* Michael Sierchio wrote on Tue, Mar 18, 2008 at 17:01 -0700:
... It specifies things that third parties can know and rely
on. Only the principal itself can know what it's actually
going to use the key for.
No, key usage restrictions are certainly within the realm of
what a CA will bake
Hi,
I have a problem getting some values out of a PKCS#7-file.
I try to write a program that reads out some values from the file. The
PKCS7-file has the NID NID_pkcs7_signed and I have found the functions to call
for the hasalgorithmname and the certificates.
But I haven't found any to get the
Is signature means signature algoritham?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wockenfuß, Frank
Sent: Wednesday, March 19, 2008 2:48 PM
To: openssl-users@openssl.org
Subject: Getting Signature and Signaturetime out of PKCS7 Object
Hi,
I have a
No, not the algortihm. The created signature content, the data I need for
verification.
BTW, I've just found a way to get the signing time out of the PKCS7-object.
Frank Wockenfuß
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von
[EMAIL
Guess implemented this scenario in one of my project.
In that project we were using x509 certificates and got the signature data and
the what kind of algorithm they are using to encrypt the messages.
And the function X509_signature_print is used to get this data.
If u'r problem is on the same
It seems to go in the same direction.
I have a CMS-file(PKCS7) that was created while signing with a smartcard. It
also holds a X509 certificate with the public key of the signer. And it also
holds the signature.
Maybe you could tell me more details so I can try if this would help
Frank
lauding wrote:
Hi:
My system is centos 5.0, the openssl version is
openssl-0.9.8b-8.3.el5_0.2. which is installed by yum mod_ssl.
[snip]
AES_cbc_encrypt(szSorPlainText, szCipherText, iInputLen, key,
szIniVec, AES_ENCRYPT);
iCipherLen = strlen(szCipherText);
Your problem lies in
Hello,
I am confused about what I need to do to get a FIPS compliant openssl
installation. Do I just build an openssl distribution from openssl-0.9.7m
.tar.gz or later, with ./config fips --OR do I have to ALSO build
openssl-fips-1.1.2.tar.gz ? WHERE IS THE HOWTO?!?!
3269831 Dec 1 00:25:33
Ed Tred wrote:
Hello,
I am confused about what I need to do to get a FIPS compliant openssl
installation. Do I just build an openssl distribution from
openssl-0.9.7m .tar.gz or later, with ./config fips --OR do I have to
ALSO build openssl-fips-1.1.2.tar.gz ? WHERE IS THE HOWTO?!?!
Thanks for the write-up. ( I knew I'd get some reaction ;) )
I've worked ahead and provided my OS dependant flags via the Makefile
changes. Resolving my fllag issues allowed for successful compilation.
My main idea was to follow the convention for OpenSSL in order to add new
David, thanks for your comments.
I didn't give any details because I wasn't looking for the answer to my
specific errors. Rather, I was looking for general answers to the proper
area(s) to incorporate Endianness flags, 32bit flags and other flags within
the package.
Ger, has pointed out to look
Hello,
Could someone give the proper procedure to build openssl with FIPS enabled? I
tried to just grab the
openssl-fips-1.1.2.tar.gz file, unzip, untar, and config, make, BUT I get the
below error... I see some people say you must already have an openssl package
installed that support
Hi,
I have compiled my own copy of openssl, installed in my home
directory. It was initially required due to rails on ruby
requirements.
Well, after the initial setup, rails works fine. Lately I have started
a bit of ssh and svn usage and every time I invoke a command that uses
ssl libraries
Steffen DETTMER wrote:
For operational, administrative and forensic concerns I think it
is important to know the key generation time as well as who
generated it in exactly which way, who gave the key to whom when
and why and so on - maybe even including a transactional log of
every key usage
Did you do
./config fips
And not other options? I think you might get errors like that if you
added the option shared, which is expressly prohibited in the user
guide.
Bill
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ed snooper
Hi,
I've tried to build FIPS compliant libeay32.dll with MSVC but with no success.
The minGW/gcc objects (fipscanister.o, etc.) crashes MSVC 6.x and 8.x linkers.
MSVC 9.0 is able to build the dll, but it is not a valid dll and cannot be
loaded by premain_dso.
Is it possible to make
Hi,
I have setup an SSL server that works fine up to 400 connected clients.
When I try to have more then 400 clients, then my server hangs in the
SSL_accept call This happens very randomly, sometimes beyond 1000
connected clients...
The server is dead once this happen and no other client
On Wed, Mar 19, 2008, Ming Rutar wrote:
Hi,
I've tried to build FIPS compliant libeay32.dll with MSVC but with no
success. The minGW/gcc objects (fipscanister.o, etc.) crashes MSVC 6.x and
8.x linkers. MSVC 9.0 is able to build the dll, but it is not a valid dll and
cannot be loaded by
On Wed, Mar 19, 2008 at 10:45 AM, Michael Sierchio [EMAIL PROTECTED] wrote:
Steffen DETTMER wrote:
For operational, administrative and forensic concerns I think it
is important to know the key generation time as well as who
generated it in exactly which way, who gave the key to whom
On Tue, Mar 18, 2008 at 5:01 PM, Michael Sierchio [EMAIL PROTECTED] wrote:
Kyle Hamilton wrote:
Certificate issuance is a statement of identity binding for a given
key at a given assurance. No more, no less.
No, it isn't. It's often more.
Such as...?
A CA does not and cannot
Michael Sierchio wrote:
I'm not suggesting that this isn't useful, just that it is not
a defect that it isn't part of the key format itself.
That may or may not be true, but none of your arguments support this point.
I'm learning towards a belief that it is a defect, but I am not thoroughly
21 matches
Mail list logo
