The computation of key material(Client/Server MAC Key + Client/Server Cipher Key +
optinally, the Client/Server IV) is all done together.
At the server end, the key material is computed and saved in 'pending write state' and
'pending read state' upon receiving a ClientKeyExchange message from
Bill Browning wrote:
>
> Yes I must agree on re-read I made two fatal mistakes. One should definitely
> not pass encrypted tokens to the client and one should not design an
> authentication scheme in the time takes to type out a message. Proper
> approach would have been to replace steps 4 and 5
Well, at least now you've doubled the amount of effort expended -- two
mail messages. I don't know if that warrants a :) or a :( ...
> 4. Send client a token to encrypt.
Unless the "token" includes a timestamp or is completely random, this is
suspect to replay or prediction attacks. If you wer
Date sent: Tue, 20 Mar 2001 16:22:53 -0800
Subject:Re: How can I encrypt public key in handshake?
From: "corky peavy" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Send reply to: [EMAIL PROTECTED]
Again, if you are looking fo
Yes I must agree on re-read I made two fatal mistakes. One should definitely
not pass encrypted tokens to the client and one should not design an
authentication scheme in the time takes to type out a message. Proper
approach would have been to replace steps 4 and 5 with this:
4. Send client a tok
http://www-cs-students.stanford.edu/~tjw/srp/whatisit.html
http://www-cs-students.stanford.edu/~tjw/srp/project.html
http://www-cs-students.stanford.edu/~tjw/srp/download.html
__
OpenSSL Project ht
> This kind of ad hoc
> thinking by amateurs never results in a protocol worthy of deployment.
>
> The whole concept of encrypting public keys is ludicrous, and it
> doesn't matter what the answers are when you're asking the wrong
> questions.
> __
> I did not want certificates for my application, sorry.
Then use SRP.
Leave crpyto protocol design to those qualified. :)
/r$
__
OpenSSL Project http://www.openssl.org
User Support Mailin
"Kenneth R. Robinette" <[EMAIL PROTECTED]> wrote:
> From: Bill Browning <[EMAIL PROTECTED]>
> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> Subject: RE: How can I encrypt public key in handshake?
> Date sent:Tue, 20 Mar 2001 15:29:0
> 1. Give your public key to anyone who want its (email what ever..)
> 2. create an SSL connection from client to server.
> 3. Verify that the server is who you think it is (via the public key)
> (client can now trust server)
> 4. Pass an encrypted token to the client (encrypted with client passwo
> > 3. Verify that the server is who you think it is (via the public key)
> > (client can now trust server)
> > 4. Pass an encrypted token to the client (encrypted with client password)
A classic, and amateur-level mistake. You should NEVER hand out
something encrypted with a user's password to
"Kenneth R. Robinette" wrote:
> okay, well try this approach:
>
> 1. Give your public key to anyone who want its (email what ever..)
> 2. create an SSL connection from client to server.
> 3. Verify that the server is who you think it is (via the public key)
> (client can now trust server)
> 4. P
I am trying to figure out when the encryption key is generated when using
SSL.
I currently have an application which has a client and server piece. For the
purpose of testing I have generated a selfsigned certificate using openssl
req -x509 -text -new -newkey rsa:1024 -out a.pem -md5
I need to ge
Corky,
It sounds like you are trying to do SSL with password-based
authentication instead of certificate-based authentication. There is an
effort being made to standardize this approach using the SRP techniques, see
(http://www.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt) for ideas.
Th
From: Bill Browning <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject:RE: How can I encrypt public key in handshake?
Date sent: Tue, 20 Mar 2001 15:29:05 -0800
Send reply to: [EMAIL PROTECTED]
I do
Title: installing OpenSSL on HPUX11
I can not get the install to work on HPUX11(64-bit) with the HP aC++ compiler version 3.25. Has anyone ever attempted this successfully? HELP!!
Thank You,
--Brian
Brian Thompson [EMAIL PROTECTED]
Sof
It sound like what you are doing should happen like this:
1. Client (C) connects to Server (s)
2. S gets user name from C
3. S encrypts public key using password for C
4. S sends password to C
5. C saves password for use with SSL_CTX_load_verify_locations
6. C starts an ssl negotiation with S.
W
corky peavy wrote:
> Background and Rationale -- if you are interested.
>
> I need to do this because our product would not be practical with the
> headaches of certificate authorities, but we do need some user authentication,
> and defense against man-in-the-middle attacks.
See SKIP v2 w/UDH c
- Original Message -
From: Patrick Li <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 20, 2001 11:27 AM
Subject: Server sending certiciate chain
> Hi,
>
> I want to run "openssl s_server" to simulate the server sending out the
> server certificate chain. I have created
Hi,
I want to run "openssl s_server" to simulate the server sending out the
server certificate chain. I have created a root CA and used it to signed
another certifcate (CA), which in turn used to sign another certificate.
Now I have 3 certificates (including the root CA self-signed certificate).
I am building a system where the public key needs to be encrypted by
the server, and decrypted by the client.
The included blowfish encryption is fine, but I can't figure out where
in the client and server code to encrypt/decrypt. Encrypting it just
before it is sent to the client is detected
I'm installing the current release of openssl on a Linux 6.2 box and get
this when I run 'make test'.
./destest: error in loading shared libraries: libcrypto.so.0: cannot
open shared object file: No such file or directory
--
I'm stumped. Any ideas?
Thanks.
John
___
URBANE LIRE
50
INTERURBANE LIRE
85
CELLULARI LIRE
479
SEMPRE &
COMUNQUE
Iscriviti
GRATIS al nuovissimo Club, dalla parte dei consumatori: tariffe telefoniche
ECCEZIONALI, più l’opportunità di GUADAGNARE… www.europhoneclub.com
Con
Europhoneclub potrai riferirti ad un
I've got apps\ocsp.c, but does anyone have any nice documentation on the
OCSP API part of openssl?
Tat.
begin:vcard
n:Kong;Tat Sing
tel;fax:+44 (0)161 833 3636
tel;work:+44 (0)161 833 3777
x-mozilla-html:FALSE
url:www.consegna.co.uk
org:Consegna Advanced Technlogies Ltd
version:2.1
email;intern
Hi
Why the openssl line command "openssl rsautl -decrypt" does not
recognize the "-passin pass:foo" syntaxe ? This command need a private key
so it could be usefull to allow this way to enter the pass phrass.
Wrong ?
Regards
Serge Aumont
--
-
I got openssl-snap-20010319. I am using Microsoft Visual C++ 6.0 on NT
4.0.
I removed the following entry points from the libeay32.def file. I
guess they weren't present but I didn't look any further:
EC_GFp_nist_method
EC_GFp_recp_method
Tat.
Richard Levitte - VMS Whacker wrote:
>
> From:
You don't have to do the cutting; the EVP_* functions do it
for you.
_Greg
StarkEthentica, Inc.[EMAIL PROTECTED]_
- Original Message -
From:
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesda
Did you do an SSL_load_error_strings( ); anywhere in your code? If not
give that a try.
Bill Browning
-Original Message-
From: Jason Wang [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 16, 2001 10:11 AM
To: [EMAIL PROTECTED]
Subject: how to understand the error code?
Please help...
From: Tat Sing Kong <[EMAIL PROTECTED]>
tsk> Anyone know when this is due?
No. In the mean time, it would be really helpful if you would tell us
exactly what kind of mangling you need to do. That might help make it
work properly on your platform...
tsk> I would like to use some of the OCSP st
Hi.
As I understood, when encrypting a message with a block cipher, the message has to be cutted in pieces, and the EVP_EncryptUpdadate has to be feeded with these pieces.
Do I have to put all the cipher pieces together to obtain the final cipher ?
andras
Anyone know when this is due?
I would like to use some of the OCSP stuff, but I am a bit worried
because I had to mangle some of the source files to compile it.
Tat.
begin:vcard
n:Kong;Tat Sing
tel;fax:+44 (0)161 833 3636
tel;work:+44 (0)161 833 3777
x-mozilla-html:FALSE
url:www.consegna.co.uk
When trying to compile the new 9.6a beta, there was a compiler error on
randfile.c line 214 in directory \crypto\rand
Basically it was an unsigned/signed warning error. this if statement should
be changed to
if ( (s != NULL) && ( (strlen(s) + strlen(RFILE) + 2) < (unsigned)size) )
With size be
I have a quick question. I am setting up IMAP to use SSL. Do I have to
have apache server running to do this? Also does anyone know a good website for
setting up IMAP with SSL on Linux 7.0. The inetd.conf is different than 6.2 on
7.0 it is actually xinetd.conf and it includes xinetd.d files?
Bruce,
thanks for your hint. Well, we use self-generated keys that we basically get
from a self-written SSL-uding Windows tool which gives me just the modulus.
The output of that tool
is created by BN_bn2hex(), so I am wondering why I just can't read it
without these problems.
Currently, I have
- Forwarded by András Joo/Digital Reality/MSM/IBCGroup on 03/20/2001 04:34 PM -
Lóránd Csíki
03/20/2001 04:24 PM
To: András Joo/Digital Reality/MSM/IBCGroup@IBCGroup
cc:
Subject: Need help with RSA private and public key verifyi
Antonio Ruiz Martínez wrote:
>
> Hello!
> I've got the next code like the x_val.c, and but when I introduce
> the sequence in the asn.1 type I get an error.
> What's the problem?
>
If you want to use a SEQUENCE in an ASN1_TYPE structure then you first
need to store the encoding of the SEQUE
It will be nice to have these calls, but the DLL's interface (the list of exported
functions) is not frozen yet. Maybe in version 1.0...
It is better to link statically - and sign your executable with some tool like MS
signcode. If you are using Windows 2000, you can check if the signature is v
Hiya,
I've a client/server system using openssl with verified
certificates. It's not a browser/Web server. The CA, server and client
certificates are all built using the openssl proggie. Ive run into a
problem where the certificate verification fails 30 days after I've
built the new CA and se
I know this is Microsofts problem, but I was wondering if there is
anything that could be done to handle this problem? My initial
investigation seemed to imply no, but I'm far from the expert in the
apache/openssl code base. I'll bet IIS handles this gracefully, and the
hit I have to take on the
On Tue, Mar 20, 2001 at 12:59:53PM +0200, Panagiotis Drakopoulos wrote:
> Hi,
> Do the tests i made (see below) mean that i installed and configured secure imap
> and pop servers (openssl-0.9.6) properly.
Hmm, no.
> I still cannot connect to the server using netscape messenger or outlook if i c
Thanks, that fixed the problem
In your SSL virtual host section
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
- Original Message -
From: "Jeffrey Burgoyne" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 20, 2001 1:51 AM
Subject: Re: The page cannot b
Hi,
Do the tests i made (see below) mean that i installed and configured secure imap
and pop servers (openssl-0.9.6) properly.
I still cannot connect to the server using netscape messenger or outlook if i check
the programms option for secure
connection.If i dont check this option i can connect
Hello!
I've got the next code like the x_val.c, and but
when I introduce the sequence in the asn.1 type I get an error.
What's the problem?
Thanks in advance,
Regards,
Antonio.
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include "cryptlib.h"
//SE
On Mon, Mar 19, 2001 at 11:13:22PM -0700, Nathan Parker wrote:
> How can I poll the SSL layer to see if it has data I can read? I want to
> implement a function to read N bytes with a time limit, but using select()
> messes me up -- it doesn't know if there is data available within SSL.
SSL_p
On Mon, Mar 19, 2001 at 11:13:22PM -0700, Nathan Parker wrote:
> Question:
> How can I poll the SSL layer to see if it has data I can read? I want to
> implement a function to read N bytes with a time limit, but using select()
> messes me up -- it doesn't know if there is data available within
On Mon, Mar 19, 2001 at 01:54:46PM -0500, ackka ackka wrote:
> [...] When looking into this more I found that the infinite loop is caused
> on a SSL_peek call.
Please try the beta for OpenSSL 0.9.6a (available from ftp.openssl.org
or one of the mirrors, http://www.openssl.org/source/mirror.html
I had the same problem on HP-UX 10.20, but when I recompiled openssl
with CFLAGS='-fPIC' (or CFLAGS='+Z' if you are not using gcc) I did
over come this problem. I have all kind of other problem (appearently
to do with using gcc) which I am still asking people about (as I am
not a C programmer)
Dear sirs,
I'm interesting your product but following installation command is
giving me a problem...
> perl Configure VC-WIN32-->OK
> ms\do_ms-->OK
> nmake -f ms\ntdll.mak -->NOT OK...
I receive this message:
LINK : fatal error LNK1181 :
On Tue, Mar 20, 2001 at 12:32:42AM +, Filipe Contente wrote:
> You have sent it to me before,
> and it didn't help...
>
> may you try to answer my questions???
>
> thanks
> Lutz Jaenicke wrote:
> >
> > On Mon, Mar 19, 2001 at 06:41:31PM +, Filipe Contente wrote:
> > > Hi everybody!
> >
49 matches
Mail list logo
