Re: AES cbc? How to Init Openssl?

I have some question too. I whould appreciate any help! Why is the initial vector (ivec) needed? I see by reading the openssl code that it is used for xoring with the input before encrypting, but from what I see in other resources, this is not a part of the Rijndael algorithm (It is not the AddRo

Re: AES cbc? How to Init Openssl?

Hello, > Why is the initial vector (ivec) needed? This is part of CBC mode. This mode does not depend on used block encryption algorithm. Look at: http://en.wikipedia.org/wiki/Cipher_block_chaining As you see, there is no information of AES or DES, this is only mode of operation > I see by reading

Re: AES cbc? How to Init Openssl?

Ok, now it's much clearer! Thank you very much, Marek, that helped me a lot. Marek Marcola wrote: > > Hello, >> Why is the initial vector (ivec) needed? > This is part of CBC mode. This mode does not depend on used block > encryption algorithm. Look at: > http://en.wikipedia.org/wiki/Cipher_bl

Rogue ciphersuite disabled since 0.9.8c

Hi all, working with Apache mod_ssl and different versions of Openssl, I've realized that since version 0.9.8c, the ciphersuites called "rogue" have been disabled. I've read changelog but I can't understand the reason. I'm interested in using a 56-bit cipher algorithm between my Apache server and t

Public encryption and showing certificate to the server

Our server application expects from connecting clients to show their certificate to checks their CN,OU and decide what permissions to allow for that client I generated a client certificate and embedded encrypted private key in it. Everything works. But now I want to avoid using private key of

Re: Public encryption and showing certificate to the server

On Mon, Sep 17, 2007 at 05:43:16AM -0700, avizel wrote: > > Our server application expects from connecting clients to show their > certificate to checks their CN,OU and decide what permissions to allow for > that client > > I generated a client certificate and embedded encrypted private key in

RE: [openssl-users] Bad CRL being generated - Help

I have now excluded the issuer from both the end entity cert and the crl. So only keyid is being injected. The result is the same, both IE and FF report an error that the crl is invalid. Here is what I am using in the extensions config file for the crl:

Re: Rogue ciphersuite disabled since 0.9.8c

On Mon, Sep 17, 2007, Besbello wrote: > Hi all, > working with Apache mod_ssl and different versions of Openssl, I've realized > that since version 0.9.8c, the ciphersuites called "rogue" have been > disabled. > I've read changelog but I can't understand the reason. > I'm interested in using a 56-

RE: Public encryption and showing certificate to the server

> Our server application expects from connecting clients to show their > certificate to checks their CN,OU and decide what permissions to allow for > that client > I generated a client certificate and embedded encrypted private key in it. > Everything works. Gret. > But now I want to avoid usi

0.9.8e: SIGILL in test tx509 (I have read the FAQ)

Hello, I'm running make test on openssl-0.9.8e built under linux and getting an illegal instruction in the tx509 test, both with and without the no-sse2 build option: $ bash -x ./tx509 + cmd='../util/shlib_wrap.sh ../apps/openssl x509' + '[' x '!=' x ']' + t=testx509.pem + echo testing X509 conver