On Friday 19 September 2003 21:17, Frank wrote:
> Nils Larsch wrote:
> > On Friday 19 September 2003 15:28, Frank wrote:
> > > What I've seen so far with openssl is that there seems to be 10,000
> > > ways to do the same thing so I want to make sure I understand how to do
> > > a DSA signature. My
Hi everyone
I´ve installed Apache 1.3.29 with the Apache-SSL patch and OpenSSL 0.9.7b.
Now I need to make a certificat, otherwise Apache won´t accept "SSLEnable"
in apache.conf
But how do a make a certificat? I don´t know much about encryption, but
I´ve heard that 3DES should be the most secure
Hi Sarah,
On Saturday, September 20, 2003 4:06 PM Sarah Haff
wrote:
Attached is a highlevel diagram that depicts how openssl will be utilized
in the application for encrypting data from the sender to the
receiver.
You mention, that the data is "encrypted using the sender's
private key .
Christian Barmala wrote:
You mention, that the data is "encrypted using the sender's private key ...
> to ensure that data is sent by the intended sender". Even though you sometimes
> find this expression in literature, I consider it clearer when you say "data is
> signed by the sender's private
Rich,
Thanks for the responce. I did think about using symmetric crypt for bulk
data and just using the asymmetric for session creation (key xchange).
However in our application, there is not much data that is being transferred
from the sender to the receiver. Only very small number of data pac
Hi Michael,
- Original Message -
From: "Michael Sierchio" <[EMAIL PROTECTED]>
Sent: Saturday, September 20, 2003 5:22 PM
> > You mention, that the data is "encrypted using the sender's private key
...
> > to ensure that data is sent by the intended sender". Even though you
sometimes
>
If your messages are longer than the size of an AES or 3DES key, you're
less efficient. If they're ever going to be longer, you're stuck. :)
> That is what I m showing the diagram? Or is my diagram wrong? The only
> difference is I am using MD5.
MD5 should be avoided except where it has to be u
> > Public keys are NOT signed by a CA. A CA signs a cert
> The same "difference" as betwenn signing a message or beeing more precise
> and saying that you sing a message's digest instead of the whole message.
You missed the point of what Michael said. First, when someone says "xxx
is signed" th
Rich Salz wrote:
That is what I m showing the diagram? Or is my diagram wrong? The only
difference is I am using MD5.
MD5 should be avoided except where it has to be used for legacy apps.
Rich will help me with this, but I thought I'd explain why:
collision-resistance is especially impor
> This is probably more than the OP needed to read...
I think in the crypto world, "proof by intimidation" seems to have its
place. :)
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapo
If your messages are longer than the size of an AES or 3DES key, you're
less efficient. If they're ever going to be longer, you're stuck. :)
Hmm the messages are 9 digit license numbers. so i think it is going to
simple to just use asymmetric crypt for this. Any suggestions?
MD5 should be avoide
Thanks Christian, Rich, and Micheal for clarifying few things.
So from what I gathered reading the responses:
- I should the word "sign" intead of encryption, when encrypting using
Private Key to encrypt the checksum. That is good suggestion.
The other question I have is - Should I send the dig
> - I should the word "sign" intead of encryption, when encrypting using
> Private Key to encrypt the checksum. That is good suggestion.
yeah, that's what misled me before.
> The other question I have is - Should I send the digital signature as a
> seperate message, or should take the checksum of
yeah, that's what misled me before.
got it. :)
Are you worried about data corruption such that an a non-signed hash is
actually buying you anything?
I m sorry Rich, I m not sure if I understand your question. Can you please
explain.
Thanks
Sarah
_
> >yeah, that's what misled me before.
> got it. :)
>
> >Are you worried about data corruption such that an a non-signed hash is
> >actually buying you anything?
> I m sorry Rich, I m not sure if I understand your question. Can
> you please
> explain.
I think what he's trying to get at is
15 matches
Mail list logo
