Hi,
My code is using the FIPS capable openssl (0.9.8j) in FIPS Mode.
X509_get_pub_key function is used to retrieve the public key from a signing
certificate.
pubKey = X509_get_pubkey(x509Cert);
The returned pubKey has the FIPS ALLOW Flag set :
if((pubKey-pkey.rsa)-flags
Hi,
My code is using the FIPS capable openssl (0.9.8j) in FIPS Mode.
X509_get_pub_key function is used to retrieve the public key from a signing
certificate.
pubKey = X509_get_pubkey(x509Cert);
The returned pubKey has the FIPS ALLOW Flag set :
if((pubKey-pkey.rsa)-flags
On Tue, Sep 22, 2009, Pankaj Aggarwal wrote:
Hi,
My code is using the FIPS capable openssl (0.9.8j) in FIPS Mode.
X509_get_pub_key function is used to retrieve the public key from a signing
certificate.
pubKey = X509_get_pubkey(x509Cert);
The returned pubKey has the FIPS ALLOW
thank you everyone. i got a better grasp on things now.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
Where can I get the SSL_set_cert_store patch to OpenSSL ?
Larry Strickland
Lead Systems Administrator
lawrence-strickl...@uiowa.edu
University of Iowa Hospitals and Clinics
From: owner-openssl-us...@openssl.org On Behalf Of Eystein Måløy Stenberg
Sent: Monday, 21 September, 2009 02:59
You nailed it.
gcc -I/usr/local/ssl/include -L/usr/local/ssl/lib aes.c -lcrypto
works perfectly.
However, on Red Hat, it compiles and links no matter where I
put the input file
From: owner-openssl-us...@openssl.org On Behalf Of David Schwartz
Sent: Monday, 21 September, 2009 19:48
Peter Wilkes wrote:
so we ran this with a 64 bit int and noticed that 128 bits
comes out.
can we safely ignore the other 64 bits? why are we getting
128 bits out?
we are using
I'm trying to understand how to use a pkcs#11 token/smartcard in
conjunction with openssl to authenticate an SSL client session. I'm
trying to find anything online showing how to stitch all this together
and just spinning around in circles, getting more confused.
The reference
Should SSL_set_tlsext_host_name convert the domain name to ACE as per
RFC4366 3.1 where it talks about IDNA (RFC 3490)?
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
I'm using OpenSSL to generate EC key pairs for use in an embedded application.
As such, I need to extract and use the raw key values, and I notice that the
length of the keys as displayed by OpenSSL are exactly one byte longer than
expected. I assume the first byte listed for both public and
Ok !!
Stephen, Could you tell me which RSA Sign Verfiy functions are available in
fips mode. The FIPS 140-2 Annexure A states that RSASSA-PKCS1-v1_5 and
RSASSA-PSS contained within PKCS#1 v2.1 can be used for sign/verify. What
are the corresponding OpenSSL function which should be used?
Pankaj
Hi Brian,
If so, what is it's purpose?
They are ASN.1 encoded integers. The leading '0' octect ensures the
value is interpreted as non-negative. See X.680.
Do You Yahoo!?
No.
Jeff
On Tue, Sep 22, 2009 at 9:47 PM, Brian Kuschak bkusc...@yahoo.com wrote:
I'm using OpenSSL to generate EC key
The leading 00 is there just to comply with DER encoding restrictions
-- otherwise, since the high bit is set, it would be interpereted as a
negative number. (For clarity, it is a very large positive integer.)
Besides, EC pairs are just numbers. The leading 00 does nothing to
change the
Thanks, I figured it was something like that. Two concerns, however:
1) Doing this in the DER-format binary file makes complete sense. Doing it for
a text-dump of the key values, where they are displayed as a string of hex
digits, doesn't, IMHO.
2) Sometimes the leading value is not 00. I've
On Wed, Sep 23, 2009 at 11:03:55AM +1000, Daniel Black wrote:
Should SSL_set_tlsext_host_name convert the domain name to ACE as per
RFC4366 3.1 where it talks about IDNA (RFC 3490)?
On the wire, domain names are always of the ASCII xn--mumble variety. The
corresponding Unicode is a matter
15 matches
Mail list logo
