ber 22, 2009 6:20 AM
To: openssl-users@openssl.org
Subject: Newbie questions: extracting public key's exponent and modules.
Hi All,
Here is the part of the code that was previously developed. The code
successfully extract a public key from some secure server, now I like to
know how to extract th
Hi All,
Here is the part of the code that was previously developed. The code
successfully extract a public key from some secure server, now I like to
know how to extract the exponent and modules of the public key
(rsa_public_key).
EVP_PKEY *public_key = NULL;
RSA *rsa_public_key =
If you need to create a PGP key, OpenSSL does not do this. The
package you're looking for is GNU Privacy Guard, or gnupg, available
from http://gnupg.org/.
-Kyle H
On Fri, Jun 19, 2009 at 11:08 AM, Bizhan Gholikhamseh
(bgholikh) wrote:
> Hi,
> Thanks for yor help.
>> Are you doing this for a cer
Hi,
Thanks for yor help.
> Are you doing this for a certificate request?
No this is part of creating public and private key to exchange secure
information on line.
>
> openssl genrsa -des3 2048 > mykey.key
> openssl req -new -key mykey.key -sha256
I have more questions:
1- After issuing above com
Are you doing this for a certificate request?
openssl genrsa -des3 2048 > mykey.key
openssl req -new -key mykey.key -sha256
I do not believe that OpenSSL implements CAST. (the -des3 tells it to
use triple-DES; you can instead use -aes256 to use AES at 256 bits.)
-Kyle H
On Thu, Jun 18, 2009 at
HI
I have never used openssl and need to get some info quickly.
I greatly appreciate if you could help me out by providing me exact
command syntax.
I am suppose to create "2048-bit RSA PGP private & public key pair".
With a preferred CAST cipher and SHA-2 256 hash.
Could I use openssl to do this
On January 6, 2009 12:20:47 pm Richard Lichvar wrote:
> A newbieto OpenSSL here. (Mainly used to using 3rd party authorities.)
> Not very good at command line stuff either.
>
>
>
> 1. Cert request generated from IIS 6 but it is against the default
> website with .txt extension. Can a cert be
A newbieto OpenSSL here. (Mainly used to using 3rd party authorities.)
Not very good at command line stuff either.
1. Cert request generated from IIS 6 but it is against the default
website with .txt extension. Can a cert be generated using this request?
2. Used the example in CA.p
Much appreciated Endhy.
Garyc
--- Endhy Aziz <[EMAIL PROTECTED]> wrote:
> I wrote :
> "One of the chapter, "Designing With SSL" may help
> ".
>
> Should be :
> One of the chapter, "Coding With SSL" may help
>
> Regards,
>
> --Endhy
>
>
>
>
>
> >
>
__
I wrote :
"One of the chapter, "Designing With SSL" may help ".
Should be :
One of the chapter, "Coding With SSL" may help
Regards,
--Endhy
See "SSL and TLS" by Eric Rescorla. It describes SSL protocol completely,
including how to program with SSL. One of the chapter, "Designing With SSL"
may help you.
--Endhy
Excellent Chas.
Thanks,
Garyc
--- "Chas." <[EMAIL PROTECTED]> wrote:
> When I get back to my house this evening I will send
> you the file. Will that
> be alright?
>
> Chas.
>
> On 5/23/07, gary clark <[EMAIL PROTECTED]>
> wrote:
> >
> > Hey Chas,
> >
> > You dont happen to know the link. Did a
When I get back to my house this evening I will send you the file. Will that
be alright?
Chas.
On 5/23/07, gary clark <[EMAIL PROTECTED]> wrote:
Hey Chas,
You dont happen to know the link. Did a quick search
and just got the pdf with just the first 5 chapters?
Much appreciated,
Garyc
--- "Ch
Hey Chas,
You dont happen to know the link. Did a quick search
and just got the pdf with just the first 5 chapters?
Much appreciated,
Garyc
--- "Chas." <[EMAIL PROTECTED]> wrote:
> I believe a PDF is available for free on the
> Internet. I googled for it a
> few weeks ago thinking I would find a
I believe a PDF is available for free on the Internet. I googled for it a
few weeks ago thinking I would find an abstract of it and instead found the
entire book.
Chaz
On 5/23/07, gary clark <[EMAIL PROTECTED]> wrote:
Hey Mark,
Yep I think your right. Ordered the Network
Security with OpenSSL
Hey Mark,
Yep I think your right. Ordered the Network
Security with OpenSSL book.
Thanks,
Garyc
--- Mark <[EMAIL PROTECTED]> wrote:
> Hi,
>
> > I downloaded and installed open-ssl on a windows
> > environment. I then used the openssl application
> to
> > start the s_client and s_server.
> >
Hi,
> I downloaded and installed open-ssl on a windows
> environment. I then used the openssl application to
> start the s_client and s_server.
>
> I ran the client and server with the following
> commands. I then attempted to connect my client to the
> s_server. I managed to connect to the serv
Hello,
I downloaded and installed open-ssl on a windows
environment. I then used the openssl application to
start the s_client and s_server.
I ran the client and server with the following
commands. I then attempted to connect my client to the
s_server. I managed to connect to the server but
fail
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rocky S schrieb:
> 1) I have installed openssl sources. In the certs directory,
> there are various certificates. I looked at a couple of
> them - aol1.pem & vsign1.pem.
>
> The vsign1.pem starts with
[...]
> The aol1.pem directly starts with BEGIN_C
I am a newbie with both openssl & security in general. So excuse me if my
questions are naive.
1) I have installed openssl sources. In the certs directory,
there are various certificates. I looked at a couple of
them - aol1.pem & vsign1.pem.
The vsign1.pem starts with
subject=/C=US/O=VeriSign, I
Thanks Kyle. I had not been aware of the "registration authority"
option.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kyle Hamilton
Sent: Monday, 3 April 2006 2:21 p.m.
To: openssl-users@openssl.org
Subject: Re: Newbie questions : 2 issues r
On 4/2/06, Davidson, Brett (Managed Services) <[EMAIL PROTECTED]> wrote:
> I can set the Cisco certificate to authenticate to the W2K domain.
> That's reasonably simple.
> Deciding what to do about things after that gets a little interesting
> but that's another topic... :-)
>
> The anonymous conne
e-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kyle Hamilton
Sent: Monday, 3 April 2006 11:26 a.m.
To: openssl-users@openssl.org
Subject: Re: Newbie questions : 2 issues relating to interaction between
Linux, Windows 2000 and Cisco.
The Cisco also needs to be exempted from
I take it that the easiest solution is to establish a
certificate-authenticated VPN instead then?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kyle Hamilton
Sent: Monday, 3 April 2006 11:26 a.m.
To: openssl-users@openssl.org
Subject: Re: Newbie
The Cisco also needs to be exempted from the "authenticated domain
members" rule, unless you can set its identifying certificate up as
authenticatable to the domain. (You are authenticating against the
Windows 2000 domain, correct?)
There are known issues with restricting access to known machines
Title: Message
First some
background.
First issue: I'm
wanting to establish certificate-driven, IPSec-based authentication and
access on my local LAN. Participants are mainly Windows XP machines (including
some laptops via wireless access points which started this process) and a SUSE
Linu
Hi there,
Your second question happens to concern what I'm working on right now.
Sometimes rather than developping an application "on top" (think layer
architecture) of OpenSSL, you might want to give your application
control over the network access but still use OpenSSL as a security
module
ovember 19, 2005 3:46 PM
To: 'openssl-users@openssl.org'
Subject: RE: a couple of newbie questions regarding ssl lib
I'm far from an expert, but your flow below seems mostly right. What you
describe is how we have used SSL in our application. We do not use BIOs for
a number of reasons
: Saturday, November 19, 2005 1:46 PM
To: openssl-users@openssl.org
Subject: a couple of newbie questions regarding ssl lib
dear all:
i am new to the open ssl library, after a couple of days source code
reading, my understanding is that one can either use bio (come with the open
ssl lib) or stand
On Sat, Nov 19, 2005, Chong Peng wrote:
>
> dear all:
>
> i am new to the open ssl library, after a couple of days source code
> reading, my understanding is that one can either use bio (come with the open
> ssl lib) or standard socket interface to connect ssl protocol to the
> underlying tcp pr
dear all:
i am new to the open ssl library, after a couple of days source code reading,
my understanding is that one can either use bio (come with the open ssl lib) or
standard socket interface to connect ssl protocol to the underlying tcp
protocol, if i would like to use standard socket to do
Hello there,
I have some queries in SSL,
[#]. Do I need to sign the certificate from some CAs, before making use of
SSL in local network?
[#]. How does the client verify the server's certificate?
Any help will be highly appreciated.
Thanks
-Rohan
__
Exactly right!
"openssl s_client -CAfile demoCA/cacert -connect server.net:443"
This returns no errors.
However, I still get the following when I try to connect from Mozilla.
"The connection was refused when trying to contact 192.168.1.103"
Stupid me! I was using "http://";! It works perfectly wi
On Tue, Sep 14, 2004, Steve Ankeny wrote:
> Here's the commands I used to create my own CA and my own certificate
> and key
>
> "CA.pl -newca"
> "CA.pl -newreq"
> "CA.pl -signreq"
>
> Everything went well (no errors), and I wound up with newcert.pem and
> newreq.pem (as well as cacert.pem
Here's the commands I used to create my own CA and my own certificate
and key
"CA.pl -newca"
"CA.pl -newreq"
"CA.pl -signreq"
Everything went well (no errors), and I wound up with newcert.pem and
newreq.pem (as well as cacert.pem as expected).
I renamed newcert.pem and newreq.pem to help i
Very good suggestions! Thanks
I will not have time to try these until this evening, but I will report
any errors, etc. You guys are the best.
Dr. Stephen Henson wrote:
On Sat, Sep 11, 2004, Steve Ankeny wrote:
Sorry about the html
First of all, I am using Mozilla. I never use IE
What ve
On Sat, Sep 11, 2004, Steve Ankeny wrote:
> Sorry about the html
>
> First of all, I am using Mozilla. I never use IE
>
What version of Mozilla are you using? If you have a newer version then you
will have an "Import" button. You select Edit->Preferences->Private &
Security->Certificates.
Sorry about the html
First of all, I am using Mozilla. I never use IE
Secondly, every time I try to import the 'server.crt' it complains that
it is not in 'pkcs12' format.
Thirdly, the CA.pl "guides" are just as confusing as the OpenSSL guides.
I have yet to find a clear-cut description of
On Sat, Sep 11, 2004, Steve Ankeny wrote:
Please don't post in HTML.
As to your query. This is much easier if you follow the CA.pl instructions.
Some "guides" suggest you do all manner of strange and in some cases insecure
things.
You do *not* import the server private key and certificate into t
Here's what I did
Command
Usage
openssl genrsa -des3 -out ca.key 1024
Created key for my own CA
Remained in /etc/ssl
openssl req -new -x509 -days 3650 -key ca.key
-out ca.crt
Created the CA certifica
Hi Steve,
Here are a couple books that helped me understand SSL and the X.509
security model:
Network Security with OpenSSL, ISBN 059600270X
Planning for PKI, ISBN 0471397024
Joe
On Sep 10, 2004, at 1:17 PM, Steve Ankeny wrote:
I am designing a secure webserver for use in a small company. The
I am designing a secure webserver for use in a small company. The
connection must be secure.
My plan is to use SSL/TLS and 'AuthConfig/htpasswd' to make the
connections. I have reviewed various explanations of how to create my
own Certificate Authority and how to create both server and clien
On Wed, Apr 07, 2004, Spencer Yost wrote:
> First, as to my previous question: Thanks to Dr Hanson for figuring out my
> sender sent a file with an extra data(really a second message) stuck on the
> end.
>
> I'll cut to the chase: I need to come up with a set of openssl commands
> that will de
First, as to my previous question: Thanks to Dr Hanson for figuring out my sender
sent a file with an extra data(really a second message) stuck on the end.
I'll cut to the chase: I need to come up with a set of openssl commands that will
decrypt and verify an incoming SMIME message and just e
Hi
I have some easy (I hope) questions:
I wrote a multithreaded ftp bouncer in c++
So far everything works
But if I use certain ftp clients (for example flashfxp v2.1.923) sometimes
some bytes disappear
And if I transfer a textfile, there is a "?" at every lineend
The datafiles are not corrupted ev
Hi -
I am working on a perl SSL wget type program, and I have a few questions
regarding certificate authentication. I am sorry if these are silly
questions; I have been trying to find documentation for quite some time and
cant seem to find anything. So my questions are, basically, how do I set
Hi,
I've had a look around, and found some vague hints about OpenSSL
programming, but, I don't really understand the concepts of SSL. Is there
a nice simple document describing the concepts of SSL? A FAQ, with
questions such as "why so many crypto things", "is all the crypto
necessary for an SSL
Hello,
Many thanks to all who answered my questions. I'm on the way to install ssh.
Best regards,
Serban
On Mon, Nov 01, 1999 at 12:01:59PM +, Pete Chown wrote:
> On Fri, Oct 29, 1999 at 02:33:41PM -0100, Serban Udrea wrote:
>
> > This mail is mainly focusing on SSLtelnet which I intend
SSH is nice, but I would also like to build SSL-telnet, and ran into the
same problem. Is anyone maintaining SSL telnet? Has anyone gotten an
SSL-enabled telnet to build against a recent version of OpenSSL?
-Mike Slass
WRQ, Inc.
"Dr. Greg Quinn" wrote:
>
> What about SSH instead?
>
> On Fri
49 matches
Mail list logo