Re: EVP_Open* with a public key

2009-07-24 Thread Jeremy R.
Thanks for your reply, first of all. I'm by no means an expert in cryptography (and obviously not on OpenSSL), and I'd appreciate any insight you can provide. On 24-Jul-09, at 7:14 PM, David Schwartz wrote: Jeremy R. wrote: I'm writing a client application that needs to verify some conte

RE: EVP_Open* with a public key

2009-07-24 Thread David Schwartz
Jeremy R. wrote: > I'm writing a client application that needs to verify some content > from a server. I've generated an RSA key pair: the private key for the > server and the public key for the client. Okay. > I also would like the data to be encrypted, so I'm trying to use > EVP_OpenInit on t

RE: cannot create openssl master certificate on my Exchange2007 Server!Help needed!

2009-07-24 Thread Dave Thompson
> From: owner-openssl-us...@openssl.org On Behalf Of javierm > Sent: Tuesday, 21 July, 2009 10:02 > To: openssl-users@openssl.org > Subject: Re: cannot create openssl master certificate on my > Exchange2007 Server!Help needed! > > > Check the man pages (man req), the -x509 option is for a self

EVP_Open* with a public key

2009-07-24 Thread Jeremy R.
I'm writing a client application that needs to verify some content from a server. I've generated an RSA key pair: the private key for the server and the public key for the client. I also would like the data to be encrypted, so I'm trying to use EVP_OpenInit on the receiving end to do my dec

Re: Assertion failure

2009-07-24 Thread Dr. Stephen Henson
On Fri, Jul 24, 2009, Michael Kurecka wrote: > I did not see anything which I assume means I am using the standard > libssl. How do I correct this? Well it is part of the link process when you build the application. It needs to link and use the version of libssl in the 0.9.8k distribution and not

Re: Assertion failure

2009-07-24 Thread Michael Kurecka
I did not see anything which I assume means I am using the standard libssl. How do I correct this? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users

RE: HTTP Communication (2)

2009-07-24 Thread David Schwartz
Andrejs Igumenovs wrote: > The application use the following functions for non-secure communication: > intBIO_write(BIO *b, const void *data, int len); > intBIO_read(BIO *b, void *data, int len); > calling them one by one. > The issue is that BIO_write() succeeds and returns the proper v

Re: Assertion failure

2009-07-24 Thread Dr. Stephen Henson
On Fri, Jul 24, 2009, Michael Kurecka wrote: > I finally succeeded in adding debug to openssl, but it doesn't seem to > be working completely. I was able to set the breakpoint at the point > you mentioned Dr. Henson but I'm not sure how that will tell me what > is being called. I am not able to br

Re: Query regarding openssl-fips-1.2.tar.gz

2009-07-24 Thread Kyle Hamilton
No. Unless you can coerce the build tool into conforming to the userland build system's commandlines, anyway. -Kyle H On Fri, Jul 24, 2009 at 6:14 AM, Aggarwal, Pankaj wrote: > Hi, > > > > I have a question regarding openssl-fips-1.2.tar.gz. > > I have built the fipscanister.lib from this distri

Re: Assertion failure

2009-07-24 Thread Michael Kurecka
I finally succeeded in adding debug to openssl, but it doesn't seem to be working completely. I was able to set the breakpoint at the point you mentioned Dr. Henson but I'm not sure how that will tell me what is being called. I am not able to break on ssl3_init_finished_mac, ssl3_connect or SSL_con

Query regarding openssl-fips-1.2.tar.gz

2009-07-24 Thread Aggarwal, Pankaj
Hi, I have a question regarding openssl-fips-1.2.tar.gz. I have built the fipscanister.lib from this distribution on windows. I want to use the fipscanister.lib in windows kernel driver. The Security Policy doesn't allow any modification to

Re: Assertion failure

2009-07-24 Thread Dr. Stephen Henson
On Fri, Jul 24, 2009, Michael Kurecka wrote: > Failed again with a different error: > Erk, OK. I'd suggest starting with linux-generic32 and deleting -fomit-frame-pointer and -O3 from Makefile and adding -g Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support

Re: Assertion failure

2009-07-24 Thread Dr. Stephen Henson
On Fri, Jul 24, 2009, Michael Kurecka wrote: > Dr. Henson, > I tried the change for MD5 you mentioned of using the EVP interface, > but it isn't working as I am getting the forbidden algorithm error. Below > is the new code. The init is passing but it is failing on the update. I > noticed t

Re: Assertion failure

2009-07-24 Thread Michael Kurecka
Dr. Henson, I tried the change for MD5 you mentioned of using the EVP interface, but it isn't working as I am getting the forbidden algorithm error. Below is the new code. The init is passing but it is failing on the update. I noticed that the flag is cleared after the init so I set the EVP_

Re: Assertion failure

2009-07-24 Thread Michael Kurecka
Failed again with a different error: make[1]: Entering directory `/usr/src/openssl/crypto' ( echo "#ifndef MK1MF_BUILD"; \ echo ' /* auto-generated by crypto/Makefile for crypto/cversion.c */'; \ echo ' #define CFLAGS "gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_

HTTP Communication (3)

2009-07-24 Thread Andrejs Igumenovs
After calling BIO_read() the result is allways the following: + buf 0x0012d2cc "" rc 7

Re: How to create a non exportable private key certificate using openssl

2009-07-24 Thread Emanuele Cesena
On Wed, 2009-07-15 at 13:25 +0200, Dr. Stephen Henson wrote: > A possibility would be to use a PKCS#11 soft-token which wont export keys. I'm > not aware of any such thing but it could be done. It would need to encrypt > it's key database in such a way that it would only work on one PC. > I sugges

Re: ECDSA Encryption

2009-07-24 Thread Emanuele Cesena
On Thu, 2009-07-23 at 09:07 -0400, Bram Cymet wrote: > Is it possible to use openssl to do ecdsa encryption/decryption and if > so how? Or can someone recommend a linux command line tool that would? > ECDSA is Elliptic Curve Digital **Signature** Algorithm, hence you can only sign/verify with this