Hello,
Is there a specification on the format of a BIGNUM that someone can
point me to?
Probably headers files.
Is there a standard encoding/format that everyone adheres to?
Probably not.
Or would different libraries have their own encodings? I hope not.
Most bignum libraries use their
Hi,
I used Entrust/Web Connector to generate client
certificate. It generated in raw DER format. Is there
anyway to convert to PKC#7 format?
Thanks in advance,
Mustafa
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection
I used Entrust/Web Connector to generate client
certificate. It generated in raw DER format. Is there
anyway to convert to PKC#7 format?
| openssl pkcs7 [options] infile outfile
| where options are
| -inform arg input format - DER or PEM
| -outform arg output format - DER or PEM
| -in
Hello Mustafa,
I used Entrust/Web Connector to generate client
certificate. It generated in raw DER format. Is there
anyway to convert to PKC#7 format?
PKCS#7 is a structure which comes in two forms PEM or DER. To convert a PEM
format PKCS#7 structure into a DER form issue the below
Hello
I couldn't find out how to get a PEM file if I have a https://url.
In Konqueror I am able to export certificates from Peer SSL Certificates tab,
but I'd like to be able to get it also with openssl command.
Thanks in advance :-)
Regards
--
Martin Zdila
Analyst/Developer
EpiSoftware
Hello,
I am confused. Please take a look at the attached
document. It gives me two options to create the
certificate and both are in PEM encoded but one is in
DER and the other one is in PKCS#7 format. According
to your statement, how could this be?
Thanks,
Mustafa
--- ViSolve Security
Hello Mustafa,
I am confused. Please take a look at the attached
document. It gives me two options to create the
certificate and both are in PEM encoded but one is in
DER and the other one is in PKCS#7 format. According
to your statement, how could this be?
Please make a note that the
hi
thanks for reply.
actually, i know about this method but i don't consider it as very clean.
any native method? :-)
On Tuesday 17 April 2007 13:32:36 Marek Marcola wrote:
Hello,
I couldn't find out how to get a PEM file if I have a https://url.
In Konqueror I am able to export
Hello,
I couldn't find out how to get a PEM file if I have a https://url.
In Konqueror I am able to export certificates from Peer SSL Certificates tab,
but I'd like to be able to get it also with openssl command.
After command:
% openssl s_client -connect url:443 -showcerts
Hi DS
How do we handle closure in openssl??? . I just call:
SSL_shutdown(ssl);
SSl_free(ssl);
close(sock);
then get out both in Serevr/Client, without waiting for receiving
close_notify from either sides. Could that cause memory leak ?? I have
called:
SSL_shutdown(ssl);
On 2007.04.17 at 16:17:03 +0200, M.Zdila/EpiSoftware Ltd. wrote:
hi
i would like to use it in bash script so the certificate would be saved to a
cert.pem and then imported to java keystore using keytool. possible?
Use openssl s_client command, and then something like sed or awk to
extract
On 2007.04.17 at 03:27:47 -0700, Mustafa Cayci wrote:
Hi,
I used Entrust/Web Connector to generate client
certificate. It generated in raw DER format. Is there
anyway to convert to PKC#7 format?
Thanks in advance,
PKCS7 format is not a certificate format. It is format of
Thanks for the reply. So I'm a bit confused as to how different crypto
packages interoperate. I've been having a problem with MS CryptoAPI
doing a DH key exchange with OpenSSL. There are some quirks such as
byte order, and a couple other things. But for the most part, I have it
working. But
On Tue, Apr 17, 2007 at 08:42:12AM -0700, Edward Chan wrote:
Thanks for the reply. So I'm a bit confused as to how different crypto
packages interoperate. I've been having a problem with MS CryptoAPI
doing a DH key exchange with OpenSSL. There are some quirks such as
byte order, and a
great. thanks victor.
i need this cert to import to keystore because that https is an webservice
with self signed certificate and i need axis to treat it as trusted.
On Tuesday 17 April 2007 17:15:04 Victor B. Wagner wrote:
On 2007.04.17 at 16:17:03 +0200, M.Zdila/EpiSoftware Ltd. wrote:
hi
hi
i would like to use it in bash script so the certificate would be saved to a
cert.pem and then imported to java keystore using keytool. possible?
thanks in advance
On Tuesday 17 April 2007 15:08:45 Marek Marcola wrote:
Hello,
actually, i know about this method but i don't consider it as
Hello,
actually, i know about this method but i don't consider it as very clean.
any native method? :-)
Yes :-)
From C you may establish SSL connection and get peer certificate with:
X509 *cert = SSL_get_peer_certificate(ssl);
Best regards,
--
Marek Marcola [EMAIL PROTECTED]
I went to www.microsoft.com and searched for IIS install
certificate. The first hit led me to:
http://msdn2.microsoft.com/en-us/library/ms751408.aspx
with step-by-step instructions. (Ignore the leading part about
'makecert', of course -- you already have a certificate.)
--
Mark H. Wood,
Edward Chan [EMAIL PROTECTED] wrote:
Thanks for the reply. So I'm a bit confused as to how different crypto
packages interoperate. I've been having a problem with MS CryptoAPI
doing a DH key exchange with OpenSSL. There are some quirks such as
byte order, and a couple other things. But
Right, I see what you're saying. I realize I'm not actually passing a
BIGNUM. Let me clarify, this is what I'm doing.
First I call DH_new() to get a new DH object.
Then I fill in the p g members of the DH obj with pre-generated prime
and generator.
Then I call DH_generate_key() which
Hi friends
Someone knows where I can find an implementation of a Threshold
secrect sharing ?
Best regards,
Geiza
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
On Tue, Apr 17, 2007, Edward Chan wrote:
Right, I see what you're saying. I realize I'm not actually passing a
BIGNUM. Let me clarify, this is what I'm doing.
First I call DH_new() to get a new DH object.
Then I fill in the p g members of the DH obj with pre-generated prime
and
Hello,
First I call DH_new() to get a new DH object.
Then I fill in the p g members of the DH obj with pre-generated prime
and generator.
Then I call DH_generate_key() which generates the pub_key and priv_key
pair.
I then do a BN_bn2bin() on the pub_key member to get a byte array
The problem with CryptoAPI is that it doesn't give you direct access to
the shared secret. But I suspect it is wrong since the
encryption/decryption fails (I encrypt something, and decrypt it, to
make sure it is the same as the original).
I agree that a format difference is unlikely. That's why
Arg, I'm still getting failures even though the pubkey computed by
openssl is not negative and padding is not required. Any other ideas?
I'm desperate. A year's supply of Guinness for the person who can help
here :)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
On Tue, Apr 17, 2007 at 11:15:23AM -0700, Edward Chan wrote:
BN_bn2bin(dh-pub_key, buf);
ReverseBytes(buf, size); // MS CAPI requires this in little-endian
Reversing the BER encoded bytes of a big endian integer does not yield
the BER encoding of the correspoding little-endian integer.
--
2007/4/10, Johans Taboada [EMAIL PROTECTED]:
Hi list, I ask for help please.
Still waiting...
DatabaseError: SSL error: cipher or hash unavailable\n
...
OperationalError: SSL error: cipher or hash unavailable\n
...
What does it really mean '''cipher or hash unavailable'''? (SSL Error
Hmm, that's interesting. Then why does this seem to work most of the
time?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni
Sent: Tuesday, April 17, 2007 11:32 AM
To: openssl-users@openssl.org
Subject: Re: BIGNUM library
On Tue, Apr 17,
On Tue, Apr 17, 2007 at 02:31:50PM -0400, Victor Duchovni wrote:
On Tue, Apr 17, 2007 at 11:15:23AM -0700, Edward Chan wrote:
BN_bn2bin(dh-pub_key, buf);
ReverseBytes(buf, size); // MS CAPI requires this in little-endian
Reversing the BER encoded bytes of a big endian integer does not
Honestly, I have no idea how CryptoAPI handles this stuff. And
documentation is hard to come by. But I can say that in the failure
cases I'm seeing, OpenSSL is indeed giving me back a positive BIGNUM.
So at least on our side it doesn't not appear to be a signed/unsigned
issue.
-Original
Hi DS
How do we handle closure in openssl??? . I just call:
[snip]
But sometimes I receive return 0 for both call. I do not know why, so I
just call one time
SSL_shutdown(ssl);
SSl_free(ssl);
close(sock);
Please help.
It depends on how you created the SSL connection in
On Tue, Apr 17, 2007, Edward Chan wrote:
The problem with CryptoAPI is that it doesn't give you direct access to
the shared secret. But I suspect it is wrong since the
encryption/decryption fails (I encrypt something, and decrypt it, to
make sure it is the same as the original).
It
32 matches
Mail list logo