But when you sing with your public key, and encrypt with your public key,
how will he decrypt it if he does not have your private key?
so when u do 2) it should be
2) openssl-0.9.7 smime -encrypt -in mail.msg -outform
der -out encrypted.der -aes256 hiscert.pem
is what I felt...
El hallabi-Kettani
El hallabi-Kettani Abderrahmane schrieb:
try this :
openssl smime -sign -in ml.txt -signer mycert.pem
-text
| openssl smime -encrypt -outform der -out
mail.der -aes256 mycert.pem
I'm afraid this doesn't work either. The first command expects a private
key (-inkey) and it
--- Alok [EMAIL PROTECTED] a écrit :
But when you sing with your public key, and encrypt
with your public key,
how will he decrypt it if he does not have your
private key?
you sign with the private key existed in mycert.pem or
in a separate file priv_key.pem , after you use this
private
--- Lars [EMAIL PROTECTED] a écrit :
El hallabi-Kettani Abderrahmane schrieb:
try this :
openssl smime -sign -in ml.txt -signer mycert.pem
-text
| openssl smime -encrypt -outform der -out
mail.der -aes256 mycert.pem
I'm afraid this doesn't work either.
I think there is a reason why you cant encrypt a message without 1st
signing it using smime
By your logic, any preshared key would do the trick , why bother with
the cert ?
(in other words, hiscert or mycert, if all you are doing is using it as
a key to some encoder, why bother with certs)??
--- Alok [EMAIL PROTECTED] a écrit :
I think there is a reason why you cant encrypt a
message without 1st
signing it using smime
By your logic, any preshared key would do the
trick , why bother with
the cert ?
(in other words, hiscert or mycert, if all you are
doing is using it as
El hallabi-Kettani Abderrahmane wrote:
--- Alok [EMAIL PROTECTED] a écrit :
I think there is a reason why you cant encrypt a
message without 1st
signing it using smime
By your logic, any preshared key would do the
trick , why bother with
the cert ?
(in other words, hiscert or mycert, if all
Not correct.
You sign the message with YOUR private key. The signature is verified by
the recipient using your certificate which is issued by a CA.
If you are also enveloping, then the data is encrypted under a one-shot
symmetric key, and this symmteric key is then encrypted using the public
Hi Alok,
this really helped, thank you very much. The verification of my
signature still doen't work but I think that is another problem.
Thanks again, to all of you.
Lars.
Alok schrieb:
Try this:
1. Create a file text.text with some content
2. Do openssl smime -in text.txt -sign -signer
Thanks,
something I would appreciate if you could clarify:
David C. Partridge wrote:
Not correct.
You sign the message with YOUR private key. The signature is verified by
the recipient using your certificate which is issued by a CA.
agreed,
If you are also enveloping, then the data is
The one shot symmetric key is purely random.
No it's not a function of anyone's private or public key.
Once generated, it is encrypted using the public key of the recipient and
included with the message. If multiple recipients, the same key is used to
encrypt the data, and for each recipient it
--- Alok [EMAIL PROTECTED] a écrit :
El hallabi-Kettani Abderrahmane wrote:
--- Alok [EMAIL PROTECTED] a écrit :
I think there is a reason why you cant encrypt a
message without 1st
signing it using smime
By your logic, any preshared key would do the
trick , why bother with
David C. Partridge wrote:
The one shot symmetric key is purely random.
how?
No it's not a function of anyone's private or public key.
then it is open to man in the middle
Once generated, it is encrypted using the public key of the recipient and
included with the message.
but then if i do
Not at all, there's no man in the middle issue at all because the
certificates which are issued by a trusted TP g'tee the ownership of the
public key.
The logic goes like this:
You generate a random DES key known only to you. Let's call this KDE
You use this to encrypt the data. Lets call
Alok wrote:
David C. Partridge wrote:
Once generated, it is encrypted using the public key of the recipient and
included with the message.
but then if i do something like
DES(key=hispubkey(data=somerandom))
i can always decrypt if i know hispubkey.
NO! Look, Alok, it's painfully obvious that
Not at all, there's no man in the middle issue at all because the
certificates which are issued by a trusted TP g'tee the ownership of the
public key.
The logic goes like this:
You generate a random DES key known only to you. Let's call this KDE
You use this to encrypt the data. Lets call this
/PhilipPainter
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alok
Sent: 23 September 2004 16:25
To: [EMAIL PROTECTED]
Subject: Re: signedandenveoped + encryption from commandline
Not at all, there's no man in the middle issue at all because
/PhilipPainter
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alok
Sent: 23 September 2004 16:25
To: [EMAIL PROTECTED]
Subject: Re: signedandenveoped + encryption from commandline
Not at all, there's no man in the middle issue at all because
18 matches
Mail list logo
