difficult to do, I would appreciate if you guide me in the right direction. In the end it is the client's responsibility to do it, but I'd like to have an idea of what's involved. Thank you Ion Buicliu
RE: Openssl encrypt on UNIX, decrypt on Windows
Are you using OpenSSL CLI tools on UNIX? If so do the same on windows; compile OpenSSL and use the transferred keys and decrypt the data. If by CLI you mean Command Line Interface, yes, that's what I am using on UNIX (not a graphical interface). If not, please let me know what you mean by CLI. Also, I would appreciate if you can give me more details about using the keys and decrypting on Windows. Thank you. Ion Buicliu My question: - is it possible to configure Windows with openSSL to use the keys and decrypt the files encrypted on UNIX? Yes - how difficult is this operation? Are you using OpenSSL CLI tools on UNIX? If so do the same on windows; compile OpenSSL and use the transferred keys and decrypt the data.
RE: Openssl encrypt on UNIX, decrypt on Windows
Hi Ion, On Wed, 19 Nov 2008, Buicliu, Ion VSA:EX wrote: Are you using OpenSSL CLI tools on UNIX? If so do the same on windows; compile OpenSSL and use the transferred keys and decrypt the data. If by CLI you mean Command Line Interface, yes, that's what I am using on UNIX (not a graphical interface). If not, please let me know what you mean by CLI. Also, I would appreciate if you can give me more details about using the keys and decrypting on Windows. There is a command-line version of OpenSSL that you can download and install on Windows that works in exactly the same way as the one on Linux/Unix does. No magic. If your Windows shop finds that too difficult to deal with (e.g. having to remember command line options) then I'm not aware of an OpenSSL GUI that could be used. Perhaps PGP for Windows might provide what you want, with a GUI? Cheers, Chris. -- _ __ _ \ __/ / ,__(_)_ | Chris Wilson at qwirx.com - Cambs UK | / (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer | \ _/_/_/_//_/___/ | Stop nuclear war http://www.nuclearrisk.org | __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Openssl encrypt on UNIX, decrypt on Windows
Thank you very much Chris, that's all I needed to know. I will inform the client and let them deal with the rest. Ion Buicliu Hi Ion, On Wed, 19 Nov 2008, Buicliu, Ion VSA:EX wrote: Are you using OpenSSL CLI tools on UNIX? If so do the same on windows; compile OpenSSL and use the transferred keys and decrypt the data. If by CLI you mean Command Line Interface, yes, that's what I am using on UNIX (not a graphical interface). If not, please let me know what you mean by CLI. Also, I would appreciate if you can give me more details about using the keys and decrypting on Windows. There is a command-line version of OpenSSL that you can download and install on Windows that works in exactly the same way as the one on Linux/Unix does. No magic. If your Windows shop finds that too difficult to deal with (e.g. having to remember command line options) then I'm not aware of an OpenSSL GUI that could be used. Perhaps PGP for Windows might provide what you want, with a GUI? Cheers, Chris. -- _ __ _ \ __/ / ,__(_)_ | Chris Wilson at qwirx.com - Cambs UK | / (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer | \ _/_/_/_//_/___/ | Stop nuclear war http://www.nuclearrisk.org | __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Openssl encrypt on UNIX, decrypt on Windows
On Wed, Nov 19, 2008 at 1:34 PM, Buicliu, Ion VSA:EX [EMAIL PROTECTED] wrote: If by CLI you mean Command Line Interface, yes, that's what I am using on UNIX (not a graphical interface). If not, please let me know what you mean by CLI. Yes, command-line interface, invoked by cmd.exe. Also, I would appreciate if you can give me more details about using the keys and decrypting on Windows. Use exactly the same commands you would use on UNIX. OpenSSL does not interact with the Windows certificate store at all. It does not interact with CryptoAPI. It just deals with what's in the files that you hand to it. The only gotcha you need to worry about would be if you're decrypting on Vista or Windows Server 2003+; you might be in a directory which requires an integrity level of Medium or High, and most invocations of cmd.exe have Low integrity (meaning you have to get to a directory that Low integrity can write to, which is often your user account's Documents directory or a subdir thereof). Basically: if you get a cannot write error, move the stuff to your user account's Documents folder and retry. Thank you. Ion Buicliu __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Openssl encrypt on UNIX, decrypt on Windows
Thank you Kyle, excellent details. I will inform the client. Ion Buicliu On Wed, Nov 19, 2008 at 1:34 PM, Buicliu, Ion VSA:EX [EMAIL PROTECTED] wrote: If by CLI you mean Command Line Interface, yes, that's what I am using on UNIX (not a graphical interface). If not, please let me know what you mean by CLI. Yes, command-line interface, invoked by cmd.exe. Also, I would appreciate if you can give me more details about using the keys and decrypting on Windows. Use exactly the same commands you would use on UNIX. OpenSSL does not interact with the Windows certificate store at all. It does not interact with CryptoAPI. It just deals with what's in the files that you hand to it. The only gotcha you need to worry about would be if you're decrypting on Vista or Windows Server 2003+; you might be in a directory which requires an integrity level of Medium or High, and most invocations of cmd.exe have Low integrity (meaning you have to get to a directory that Low integrity can write to, which is often your user account's Documents directory or a subdir thereof). Basically: if you get a cannot write error, move the stuff to your user account's Documents folder and retry. Thank you. Ion Buicliu __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Openssl encrypt on UNIX, decrypt on Windows
On Wed, Nov 19, 2008, Kyle Hamilton wrote: Use exactly the same commands you would use on UNIX. OpenSSL does not interact with the Windows certificate store at all. It does not interact with CryptoAPI. It just deals with what's in the files that you hand to it. Well unless it is instructed otherwise. Recent versions of OpenSSL include a CryptoAPI ENGINE which can make use of private keys and (for SSL/TLS client authentication only) certificates stored in CryptoAPI. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]