On Tue, Dec 05, 2006, Olivier Mascia wrote:
> Dear,
>
> Using current OpenSSL version (0.9.8d), which of:
> DH_generate_parameters
> DH_generate_parameters_ex
> should better be used in new code?
>
> Documentation pages do not refer to the _ex version, yet dh.h shows:
>
> >/* Deprec
Steve,
Thanks for the help. I finally got this working and figured I'd reply here
for posterity's sake.
I found a Java implementation of EVP_BytesToKey() in the JRuby code and
borrowed it. I ran the password through it and the key and IV I got back
didn't mach what openssl enc -d -des -p showe
> The difficulty for the end user here is that the little lock icon is
> overloaded: it is taken to mean both "session is secured against
> spying" AND "session is with a trusted partner". One could argue that
> this confounds authentication (verifying the cert.) and authorization
> (asserting tr
Can anybody point me to some examples on how to use AES-128 in counter
mode? Is this supported thru the EVP interface, or do I need to use the
lower-level API's, such as AES_128ctr_encrypt/decrypt()?
Also, looking at the signature of these API's in aes.h, I don't see a
return code, or anything in
On Tue, Dec 05, 2006, Dan Ellis wrote:
> Looking at the code of X509_load_cert_crl_file (OpenSSL 0.9.7e), it
> seems that it will add any certificates found in the file to the trusted
> store, which is undesireable behaviour.
>
> What, then, is the correct way to load CRLs from a file containin
Dear,
Using current OpenSSL version (0.9.8d), which of:
DH_generate_parameters
DH_generate_parameters_ex
should better be used in new code?
Documentation pages do not refer to the _ex version, yet dh.h shows:
/* Deprecated version */
#ifndef OPENSSL_NO_DEPRECATED
DH *DH_gen
Whoops! This method only takes an InputStream on my LOCAL machine. :-$
PKCS8Key.decrypt( "DES", "CBC", dk, false, null, fin );
You'll need to replace that line with:
byte[] bytes = Util.streamToBytes( fin );
PKCS8Key.decrypt( "DES", "CBC", dk, false, null, bytes );
yours,
Julius
On 12/5
Looking at the code of X509_load_cert_crl_file (OpenSSL 0.9.7e), it
seems that it will add any certificates found in the file to the trusted
store, which is undesireable behaviour.
What, then, is the correct way to load CRLs from a file containing both
the CRLs themselves and any non-root cert
The difficulty for the end user here is that the little lock icon is
overloaded: it is taken to mean both "session is secured against
spying" AND "session is with a trusted partner". One could argue that
this confounds authentication (verifying the cert.) and authorization
(asserting trust of the
Hi, Marc,
If you download the "not-yet-commons-ssl.jar" I'm working on, you can
decrypt your file with the Java code I've included below. I tested using
Sun Java 1.4.2. Notice the password in the example:
char[] pwd = "secret".toCharArray();
http://juliusdavies.ca/commons-ssl/download.html
U
CHASTAIN, TIGE (CONTRACTOR) a e'crit :
> I was having problems building OpenSSL 0.9.7k on Solaris 9. The error
> was similar to problems other people have with building it on Solaris 9,
> but not exactly the same.
>
> The error is:
>
> installing fips-1.0...
[snip]
> I thought someone migh
On Tue, Dec 05, 2006, Reimer Karlsen-Masur, DFN-CERT wrote:
> Hi,
>
> is there a way to set bag attributes in PKCS#12 files using the openssl
> pkcs12 or any other openssl command? I searched the mailinglist archives
> and the openssl documentation but to no avail. It seems there once was a
> pat
Hi,
is there a way to set bag attributes in PKCS#12 files using the openssl
pkcs12 or any other openssl command? I searched the mailinglist archives
and the openssl documentation but to no avail. It seems there once was a
patch for openssl to get OID 1.3.6.1.4.1.311.17.2 into the bag attributes
bu
Hello,
> I try to understand RSA-OAEP with rsa_test.c and I have some questions about
> this file.
> 1. If the number is 1234567893456 in dec, that is 11F71FB11D0 in hec, how
> should I put it in the static unsigned char n[]?
> Should I put is as "\x1\x1F\x71\xFB\x11\xD0", I marked this one as orde
Dear,
Le 04-déc.-06 à 19:15, Victor Duchovni a écrit :
TLS includes anonymous cipher-suites (ADH) that do not require or use
server certificates. Postfix 2.3 clients using opportunistic TLS with
Postfix 2.3 (SMTP+STARTTLS) servers will use anonymous ciphers by
default, because SMTP server authe
15 matches
Mail list logo