Please download the source code and refer to apps/x509.c - this handles the
conversion command, such as:
openssl x509 -in xxx.pem -inform pem -out xxx.cer -outform DER
the function you will look for is i2d_X509_bio
On 12 December 2016 at 09:37, Sairam Rangaswamy -X (sairanga - ARICENT
Took me a while to see, but the difference is in the last line of the client
hello. Your working example has MD5+RSA listed as a TLS 1.2 signature pair
whereas first doesn't.
0302 SHA-224 DSA
0303 SHA-224 ECDSA
0201 SHA-1 RSA
0202 SHA-1 DSA
0203 SHA-1 ECDSA
000F TLS_DH_RSA_WITH_DES_CBC_SHA
0101
Hi,
I am looking for advice for an application using openssl, but it's not an
openssl problem.
We have a situation where an external company has provided us with
authentication certificates from a subCA and we have all the cert's back up to
the root - openssl verify works fine. Another
This thread have any relevance to you?
http://stackoverflow.com/questions/12885680/pem-read-rsaprivatekey-returns-illegal-seek-when-decrypting-using-openssl-libs
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on
behalf of
From what I remember offhand, the former:
03 81 81 00 is
03 Bit string
81 Length of contents = 1 byte; the top-bit is set to signify that there are
more than 127 octets of content
81 the bit string uses 0x81 octets - 129 - corresponds to a 1024 bit key
extended to 129 octets to stop number
[Sorry for top-post - Outlook Web Client]
I would say that BN_CTX_init() is deprecated and you should be using BN_CTX *
ctx = BN_CTX_new();
Indeed, https://www.openssl.org/docs/crypto/BN_CTX_new.html says
BN_CTX_init() (deprecated) initializes an existing uninitialized BN_CTX. This
should not
From
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/ch03s02s03.html
check with root running openssl engine -c -tt
Carl
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on
behalf
Forgive me if I am wrong, but I didn't think the FIPS 2.0 code base could be
used with anything else but MS VC on Windows!?
The user guide does not state this explicitly as far as I can see, but the
instructions - for building the canister and linking against it - only mention
MSVC based
As far as I remember, the use of MD5 is only allowed in TLS 1 for the specific
use within the PRF for key generation as the __combination__ of SHA-1 and MD5
is not considered weak usage. Use of MD5 elsewhere is still disallowed.
Carl
From:
]
On Behalf Of Dr. Stephen Henson
Sent: Friday, July 26, 2013 7:39 AM
To: openssl-users@openssl.org
Subject: Re: Using MD5 certificates in OpenSSL FIPS
On Fri, Jul 26, 2013, Carl Young wrote:
As far as I remember, the use of MD5 is only allowed in TLS 1 for the
specific use within the PRF for key
Sorry for top-post - webmail :(
In TLS, the server should not send the root certificate - it sends the chain up
to, but not including, the root certificate.
From (sorry) http://technet.microsoft.com/en-us/library/cc783349(v=ws.10).aspx
Server Certificate Message
The server sends its
You would need to tell everyone your exact command line (with key obfuscated,
etc), but I suspect you are not specifying an [consistent] IV to the encrypt
and decrypt commands?
Carl
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on
I would hope that one of us could provide you something given a week or so...
very busy with work currently but I'm sure I could do something in time.
Carl
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on
behalf of John Zavgren [j...@zavgren.com]
Sent: 14 November
Do have really have to use OpenSSL.exe or could you create/use a modified
version of that tool that does exactly what you expect?
Your scaling problem is because of the entropy gathering each time OpenSSL is
launched. This takes a significant amount of time, especially compared to the
actual
Sorry for top-posting - still getting used to this webmail:
The only way I can see that the server is reponsible for this behaviour is
the certificate you are providing. Has that expired or been invalidated in any
way at the client?
Carl
From: owner-openssl-us...@openssl.org
- Original Message -
From: Dr. Stephen Henson st...@openssl.org
To: openssl-users@openssl.org
Sent: Tuesday, December 01, 2009 6:58 PM
Subject: Re: FIPS 140-2 and PBKD
On Tue, Dec 01, 2009, carlyo...@keycomm.co.uk wrote:
In openssl, if I try to use anything using PBKD (PKCS#5
No, you are not FIPS compliant at the server just because your clients are
using FIPS compliant crypto modules and security functions. In this case, the
client will be using RSA+3TDES in EDE/CBC mode with SHA-1 HMAC, because this is
the only available cipher suite on XP that is FIPS compliant
- Original Message -
From: Kyle Hamilton aerow...@gmail.com
To: openssl-users openssl-users@openssl.org
Sent: Friday, February 27, 2009 1:14 AM
Subject: Re: FIPS
Take everything I say here with a grain of salt: I'm not a FIPS
expert, and it's entirely possible that I am
Hi all,
With OpenSSL, can I create PKCS#7 CMS messages just using a pre-shared
symmetric key?
I just need to package the secret with its encryption algorithm identifier,
and the PKCS#7 envelope looks ideal for this.
The only additional data that I may wish to add to the message may be the
19 matches
Mail list logo