Doesn't what you suggest create a headache? Every time I want to
decrypt an
old message I sent or I received, or a file, I will need to
change the mail
client configuration and point it to another private key.
One would hope your mail client will allow you to keep any number of key
Hello Mick:
Mick wrote:
snip
Yes it does. Keeping the same private key and generating new public key with
it seems to be a sensible thing to do from a practical point of view.
Be careful - first of all - you can't generate a new public key - you
can generate a new certificate request, but
On Sat, Mar 15, 2008 at 11:36 PM, David Schwartz [EMAIL PROTECTED] wrote:
For example, suppose I create a public/private keypair that I don't think
anyone can break for 50 years. If I make the certificate valid for 30 years
because of this, it would obviously be a bad idea to keep the same
On Sunday 16 March 2008, David Schwartz wrote:
Doesn't what you suggest create a headache? Every time I want to
decrypt an
old message I sent or I received, or a file, I will need to
change the mail
client configuration and point it to another private key.
One would hope your mail
Hello,
I ceated the debug version of ssleay32.dll and libeay32.dll. I have an
application compiled with VS2005 (MTD). How can I link the source code of
Openssl to my application with VS2005?
Thanks!
_
Express yourself instantly
I use VS2005 to create a private RSA key. But I always get the error from the
file setmode.c line 58: Expression: (_osfile(fh)FOPEN) --Debug assertion
failed
RSA *r =NULL;
int bits=512;
unsigned long e=RSA_3;
FILE *privateKeyFile;
r=RSA_generate_key(bits,e,NULL,NULL);
Arguably, you shouldn't do it even once, because it's extremely easy
to fall into the pattern of one key and one key only in the systems
design or implementation. I can't remember who coined the phrase, but
it's not good crypto hygeine.
I have argued many times that not including the
Patrick Patterson wrote:
Actually, what you care about are the keys associated with the certificate.
For encryption, you've got content that is encrypted with the public key, and
decryptable only with the private key. Since the certificate is your public
key signed by some Certificate
David Schwartz wrote:
Arguably, you shouldn't do it even once, because it's extremely easy
to fall into the pattern of one key and one key only in the systems
design or implementation. I can't remember who coined the phrase, but
it's not good crypto hygeine.
I have argued many times that not
Main, James J Civ USAF AMC DET 3 AMCAOS/DOHJ wrote:
Is there a driver available for MAC using ActivClient CAC 6.1? If so
where is it available.
Hey, Jim -
does ActivClient present itself as a cryptosystem service, a la
PKCS#11 or Microsoft's Smart Card interface?
Regards.
- Michael
David Schwartz wrote:
Arguably, you shouldn't do it even once, because it's extremely easy
to fall into the pattern of one key and one key only in the systems
design or implementation. I can't remember who coined the phrase, but
it's not good crypto hygeine.
I have argued many times that not
I have argued many times that not including the creation date
in every private key data format was a *huge* mistake.
Furthermore --
How do you know what time it is? How do I know you know what time
it is? Do I trust you to put the correct time, or even a monotically
increasing
David Schwartz wrote:
If you can't trust the system that generates and stores your private key,
you're screwed anyway. So I don't see that this argument has any validity.
A timestamp is not an attribute of a private key. It's utterly
irrelevant. If your purpose is to require that new
On Sun, Mar 16, 2008 at 10:44 PM, David Schwartz [EMAIL PROTECTED] wrote:
If you can't trust the system that generates and stores your private key,
you're screwed anyway. So I don't see that this argument has any validity.
The issue is 'who is trusting what?'
David's apparent statement is
14 matches
Mail list logo