Try saying that to a web banking manager :-)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of lwoods (sent by
Nabble.com)
Sent: Saturday, December 03, 2005 10:22 AM
To: openssl-users@openssl.org
Subject: Ignorant of SSL: I have a dumb questio
into which I can feed this data and get something out.
Will just the sever side APIs and feeding the data into the ctx for the
same suffice?
Alok
__
OpenSSL Project http://www.openssl.org
User Support
Abderrahmane wrote:
--- Alok <[EMAIL PROTECTED]> a écrit :
sorry,
i meant the key corresponding to mycert.pem
you sign with the private key wich corresponds to
mycert.pem, but you can also encrypt the data with the
public key wich corresponds to the same private key in
mycert.pem b
with certs)??
El hallabi-Kettani Abderrahmane wrote:
--- Alok <[EMAIL PROTECTED]> a écrit :
But when you sing with your public key, and encrypt
with your public key,
how will he decrypt it if he does not have your
private key?
you sign with the private key existed in mycert.pem or
in
El hallabi-Kettani Abderrahmane wrote:
--- Alok <[EMAIL PROTECTED]> a écrit :
I think there is a reason why you cant encrypt a
message without 1st
signing it using smime
By your logic, any preshared "key" would do the
trick , why bother with
the cert ?
(in other words, hisce
Thanks,
something I would appreciate if you could clarify:
David C. Partridge wrote:
Not correct.
You sign the message with YOUR private key. The signature is verified by
the recipient using your certificate which is issued by a CA.
agreed,
If you are also enveloping, then the data is encrypte
David C. Partridge wrote:
The "one shot" symmetric key is purely random.
how?
No it's not a function of anyone's private or public key.
then it is open to man in the middle
Once generated, it is encrypted using the public key of the recipient and
included with the message.
but then if i do s
Not at all, there's no man in the middle issue at all because the
certificates which are issued by a trusted TP g'tee the ownership of the
public key.
The logic goes like this:
You generate a random DES key known only to you. Let's call this KDE
You use this to encrypt the data. Lets call this E
Painter, Philip wrote:
I don't think you're wrong there Alok. The E(KDE)PUBK is
A random Des key taken as _data_ and encrypted asymmetrically
With the recipient's public key. Only the recipient will be
Able to decrypt it, with her private key.
what do you mean by encrypted assy
But how do you guarantee that the web server is "who he says he is"?
Iin theory, an ISP could, hack up a DNS to point to my local server. What
verifies that the machine I am connecting to is indeed that machine which it
claims to be?
- Original Message -
From: "R. Markham" <[EMAIL PROTECT
SA is used/needed to sign the
certificates.
One of the keys is probably what the browser has and the other is the key
used to sign the webserver's digital cert generated from the csr.
-hth
Alok
- Original Message -
From: "R. Markham" <[EMAIL PROTECTED]>
To:
Sent: Wedn
A bit off the thread...
Ever wondered if one can break PKI given that the 1st request to a server is
mostly GET / in https?
Any ideas?
- Original Message -
From: "Shaun Lipscombe" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, January 19, 2005 4:57 AM
Subject: Even CA's make mistakes..
> In
> * Alok wrote:
>
> > A bit off the thread...
> > Ever wondered if one can break PKI given that the 1st request to a
server is
> > mostly GET / in https?
>
> The "GET /HTTP/1.0" is done using a symetric cipher like RC2 or RC4 etc.
> The PKI is onl
sounds stupid though..
-thanks
Alok
- Original Message -
From: "Bernhard Froehlich" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, January 19, 2005 6:10 AM
Subject: Re: Even CA's make mistakes..
> Alok wrote:
>
> > [...]
> >
> >lets take PKI out
computing power.
> The only variables are how much sample data and computing power you need.
>
hmm..thanks, will look into it.
-Alok
>
> Andrew
>
>
> Alok wrote:
> > Maybe am a bit off my head
> >
> > but given a rubik cube, and a fixed axes of orientation def
> >>
> >
> >ok per block, it is still "a function (on a set) = output"
> >
> >
> Sorry, I don't understand your analogy with rubik's cube (most possibly
> because that's just not the way my brain's working... ;))
:o)
>
> A block cypher has a defined output for a defined input, so if you
> encode
.Who has enough time, "no patience" and is inquisitive and irritated
enough to work "backwards" on symmetric encryption algorithms
Please unicast your replies.
-thanks
Alok
__
I doubt many people would actually use it if they know it can be easily
broken..
Like someone said on the list "hey everyone uses it, it must be secure"
is the mental genere.
-A
Ted Mittelstaedt wrote:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Tho
Personally, I'd like to see OpenSSL start using private key crypto as
hashing functions. The reason that work on dedicated hashing
algorithms kinda died off after MD[45]/SHA* came out was that people
figured out that they were the equivelent of private key encryption.
IIRC, you can turn any pr
Yeah, you need large key sizes- 128 bits keys just aren't enough (they
allow birthday attacks to be computationally feasible). But I note
that all the AES finalists went to 256 bit key sizes. This would put a
birthday attack at about 128 bits of complexity- sufficient. Anything
less than about
Hi Brian,
Brian Hurt wrote:
Lecture warning.
On Mon, 14 Mar 2005, alok wrote:
Yeah, you need large key sizes- 128 bits keys just aren't enough
(they allow birthday attacks to be computationally feasible). But I
note that all the AES finalists went to 256 bit key sizes. This
would
Can someone exactly explain why one cannot typecast a bio( ) to a UNIX
domain socket/IPC/fd?
-thanks
Richard Levitte - VMS Whacker wrote:
In message <[EMAIL PROTECTED]> on Wed, 30 Mar 2005 16:51:37 -0800, David Brock
<[EMAIL PROTECTED]> said:
dbrock-openssl> I'm fairly new to openSSL so forgive
Hi,
Joshua Juran wrote:
On Apr 1, 2005, at 4:37 AM, alok wrote:
Can someone exactly explain why one cannot typecast a bio( ) to a
UNIX domain socket/IPC/fd?
I'll give this a shot.
Unix allows you to read() to and write() from stream-like objects such
as files, pipes, character devices
Hello :(
As usual trolling..
The particular pages or components retrieved over the SSL link (the one
retrieved through URLs beginning with 'https'), will be sent over encrypted
links. In addition, the endpoint will be validated. So that if you retrieve
'https://www.amazon.com/anything/goes/
Joshua Juran wrote:
On May 19, 2005, at 4:03 PM, Miles Bradford wrote:
So when you send the CSR including the Public Key - you would send
them the
(your) Private Key, also? Then they sign it with a Private Key they've
created? and send it back?
You don't give away your private key to anybo
Jagannadha Bhattu wrote:
Hi,
I am new to SSL and want to know more about BIOs. Is there a tutorial
on how to use and on their uses.
Thanks
JB
__
OpenSSL Project http://www.openssl.org
User Suppo
try using the log value?
- Original Message -
From: "Victor Duchovni" <[EMAIL PROTECTED]>
To:
Sent: Sunday, August 07, 2005 6:56 AM
Subject: Re: need function to get cube root
> On Sat, Aug 06, 2005 at 05:36:52PM -0700, Anirban Banerjee wrote:
>
> > Can someone please let me have a poi
turn, I can read from the file?
-thanks
Alok
28 matches
Mail list logo
