El hallabi-Kettani Abderrahmane schrieb:
try this :
openssl smime -sign -in ml.txt -signer mycert.pem
-text
| openssl smime -encrypt -outform der -out
mail.der -aes256 mycert.pem
I'm afraid this doesn't work either. The first command expects a private
key (-inkey) and it provi
--- Alok <[EMAIL PROTECTED]> a écrit :
> But when you sing with your public key, and encrypt
> with your public key,
> how will he decrypt it if he does not have your
> private key?
you sign with the private key existed in mycert.pem or
in a separate file priv_key.pem , after you use this
priva
Richard Levitte - VMS Whacker wrote:
[...]
First, use 'openssl x509 -x509toreq' to create a CSR from the
certificate you want to cross-certify, then use 'openssl ca' to sign
it, and use a specific extension section in the configuration file
(use the -extensions option). Alternatively, the CA you w
--- Lars <[EMAIL PROTECTED]> a écrit :
>
>
> El hallabi-Kettani Abderrahmane schrieb:
> > try this :
> > openssl smime -sign -in ml.txt -signer mycert.pem
> > -text
> > | openssl smime -encrypt -outform der -out
>
> > mail.der -aes256 mycert.pem
> >
>
> I'm afraid this d
Dear readers
I'm trying to create certificates with OpenSSL that can be used to log into a Windows
Domain. I've read the Microsoft Knowledge Base Article 281245 and the discussions on
this list in the past. I'm using OpenSSL 0.9.8-dev from Snapshot 2004-09-23.
First I set
extendedKeyUsage = cl
Hi all !
I want to run a simple test available in the demo\ssl directory but I
have few problems. I explains :
The first connection with simple sockets pass but when I want to
connect with SSL_connect, it fails with the error code 5
(SSL_ERROR_SYS_CALL).
I tried to do a little sleep before the
I think there is a reason why you cant encrypt a message without 1st
signing it using smime
By your logic, any preshared "key" would do the trick , why bother with
the cert ?
(in other words, hiscert or mycert, if all you are doing is using it as
a key to some encoder, why bother with certs)??
In message <[EMAIL PROTECTED]> on Thu, 23 Sep 2004 10:19:38 +0200, Bernhard Froehlich
<[EMAIL PROTECTED]> said:
ted> Richard Levitte - VMS Whacker wrote:
ted>
ted> >[...]
ted> >First, use 'openssl x509 -x509toreq' to create a CSR from the
ted> >certificate you want to cross-certify, then use 'op
--- Alok <[EMAIL PROTECTED]> a écrit :
> I think there is a reason why you cant encrypt a
> message without 1st
> signing it using smime
>
> By your logic, any preshared "key" would do the
> trick , why bother with
> the cert ?
> (in other words, hiscert or mycert, if all you are
> doing is us
El hallabi-Kettani Abderrahmane wrote:
--- Alok <[EMAIL PROTECTED]> a écrit :
I think there is a reason why you cant encrypt a
message without 1st
signing it using smime
By your logic, any preshared "key" would do the
trick , why bother with
the cert ?
(in other words, hiscert or mycert, if
On Thu, Sep 23, 2004 at 02:47:20PM +0200, Richard Levitte - VMS Whacker wrote:
> That is an entirely different question. You can place all relevant
> certificates in a PKCS#12 file, or just concatenate them in one .PEM
> file.
Would you mind to clear it out for me... It any CA has been
cross-cer
Not correct.
You sign the message with YOUR private key. The signature is verified by
the recipient using your certificate which is issued by a CA.
If you are also enveloping, then the data is encrypted under a "one-shot"
symmetric key, and this symmteric key is then encrypted using the public
wrong number of fields on line 2 (looking for field 6, got 2, '' left) CRL
looks like this:
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=US/O=Tardis
Last Update: Sep 22 20:36:58 2004 GMT
Next Update:
Hi Alok,
this really helped, thank you very much. The verification of my
signature still doen't work but I think that is another problem.
Thanks again, to all of you.
Lars.
Alok schrieb:
Try this:
1. Create a file text.text with some content
2. Do openssl smime -in text.txt -sign -signer cert.pem
Thanks,
something I would appreciate if you could clarify:
David C. Partridge wrote:
Not correct.
You sign the message with YOUR private key. The signature is verified by
the recipient using your certificate which is issued by a CA.
agreed,
If you are also enveloping, then the data is encrypte
Mike Marshall wrote:
so when a connection is accepted, here are the calls:
1) ssl = SSL_new(ctx)
2) BIO_new_socket
3) SSL_set_bio - called with the results of number 2
4) SSL_accept(ssl) <-- this line fails with a code of -1
5) SSL_get_error returns error code 1
6) ERR_peek_error
7) ERR_error_s
The "one shot" symmetric key is purely random.
No it's not a function of anyone's private or public key.
Once generated, it is encrypted using the public key of the recipient and
included with the message. If multiple recipients, the same key is used to
encrypt the data, and for each recipient i
--- Alok <[EMAIL PROTECTED]> a écrit :
> El hallabi-Kettani Abderrahmane wrote:
>
> > --- Alok <[EMAIL PROTECTED]> a écrit :
> >
> >
> >>I think there is a reason why you cant encrypt a
> >>message without 1st
> >>signing it using smime
> >>
> >>By your logic, any preshared "key" would do th
David C. Partridge wrote:
The "one shot" symmetric key is purely random.
how?
No it's not a function of anyone's private or public key.
then it is open to man in the middle
Once generated, it is encrypted using the public key of the recipient and
included with the message.
but then if i do s
Not at all, there's no man in the middle issue at all because the
certificates which are issued by a trusted TP g'tee the ownership of the
public key.
The logic goes like this:
You generate a random DES key known only to you. Let's call this KDE
You use this to encrypt the data. Lets call this
Alok wrote:
David C. Partridge wrote:
Once generated, it is encrypted using the public key of the recipient and
included with the message.
but then if i do something like
DES(key=hispubkey(data=somerandom))
i can always decrypt if i know hispubkey.
NO! Look, Alok, it's painfully obvious that y
At the risk of seeming even more confused than usual...
There's a lot of theory out there about cross certification and
bridges etc, but as far as I can tell it is really all theory, and
will REMAIN theory until the various "relying parties", that is,
the standard web browsers, can properly process
Not at all, there's no man in the middle issue at all because the
certificates which are issued by a trusted TP g'tee the ownership of the
public key.
The logic goes like this:
You generate a random DES key known only to you. Let's call this KDE
You use this to encrypt the data. Lets call this E
In message <[EMAIL PROTECTED]> on Thu, 23 Sep 2004 17:49:09 +0400, Toxa <[EMAIL
PROTECTED]> said:
postfix> On Thu, Sep 23, 2004 at 02:47:20PM +0200, Richard Levitte - VMS Whacker wrote:
postfix>
postfix> > That is an entirely different question. You can place all
postfix> > relevant certificate
I don't think you're wrong there Alok. The E(KDE)PUBK is
A random Des key taken as _data_ and encrypted asymmetrically
With the recipient's public key. Only the recipient will be
Able to decrypt it, with her private key.
Philip Painter
Hewlett-Packard Company
07747456508
http://ecardfile.com/id/Ph
In message <[EMAIL PROTECTED]> on Thu, 23 Sep 2004 11:25:06 -0400, Charles B Cranston
<[EMAIL PROTECTED]> said:
zben> At the risk of seeming even more confused than usual...
zben>
zben> There's a lot of theory out there about cross certification and
zben> bridges etc, but as far as I can tell it
Painter, Philip wrote:
I don't think you're wrong there Alok. The E(KDE)PUBK is
A random Des key taken as _data_ and encrypted asymmetrically
With the recipient's public key. Only the recipient will be
Able to decrypt it, with her private key.
what do you mean by encrypted assymetrically?
The on
27 matches
Mail list logo
