RE: About ECC patent and OpenSSL ECC code

My opinion: 2 times 2 = 4 no matter what approach you take, and so no one can sue you to doing that Math. However, if someone comes up with a math logic (software, hardware, combo, whatever) that does the same operation in a superior way, then that is patentable. Similarly, ECC is based on (as th

Taking care of missing random number generator

Hello, I had sent this mail to the list some time back, and didnt hear back. So I am not sure if it even reached the group. Here is the second attempt. Any help/suggestion is highly appricited. ~ Urjit I observed that on few platforms, the random device is missing. Due to t

Re: ECC Usage - using OpenSSL as the server and/or client

for what its worth, s_server and s_client fully support EECDH > and ECDSA. And as mentioned, using openssl-SNAP-20080110.tar.gz and as yet unreleased, Postfix 2.6 code: Jan 11 00:25:51 amnesiac postfix/smtpd[11499]: Trusted TLS connection established from localhost[127.0.0.1

DTLS and memory BIO

Hi folks, I prefer to work with a memory BIO so that I can handle my own network transporting. With TLS, I'm able to use a memory BIO. However, I cannot determine if memory BIOs are supported with DTLS. I even recall trying to write a program this way a year or so ago without success, so I t

Re: About ECC patent and OpenSSL ECC code

Perhaps, and I'm not disagreeing, but for the most part, the crypto libraries have had ECC support for some time. I'm seeing vendors beginning to support ECC, and a couple of CAs discussing and preparing their CPs. Couple all this with the NIST/NSA Suite B recommendation to go there, it i

Re: ECC Usage - using OpenSSL as the server and/or client

And if you be a Python user, M2Crypto exposes ECC and the rest of OpenSSL to your program. On Jan 10, 2008, at 8:54 PM, Victor Duchovni wrote: On Thu, Jan 10, 2008 at 10:25:00PM -0500, Victor Duchovni wrote: Does 'openssl s_server' support this? Are there public ECC TLS implementations thi

Re: ECC Usage - using OpenSSL as the server and/or client

On Thu, Jan 10, 2008 at 10:25:00PM -0500, Victor Duchovni wrote: > > Does 'openssl s_server' support this? Are there public ECC TLS > > implementations this is known to interoperate with? > > OpenSSL s_server is a test tool, not an application. In 0.9.9 snapshot > builds, s_server support ECDSA,

Re: ECC Usage - using OpenSSL as the server and/or client

On Thu, Jan 10, 2008 at 05:37:47PM -0800, Rodney Thayer wrote: > >To enable ECDSA certs, just configure an additional cert/key pair in > >the server. You can configure up to 3 certficates, one RSA cert, one > >DSA cert and one ECDSA cert. The code for adding more certs is the > >same for RSA and D

Re: ECC Usage - using OpenSSL as the server and/or client

Victor Duchovni wrote: To enable EECDH on a TLSv1 server: SSL_CTX *server_ctx int nid; EC_KEY *ecdh; const char *curve; /* * Elliptic-Curve Diffie-Hellman parameters are either "named curves" * from RFC 4492 section 5.1.1, or explicitly described curves over

Re: About ECC patent and OpenSSL ECC code

As far as I'm concerned, ECC isn't a legitimate public key algorithm for enterprise use at this time because you can't buy a cert from a CA listed in a major browser where the cert uses ECC. Also, those of use who went through the onerous and in the end counterproductive experience of licensing R

Re: About ECC patent and OpenSSL ECC code

There is no substitute for legal counsel, but Tom had a summary that you might be interested in... http://libtom.org/pages/toorcon8_ecc_tstdenis.pdf See slides 24-27. Larry On Jan 10, 2008, at 2:25 PM, Anilkumar Bollineni wrote: Thanks a lot for the responses. Bill, I agree with you that

Re: unable to write 'Random State' e is 65537

"So the best practice is to simply avoid this difficult problem entirely." are you telling me not to encrypt those buttons at all ? Can you guys give me suggestions on how to deal with this or the best way to solve ? On Jan 10, 2008 11:48 AM, Victor Duchovni <[EMAIL PROTECTED]> wrote: > On Thu,

RE: About ECC patent and OpenSSL ECC code

Thanks a lot for the responses. Bill, I agree with you that the use of ECC is really matters here, the area where Certicom holds ECC patents. One of our application with respect to ECC that are planning to use ECDSA (Elliptic Curve DSA) signature based certificate generation/verification, sig

RE: About ECC patent and OpenSSL ECC code

I would characterize the Certicom patents as falling into 3 main categories: 1) patents relating to the use of ECC in very specific application circumstances This represents the bulk of Certicom patents. For these patents you will have to do your own research as they are dependent on

RE: About ECC patent and OpenSSL ECC code

Please, do the same for my userid too. [EMAIL PROTECTED] Thanks, Mohammed Rahman From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, January 10, 2008 4:06 PM To: openssl-users@openssl.org Subject: Re: About ECC patent and OpenSSL ECC code

Re: About ECC patent and OpenSSL ECC code

Hi Please remove my from mailing list. Thanks Sanjay This e-mail (and any attachment) has been sent from a PC belonging to DSG Retail Limited (Registered No 504877) or another compa

Re: ECC Usage

On Thu, Jan 10, 2008 at 07:30:05PM +0200, Sateesh Babu wrote: > Hi, > > Could anyone point me to the usage (API, tutorial, documentation...) > for Elliptical Curve Cryptography in OpenSSL? I could not find any > references in the OpenSSL website for the same. > Support for ECC is by default dis

Re: About ECC patent and OpenSSL ECC code

As a followup you might ask your lawyers to verify if the NSA license is applicable to you. It is my understanding that they may only be applicable when your product is running in a FIPS-140-2 verified mode. Meaning that you have to go through the FIPS-140-2 verification etc before it wou

RE: About ECC patent and OpenSSL ECC code

Anil - There are a lot of legal issues surrounding the use of Certicom patented ECC code. One of the things that happened a couple of IETF meetings ago was that Certicom signed a letter allowing the use of some of their patents for things like TLS. However, there are a number of legal requirement

About ECC patent and OpenSSL ECC code

Hi there, I have a question on OpenSSL ECC (Elliptic Curve Cryptography) code. I saw that Sun systems has donated the the ECCcode to OpenSSL. Also I saw that Certicom has held 130 patents in ECC area and finally NSA has licensed that code. Suppose if I download the code from the OpenSSL

Re: PKCS 1.0 protocol

Hello, > I would like to know if I can find the protocol for padding > a 16 bytes to 128 bytes with PKCS 1.0. > If there is also a source code, it can be also fine. This padding for RSA is documented in PKCS#1: RSA Cryptography Standard document which may be downloaded from Internet. (encryption/d

Re: CMP server-side support

Hi Rowland, so far, CMP is not supported in official releases of OpenSSL at all. As you're interested in that field, please have a look if my ongoing attempt to implement the client side of CMP for OpenSSL can help you in any way. Directions how to obtain the full source via SVN are available on

Re: unable to write 'Random State' e is 65537

They can mimic the page even if you obscure the button code and variables. Someday people will realize that phishing, redirects, cross-site scripting etc. are problems of authenticity, not encryption. Anyone can get a site certificate and mimic your site. That includes an "EV" certificate that

ECC Usage

Hi, Could anyone point me to the usage (API, tutorial, documentation...) for Elliptical Curve Cryptography in OpenSSL? I could not find any references in the OpenSSL website for the same. Thanks in advance, Sateesh __ OpenSSL Pro

Re: unable to write 'Random State' e is 65537

On Thu, Jan 10, 2008 at 11:41:54AM -0500, deep sky wrote: > The variables in the html code can be viewed and someone can mimic the page > and change the price and stuffs. Don't store sensitive state in hidden form fileds pushed to the user's browser. Merely encrypting the data is not a sufficient

Re: unable to write 'Random State' e is 65537

The variables in the html code can be viewed and someone can mimic the page and change the price and stuffs. On Jan 9, 2008 5:01 PM, Wes Kussmaul <[EMAIL PROTECTED]> wrote: > > Why? > > What is revealed? > > deep sky wrote: > > The add to cart Button codes are in html and can be viewed by everyon

Re: SSL_read reads 0 bytes after SSL_write/SSL_read/SSL_write

Hello, > I use openssl to work with apache server via https. > But I see a strange situation when second and third calls to send() in my test-case read > 0 bytes from socket. > Can you provide here any help? You should not use names like "send" in your program. send() is already defined system cal

CMP server-side support

Does OpenSSL support the CMP protocol on the server-side for certificate request/generation? Thanks, Rowland __ OpenSSL Project http://www.openssl.org User Support Mailing List

SSL_read reads 0 bytes after SSL_write/SSL_read/SSL_write

Hello! I use openssl to work with apache server via https. But I see a strange situation when second and third calls to send() in my test-case read 0 bytes from socket. Can you provide here any help? I use 'Fedora Core 7 x86' and openssl-0.9.8e. Thanks! -Dima #include #include #include #inclu

Re: unable to write 'Random State' e is 65537

Why? What is revealed? deep sky wrote: The add to cart Button codes are in html and can be viewed by everyone. so, I need to encrypt them. On Jan 8, 2008 2:30 PM, Wes Kussmaul <[EMAIL PROTECTED] > wrote: deep sky wrote: > Can you elaborate a little bit m

Re: unable to write 'Random State' e is 65537

Why? deep sky wrote: The add to cart Button codes are in html and can be viewed by everyone. so, I need to encrypt them. On Jan 8, 2008 2:30 PM, Wes Kussmaul <[EMAIL PROTECTED] > wrote: deep sky wrote: > Can you elaborate a little bit more cause I'm totally new to this > op

PKCS 1.0 protocol

Hi Everyone, I would like to know if I can find the protocol for padding a 16 bytes to 128 bytes with PKCS 1.0. If there is also a source code, it can be also fine. Thanks, LB __ OpenSSL Project