From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Dave Thompson
- the truststore if -CAfile and/or -CApath specified IF NEEDED
Thank you very much for your awesome detailed answer. This answers a lot of
questions, but I am left with a new one:
I
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Michael Wojcik
For someone who does want more background in cryptography, I'd
recommend Schneier's /Applied Cryptography/ over /Cryptography
Engineering/. The latter is for people implementing
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Tom Francis
openssl pkcs12 -export -out mypkcs12.pfx -inkey my.private.key -in
mycert.crt -certfile intermediate.crt -CAfile ca.crt
(Correct?)
So ... I just tried this, and confirmed,
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Kaushal Shriyan
I am new to SSL/TLS Certificates. Please help me understand what is the
difference between ROOT CA Certs and Intermediate Certs or Chain Certs. I
will appreciate if i can refer to
A bunch of things on the internet say to do -cafile intermediate.pem -cafile
root.pem or -certfile intermediate.pem -certfile root.pem and they
explicitly say that calling these command-line options more than once is ok and
will result in both the certs being included in the final pkcs12...
At work, we develop software in .NET, currently using the built-in SslStream
class, and I'm considering abandoning it.
Is Openssl recommended for SSL/TLS communications in .NET? And if so, should I
just download the win binaries from
http://slproweb.com/products/Win32OpenSSL.html ?
I'm
Suppose you have a single resource to be encrypted, and it should be
accessible by multiple users. Is there a way to encrypt something such that
multiple keys would work? I can't seem to find any such solution...
How do things like FileVault implement a Master Key, and multiple users? It
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of MauMau
But folks here gave me suggestions that different IVs should be used for
each 4KB block. I think I should do that, and I'd like to follow those
precious advice.
(However, I'm wondering if
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Jeffrey Walton
On Tue, Apr 17, 2012 at 9:47 PM, Edward Ned Harvey
open...@nedharvey.com wrote:
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Ken
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Edward Ned Harvey
attacker doesn't know is your key and your plaintext. There is only one
solution. You must use a second key. Use your first key to encrypt the
second key (so an attacker can
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Ken Goldman
The standard answer: If this is a real security project, hire an
expert. If you design your own crypto algorithm, you will get it wrong.
If this is just for fun, to learn about
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Ken Goldman
The standard answer: If this is a real security project, hire an
expert. If you design your own crypto algorithm, you will get it wrong.
Or, if you're pretty confident you know how a
From: Edward Ned Harvey
I can't think of anything wrong with using the block number as the
IV, and then use ECB.
Oh yeah. I can think of something wrong with that. If an attacker knows
the block number, and they have some intelligent guess about the plaintext,
then they might be able
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Mr.Rout
1) what is intermediate certificate validation ?
When you generate a CSR, the CA can sign it directly, or they can sign it
via an intermediate. I'm not quite sure what's the point of the
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of jim.armstrong
openssl version -a returns OpenSSL 0.9.8g - Platform:
debian-i386-i686/cmov
There's an existing csr file on the server. Can I use this csr file or do
I
need to generate a new one?
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Michael S. Zick
You must be new to mailing lists also.
Start your own thread, they are cheap here, don't hijack another topic.
Mike, How do you call that a thread hijack? New subject, new thread
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of anthony berglas
Taking a different slant, is it possible to provide the Entropy using a
pass
phrase. So a given pass phrase will always generate the same key pair.
This
means that for simple
17 matches
Mail list logo