Hi,
If I have the signature generated, how do I convert the p7 into a DER string
without writing out to a file? How do I know the size of the buffer to prepare?
Thanks
--
(~._.~) Öì Ⱥ Ó¢ (Qun-Ying) (65) 874-6743
( O )
()~*~()
(_)-(_)[EMAIL PROTECTED] * [EMAIL PROTECTED]
_
No idea how to do it, but seems useful. Anyone have
any pointers?
Perhaps I should look at the IO::Socket::SSL code
for ideas on how to deal with this? If anyone
wants to submit a patch for Crypt::SSLeay to make this
work, please feel free. What's the expected API
here, some file on disk wit
Dr S N Henson wrote:
> Well it doesn't have to be a file. Any BIO will do.
>
> The S/MIME API doesn't currently have an init/update/final equivalent
> though.
>
I am facing a problem here: the decrypted data is stored in some strange format
(beyond my control), and I have to read in the data i
Dr S N Henson wrote:
>
> Michael Sierchio wrote:
> >
> > The man page at www.openssl.org seems to imply that this supports
> > signing,
> > but this fails:
> >
> > openssl dgst -dss1 -sign privkey.pem test.txt
> > unknown option '-sign'
> >
> > Is there an example of using the ope
Michael Sierchio wrote:
>
> The man page at www.openssl.org seems to imply that this supports
> signing,
> but this fails:
>
> openssl dgst -dss1 -sign privkey.pem test.txt
> unknown option '-sign'
>
> Is there an example of using the openssl app to create DSS1 signatures?
> Tha
If you get an error result from either SSL_connect or SSL_accept you should
call SSL_get_error. This can give you a number of different results
indicating such things as remote end closing connection, system error, ssl
protocol error, write blocked or read blocked. In the case of the last two
you
Hopefully you are doing add_ssl_algorithms(..) (and a helpful
SSL_load_error_strings(..)) in the beginning. Also, did you try
ERR_print_errors_fp(stdout) and see if something appears? I may be restating
the obvious here.
The usual way I detect errors is to do a SSL_get_error(..) and do a
switch-c
Hi, all -
I am trying to write both sever/client that using non blocking socket.
I am not using BIO based read/write. Here is what my code look like - The
code is almost
same as the serv.cpp and cli.cpp under demos/ssl, except I am seting non
blocking
option (O_NONBLOCK)
SERVER:
The man page at www.openssl.org seems to imply that this supports
signing,
but this fails:
openssl dgst -dss1 -sign privkey.pem test.txt
unknown option '-sign'
Is there an example of using the openssl app to create DSS1 signatures?
Thanks.
___
Is there any way to free the error messages that get loaded by OpenSSL? I
can't seem to find any cleanup or unload call anywhere.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
> 'u's meaning is left up to the callback. It could be a prompt phrase a
> window handle or ignored. It was added because there was a
> need to send
> info to the callback.
I do nothing with u yet... I'm just hard-coding the passphrase till I can
get something to work.
> There is an additional
Steve,
X509_NAME_add_entry_by_NID() is not available in OpenSSL-0.9.4 and I'm
limited
to using OpenSSL-0.9.4 for this project.
Since the subject name I'm trying to build is always built from a valid
X500 directory name, is it safe to assume V_ASN1_PRINTABLESTRING as the
type?
Thanks for the h
Soory to bother again.
I have a certificate from verisign, but what is the CA of versign, and how
ca i get it?
thanks
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Hiya,
Michael Wojcik wrote:
> How do you select a "random bit" of a message if you don't have a source of
> randomness in the first place? From a cryptographic perspective, you'd best
> assume an attacker knows which bit of the message you're using, even without
> knowing what the message conta
Joshua or anyone who can fill me in,
I'm having a heck of a time trying to figure out an easy way to use a client
key/cert with a simple https POST. I've got a relatively short chunk of code
that posts data to a CGI (sitting on a https enabled server) and it works
beautifully. Now I need to
Hi,
I got problems with "unable to load config info", I read the Diagnostics
section and know the reason is that it is can't find the configuration file.
But how to fix this bug?
Thanks in advance.
Dean,
__
OpenSSL Project
David Ahrens wrote:
>
> Hi,
>
> I'm using openssl to generate a certificate request.
> When I try to build the subject name from a given DN, there are problems
> with the DER encoding.
>
>I've attached a code fragment and the resulting PEM encoded certificate
> request.
>
Not sure wh
> -Original Message-
> From: Gregory Nicholls [mailto:[EMAIL PROTECTED]]
> The data I need to encrypt is your basic bit of user data going from
> system A to system B. Now given that the whole point of encrypting this
> is to prevent someone from reading the data, is there any reason why
Randall Ward wrote:
>
> Thanks for such a fast reply. I think that I'm still missing something about
> the parameters to PEM_read_PrivateKey and the callback.
>
> Based on what I learned from a posting from a few days ago, I am calling
> PEM_read_PrivateKey(fp, x, cb, u) where the parameters are
Hi,
I'm using openssl to generate a certificate request.
When I try to build the subject name from a given DN, there are problems
with the DER encoding.
I've attached a code fragment and the resulting PEM encoded certificate
request.
-Dave
<> <>
certRqst.c
req_test.pem
Thanks for such a fast reply. I think that I'm still missing something about
the parameters to PEM_read_PrivateKey and the callback.
Based on what I learned from a posting from a few days ago, I am calling
PEM_read_PrivateKey(fp, x, cb, u) where the parameters are:
fp: file pointer
x: pointer fo
Hiya,
I've read the past items on this list, looking for a good non-interactive source of
entropy for the PRNG. Now I've a (possibly very) stupid question. The data I need to
encrypt is your basic bit of user data going from system A to system B. Now given that
the
whole point of encrypting
Julio Cesar de Melhado e Lima <[EMAIL PROTECTED]> writes:
> Hiya,
>
> I'm using ssl0.9.5a on Solaris 8.
> I want to create a RSA private key for my Apache server (will be Triple-DES encrypted
> and PEM formatted):
> But, when I ran the command :
>
> ./openssl genrsa -rand -des3 -out server.key
You need to have a source for the -rand flag.
My solution was to use egd and create a file of sufficent length full of
random data.
then the command line was:
openssl genrsa -rand -des3 1024 > server.key
or
openssl genrsa -rand -des3 -out server.key 1024
Hope that helps.
Travis Theune
* Juli
Can anyone think of any problems I might encounter compiling openSSL with VC
6.0 using /MT compile option (link static runtime libraries), rather than
/MD compile option (link shared runtime libraries)? Thanks,
Dennis Kennedy
__
You're right, it's an alternative. I've just choosed to do it through the script.
Peter Sylvester wrote:
> >
> > I intalled a CA cert using a Perl script like this:
> >
> ...
>
> > AND IT WORKED!!
> >
> On a server on unix systems, yes. Not on others, you amy need to binmode the CERT.
>
> Why th
Ah excellent.
Thank you.
G.
Lutz Jaenicke wrote:
> On Wed, Sep 06, 2000 at 01:33:50PM -0400, Gregory Nicholls wrote:
> > I'm using ssl0.9.5a on Winnt. I ran openssl ciphers -v to look for a list that
> > would use ADH. All the ciphers came up with an authentication scheme, eithe
Hiya,
I'm using ssl0.9.5a on Solaris 8.
I want to create a RSA private key for my Apache server (will be Triple-DES encrypted
and PEM formatted):
But, when I ran the command :
./openssl genrsa -rand -des3 -out server.key 1024
I have the following error :
0 semi-random bytes loaded
Generating
>
> I intalled a CA cert using a Perl script like this:
>
...
> AND IT WORKED!!
>
On a server on unix systems, yes. Not on others, you amy need to binmode the CERT.
Why that script? Why don't you just associate a mime-type to the
two file extensions in your server configuration, and just put
On Wed, Sep 06, 2000 at 01:33:50PM -0400, Gregory Nicholls wrote:
> I'm using ssl0.9.5a on Winnt. I ran openssl ciphers -v to look for a list that
> would use ADH. All the ciphers came up with an authentication scheme, either RSA or
> DSS. Have I missed something ??
Yes. ADH ciphers are not
Hi All,
I am little bit confuse on the usage of the PKCS7_* functions.
If I have a file that need to be signed and I want the signed data to be
separately from the file and store else where. I follow the sign.c example, but
get lost a little bit, should I get the digest using EVP_digest*() funct
thanks Steve,
Where can I obtain dumpasn1? (openssl asn1parse is slightly easy)
> Anyway I've updated the development version to store the original
> encoding and work out signatures from that. It will now verify your
> request correctly. It will be in the next snapshot and OpenSSL 0.9.6
When
In experimenting with setting up "layers" of certificates, I have noticed
that the details for the "Issuer" in a user certificate appear to be set
incorrectly. In this exercise, I have a root CA, email CA (signed by the
root CA) and a user certificate (signed by the email CA). In the user cert.,
Try
http://www.redhat.com/mirrors/LDP/HOWTO/mini/Apache%2BSSL%2BPHP%2Bfp.htm
Haven't had the nerve to try and compile FrontPage into Apache-SSL
myself, but apparently it can be done.
Regards
Peter Rose
In message <[EMAIL PROTECTED]>, Brock
Noland <[EMAIL PROTECTED]> writes
>
>
>I was wonderi
34 matches
Mail list logo
