Hi,
there's currently a mistake in the SOD, I'll probably be able to
send it when it's fixed.
Thx,
Stef
On 09/13/2011 12:07 AM, Dr. Stephen Henson wrote:
> Can you include the DER format message itself instead of the ASN1 dump? This
> will be very useful when CMS+PSS is implemented.
___
Hi,
we have an SOD (a CMS for e-passports and e-ID cards) file that we can read
out and verify nicely if the signature algo is RSA_PKCS1_PADDING.
But if the algo is RSA_PKCS1_PSS_PADDING (see attached txt for an asn1
dump),
the verification fails.
Below is a part of the stack trace, it looks lik
Hello,
After getting back an OCSP repsonse, OCSP_basic_verify() says
it can't find the responder cert in the OCSP response.
However, the responder cert is present in the response.
Some more investigation shows that the parts of the DN are inversed:
- subject name in the responder ID: "/CN=Test
Hi,
> CMS_verify() works fine if you have the signer cert, but now we have
> a CMS file for which only the (trusted) signer public key is available.
>
> Q: is there a high level function like CMS_verify() that works with a
> public key?
>
> If not: what would be the best alternative for us?
>
Hi,
CMS_verify() works fine if you have the signer cert, but now we have
a CMS file for which only the (trusted) signer public key is available.
Q: is there a high level function like CMS_verify() that works with a
public key?
If not: what would be the best alternative for us?
- Rewrite the CMS
Hi,
it looks like the BN_gcd() doesn't implement the 'full-strength'
Euclidean algorithm (do a - k.b in each loop) but instead
a simplification (do a - b in each loop).
So if the initial a and b differ by e.g. a factor 1, you'll
get 1 iterations instead of 1; and also afterwards much more
Hi Tom,
here's the code of a little cmd line tool we use to test our CSPs.
Cheers,
Stef
> -Original Message-
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Fili, Tom
> Sent: zondag 28 november 2010 18:19
> To: openssl-users@openssl.org
>
l Message-
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Victor Duchovni
> Sent: dinsdag 9 november 2010 22:11
> To: openssl-users@openssl.org
> Subject: Re: EC domain params instead of the OID in the pkcs8 key
file?
>
> On T
Hi,
using the openssl tool, we generated an Elliptic Curve key pair
and put it into a pkcs8 file:
0 48: SEQUENCE {
32: INTEGER 0
6 48: SEQUENCE {
86: OBJECT IDENTIFIER ecPublicKey (1 2 840 10045 2 1)
176: OBJECT IDENTIFIER '1 2 840 10045 3 1 7'
:
2 maart 2010 13:54
> To: openssl-users@openssl.org
> Subject: Re: PKCS7 - SubjectKeyIdentifier CHOICE in SignerIdentifier
fails?
>
> On Mon, Mar 22, 2010, Stef Hoeben wrote:
>
> > Hello,
> >
> > subjectKeyIdentifier [0] SubjectKeyIdentifier }
> >
>
igestAlgorithm DigestAlgorithmIdentifier,
[...]
SignerIdentifier ::= CHOICE {
issuerAndSerialNumber IssuerAndSerialNumber,
subjectKeyIdentifier [0] SubjectKeyIdentifier }
Could it be that the SubjectKeyIdentifier CHOICE isn't supported here,
that the parser expects a IssuerAndSerialNumber on
Hi,
(sorry if you received this mail twice)
We want to make pkcs10 request with "openssl -req", in which
the CN contains non-ASCII chars (greek, arab, chinese, ...)
Is there a way to do so with the openssl tool?
E.g. by using escape characters, or by specifying the CN in openssl.conf
in some wa
12 matches
Mail list logo
