Re: [openssl-users] Regarding FIPS capable openssl (I want to combine libcrypto.a and libssl.a)

Hi Steve, Thanks for the reply. Regards, Sahil On Wed, Jun 29, 2016 at 6:25 PM, Steve Marquess wrote: > On 06/29/2016 07:09 AM, Sahil Gandhi wrote: > > Hi Ken, > > > > Sorry for the late reply. I really appreciate your suggestion but I some > > how need to have static library not the dynamic o

Re: [openssl-users] Creating multi-valued RDN with config (still not working)

Just following up... Sean On 6/18/2016 10:43 AM, Sean Leonard wrote: I am trying to create a multi-valued RDN with OpenSSL using a config file and the openssl req -x509 command, without success. According to the 2006 thread "Multi-value RDNs and openssl.cnf format"

Re: [openssl-users] Creating an X25519-based Certificate

tsets On 6/29/16, Abe Racioppo wrote: > 290620161352 > > On 6/29/16, Salz, Rich wrote: >> >>> But surely the openssl command line tool should provide a mechanism for >>> allowing an X25519-based certificate to be signed by a CA. >> >>> Its seems that the "certificate request" protocol, which req

Re: [openssl-users] Creating an X25519-based Certificate

290620161352 On 6/29/16, Salz, Rich wrote: > >> But surely the openssl command line tool should provide a mechanism for >> allowing an X25519-based certificate to be signed by a CA. > >> Its seems that the "certificate request" protocol, which requires >> self-signing, prevents this in this case.

Re: [openssl-users] Creating an X25519-based Certificate

> But surely the openssl command line tool should provide a mechanism for > allowing an X25519-based certificate to be signed by a CA.  > Its seems that the "certificate request" protocol, which requires > self-signing, prevents this in this case. Yes, that is exactly the point. -- openssl-us

Re: [openssl-users] Creating an X25519-based Certificate

On Wed, Jun 29, 2016 at 6:21 PM, Salz, Rich wrote: > > > To repeat: X25519 only supports key exchange. The 25519 signing > > mechanism is not yet defined. > Which I don't have a problem with. But surely the openssl command line tool should provide a mechanism for allowing an X25519-based certi

Re: [openssl-users] Creating an X25519-based Certificate

> To repeat: X25519 only supports key exchange. The 25519 signing > mechanism is not yet defined. And see also: https://datatracker.ietf.org/doc/draft-ietf-curdle-pkix/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Creating an X25519-based Certificate

>as it objects that X25519 does not support signature.   To repeat: X25519 only supports key exchange. The 25519 signing mechanism is not yet defined. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Creating an X25519-based Certificate

Thanks Erwann, but that's not an answer to my question. To get the CA to sign (using RSA or anything) a certificate that contains an X25519 public key, that certificate must first submit to the CA something called a "Certificate request". This takes the form of the supplicant certificate, which is

Re: [openssl-users] Creating an X25519-based Certificate

Bonjour, You may have a classic certificate containing your {X,Ed}{25519,448,whatever} public key once: * an OID is allocated to identify this type of public key (it will go into tbs.subjectPublicKeyInfo.algorithm.algorithm) * a set of associated optional parameters are defined for this

Re: [openssl-users] Creating an X25519-based Certificate

> 1. What is CFRG, I don't remember that acronym. Crypto Forum Research Group, part of the IETF's affiliated research group. Co-chair is Kenny Paterson of lucky-13 (etc). Useful documents here as well as pointers to the mailing list https://datatracker.ietf.org/rg/cfrg/documents/ > 2. What

Re: [openssl-users] Creating an X25519-based Certificate

WellI can help with CFRG - its Crypto Forum Research Group. Mike On Wed, Jun 29, 2016 at 4:10 PM, Jakob Bohm wrote: > On 29/06/2016 16:53, Salz, Rich wrote: > >> How do I do this? Using the OpenSSL command line tool, a certificate >>> request must be self-signed, but the X25519 elliptic curve

Re: [openssl-users] Creating an X25519-based Certificate

On 29/06/2016 16:53, Salz, Rich wrote: How do I do this? Using the OpenSSL command line tool, a certificate request must be self-signed, but the X25519 elliptic curve (newly supported in version 1.1.0), doesn't do signature, it can only be used for key exchange. You cannot do it. You should l

Re: [openssl-users] Creating an X25519-based Certificate

> How do I do this? Using the OpenSSL command line tool, a certificate request > must be self-signed, but the X25519 elliptic curve (newly supported in > version 1.1.0), doesn't do signature, it can only be used for key exchange. You cannot do it. You should look at the CFRG documents on Ed2551

[openssl-users] Creating an X25519-based Certificate

Hello, How do I do this? Using the OpenSSL command line tool, a certificate request must be self-signed, but the X25519 elliptic curve (newly supported in version 1.1.0), doesn't do signature, it can only be used for key exchange. (Of course the X25519 Montgomery curve is birationally equivalent

Re: [openssl-users] Regarding FIPS capable openssl (I want to combine libcrypto.a and libssl.a)

On 06/29/2016 07:09 AM, Sahil Gandhi wrote: > Hi Ken, > > Sorry for the late reply. I really appreciate your suggestion but I some > how need to have static library not the dynamic one. You can statically link an application with the FIPS module, using the special "fipsld" link process, but you c

Re: [openssl-users] Using SSL with wokring sockets and events

If you are intending to use asynchronous event based NIO library libuv, then you might like to use BIO pair. I have done some abstraction on top of openSSL so that it becomes easy for callback based async lib. May be you can have a look at it On Wed, Jun 29

Re: [openssl-users] Getting error 'SSLv2_client_method': identifier not found

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Jeffrey Walton > Sent: Tuesday, June 28, 2016 18:04 > To: OpenSSL Users > Subject: Re: [openssl-users] Getting error 'SSLv2_client_method': identifier > not found > > On Mon, Jun 27, 2016 at 3:49 PM, Michael Wojcik >

Re: [openssl-users] Regarding FIPS capable openssl (I want to combine libcrypto.a and libssl.a)

Hi Ken, Sorry for the late reply. I really appreciate your suggestion but I some how need to have static library not the dynamic one. Thanks & Regards, -Sahil On Mon, Jun 27, 2016 at 2:43 PM, Ken Chow wrote: > I think you should refer the way of building Android application > https://wiki.open

Re: [openssl-users] Using SSL with wokring sockets and events

On 29/06/2016 10:46, Oz wrote: I have a running program, the program is written in C I want to convert it from connecting to an HTTP to HTTPS (SSL) I have an event for write/read/timeout/error and such How do I continue and use the current sockets FD I have, but using openSSL over it? the most

[openssl-users] Using SSL with wokring sockets and events

I have a running program, the program is written in C I want to convert it from connecting to an HTTP to HTTPS (SSL) I have an event for write/read/timeout/error and such How do I continue and use the current sockets FD I have, but using openSSL over it? the most easy and simple way? I have crea

Re: [openssl-users] Getting error 'SSLv2_client_method': identifier not found

On 29/06/16 01:03, Jeffrey Walton wrote: > On Mon, Jun 27, 2016 at 3:49 PM, Michael Wojcik > wrote: >> SSLv2 is no longer supported, and neither are the SSLv2_*_method calls. (And >> yes, this causes build problems when updating to newer OpenSSL builds; and >> while that causes some pain, it was