Hello,
I am trying to decrypt a buffer whose size is a multiple of the padding
size (n * 16 bytes). But instead of getting the whole buffer as a result
from EVP_CipherUpdate() I only get InSize - PaddingSize decrypted
bytes. I get this behaviour with padding enabled and disabled. Is this
the
Hi,
Is there any way to specify the certificate extensions (when using req
and ca tools) directly on the command line rather than using the
-extensions argument? I am looking for a way where I can avoid using the
config file with the req and ca commands.
Thanks,
Sandeep
Hi,
Let me start with a disclaimer that i am not very experienced with openssl.
I have a requirement. In an enterprise all clients and servers communicate
over ssl. the certs in client and server are self signed.
There is one client application which talks to 100+ different services.
Currently
I found the problem with this was it was pkcs7
From: Hopkins, Nathan
Sent: 30 November 2011 18:52
To: openssl-users@openssl.org
Subject: RE: Unable to load certificate
When I try with ...-inform der I get ...
32328:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
I'm using the below commands to create a ca ...
openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -key ca.key -out ca.crt -days 730
... please can you advise how I can add a friendly name to this cert?
Wouldn't that be in your openssl.cnf file?
Thomas Floodeen, Jr.
Mentor Graphics BSD
720.494.1133
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Hopkins, Nathan
Sent: Thursday, December 01, 2011 1:25 PM
To: openssl-users@openssl.org
Subject: RE:
I had a look and couldn't see a place for it in openssl.cnf? Or at
least nothing listed under name or friendly name or similar?
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Floodeenjr, Thomas
Sent: 01 December 2011 20:33
To:
Hi!
I would like to turn off certificates and use anonymous DH for a DTLS
exchange. What flags do I use in the s_server and s_client programs?
I set the -nocert flag in s_server, but I am getting the error no cipher
suite exchanged.
Thanks!
On 12/1/2011 9:25 PM, Hopkins, Nathan wrote:
I’m using the below commands to create a ca …
openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -key ca.key -out ca.crt -days 730
**
… please can you advise how I can add a “friendly name” to this cert?
**
The Friendly name is the
I looked through the OID and couldn't see anything - I'm sure this must
be possible?
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Jakob Bohm
Sent: 01 December 2011 21:22
To: openssl-users@openssl.org
Subject: Re: Friendly
On 12/1/2011 6:33 PM, Rohit Bansal wrote:
Hi,
Let me start with a disclaimer that i am not very experienced with
openssl.
I have a requirement. In an enterprise all clients and servers
communicate over ssl. the certs in client and server are self signed.
There is one client application
Hi,
after you use the EVP_CipherUpdate(), you have to call the
EVP_CipherFinal() to encrypt the remaining bytes. Refer to the
documentation to see how to correctly pass the parameters:
http://www.openssl.org/docs/crypto/EVP_EncryptInit.html. The same goes for
the decryption.
I hope this help.
From: owner-openssl-us...@openssl.org On Behalf Of Jonas Schnelli
Sent: Wednesday, 30 November, 2011 09:57
I try to pre-calculate the size of a EVP_Seal encrypted buffer
(just the seal, exkl. keys). How do i precalculate that? I assume
with some blocksize stuff (i'm a
From: owner-openssl-us...@openssl.org On Behalf Of Ashok C
Sent: Wednesday, 30 November, 2011 00:51
Some more followup questions here:
In case of a server application, it is expected to send
the intermediate certificates to the client. And in this case,
On Thu, Dec 01, 2011, Hopkins, Nathan wrote:
I'm using the below commands to create a ca ...
openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -key ca.key -out ca.crt -days 730
... please can you advise how I can add a friendly name to this cert?
What do you mean by
From: owner-openssl-us...@openssl.org On Behalf Of Odomae Bro
Sent: Thursday, 01 December, 2011 16:17
I would like to turn off certificates and use anonymous DH for
a DTLS exchange. What flags do I use in the s_server and s_client
programs?
I set the -nocert
Hi Dave
Thanks for your reply. In the code for s_server and s_client, I manually
set cipher= aNULL and I still get the same error.
One thing to note is:
I used the built in s_server and s_client (command line) as follows and the
ssl connection is established.
openssl s_server -nocert -cipher
Hi Dave,
Keeping the things you have mentioned in mind, this is how it goes.
In server side, EE key is loaded using
SSL_CTX_use_RSAPrivateKey_file(ctx,eekeyfile,SSL_FILETYPE_PEM);
EE certificate is loaded using SSL_CTX_use_certificate_file(ctx,
eepemfile,SSL_FILETYPE_PEM);
And the intermediate
Hi,
Thanks for your reply.
I am aware of CipherFinal() but I wonder why CipherUpdate() writes
anything into the final buffer at all if the buffer size is a multiple
of the padding size. Additionally CipherFinal() fails if I call it
afterwards.
The documentation says as a result the
19 matches
Mail list logo