I'm very sorry for the late reply but I only read the list from time to
time.
To my knowledge, the PKCS7_sign will init the structure taking data from
th BIO, so if you put data in the BIO after the call to PKCS7_Sign, that
won't go into the PKCS7 structure.
Possibly, by adding the flag PKCS7_
On 10/20/2017 10:00 PM, Chris Marget wrote:
I'm struggling with a PKCS7 signing operation using openssl 1.0.2g.
I want to create signed messages like the one in my 'original' file
(below). It seemed like extracting and then re-signing this message
would be a good start.
I'm able to verify/un
On 10/10/2017 05:40 PM, Jorge Novo wrote:
Hi everyone,
As most of us know, the Google Chrome Navigator ask about Subject
Alternative Name instead the Common Name.
I want to distribute a little /openssl.cnf/ file for creation the CSR
files with my specific values and establish the Subject A
On 10/01/2017 01:27 AM, Sam Roberts wrote:
On Thu, Sep 28, 2017 at 2:28 AM, ch wrote:
Hi!
I thought the difference between PEM and DER is NOT ONLY a different
encoding of the string?
base64 vs. binary
So to understand that clear please let me ask:
If I convert a PEM-signature from base64 to b
On 09/27/2017 11:13 PM, Ken Goldman wrote:
On 9/27/2017 2:19 PM, Dirk-Willem van Gulik wrote:
On 27 Sep 2017, at 20:02, Michael Wojcik
The tokens / HSMs I've used don't let you generate a key somewhere
else and install it on the token. They insist on doing the key
generation locally. That is,
On 04/17/2017 06:40 PM, Matthias Ballreich wrote:
Hi there,
can OpenSSL pasre QcStatement X509v3 Extension btw. Did OpenSSL
Support these?
Any Piece of example Code of how can i parse the data?
To my knowledge, there is direct support for the qcStatements, you must
parse it yourself.
I a
On 03/24/2017 06:46 PM, Dr. Stephen Henson wrote:
On Tue, Mar 21, 2017, lists wrote:
> On Tue, Mar 21, 2017, lists wrote:
>
>> [...]
>> I am exploring my options with OpenSSL and specifically I am trying
to manage the stacks for some custom objects.
>> [...]
>&
On 03/24/2017 06:46 PM, Dr. Stephen Henson wrote:
On Tue, Mar 21, 2017, lists wrote:
Sorry, I first posted this on the -dev list, likely inappropriate... now with
an update:
I am exploring my options with OpenSSL and specifically I am trying to manage
the stacks for some custom objects
Sorry, I first posted this on the -dev list, likely inappropriate... now with
an update:
I am exploring my options with OpenSSL and specifically I am trying to manage
the stacks for some custom objects.
Currently, I have this code (sort of) in the headers:
typedef struct myThingA_st
{
ASN1
On 03/14/2016 04:26 PM, PGNet Dev wrote:
Must use it,
(1) https://wiki.openssl.org/index.php/Compilation_and_Installation
Dependencies
If you are prompted to run make depend, then you must do so.
Which I currently attempt to do, but get the reported errors about not
fin
On 03/10/2016 03:52 PM, PGNet Dev wrote:
I'm building openssl 1.0.2g on linux64.
After
./configure ...
Did you mean "./config ..."?
I'm prompted
Since you've disabled or enabled at least one algorithm, you need
to do
the following before building:
make depend
Exec'
On 03/02/2016 09:36 AM, thirumalkumarkanakur...@bel.co.in wrote:
Dear users,
I want to develop my own CA with openssl library with all the CA
functionalities like Key generation,Certificate creation,Certificate
Revocation List creation,Certificate revocation and certificate
verification.in O
On 02/24/2016 08:50 PM, Dr. Stephen Henson wrote:
On Wed, Feb 24, 2016, lists wrote:
extensions = x509v3
[ x509v3 ]
keyUsage = digitalSignature
extendedKeyUsage = clientAuth,emailProtection
crlDistributionPoints = URI:http://ldap.secure-edge.com/secure-edge-ca.crl
On 02/24/2016 07:46 PM, Kurt Roeckx wrote:
On Wed, Feb 24, 2016 at 05:22:08PM +0100, lists wrote:
Before I try some heavy debugging, does anybody know of a change from
version 1.0.1e to 1.0.1r that would prevent the commands above from working?
Can you try reverting commit
Hi all,
recently I have upgraded from OpenSSL 1.0.1e to 1.0.1r (system packages
on Slackware 14.1) but a CA script that I have been using for years,
with countless OpenSSL versions, stopped working.
It also relies on the pkcs11 engine to sign but my first guess is that
the issue is in the Ope
Hello,
there is a 'bug', more a mistake, in the buildprocess from openssl.
If you set another destination with --prefix and compile openssl, than
c_rehash tries to do it's job before
the destination is created and generates warnings near the end:
WARNING: can't open config file: /opt/openssl_1
On 11/13/2015 02:40 PM, Emilia Käsper wrote:
BLOWFISH - probably still in use though I don't know where exactly?
Isn't Blowfish a building block of bcrypt and/or some similar stuff? I
think that implementations don't rely on OpenSSL but I wouldn't give it
for granted.
As for the rest of th
On 05/15/2015 12:09 AM, Jay Foster wrote:
What is the down side of truncating a hash? For example, an SHA-256
hash is 256 bits. Is it any less secure if one was to drop the last
128 bits to make a 128 bit hash or take the MD5 hash of the SHA-256
hash to get a 128 bit hash? It does not seem t
Hello all!
Please help me to understand, what is the problem with openssl s_server.
It stops after some connections: LAN clients connect well, but most of
WAN ones kill the s_server (not only SSL/TLS clients, but telnet to same
port too).
Same versions OS and openssl on different servers (diff
Hi,
I understand that by no way this is a solution, but I got so frustrated
in the past by the _fp issue that I wrote a function that tranfers the
file content to RAM (without OpenSSL functions) and then from RAM to a
memory BIO, so it's easily to manage.
The side advantage is that the code is
On 01/06/2014 10:34 PM, Alan Cabrera wrote:
I should have obtained the DER form using i2d_RSA_PUBKEY(). Also,
passing &buf to the method should have warned me that the pointer was
being modified. I have no idea why it gets modified and what it points
to after the call.
So now I do
|der_f
".pem" doesn't say much.
If it is a file containing both the key and the certificate and it is in
PEM format (as the name suggests), it is a sort of text.
You can simply edit it and split it in two files, one containing the part
-BEGIN CERTIFICATE-
data... data... data...
-END CERT
On 10/27/2012 06:30 PM, Michael Zintakis wrote:
Maybe a bit daft of me to ask this, but is it possible to calculate a
hash on a stream of bytes where the resulting hash is considered to be
part of that stream?
In other words, lets assume that I have a stream which is, say, 64
bytes long in to
On 10/14/2012 11:53 PM, ml wrote:
hello sir and doctor
i am a little question concerning the presence of libssl.dll
libcrypt.dll into the win32 standard system or OS
into linux this lib are very standard
its the same when are the poor win32 OS is ready
If it is a question, the answer is no.
Y
> Version of OpenSSL being effected OpenSSL 1.0.1c
> Version of the operating system being used Windows XP
>
> Seems there is a limitation to the size of text that can be encrypted
through Openssl command
> prompt via Echo
> ex:
> echo 'test string 1' | openssl enc -aes-256-cbc -a -salt -pas
> We know how to extract the subject and issuer from a cert sent by a peer.
> Can anyone point out where we get started to look into how to extract
> the Organization and organizationalUnit attributes?
> It’s not obvious from the API definitions and I’ve been searching
> the openssl-users archive b
On 10/03/2012 05:49 AM, Dave Thompson wrote:
>> I deleted index.txt and reset serial.txt to 00 and that
>> solved the problem.
>>
>> Hope that was not a terrible idea.
In my opinion, reusing serials is a *very bad* idea in general.
It is definitely deprecated and maybe forbidden in some legal cont
On 07/19/2011 08:20 AM, Mailing List SVR wrote:
Hi,
I need to verify the attached certificate (cert.bin) and read the asn1
info stored in it. I'm using the following commands:
openssl smime -verify -in cert.pem -inform pem -CAfile "signer.pem" >
cert.data
and then:
openssl asn1parse -info
On 06/30/2011 11:25 AM, James Berry wrote:
Hi:
I need to sign a challenge string using the private key present on a
smartcard. The smartcard has a PKCS11-compliant library and I have
been able to open the card etc with the PKCS11 driver.
Now I would like to sign a message in PKCS7 format t
On 04/13/2011 07:16 PM, luis hernandez wrote:
Hi
I do not know if you have talk about this here, but I can not find the
answer.
How to translate a command line commandt to a c++ code?
For instance if at commandd prompt i do this: openssl x509 -inform DER
-in cert.cer
There is no single op
For what I understood recently (I had to work a bit with it), the macro
IMPLEMENT_ASN1_FUNCTIONS will expand (macro usage is quite heavy in
OpenSSL) to provide a number of functions for the struct KDC_PRINCNAME,
such as KDC_PRINCNAME_i2d, KDC_PRINCNAME_d2i, etc.
The magic works so that you d
Hi all.I'm using OpenSSL 1.0.0a and I need to produce some different kinds of
signed PKCS7; in particular, I'm trying hard to change the signature algorithm
to sha256-with-rsa (sha256WithRSAEncryption, OID.1.2.840.113549.1.1.11).The
output (parsed with asn1parse command) shall be like in the fol
On Wed, Jul 29, 2009 at 06:51:13PM +0530, joshi chandran wrote:
> FIPS_NON_FIPS_MD_Init(MD5)
> {
> c->A=INIT_DATA_A;
> c->B=INIT_DATA_B;
> c->C=INIT_DATA_C;
> c->D=INIT_DATA_D;
> c->Nl=0;
> c->Nh=0;
> c->num=0;
> return 1;
> }
>
> I cann
Hi All,
I'm having a bit of an issue with OpenSSL and "blank" shells. This is
kind of a cross-product issue, but I'll do my best to describe.
Basically, I'm working with a product called RealBasic. It has a
SHELL class that allows direct access to the local system's shell
(whether it be
Hi,
On Tue, Mar 31, 2009 at 05:29:15PM +0200, Dirk Reske wrote:
> We need to put some extra informations (simple strings) into the
> certificates (e.g. year of birth, ...).
> I have looked around the internet, but don't really find any usefull stuff.
define a private extension. See RFC3280, sect
Hi All,
I am working on my first openssl program and it is driving me a tad crazy.
I found this article online: http://www.linuxjournal.com/article/4822 and
thought I would use that as a starting point. So I compiled the sourcecode
and everything seemed to be going smoothly until I ran it.
Some additional information for the INSTALL.W32 file in 0.9.7d...
Updated INSTALL.W32 Installation Notes 2004/04/20
The Windows 98 and NT 4 DDK's are no longer available from MSDN as far as I
could see, however you can download ml.exe as part of the Visual C++ 6.0
Processor Pack which is a free
i ported the cert.sh to work on win32 ( windows 95, 98, ME, 2k, XP ) isnt that great !
just use that here is the location for the script
http://members.fortunecity.net/adityald/ssh-scripts
does any one know how do i submit them to openssl contrib list at openssl.org
-aditya
my email address
On Mon, 7 Oct 2002, Boyle Owen wrote:
> First off, you might be better posting this on the apache list
> (http://httpd.apache.org/userslist.html) since I think this primarily a
> server issue (or maybe mod_ssl) - not really openSSL...
Thanks. I'll go there today.
> What is happening is that th
Is this the right place to ask questions about the bugbear worm?
On a Sun box, we upgraded openssl to 0.9.6g because of the potential
for the whole bugbear attack... I realize it's apparently targeted
at linux, but better safe then sorry... well, we've started getting
hit with what we think may
Title: Got a minute? Openssl/Windows 2000 CA interop
I looked all around the net, and the one document I found
http://www.cise.ufl.edu/depot/doc/openssl/openssl.txt (or the openssl.txt)
That talks about unsupported subjectAltName tags.
So, following those instructions, I've included the
ie today"
http://cygnus.ncohafmuta.comhttp://www.intergrafix.net
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
On Mon, 20 Sep 1999, Admin Mailing Lists wrote:
> Hi, I'm just starting to run apache 1.3.9 with v1.3.7 of the apache-ssl
> patch, an
Hi, I'm just starting to run apache 1.3.9 with v1.3.7 of the apache-ssl
patch, and openssl 0.9.4
This is all on Caldera Linux, 2.2.10 kernel
I've BEEN running Netscape Fasttrack for a while now..which has built in
SSL support.
I have SSL certificates with my Netscape server, how specifically wo
Ok, first off I would like to let you all know Im new to this hehe. Ok,
the problem I have is this..I used to run another webhosting company that
sorta had its bad times. I didnt do much of the technical part of
anythign which Im sorta stuck doing now .. The box Im using already has
Secure Serve
44 matches
Mail list logo
