ward
that
would allow reading and writing to a key store while only
using
the
fips provider?
Thanks,
Zeke Evans
Micro Focus
-Original Message-
From: openssl-users On
Behalf
Of
Dr Paul Dale
Sent: Tuesday, January 26, 2021 5:22 PM
To: openssl-users@openssl.org
Subject: Re: PKCS12 APIs wi
If that is a hypothetical context, what context is the official design
goal of the OpenSSL Foundation for their validation effort?
On 2021-01-28 11:26, Tomas Mraz wrote:
This is a purely hypothetical context. Besides, as I said below - the
PKCS12KDF should not be used with modern PKCS12 files.
This is a purely hypothetical context. Besides, as I said below - the
PKCS12KDF should not be used with modern PKCS12 files. Because it can
be used only with obsolete encryption algorithms anyway - the best one
being 3DES for the encryption and SHA1 for the KDF.
Tomas
On Thu, 2021-01-28 at 11:08
rd
that
would allow reading and writing to a key store while only
using
the
fips provider?
Thanks,
Zeke Evans
Micro Focus
-Original Message-
From: openssl-users On
Behalf
Of
Dr Paul Dale
Sent: Tuesday, January 26, 2021 5:22 PM
To: openssl-users@openssl.org
Subject: Re: PKCS12 APIs with fips
low
> > > > > PKCS12KDF in the default provider as well as the crypto
> > > > > methods
> > > > > in
> > > > > the fips provider? I have tried "provider=default,fips=yes"
> > > > > but
> > > > >
Message-----
From: openssl-users On Behalf
Of
Dr Paul Dale
Sent: Tuesday, January 26, 2021 5:22 PM
To: openssl-users@openssl.org
Subject: Re: PKCS12 APIs with fips 3.0
I'm not even sure that NIST can validate the PKCS#12 KDF.
If it can't be validated, it doesn't belong in the FIPS provider.
Paul
karound for
>>> reading in PKCS12 files in order to maintain backwards
>>> compatibility. Is there a recommended method going forward that
>>> would allow reading and writing to a key store while only using the
>>> fips provider?
>>>
>>> Thanks,
>&
round
> > > for
> > > reading in PKCS12 files in order to maintain backwards
> > > compatibility. Is there a recommended method going forward that
> > > would allow reading and writing to a key store while only using
> > > the
> > > fips prov
anks,
Zeke Evans
Micro Focus
-Original Message-
From: openssl-users On Behalf Of
Dr Paul Dale
Sent: Tuesday, January 26, 2021 5:22 PM
To: openssl-users@openssl.org
Subject: Re: PKCS12 APIs with fips 3.0
I'm not even sure that NIST can validate the PKCS#12 KDF.
If it can't be validated
That works. Thanks!
-Original Message-
From: openssl-users On Behalf Of Dr Paul
Dale
Sent: Tuesday, January 26, 2021 6:01 PM
You could set the default property query to "?fips=yes". This will prefer FIPS
algorithms over any others but will not prevent other algorithms from being
ward that would allow reading and writing to a key
store while only using the fips provider?
Thanks,
Zeke Evans
Micro Focus
-Original Message-
From: openssl-users On Behalf Of Dr Paul
Dale
Sent: Tuesday, January 26, 2021 5:22 PM
To: openssl-users@openssl.org
Subject: Re: PKCS12 A
nuary 26, 2021 5:22 PM
To: openssl-users@openssl.org
Subject: Re: PKCS12 APIs with fips 3.0
I'm not even sure that NIST can validate the PKCS#12 KDF.
If it can't be validated, it doesn't belong in the FIPS provider.
Pauli
On 26/1/21 10:48 pm, Tomas Mraz wrote:
> On Tue, 2021-01-26 at 11:45 +00
I'm not even sure that NIST can validate the PKCS#12 KDF.
If it can't be validated, it doesn't belong in the FIPS provider.
Pauli
On 26/1/21 10:48 pm, Tomas Mraz wrote:
On Tue, 2021-01-26 at 11:45 +, Matt Caswell wrote:
On 26/01/2021 11:05, Jakob Bohm via openssl-users wrote:
On
On Tue, 2021-01-26 at 11:45 +, Matt Caswell wrote:
>
> On 26/01/2021 11:05, Jakob Bohm via openssl-users wrote:
> > On 2021-01-25 17:53, Zeke Evans wrote:
> > > Hi,
> > >
> > >
> > >
> > > Many of the PKCS12 APIs (ie: PKCS12_create, PKCS12_parse,
> > > PKCS12_verify_mac) do not work in
On 26/01/2021 11:05, Jakob Bohm via openssl-users wrote:
> On 2021-01-25 17:53, Zeke Evans wrote:
>>
>> Hi,
>>
>>
>>
>> Many of the PKCS12 APIs (ie: PKCS12_create, PKCS12_parse,
>> PKCS12_verify_mac) do not work in OpenSSL 3.0 when using the fips
>> provider. It looks like that is because
On 2021-01-25 17:53, Zeke Evans wrote:
Hi,
Many of the PKCS12 APIs (ie: PKCS12_create, PKCS12_parse,
PKCS12_verify_mac) do not work in OpenSSL 3.0 when using the fips
provider. It looks like that is because they try to load PKCS12KDF
which is not implemented in the fips provider. These
16 matches
Mail list logo