Thanks Marek. I will try the attached code in the attached files.
In many of the examples i have come across, i see IV is always being. Is it
not possible to use this API by setting IV to NULL? (As i understand for
CBC IV is a must) . In AES_Encrypt(), we don't use IV. Does this mean this
does stre
Thanks Ken for pointing out the mistake... after changing to
AES_Decrypt(), it worked but i still see issue when i print the
decrypted output as it has extra non-ascii characters in it.
Below is the input
unsigned char text[]="test12345678abc2";
After decryption, i get the following string: Decr
> From: owner-openssl-us...@openssl.org On Behalf Of (me)
> Sent: Wednesday, 28 March, 2012 20:45
> AES-OFB or AES-CFB or AES-OFB are stream modes [with no padding]
Sorry; I meant to write -OFB or -CFB or -CTR.
While I'm correcting, -GCM is also a (new) stream mode,
implemented in 1.0.1; it d
> From: owner-openssl-us...@openssl.org On Behalf Of Alex Chen
> Sent: Wednesday, 28 March, 2012 17:50
> When the padding is disabled by setting the padding size to 0
> in EVP_CIPHER_CTX_set_padding(), is the output data block
> size the same as the input block size?
> Will this reduce the encry
On 3/28/2012 11:49 PM, Alex Chen wrote:
When the padding is disabled by setting the padding size to 0 in
EVP_CIPHER_CTX_set_padding(), is the output data block size the same as the
input block size?
Will this reduce the encryption strength?
Padding doesn't change the block size at all.
Paddin
> From: owner-openssl-us...@openssl.org On Behalf Of pkumarn
> Sent: Monday, 26 March, 2012 01:52
> I was going through the RFC of AES and it does say we get the IV upon
> unwrapping . Check the below link
> http://www.ietf.org/rfc/rfc3394.txt
Not really. 2.2.3 says
In the final step of
> From: owner-openssl-us...@openssl.org On Behalf Of Prashanth kumar N
> Sent: Wednesday, 28 March, 2012 03:01
> As i read min AES block size is 128 bits which can go up to
> 256 bits in multiples of 32-bits. Is this correct?
No but almost. The *algorithm* Rijndael designed b
When the padding is disabled by setting the padding size to 0 in
EVP_CIPHER_CTX_set_padding(), is the output data block size the same as the
input block size?
Will this reduce the encryption strength?
Alex
__
OpenSSL Project
Hi,
I am implementing CRL feature for my application and was doing a proof of
concept using openSSL.
Here is what I did:
1. I used openssl commands to generate a v3 root CA certificate and also
the corresponding server certificate.
2. Now i revoked the server certificate using openssl co
Hello,
Maybe attached simple example will help.
Use:
# gcc -o evp_enc evp_enc.c -lcrypto
# cat /etc/group | ./evp_enc
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 03/28/2012 09:02:59 AM:
> Prashanth kumar N
> Sent by: owner-openssl-us...@openssl.org
>
> 03/28/
On Wed, Mar 28, 2012, Sanjay Rai wrote:
> Hi
> I am having an issue when I try OpenSSL initialization with corrupt
> configuration file. It basically kills my application, which should not be
> the case. Is there any way I can avoid this?
>
> Here is how I can repro this issue
>
> 1- Cr
Hi
I am having an issue when I try OpenSSL initialization with corrupt
configuration file. It basically kills my application, which should not be the
case. Is there any way I can avoid this?
Here is how I can repro this issue
1- Create a new file openssl.cf file with simply entry "aaa".
On Tue, Mar 27, 2012 at 8:26 PM, Ken Goldman wrote:
> On 3/27/2012 3:51 PM, Jakob Bohm wrote:
>
>> On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote:
>>
>>> You should really be using EVP instead of the low level routines.
>>> They are well documented with examples.
>>>
>> Where, precisely?
>>
>> I
On Wed, Mar 28, 2012, James Earl wrote:
> On Wed, Mar 28, 2012 at 10:16 AM, Dr. Stephen Henson
> wrote:
> > On Wed, Mar 28, 2012, James Earl wrote:
> >
> >> I recently had a timeout issue with a service provider we connect to
> >> over HTTPS. I found downgrading to OpenSSL 1.0.0 solved the prob
On Wed, Mar 28, 2012 at 10:16 AM, Dr. Stephen Henson wrote:
> On Wed, Mar 28, 2012, James Earl wrote:
>
>> I recently had a timeout issue with a service provider we connect to
>> over HTTPS. I found downgrading to OpenSSL 1.0.0 solved the problem.
>> I'm not sure how to determine if it's a bug, a
On Wed, Mar 28, 2012 at 3:03 AM, Prashanth kumar N
wrote:
> Jeff.. this is good idea... so are you going to start one?
No, this is something best left to the OpenSSL project. Otherwise,
you'll have a bunch of fractured documentation sprayed all over the
web.
Jeff
> On Wed, Mar 28, 2012 at 6:15 A
On Wed, Mar 28, 2012, James Earl wrote:
> I recently had a timeout issue with a service provider we connect to
> over HTTPS. I found downgrading to OpenSSL 1.0.0 solved the problem.
> I'm not sure how to determine if it's a bug, an Arch Linux package
> issue, or a problem with the service provide
Hello,
Try some test connections:
# openssl s_client -connect hostname:443 -debug -msg
# openssl s_client -connect hostname:443 -debug -msg -bugs
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 03/28/2012 06:02:01 PM:
> James Earl
> Sent by: owner-openssl-us...@open
I recently had a timeout issue with a service provider we connect to
over HTTPS. I found downgrading to OpenSSL 1.0.0 solved the problem.
I'm not sure how to determine if it's a bug, an Arch Linux package
issue, or a problem with the service providers server?
I tested using Python and Ruby (multi
I agree with you in general. I assumed the OP was just experimenting.
I use the raw AES_encrypt() because the standard I'm complying to uses a
non-standard counter mode. I had to construct it from scratch.
On 3/28/2012 10:56 AM, Marek.Marcola- wrote:
If you want to use low-level AES functi
Hello,
If you want to use low-level AES functions to encrypt more then 16 bytes
you
should use AES in CBC mode. You can implement this mode using AES_encrypt
()
or better use AES_cbc_encrypt().
Using AES_encrypt() block-by-block is called ECB mode.
Look at: http://en.wikipedia.org/wiki/Block_cip
On 3/28/2012 3:01 AM, Prashanth kumar N wrote:
Here is the modified program
[snip]
18 AES_KEY ectx;
19 AES_KEY dectx;
20
21 AES_set_encrypt_key(key, 256, &ectx);
22 AES_encrypt(text, out, &ectx);
23
24 printf("encryp data = %s\n", out);
25
26 AES_set_encr
I agree with this as it has made many life's easy ...
On Wed, Mar 28, 2012 at 12:48 PM, nudge wrote:
> As an independent follower of this list, I'd just like say that even if
> the documentation has its critics, the support provided here is
> incredibly good !
>
>
> On Wed, Mar 28, 2012, at 12:3
I have tried to change pin using following function PKCS12_newpass and
set up pin where exists unicode characters.
I it possible ?
Thanks in advance
--
View this message in context:
http://old.nabble.com/Is-it-possible--to-use---unicode--to-change--password-in-pkcs12-file---tp335
As an independent follower of this list, I'd just like say that even if
the documentation has its critics, the support provided here is
incredibly good !
On Wed, Mar 28, 2012, at 12:32 PM, Prashanth kumar N wrote:
> I tried to use EVP but let if of go due to bad documentation...
>
> On Wed, Mar
Jeff.. this is good idea... so are you going to start one?
-Prashanth
On Wed, Mar 28, 2012 at 6:15 AM, Jeffrey Walton wrote:
> On Tue, Mar 27, 2012 at 4:26 PM, Ken Goldman wrote:
> > On 3/27/2012 3:51 PM, Jakob Bohm wrote:
> >>
> >> On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote:
> >>>
> >>> Y
I tried to use EVP but let if of go due to bad documentation...
On Wed, Mar 28, 2012 at 2:49 AM, Jakob Bohm wrote:
> On 3/27/2012 10:42 PM, Jeffrey Walton wrote:
>
>> On Tue, Mar 27, 2012 at 4:26 PM, Ken Goldman wrote:
>>
>>> On 3/27/2012 3:51 PM, Jakob Bohm wrote:
>>>
On 3/27/2012 9:37 PM
Here is the modified program
#include
2 #include
3
4 static const unsigned char key[] = {
5 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
6 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
7 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
8 0x08, 0x09, 0x0a, 0x
28 matches
Mail list logo
