Any takers on this?
I'm still thinking that ${OPENSSL_HOME}/CA/ is for the certificate one
signs as a CA and ${OPENSSL_HOME}/CA/private/ for the key for that
certificate, but a coworker here insists that the root certificate
belongs in ${OPENSSL_HOME}/ and the the key for it in
$
Can I link a 64-bit app with a 32-bit openssl lib ?
More specifically, the environment would be
OS = FreeBSD 5.2.1
CC = gcc 3.3.3
Linker = ld 2.13.2
32-bit Lib = OpenSSL
I personally don't think that is possible. However, my peer has managed
to compile a 64-bit
app with the 32-bit SSL lib and clai
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 19 Jan 2005, Richard Levitte - VMS Whacker wrote:
> In message <[EMAIL PROTECTED]> on Wed, 19 Jan 2005 11:47:25 +, Shaun
> Lipscombe <[EMAIL PROTECTED]> said:
[snip]
> shaun.lipscombe> Just search any keyserver for "Superman" and I'm sure
In message <[EMAIL PROTECTED]> on Wed, 19 Jan 2005 22:35:46 +0900, Joel <[EMAIL
PROTECTED]> said:
rees> On the question of using certificates to sign vs. using keys to
rees> sign, could I ask for one more clarification --
rees>
rees> If, for the sake of argument, I made a key for CA use, signed
Hello!
It seems to me I've found a bug in openssl req command.
I use a 2005-01-17 snapshot of 0.9.8 branch.
openssl is configured with libefence in debug mode with
./config -d shared.
In my script I load fake engine looking like simplified rsaref demo, but
registering its own cipher algorithm vi
Alok wrote:
[...]
lets take PKI out for a moment and talk simple block encryption,
given that you know
a. the message or the 1st few bits in it
b. the set of possible block algorithms used to encrypt
Can you determine session key?
If it would be known to be possible this would not be a algorithm
> * Alok wrote:
>
> > A bit off the thread...
> > Ever wondered if one can break PKI given that the 1st request to a
server is
> > mostly GET / in https?
>
> The "GET /HTTP/1.0" is done using a symetric cipher like RC2 or RC4 etc.
> The PKI is only used to transfer the symetric key between hosts
Thanks, Ted and Richard, especially for going to the effort of
deciphering my English.
(One of these days I'll learn how to type fast and be lucid at the same
time.)
On the question of using certificates to sign vs. using keys to sign,
could I ask for one more clarification -
In message <[EMAIL PROTECTED]> on Wed, 19 Jan 2005 11:47:25 +, Shaun
Lipscombe <[EMAIL PROTECTED]> said:
shaun.lipscombe> At least with SSL you have a single entity at the top,
shaun.lipscombe> in OpenPGP etc you have a "web of trust" and "key
shaun.lipscombe> signing parties" and lots of oth
A bit off the thread...
Ever wondered if one can break PKI given that the 1st request to a server is
mostly GET / in https?
Any ideas?
- Original Message -
From: "Shaun Lipscombe" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, January 19, 2005 4:57 AM
Subject: Even CA's make mistakes..
> In
Joel,
you seem to be a bit confused about PKI matters, and among others
what's considered private and what's considered public.
Let me start with the private vs. public part: private keys are
designed to be kept private by the owner. Certificates (which contain
the public key) are designed to b
Joel wrote:
>Sorry, I wasn't clear in my question. (I'm confused, I know.)
>
>(And thanks for trying to help a confused newb. ;-)
>[...]
>
>
>What I'm trying to ask, if I can get it right this time, is whether a
>root CA will be passing its own self-signed certificate out.
>
>
Ahh, now I thin
From a newb who has way too much theory and too little practical --
> >The data is no less secure true.. but the authentication is much easier
> >for someone to fake since the certificate chain doesn't go through a
> >trusted third party (Root CA) the person says "This is me. End of st
R. Markham wrote:
The data is no less secure true.. but the authentication is much easier
for someone to fake since the certificate chain doesn't go through a
trusted third party (Root CA) the person says "This is me. End of story"
and you choose whether you believe it or not.
Hi Shaun,
I d
Sorry, I wasn't clear in my question. (I'm confused, I know.)
(And thanks for trying to help a confused newb. ;-)
On Wed, 19 Jan 2005 16:27:10 +0900
Joel <[EMAIL PROTECTED]> mumbled unintelligibly:
> Had another newbie type question --
>
> When reading about how to se
I did it:
--
//
// the connection is already established (with ssl_accept)
//
BIO *internal_bio, *network_bio, *ssl_bio;
int iDataLen;
//
// let's create a new bio pair and the ssl bio
// the internal_bio is not directly used.
//
BIO_new_bio_pair(&internal_bio,0,&network_bio,0);
ssl_bi
* R. Markham wrote:
> I don't understand why is a root CA which everybody can download from the
> internet is more secure than if I use my own CA. I want to make it clear I
> am not against using Certificates from an official CA. But in some cases you
> can save your money as a expenses for the ce
Hi Richard,
How else do you authenticate the "originator of the certificate"
I dont know if you really want to read it up but I found the concept in:
http://theory.lcs.mit.edu/~cis/pubs/rivest/rsapaper.ps
an explaination to the same.
It tells you why an assymetric keypair like RSA is used/needed
>The data is no less secure true.. but the authentication is much easier
>for someone to fake since the certificate chain doesn't go through a
>trusted third party (Root CA) the person says "This is me. End of story"
>and you choose whether you believe it or not.
Hi Shaun,
I don't understand wh
Hi,
I am using RSA encryption and decryption in my projects. If I do encryption
continuously in loop I am not getting the desired results. Should there be any
delay between calling RSA_public_encrypt.
Thank in advance
S.Suresh
__
R. Markham wrote:
Hi Ted,
using a self signed certificate doesn't mean your connection is less secure.
It is only people are going to use your web pages because they get a warning
that the certificate is not certified b a CA. But with openssl you can use
the same routine to generate your certificat
But how do you guarantee that the web server is "who he says he is"?
Iin theory, an ISP could, hack up a DNS to point to my local server. What
verifies that the machine I am connecting to is indeed that machine which it
claims to be?
- Original Message -
From: "R. Markham" <[EMAIL PROTECT
Hi Ted,
using a self signed certificate doesn't mean your connection is less secure.
It is only people are going to use your web pages because they get a warning
that the certificate is not certified b a CA. But with openssl you can use
the same routine to generate your certificate like a CA.
Reg
Hi,
I am using RSA encryption and decryption in my projects. If I do encryption
continuously in loop I am not getting the desired results. Should there be any
delay between calling RSA_public_encrypt.
Thank in advance
S.Suresh
- Original Message -
From: Serge <[EMAIL PROTECTED]>
Date: M
Joel wrote:
>Had another newbie type question --
>
>
>When reading about how to set up a self-signed web server, the docs I
>read indicate there is a need for two certificates -- one being a
>self-signed certificate for the entity certifying the server, and the
>other being the certificate the w
25 matches
Mail list logo
