Hi,
I couldnt get a documentation for ASN1_INTEGER_set(). Just want to
know the significance of the second argument of this function. What is the
difference when I provide 0 and PKCS12_DEFAULT_ITER for it?
Thanks and Regards
-Sanjith
Hi,
I can set a certificate version using function X509_set_version().
Can some one give me a reference to different certificate versions that are
available and the significance of each version number.
-Thanks and Regards,
-Sanjith.
Silviu Vlascaenu wrote:
> I am developing an application which also has some CA functions.
> The application knows the public key, KpC, of a client which has
> a priori proven to this app the possession of KpC through an
> out-of-band mean. Therefore, when the application "calls" the CA
> functio
X.509 refers to the certificate version. 0 == version 1, 1 == version
2, 2 == version 3.
Version 1 certificates have no means for any extensions.
Version 2 certificates are CRLs.
Version 3 certificates are the current norm, and most likely what you want.
The best reference currently is RFC5280,
To reformulate,
Is there a way to generate a certificate without a proof of possession?
Thanks.
2008/8/18 Silviu VLASCEANU <[EMAIL PROTECTED]>
> Hello,
>
> I am developing an application which also has some CA functions. The
> application knows the public key, KpC, of a client which has a prior
Hodie XIV Kal. Sep. MMVIII est, Kyle Hamilton scripsit:
> X.509 refers to the certificate version. 0 == version 1, 1 == version
> 2, 2 == version 3.
>
> Version 1 certificates have no means for any extensions.
> Version 2 certificates are CRLs.
?
Version 2 certificates have "issuerUniqueIdentif
Silviu Vlasceanu wrote:
> To reformulate,
> Is there a way to generate a certificate without a proof of possession?
> Thanks.
Absolutely. Just stuff all the fields that you want into the certificate and
sign it. Simply take the fields from wherever you have them rather than from
the CSR.
Yo
--- On Fri, 8/15/08, Ger Hobbelt <[EMAIL PROTECTED]> wrote:
> Ahh... This brings back memories... I had to do the same
> 'selective compilation' back before 2000 when the USA would
> prohibit cipher export at 128 bit and beyond unless you had a
> specific license.
Ger,
Many thanks for taking
Thanks for your answer, David. Let me explain some more of my problem.
The reason for not wanting to make a "usual" CSR is that my client is not
able to send the CSR to the server (CA) app. In fact, I am extending an
existing communication protocol, where I keep the already defined message
types a
Hi All
I have been using this API to dump in my statistics logs whether the
SSL session is reused or not in a windows openSSL based client.
Everything was good till i was using 9.7e. The session reuse works
fine and the logs were correctly showing session reused as 1 and
sniffer traces reconfirm
Silviu VLASCEANU wrote:
Hello,
I am developing an application which also has some CA functions. The
application knows the public key, KpC, of a client which has a priori
proven to this app the possession of KpC through an out-of-band mean.
Therefore, when the application "calls" the CA functi
What you're saying is this:
1) You know who the principal is (and therefore the CN to stick into
your certificate), due to your pre-existing protocol.
2) You know what the public key is, also due to your pre-existing protocol.
3) You've already verified the proof of possession of the private key
(
> The only thing that I need is to certify the public key of
> the client by the server, therefore the common name and
> related infos are not used and have no meaning in this
> context. Moreover, the certification chain is local/private,
> so it does not involve interactions with external (public
Well, I got this working, although I there are several things that
don't seem to work they way they should. Short summary: Must use
perl function private_encrypt() instead of sign(), even though, to
generate the same signature, the command-line tool must use -sign.
Must use the SHA1 dige
In the man page for rsautl, OpenSSL 0.9.7l in Mac OS X, I read this
"Note" at the bottom:
"rsautl because it uses the RSA algorithm directly can only be used to
sign or verify small pieces of data."
That seems to imply that there is a better alternative to rsautl for
signing. What is it?
Hello
Ihave got one question:
Does exist some way how to compute all attributes of private key from
modulus and private exponent?
I think as public exponent, prime1, prime2, exp1, exp2...
Thanks
--
View this message in context:
http://www.nabble.com/How-to-compute-all-attributes-of-RSA-privat
16 matches
Mail list logo