On 07/20/2011 12:45 PM, Gaglia wrote:
> ...
Feedbacks always appreciated, in case somebody has further investigated
the issue :)
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
On 07/16/2011 07:13 PM, y...@inbox.lv wrote:
> ...
So everybody here seems to agree that steps 1)...7) I listed in the
first post are correct, and that the problem in EC management lies in
OpenVPN, right?
__
OpenSSL Project
sha256 worked. (both for dgst and for req)
If i understand correctly, ECDSA algorithm only needs hash as a
defined length
bitstring, so adapting ripemd in place of sha1 should have been
easier than
sha256 (because ripemd has the same length as sha1, sha256 is
longer).
Citējot *Dr. Stephen
On Sat, Jul 16, 2011, y...@inbox.lv wrote:
>
> openssl dgst -ripemd160 -sign ec5_ca.key shr.o.txt
> WARNING: can't open config file: /usr/local/ssl/openssl.cnf
> Error setting context
> 5664:error:100C508A:elliptic curve routines:PKEY_EC_CTRL:invalid
> digest type:.c
> ryptoecec_pmeth.c:229
On 07/16/2011 06:50 AM, y...@inbox.lv wrote:
> openssl dgst -ripemd160 -sign ec5_ca.key shr.o.txt
> WARNING: can't open config file: /usr/local/ssl/openssl.cnf
> Error setting context
My premise is that we are considering only OpenSSL v 1.0.0. Under this
condition, as I wrote in the first post,
openssl dgst -ripemd160 -sign ec5_ca.key shr.o.txt
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Error setting context
5664:error:100C508A:elliptic curve routines:PKEY_EC_CTRL:invalid
digest type:.c
ryptoecec_pmeth.c:229:
Also, in documentation on pkeyutl program is mentioned,
On Fri, Jul 15, 2011 at 5:36 PM, Kyle Hamilton wrote:
> On Fri, Jul 15, 2011 at 10:32 AM, Gaglia wrote:
>> On 07/15/2011 08:23 AM, Kyle Hamilton wrote:
>>> ...
>>
>> Excuse me, I got lost somewhere... Does this mean that it is not
>> possible to use EC crypto with OpenSSL because the algorithms a
On 07/15/2011 05:36 PM, Kyle Hamilton wrote:
> ...
>
> EC is considered to be a patent minefield. Some people (RSA Data
> Security) say that it's possible to implement EC cryptography using
> different types of algorithms which are not covered by the patents.
> Other people (Bruce Schneier, US NSA)
On Fri, Jul 15, 2011 at 10:32 AM, Gaglia wrote:
> On 07/15/2011 08:23 AM, Kyle Hamilton wrote:
>> ...
>
> Excuse me, I got lost somewhere... Does this mean that it is not
> possible to use EC crypto with OpenSSL because the algorithms are
> patented? If so, why OpenSSL does provide support to EC c
On Fri, Jul 15, 2011, y...@inbox.lv wrote:
>
> Version of ECDSA available in openssl 1.0.0d supports only SHA1.
> (maybe there are patches, which adds other hash functions, but
> default build on win32 supports only sha1).
What makes you think that? OpenSSL 0.9.8 only supports SHA1 with ECDSA
Version of ECDSA available in openssl 1.0.0d supports only SHA1.
(maybe there are patches, which adds other hash functions, but
default build on win32 supports only sha1).
ECDH and ECDSA are not guaranteed to use the same curve. At least
with s_server curve for ECDSA is specified in certifica
On 07/15/2011 08:23 AM, Kyle Hamilton wrote:
> ...
Excuse me, I got lost somewhere... Does this mean that it is not
possible to use EC crypto with OpenSSL because the algorithms are
patented? If so, why OpenSSL does provide support to EC crypto?
Sorry, I don't want to start a religion war, but as
On Thu, Jul 14, 2011 at 3:35 PM, Jeffrey Walton wrote:
On Thu, Jul 14, 2011 at 6:22 PM, Kyle Hamilton wrote:
Dismissed or withdrawn? It seems to me Certicom stopped bitting a hand
that feeds it.
Jeff
Looking at the docket, it looks like they reached an agreement to dismiss
without prejudi
On Thu, Jul 14, 2011 at 6:22 PM, Kyle Hamilton wrote:
> ECDSA is the elliptical curve (discrete-logarithm-based) variant of DSA, the
> Digital Signature Algorithm. DSA was developed by the US National Security
> Agency as a means of creating prime-factorization-based signatures without
> providin
ECDSA is the elliptical curve (discrete-logarithm-based) variant of DSA, the
Digital Signature Algorithm. DSA was developed by the US National Security
Agency as a means of creating prime-factorization-based signatures without
providing code paths which would permit the encryption of arbitrary
On 07/11/2011 05:27 AM, y...@inbox.lv wrote:
> When i searched on it, it seemed that ECDH requires specified named
> curve
You need to specify the curve's name, like this:
openssl ecparam -name sect571k1
but this should only be done in the parameters generation stage, the
generated cer
When i searched on it, it seemed that ECDH requires specified named
curve, and openVPN does not have a means of specifying it. Also, it
seems that ECDSA works only with SHA-1 (I also would like to know,
why it cannot take any 160 bit hash). I searched about it few weeks
ago and relevant messa
On 07/05/2011 03:23 PM, Gaglia wrote:
> I'm trying to make an OpenVPN setup with Elliptic Curves cryptography
> and SHA-512 on Linux Debian.
No idea anybody, really? :(
__
OpenSSL Project http://www
Hi, first of all please accept my apologizes, I know this is a question
more related to OpenVPN, but I think that the problem lies in the cert
authority and client/server certificate generation step with OpenSSL, so
I'm also posting it here, hoping for a solution.
I'm trying to make an OpenVPN set
19 matches
Mail list logo