It probably doesn't help you, because it requires complex deployment and
is not open-source, but I thought that it might be interesting to know
that there is a multi-prime RSA based technology that is actively used in
practice.
It is used for mobile authentication and digital signatures an
On 23/05/2020 21:08, Daniel Lenski wrote:
> When OpenConnect is explicitly requested to connect to an ancient
> server, what I am currently trying to do is
> SSL_CTX_set_cipher_list(ctx, "DEFAULT:+3DES:+RC4"). However, this
> fails silently on subsequent connection if 3DES/RC4 support isn't
> av
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Daniel Lenski
> Sent: Saturday, May 23, 2020 17:24
>
> > Other than looping through all of the ciphers with SSL_get_ciphers()
> > right after this… is there a better way to check for 3DES/RC4 support
> > right at startu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Phillip,
On Sun, 24 May 2020, Phillip Hallam-Baker wrote:
In short, yes, I have stuff that works for this and I think it would be
particularly useful for code signing and for inside CAs. But it does need
some additional work to apply it to th
Actually, I was wrong about the prior one.
https://patents.google.com/patent/US6411716 looks like it has a distributed
CA function with multi-step, multi-fragment signatures. (This looks
fascinating, and I'm going to study it over the weekend -- still in a
lockdown, so no real Memorial Day party f
>From glancing at the abstract, https://patents.google.com/patent/US5799086
looks like it might be the one? It also says that it is expired,
expiration having been anticipated on 2014-01-13.
-Kyle H
On Sun, May 24, 2020, 11:54 Salz, Rich wrote:
>
>- In any case, I am unaware of any existin
* In any case, I am unaware of any existing system which meets your
requirement 3. Admittedly, I haven't specifically searched for such.
CertCo (now defunct, don’t know who has the intellectual property) had a patent
that did ALL of the things. RSA keygen, split the key, each key signs the
There are two ways to handle multiple authorizations needed:
1) Secret data is shared across multiple locations/holders, or
2) Secret data is stored in a trusted system which itself requires multiple
authorizations.
You could perhaps put together multiple trusted systems, each of which has
a share
Erich Eckner wrote:
> we're looking into setting up a CA with openssl, but we would like to
> distribute the secret key amongst multiple persons. We're aware of
> Shamir's secret sharing algorithm, but we'd like to know if there is some
> algorithm supported by openssl, that fulfi
Hi,
I am working with an application that uses OpenSSL version 1.0.2h, Where
application need to be certified and code signing by Microsoft Secure boot
compatibility(UEFI).
These openssl libraries ssleay32.lib and libeay32.lib also need to be
certified. Can we send these openssl libraries for c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
we're looking into setting up a CA with openssl, but we would like to
distribute the secret key amongst multiple persons. We're aware of
Shamir's secret sharing algorithm, but we'd like to know if there is some
algorithm supported by openssl
11 matches
Mail list logo