Hello Subrata and others
Thanks for your reply. Unfortunately this doesn't work for me.
> Here is a bash shell-script that I have used to start the Opencryptoki
> PKCS#11 driver :
> # BIOS Set up
> # Step 1. Turn the computer off.
> # Step 2. Turn the computer on and press F1 to enter the BIOS se
Hello Peter and others,
> I should start by saying that a TPM's functionality is not equivalent to
> that of other hardware tokens, such as smart cards. A TPM only provides a
> subset of the functionality of a regular PKCS#11 token. A TPM, however,
> also providers things that PKCS#11 tokens don
Martin Schneider wrote:
> I think they keystore on
> opencryptoki follows exactly the principle how storing other things
> "in" the TPM works: building an encrypted key hierarchy that is stored
> on harddisk with an encryption key rooted in the Storage Root Key in
> the TPM.
Isn't that how most HS
Michael Kaply wrote:
I'm importing a code signing cert into my database using pk12util, but
it gets assigned a random alias:
e33eb463-ddba-4895-9469-bfdd01c71fe2
Is there a way via the command line utilities to rename that to a more
human name?
I'm sure I did this in the past, but I can't f
That TPMs cannot sign CSRs is true but TPMs can do something similar
and IMHO much more interesting which attesting that a public key
(and thus indirectly the associated private key) was created inside of
the TPM.
The problem here is that few APIs and even fewer protocols deals with
this kind o
Michael Ströder wrote:
Martin Schneider wrote:
I think they keystore on
opencryptoki follows exactly the principle how storing other things
"in" the TPM works: building an encrypted key hierarchy that is stored
on harddisk with an encryption key rooted in the Storage Root Key in
the TPM.
Isn't
On 8/7/09 19:52, Eddy Nigg wrote:
On 07/08/2009 08:35 PM, Paul Hoffman:
At 8:08 PM +0300 7/8/09, Eddy Nigg wrote:
Funny that today it's better to use AES-128.
Why do you say that? It's the opposite of what the people who wrote
the paper say.
I've not read it today, but IIRC AES-128 remained
AFAIK, 2^119 is the worst-time complexity of the attack. Breaking a 256-bit
key through a brute-force attack takes 2^256 operations in the worst case.
The 'X/2' you are talking about is the average case, right? We are not
looking for collisions here, so the birthday paradox doesn't apply...
Best
On 9/7/09 17:33, Peter Djalaliev wrote:
AFAIK, 2^119 is the worst-time complexity of the attack. Breaking a
256-bit key through a brute-force attack takes 2^256 operations in the
worst case. The 'X/2' you are talking about is the average case,
right? We are not looking for collisions here, so
> "The weakness was discovered when we looked at AES as a hash function,
> and tried to find weaknesses that are specific for hash functions. We
> think that most cryptographers used only blockcipher-oriented
> techniques, against which AES was well protected by the designers."
>
All this quote sa
At 3:16 PM +0200 7/9/09, Ian G wrote:
>Although I haven't read it at all, normally what happens is that the strength
>of an algorithm of X bits is X/2.
Say what!?! AES is an encryption function, not a hash function. AES-256 has a
strength of 256 bits.
--
dev-tech-crypto mailing list
dev-tech-cr
Appreciate the detailed explanation.
Unfortunately I'm getting a segmentation fault on the export of the
test.pem to my new pfx file...
Very strange...
Mike
On 7/9/09 6:38 AM, David Stutzman wrote:
Michael Kaply wrote:
I'm importing a code signing cert into my database using pk12util, but
On 2009-07-08 22:37 PDT, Michael Kaply wrote:
> I'm importing a code signing cert into my database using pk12util, but
> it gets assigned a random alias:
>
> e33eb463-ddba-4895-9469-bfdd01c71fe2
That's a Microsoft Windows GUID. The most likely cause of this is that
you exported the cert and pri
I'm trying to figure out a different behavior I'm seeing today vs. NSS I
was using about a year ago.
Basically I have a code signing cert that contains a complete chain and
my memory of importing a year ago (and looking at the DB files that I
have generated from when I did that work), it has a
Please see my inline responses.
Martin Schneider wrote:
Hello Subrata and others
Thanks for your reply. Unfortunately this doesn't work for me.
Here is a bash shell-script that I have used to start the Opencryptoki
PKCS#11 driver :
# BIOS Set up
# Step 1. Turn the computer off.
# Step 2.
15 matches
Mail list logo