This morning I sent an email with this subject, but thanks to the wonders of
Outlook Express, the response message has somehow vanished. Could you
resend the response?
Just in case: I was wondering if using ca's and message digests was
necessary for sending an encrypted message or if it just ad
Gordon Lam Chin Ho wrote:
>
> Greg Stark,
>
> Sorry for making u confused
>
> We can create a private key by typing 'openssl rsa -noout -text -in
> server.key'. And we can use that server.key to generate a unsecure key
> by typing 'openssl rsa -in server.key -out server.key.unsecure'. Tha
I performed a clean install (read as reformat and reload) for a server
used for secure http connects this weekend using RedHat 7.0, which came
with , such that the server is running Apache 1.3.14-3 using OpenSSL
0.9.5a and mod_ssl 2.7.1-3. Prior to the upgrade, the server had been
using Apache 1.3
> xsocket(UW71|XPG4, AF_UNIX, SOCK_STREAM, 0) = 4
> Received signal #32, SIGWAITING [caught]
> xconnect(UW71|XPG4, 4, 0x08046696, 19) Err#91 ERESTART
> sigprocmask(SIG_SETMASK, 0xBFF157CC, 0x) = 0
> sigaction(SIGWAITING, 0x080460C0, 0x) = 0
> sigprocmask(SIG_SETM
Patrick,
see a security server survey at
https://secure1.securityspace.com/cgi-bin/session/docserv?doc=/s_ssurvey/data/200101/com/protciph.html
[]'s Gleison
Patrick Li wrote:
> Hi,
>
> This is a general question about SSL. I read a SSL book and it mentions
> there are still a lot of sites su
On Fri, 2 Feb 2001, John Hughes wrote:
> > I used your patch but this still does not work.
>
> Oh. What does truss(1) show now?
sigaction(SIGPIPE, 0x080466B0, 0x080466F0) = 0
xstat(2, "//.rnd", 0x080461B8) = 0
open("//.rnd", O_RDONLY, 0666) = 4
ioctl(4, TC
> I used your patch but this still does not work.
Oh. What does truss(1) show now?
--
John Hughes <[EMAIL PROTECTED]>,
CalvaEDI SA.Tel: +33-1-4313-3131
66 rue du Moulin de la Pointe, Fax: +33-1-4313-3139
75013 PARIS.
__
> You really have lost me now!
On UnixWare unix-domain sockets, like the one used for communication
with prngd or egd, look like named pipes:
$ ls -l /u/local/var/entropy
prw-rw-rw-1 root sys 0 Feb 2 16:39 /u/local/var/entropy
Crazy.
When you "connect" to the socket it doesn't use t
On Fri, 2 Feb 2001, John Hughes wrote:
> And now:
>
> $ openssl rand -out ~/.rnd -rand /u/local/var/entropy 1024
> 255 semi-random bytes loaded
I used your patch but this still does not work. Is this the second
problem?
bin/openssl rand -out /.rnd -rand /var/run/egd-pool:/var/adm/syslog 1024
Jean-Marc Desperrier wrote:
> Any large-scale commercial use of cryptlib requires a license.
> "Large-scale commercial use" means any
> revenue-generating purpose such as use for company-internal purposes, or
> use of cryptlib in an application or product,
> with a total gross revenue of over US$
Greg Stark,
Sorry for making u confused
We can create a private key by typing 'openssl rsa -noout -text -in
server.key'. And we can use that server.key to generate a unsecure key
by typing 'openssl rsa -in server.key -out server.key.unsecure'. That key
do not need to be entered a password.
You really have lost me now!
-Original Message-
From: John Hughes [mailto:[EMAIL PROTECTED]]
Sent: 02 February 2001 15:15
To: [EMAIL PROTECTED]
Subject: RE: random state, openssl.cnf and RAND_edg("/var/run/egd-pool")
> 1. in apps/app_rand.c:181 the openssl application tries to read from
"A. Konigsdorfer" wrote:
> 'Free' means something different in my eyes:
>
> 1.2 The period of this license is a hundred eighty days (180 days)
> from the moment the userdownloads the Software from Safelayer's
> web (www.safelayer.com). The use beyond this time is not permitted.
>
> The original p
The EVP stuff is in the crypto library. It is there for you if you are
building your own non-SSL crypto solution. If you are just doing SSL/TLS,
all the work has been done for you and you only need to understand the
SSL_CTX_* and SSL_* functions. Now, if you feel like looking "under the
hood" at h
ftp://ftp.lynuxworks.com/pub/contrib/utils/OpenSSL.README
James Dabbs wrote:
>
> I believe that LynuxWorks has a pre-built (or pre-configured) OpenSSL on
> their FTP site.
>
> -Original Message-
> From: Patrick Ash [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, February 01, 2001 1:19 PM
>
> 1. in apps/app_rand.c:181 the openssl application tries to read from file
>'n' regardless whether RAND_egd(n) already succeeded.
Aha.
--- app_rand.c.orig Tue Mar 14 00:54:04 2000
+++ app_rand.c Fri Feb 2 16:06:32 2001
@@ -177,8 +177,10 @@
if (*n == '\0') break;
There is an excellent book on SSL/TLS (see http://www.rtfm.com/sslbook/)
which includes many OpenSSL examples and discussions.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Andrew Arm
I believe that LynuxWorks has a pre-built (or pre-configured) OpenSSL on
their FTP site.
-Original Message-
From: Patrick Ash [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 01, 2001 1:19 PM
To: [EMAIL PROTECTED]
Subject: OpenSSL and Lynx
I have successfully (?) built OpenSSL 0.9.6
On Fri, Feb 02, 2001 at 03:24:28PM +0100, John Hughes wrote:
> > - Next step is to find out, why openssl blocks when accessing the egd-pool
> > on Unixware...
>
> Here's what's happening... (/u/local/var/entropy is my prngd socket):
>
> xsocket(FP1_XPG4, PF_UNIX, SOCK_STREAM, 0) = 3
> xconnect
I understand that both CA's and message digests add extra security in
OpenSSL, but are they required when sending an encrypted message? I saw the
example for EVP_DigestInit(3), but I don't quite follow where this step fits
in. After the client establishes the secure connection and encrypts the
m
> - Next step is to find out, why openssl blocks when accessing the egd-pool
> on Unixware...
Here's what's happening... (/u/local/var/entropy is my prngd socket):
xsocket(FP1_XPG4, PF_UNIX, SOCK_STREAM, 0) = 3
xconnect(FP1_XPG4, 3, {sin_family=AF_UNIX, path="/u/local/var/entropy"}, 22)
= 0
wr
Does anybody know of any tutotials or reference for openssl besides whats in
the man pages and the opranssl/demos directory.
--
Andrew Armstrong
Slacker/Computer Geek
[EMAIL PROTECTED]
__
OpenSSL Project
Gordon,
The phrase "unsecure private key" is new to me, but if by that you mean
what is more commonly called the "public key" then you cannot do what you
want. That is the whole point of public/private key pairs. You can tell
everyone the public part but they can't use the public part to deri
Hi Evan,
Sorry to tell you bud but you've screwed it up ;). Your best bet is to look at the
apache ssl faq. I know it seems weird but have a look at that section there. I found
this to be much more help for getting the certs to work. follow the first step for
creating the CA and then revert t
On Fri, Feb 02, 2001 at 04:57:16AM -0700, Boyd Lynn Gerber wrote:
> # bin/openssl rand -out /.rnd -rand /var/run/egd-pool:/var/adm/syslog 1024
>
> syslog is only 1 Meg. This has been running for 30 minutes and there
> still is nothing in /.rnd.
>
> root 4349 6741 TS 85 0 04:26:39 pts/
Title: RE: PKCS #7 in OpenSsl?
> Hello Ald,
>
> take a look at http://www.safelayer.com There you can find a
> free toolkit
> for developers that provides X.509, PKCS (including #7),
> S/MIME and SSL
> functionality with strong cryptography. I have downloaded it
> (it is very
> light, only
On Fri, 2 Feb 2001, Lutz Jaenicke wrote:
> Make sure to have random data in .rnd
> openssl rand -out /.rnd -rand /var/run/egd-pool:/var/adm/syslog/mail.log:...
> to initialize /.rnd to have startup-seed.
> (Add some logfiles as entropy source. Be patient as sucking in several
> megabytes of data
On Fri, 2 Feb 2001, John Boocock wrote:
> I have actually have a similar problem also under UnixWare 7.1.1 nsc using
>
> egd 0.8
> openssl 0.9.6
>
> Creating self signed test certificates seems to work however if I run the
> following nothing appears to happen:
>
> /usr/local/ssl/bin/openssl genrs
On Fri, Feb 02, 2001 at 04:28:06AM -0700, Boyd Lynn Gerber wrote:
> On Fri, 2 Feb 2001, Lutz Jaenicke wrote:
>
> > Hmm, doesn't look that bad. I just tried the following (I have a $HOME/.rnd,
> > if that matters, my openssl.cnf is the distributed one):
> > emws1 24: openssl req -rand /var/run/egd
On Fri, 2 Feb 2001, Lutz Jaenicke wrote:
> Hmm, doesn't look that bad. I just tried the following (I have a $HOME/.rnd,
> if that matters, my openssl.cnf is the distributed one):
> emws1 24: openssl req -rand /var/run/egd-pool -new -x509 -keyout key.pem -out
>cert.pem
I ran the above command wi
On Fri, Feb 02, 2001 at 11:01:33AM -, John Boocock wrote:
> I have actually have a similar problem also under UnixWare 7.1.1 nsc using
>
> egd 0.8
> openssl 0.9.6
>
> Creating self signed test certificates seems to work however if I run the
> following nothing appears to happen:
>
> /usr/lo
Hi,
These are the steps I am using to create a CA and then
sign a certificate.
openssl req -x509 -newkey rsa:1024 -keyout cakey.pem -out
cacert.pem -config openssl.cnf
then i follow the prompts.
after cacert.pem is created a copy the private key into
democa/private and cacert.pem into democa
I have actually have a similar problem also under UnixWare 7.1.1 nsc using
egd 0.8
openssl 0.9.6
Creating self signed test certificates seems to work however if I run the
following nothing appears to happen:
/usr/local/ssl/bin/openssl genrsa -des3 -rand /etc/entropy 1024 > test.key
if -rand is
Hello Ald,
take a look at http://www.safelayer.com There you can find a free toolkit
for developers that provides X.509, PKCS (including #7), S/MIME and SSL
functionality with strong cryptography. I have downloaded it (it is very
light, only 700 Kbytes of distribution) and seems to me very easy t
On Fri, Feb 02, 2001 at 03:36:51AM -0700, Boyd Lynn Gerber wrote:
> I tried that first and could not get it to work. How would you edit CA.sh
> to create a newca. I added the -rand as below and I still get the error.
>
> echo "Making CA certificate ..."
> $REQ -new -x509
On Fri, 2 Feb 2001, Lutz Jaenicke wrote:
Thanks for the information.
> Anyway, in order to read additional entropy from an EGD-device, you must
> explicitly state it on the command line:
> openssl genrsa -rand /var/run/egd-pool [other options]...
I tried that first and could not get it to wo
Hi,
Have learned it is possible to import private/public
key to CSP and then link up the certificate with the
key pair. Could anyone help to point out which few
CryptoAPIs are required for the processing.
Thanks,
LT
__
Get personalized email addr
On Fri, Feb 02, 2001 at 02:53:33AM -0700, Boyd Lynn Gerber wrote:
> Sorry, but I guess I am missing something.
>
> I have in my openssl.cnf file
> RANDFILE= RAND_egd("/var/run/egd-pool")
>
> # egc.pl /var/run/egd-pool get
> 32800 bits of entropy in pool
>
> Using configuration
Sorry, but I guess I am missing something.
I have in my openssl.cnf file
RANDFILE= RAND_egd("/var/run/egd-pool")
# egc.pl /var/run/egd-pool get
32800 bits of entropy in pool
Using configuration from /usr/local/ssl/openssl.cnf
unable to load 'random state'
This means that the ra
[EMAIL PROTECTED] wrote:
>
> Although
> I'm seeing that much speed improvement (using the "openssl speed" tests),
> I'm also seeing a significant drop in the amount of CPU utilisation.
> [..]
> Even if it were the case that you would get only 3x improvement on a 1Ghz
> P3, you would still have su
Hi,
If I have missed the secure private key and I have only got the
unsecure private key, can I convert that unsecure private key to a secure
private key. If so, what procedure I need to do?
Many thanks!!!
Gordon
__
I need to find out what characters are allowed in the following ASN.1 string
types:
PRINTABLESTRING (I already know this one)
IA5STRING
T61STRING
Can anyone give me a hint to where these strings are defined?
TIA
Kim Hellan
KMD / KMD-CA
http://www.kmd-ca.dk
Mailto:[EMAIL PROTECTED]
_
42 matches
Mail list logo
