Do yourself a favor and just have one of the OpenSSL crypto experts
do the function on a consulting basis. Will save you a lot of time,
and misery! And it will be crypto correct.
Ken
There are a few other complications which you may not be aware of.
But I am terrified that they exist.
Take a look at:
http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html
Ken
PBSZ is used when you are negotiating the size of the buffer to be
encrypted.
If you are using FTP over SSL, the FTP protocol is not performing any
authentication or encryption. Therefore, you
Date sent: Fri, 22 Nov 2002 10:21:30 EST
From: Jeffrey Altman [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Copies to: [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject:Re: IMPORTANT: The release of 0.9.6h is
Date sent: Tue, 05 Nov 2002 13:12:27
To: [EMAIL PROTECTED]
From: Thomas J. Hruska [EMAIL PROTECTED]
Subject:Re: OpenSSL on WIN2K
Send reply to: [EMAIL PROTECTED]
Passing out this type of advice may end up getting
Date sent: Wed, 02 Oct 2002 11:26:19 +0200
From: Michael Voucko [EMAIL PROTECTED]
Organization: Fillmore Labs GmbH
To: [EMAIL PROTECTED]
Subject:Re: Windows, MS VC++, MFC and OpenSSL
Send reply to: [EMAIL
Date sent: Tue, 4 Jun 2002 19:45:55 +0200
From: Lutz Jaenicke [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject:Re: zlib double free bug and openssl question.
Organization: BTU Cottbus, Allgemeine Elektrotechnik
Send reply
Date sent: Fri, 5 Apr 2002 14:03:03 +0200
From: Lutz Jaenicke [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject:Re: About OpenSSL 0.9.7 release
Organization: BTU Cottbus, Allgemeine Elektrotechnik
Send reply to:
From: Dilkie, Lee [EMAIL PROTECTED]
To: '[EMAIL PROTECTED]' openssl-
[EMAIL PROTECTED]
Subject:What chars are valid in a CN
Date sent: Tue, 5 Mar 2002 08:31:28 -0500
Send reply to: [EMAIL PROTECTED]
From: Dilkie, Lee [EMAIL PROTECTED]
To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
Subject:SSL for telnet
Date sent: Mon, 10 Sep 2001 15:31:45 -0400
Send reply to: [EMAIL PROTECTED]
If I understand the handshaking of TLS/SSL between a host a client, the client sends a
certificate
to the host, then performs a RSA encryption operation using the certificate private
key on
challenge data sent by the host.
If the certificate and private key is located on a USB token/Smart
From: Greg Stark [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject:Re: can we prevent export of a personal certificate?
Date sent: Tue, 28 Aug 2001 17:40:31 -0400
Send reply to: [EMAIL PROTECTED]
If they are using the
As quoted from several sources by Simon Tatham:
PuTTY also does not support DSA for user authentication keys, for security
reasons.
What security issues is he referring to?
Ken
__
Support
InterSoft International, Inc.
Voice: 888-823-1541,
Will the functions:
RSA_set_ex_data
RSA_get_ex_data
contained within OpenSSL version 0.9.6 remain valid in future
versions of OpenSSL?
Ken
__
Support
InterSoft International, Inc.
Voice: 888-823-1541, International 281-398-7060
Fax:
Date sent: Wed, 8 Aug 2001 19:05:53 -0700 (PDT)
From: Michael Shanzer [EMAIL PROTECTED]
Subject:Re: Problems with SSL V3 and IIS
To: [EMAIL PROTECTED]
Send reply to: [EMAIL PROTECTED]
Mike
Yes, it does support pkcs-12
export
just the certificate.
Ken
--- Kenneth R. Robinette [EMAIL PROTECTED]
wrote:
Yes, it does support pkcs-12 but Microsoft refers to
them as .pfx.
Simple use the openssl command Eric referenced and
use a
filename such as out.pfx or rename a .p12 to .pfx
Ken
From the IIS key
--- Kenneth R. Robinette [EMAIL PROTECTED]
You must be running a version I have never seen or a
real old one.
IIS 4.0 which is the latest version that runs under
NT4. The behavior you are describing sounds like IE,
which is much nicer about letting you export keys.
Mike
Date sent: Wed, 25 Jul 2001 14:02:26 -0600
From: [EMAIL PROTECTED] [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject:Re: FTP over SSH2
Send reply to: [EMAIL PROTECTED]
SecureNetTerm. Take a look a www.securenetterm.com
It
From: Kevin Elliott [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Copies to: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject:Using Microsoft CA generated certificates or Accessing other
CSPs using OpenSSL generated Certificates?
Date
Date sent: Mon, 30 Apr 2001 18:01:22 -0400
From: Gila Sheftel [EMAIL PROTECTED]
Organization: Gemplus Inc.
To: [EMAIL PROTECTED]
Subject:Where are the low-level crypto functions implemented?
Send reply to:
From: Oliver Bode [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject:Re: Smart Card Readers
Date sent: Wed, 25 Apr 2001 01:17:18 +1000
Send reply to: [EMAIL PROTECTED]
Oliver
You should forget that the Java iButton even
for it on the ibutton. It did strike me as odd a semi
conductor company was making this. The licence thing is really bizzare. What
happens to your private key when the licence runs out? I really liked the
jewlery concept though.
Thanks, Oliver
- Original Message -
From: Kenneth R. Robinette [EMAIL
several iButtons fail in a period of a
few months.
But, if you want to use the iButton, have at it.
Ken
Kenneth R. Robinette wrote:
But no problem, if you order one, and try it out, you will not have to worry
about the license. You will have given it to
your kids to play with way before
What is the relationship between cryptlib and OpenSSL? I noticed
that Eric Young name appears in the cryptlib credits. Does cryptlib
use OpenSSL as its core software component?
Ken
__
Support
InterSoft International, Inc.
Voice: 888-823-1541,
Date sent: Sat, 21 Apr 2001 08:06:03 -0400
From: Rich Salz [EMAIL PROTECTED]
To: "Kenneth R. Robinette" [EMAIL PROTECTED]
Copies to: [EMAIL PROTECTED]
Subject:Re: MD5 and X509
Send reply to: [EMAIL
What exactly do you need for your 'unique enough'
property?
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Rich Salz" [EMAIL PROTECTED]
To: "Kenneth R. Robinette"
From: "Greg Stark" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Copies to: [EMAIL PROTECTED]
Subject:Re: Using "external" certificates in web browsers
Date sent: Tue, 17 Apr 2001 15:19:35 -0400
Send reply to:
]
Dr. Henson
Thanks again. I took the lazy way and just modified a function I
already had to convert the DER encoded cert data for output to a file
and just passed the memory bio to the PEM_read_bio_X509
function.
Ken
"Kenneth R. Robinette" wrote:
Is there any documentation
Date sent: Mon, 09 Apr 2001 14:52:57 -0400
From: Gila Monstre [EMAIL PROTECTED]
Organization: Gemplus
To: [EMAIL PROTECTED]
Subject:pem/bio/evp help
Send reply to: [EMAIL PROTECTED]
Gila
Convince your company
Date sent: Fri, 06 Apr 2001 15:33:24 -0400
From: Steve Roche [EMAIL PROTECTED]
Organization: Powerlan USA, Inc.
To: [EMAIL PROTECTED]
Subject:Is there a Telnet app?
Send reply to: [EMAIL PROTECTED]
Steve
Date sent: Thu, 29 Mar 2001 10:46:41 +0800
From: qun-ying [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject:Re: JAVA/JNI Wrapper for OpenSSL.
Send reply to: [EMAIL PROTECTED]
Yes, this normally is the result of including
With the assistance of the SSL users group, I was able to complete
our project to link OpenSSH/OpenSSL to the use of Smart Cards for
both SSH-1 and SSH-2 rsa_private_decrypt and rsa_private encrypt
processing. The use of the RSA method within the OpenSSL RSA
key structure, combined with the
brilliant and sophisticated the whole design is. And the support
from the mailing list is first class.
Ken
"Kenneth R. Robinette" wrote:
I was hoping that this was the case. Now if I set the
RSA_FLAG_EXT_PKEY flag, how do I specify the function that will
be called by Ope
I am trying to import the public RSA key (modulus) created on a
Smart Card into an OpenSSL/OpenSSH key structure. The size of
the Smart Card public/private key pair is 1024 bits, and the key pair
was generated onboard the Smart Card.
I use the following code:
Key *k;
k = key_new(KEY_RSA);
Date sent: Tue, 20 Mar 2001 16:22:53 -0800
Subject:Re: How can I encrypt public key in handshake?
From: "corky peavy" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Send reply to: [EMAIL PROTECTED]
Again, if you are looking for
From: "David Schwartz" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject:RE: Legality question.
Date sent: Mon, 19 Mar 2001 14:42:36 -0800
Send reply to: [EMAIL PROTECTED]
That is true, but if you let a loose end slip by,
From: colorparam,,8000/param"Sandipan Gangopadhyay"
[EMAIL PROTECTED]/color
To:
colorparam,,8000/param[EMAIL PROTECTED]/color
boldSubject: colorparam,,8000/paramClient Certificate
Presentation/bold/color
Date sent:
For all of you that have been looking into a way to save your private
keys, certs, etc. offline on a very small device, take a look at a
device referred to as the ThumbDrive. They are solid state memory
memory "disks" that connect to your computer via a USB port and
have storage from 16MB to
Just as a point of reference, who is OpenSSL. Is it a corporation, a
public trust, a private company or what? If we had a license issue,
and I wanted our attorney to clarify any license issues, where does
he go? Would any agreement made be legally binding? If so,
under the laws of what
Date sent: Mon, 05 Mar 2001 16:01:29 -0800
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
From: Rodney Thayer [EMAIL PROTECTED]
Subject:Re: Secure Telnet
Send reply to: [EMAIL PROTECTED]
I agree, even though we support both
Is there some magic function within OpenSSL where the contents of
a private RSA/DSA file can be passed via memory to the equivalent
of the PEM_read_PrivateKey function?
Ken
__
Support
InterSoft International, Inc.
Voice: 888-823-1541,
From: "Doug Allen" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject:building openSSL under Win32
Date sent: Thu, 8 Feb 2001 16:29:52 -0800
Send reply to: [EMAIL PROTECTED]
Doug
I built a snapshot released about a week
From: [EMAIL PROTECTED]
Date sent: Wed, 7 Feb 2001 19:58:24 -0500 (EST)
To: [EMAIL PROTECTED]
Copies to: [EMAIL PROTECTED]
Subject:Compiling OpenSSH w/OpenSSL KerberosIV
Send reply to: [EMAIL PROTECTED]
How
d when you compiled the
OpenSSL .dll's. You must use the same options in VC 6.0 when you
compile within your project. The most common problem is the type
of executable you are creating in VC, multithreaded dll, etc.
Ken
- Original Message -----
From: "Kenneth R. Robinette" [EMAIL P
: "Kenneth R. Robinette" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Fri, 26 Jan 2001 18:25:49 + (GMT+00:00)
Subject: Re: Openssl on Win32
From: stuart hodgkinson [EMAIL PROTECTED]
Subject: Openssl on Win32
To: [EMAIL PROTECTED]
n application. So
i'm looking for source code examples and linking information etc etc.
StOo
- Original Message -----
From: "Kenneth R. Robinette" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Fri, 26 Jan 2001 23:32:47 + (GMT+00:00)
Subject: Re: Openssl on Win32 (help!)
From:
been working on other os's for the past few years so im rusty as hell with
windoze your help is appriciated.
- Original Message -
From: "Kenneth R. Robinette" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sat, 27 Jan 2001 00:22:38 + (GMT+00:00)
Subject: Re: Openssl on W
From: Mark Swarbrick [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject:openssl on NT
Date sent: Tue, 23 Jan 2001 10:43:30 -0700
Send reply to: [EMAIL PROTECTED]
Mark
All you need is Perl and the normal Microsoft C
The apache/mod_ssl "HowTo" states that a directory can be defined
to require clients to be authenticated for a particular URL based
upon client certificates signed by a certificate specified by the
keyword SSLCACertificateFile. I assume that this implies that I can
use my own self-signed CA
ate do you have?
Have you imported it successfully into the "Personal" area?
On Mon, 22 Jan 2001, Kenneth R. Robinette wrote:
The apache/mod_ssl "HowTo" states that a directory can be defined
to require clients to be authenticated for a particular URL based
upon client certif
Problem:
An Unix Apache/mod-ssl server .crt/.key pair
generated from a .csr/.key signed by a self
generated CA Cert on 32 bit Windows will not work
with the Netscape 4.72 client running on Linux
Redhat 6.2.
However the same .csr/.key signed by the same
self generated CA Cert on Redhat 6.2
does
not like the cert received from the Apache/mod-ssl server. The
Microsft Explorer thinks it is ok, and other programs that I use with
the "problem" server cert likes it.
Ken
"Kenneth R. Robinette" wrote:
Problem:
An Unix Apache/mod-ssl server .crt/.key
this help
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Kenneth R.
Robinette
Sent: Friday, January 19, 2001 1:14 PM
To: [EMAIL PROTECTED]
Subject: Re: Win32 CA signed Apache Server-Netscape .CRT Problem
Date sent: Fri, 19 Jan 2001 17:24:55
soon as I
resolve a production problem we are currently having. Thanks for
the offer for assistance.
Ken
"Kenneth R. Robinette" wrote:
The .csr/.key is generated using the following commands:
openssl genrsa -out server.key 1024
openssl req -new -config /tmp/openssl.cnf
Problem:
An Unix Apache/mod-ssl server .crt/.key pair generated from a
CSR/KEY signed by a self generated CA Cert on 32 bit Windows
will not work with the Netscape 4.72 client running on Linux Redhat
6.2.
However the same CSR/KEY signed by the same self generated CA
Cert on Redhat 6.2 Linux
Date sent: Thu, 18 Jan 2001 16:39:58 +
From: Hannu Krosing [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Copies to: [EMAIL PROTECTED]
Subject:Re: mechanical extraction of roots from netscape?
Send reply to:
55 matches
Mail list logo