From: "Sandipan Gangopadhyay" <[EMAIL PROTECTED]>
sandipan> I tried :
sandipan> ./openssl genrsa -des -out ca.key 2048
sandipan> After I changed MIN for passphrase to 0 in openssl.cnf
sandipan>
sandipan> No luck.
I don't get this! What exactly do you think encryption with no
(or 0-leng
I tried :
./openssl genrsa -des -out ca.key 2048
After I changed MIN for passphrase to 0 in openssl.cnf
No luck.
It still asks for passphrase and seeks a minimum of 4 chars. Since I
wondered where this 4 came from, I looked around.
I might be wrong, but it seems to make a call to pem_lib.
It's the public exponent refered to in the RSA documentation and on the
limited edition T-shirt. Have a look at the following RSA documentation
which refers to this parameter:
RSA Laboratories' Frequently Asked Questions About Today's Cryptography,
Version 4.1
3.1.1 What is the RSA cryp
When using the OpenSSL to generate RSA keys, there is
a parameter "e-value", which can be either 0x10001 or
0x3. I have read some articles of RSA, but none of them
refer such a parameter, are there some body can tell me
what does this "e-value" do while generating RSA keys.
Any help are appreci
hello
whenever i search for documentation i get into
www.openssl.org/docs which no explaination of
library functions and error codes. so please
inform where to find the documentation.
thanks in advance
Do You Yahoo!?
Get you
I have openssl-0.9.6, egd-0.8 and prngd-0.9.3 installed on Solaris 2.6.
The imap and pop services seem to be working with ssl OK, and I was able
to generate test certs/keys etc. so I'm assuming egd and prngd are working.
In debugging some other stuff, I attempted to use openssl s_client ...
I g
"Bruker, Ohad" wrote:
>
> Hi Joe.
> All the basic stuff you mentioned is implemented right.
> It is already *WORKING* on Linux and Windows platforms without any problems.
> I encounter this problem probably because Solaris does not support random
> device !!!
> The manual seeding of the PRNG prob
Hi Joe.
All the basic stuff you mentioned is implemented right.
It is already *WORKING* on Linux and Windows platforms without any problems.
I encounter this problem probably because Solaris does not support random
device !!!
The manual seeding of the PRNG probably cause this problem (symmetric ke
Most likely these will sound like really stupid questions, but honest
they're the same questions I've had to ask myself to find the answers. Have
you verified that the parameters used by both sides are the same? Have you
verified that the public key is transferred correctly? I'm just trying to
nar
Of course I'm calling the DH_compute_key(...) after sharing the DH public
key both sides.
The symmetric keys are already produced successfully on Windows and Linux.
Thanks, Ohad.
-Original Message-
From: Joseph Ashwood [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 14, 2001 6:14 PM
If all you're callling is DH_generate_key(...) then it should create
different keys. That function call only generates the public and private
keys. What you need to do is:
DH_generate_parameters(...)
transfer the parameters between machines so that they are both working in
the same field
DH_genera
Hi everybody,
I am using the DH algorithm to produce a symmetric key (based on DSA private
and public keys).
There was no problem on Linux and Windows platforms as long as I had a
random device.
On Solaris platform, the routine DH_generate_key(dh) fails, because there is
no random device (and the
I triad to compile openssl source code in AIX 4.3.3 Compiler version of
3.6.6 and also triad compiling with gcc.
In both cases I got the following error.
rm -f openssl
cc -o openssl -DMONOLITH -I../include -O -DAIX -DB_ENDIAN -qmaxmem=16384
openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.
Hi,
I got a few questions about ciphering suites. Please help if you know the
answers.
- Are the list of cipher suites supported in TLS v1 and SSL v3 identical?
Like RSA_WITH_RC4_128_MD5 are being used in both protocol?
- Also, I checked the tls1.h in Openssl's include directory and found ther
Hi, I'm new to openssl. I tried to distribute some certs. So
what I supposed to do are,
1. became a CA. to generate a self-signed cert
2. generate a cert request and use the CA cert to sign this
cert req.
But how to do that by CA.pl. some cmds are a little bit
confusing for me. Any idea? T
Just a guess, but a fairly educated one, try setting flen to 1 byte (or even
1 bit) smaller than the key. What I suspect is happening is you are
sometimes trying to encrypt values that are larger than the modulus so
you're getting a modular reduction of the value encrypted.
Hello,
I have a problem for which I found no real solution in the manual or the
list archives.
The basic idea is to encrypt data using RSA_private_encrypt and retrieve it
using RSA_public_decrypt. For RSA_private_encrypt, I set flen to RSA_size()
to encrypt just one block and decrypt it later.
Hi -
I am working on a perl SSL wget type program, and I have a few questions
regarding certificate authentication. I am sorry if these are silly
questions; I have been trying to find documentation for quite some time and
cant seem to find anything. So my questions are, basically, how do I set
Hi,
I have 2 clients applications to send https request to 2 different web
server. My first client run on Linux Red Hat 7 and send https request to
IIS 4.0 web server on an NT 4.0 Server and my second client run on NT
4.0 Server and send https request to Apache web server on a Linux Red
Hat 7 ma
On Wed, Feb 14, 2001 at 09:24:46PM +, Tim Small wrote:
> I'm wondering if anyone can shed any light on a problem I'm having with
> Outlook Express? Apologies for posting a load of debug output to the
> list, but I didn't really know what was safe to omit.
>
> I'm trying to setup secure IMA
Hi,
I'm wondering if anyone can shed any light on a problem I'm having with
Outlook Express? Apologies for posting a load of debug output to the
list, but I didn't really know what was safe to omit.
I'm trying to setup secure IMAP, using stunnel (stage 2 is to go for
secure SMTP as well, wit
Hi,
Tomcat use SSL directly, I use the keytool of the JDK to generate the
key pair and a self certificate.
I need to generate certificates for clients but the browser says that if
have to be in the format PKCS12.
For the keytool I specify a keystore type at the command line, via the
-storetype
> P.S. Anyone know where the X.509 V3 spec can be found (without
> having to purchase all $92 of it from ansidocstore which seems
> a little excessive particularly as I've already got the '88 spec)?
Hoyt Kesterson, one of the editors, and Groupe Bull have been making
pre-publication drafts availa
ignore it - test only
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
I recently setup my ApacheSSL Server with all the latest stuff,
modssl2.8.0 apache 1.3.17 and openssl 0.9.6. I am getting an input/output
error when connecting to my https server with netscape 4.73. When i use
internet explorer 5.5, i dont get any connection errors. I have attached
my log files a
> > This is a non-authenticated attribute. i.e. it's not
> > signed and can be changed by the user without changing
> > the certificate signature.
>
> Wrong. *Everything* in a certificate is signed.
Don't you hate it when you're wrong. Was confusing myself
with S/MIME and M$'s certificate p
Derick Cassidy wrote:
>
> Hello
>
> After playing around with the SSL stuff, I am successfully able to validate
> online crls (ldap query, then lastUpdate/nextUpdate them). What I would
> like to do now, is validate attributeCertificates
>
> I tried using the same approach as the CRLs
>
> lda
> A. Königsdorfer wrote:
>
> Hi!
>
> I want to use Blowfish with a 256 bit key size. Looking at the EVP
> docu I found EVP_CIPHER_CTX_set_key_length.
>
> Some time ago somebody mentioned that it is impossible to use
> differnt key sizes in the EVP API. Is EVP_CIPHER_CTX_set_key_length
> a new f
[EMAIL PROTECTED] wrote:
>
> Hi!
>
> What do You think? May I use the netscape_comment extension to hold my
> application specific information in text form (maybe in base64)?
>
Well you could I suppose but that would be a non standard use of it. If
you've got your own OID you could simply add
Hello,
When I run the ./Configure myOS command I get an error on the last line
saying make not found. So when I run the make command it does not
work. I am on a networked environment, using a network appliance.
Hopefully this is not the problem.
What I need Openssl for:
To translate a PKCS#1
What a shame... I thought it is simple...
So what parts of certificate are protected with signature?
Cly
"Dale Peakall"
> This is a non-authenticated attribute. i.e. it's not signed and can be
> changed by the user without changing the certificate signature.
Wrong. *Everything* in a certificate is signed.
/r$
__
OpenSSL Project
Title: EVP question about key sizes
Hi!
I want to use Blowfish with a 256 bit key size. Looking at the EVP
docu I found EVP_CIPHER_CTX_set_key_length.
Some time ago somebody mentioned that it is impossible to use
differnt key sizes in the EVP API. Is EVP_CIPHER_CTX_set_key_length
a new fun
> What do You think? May I use the netscape_comment extension to hold my
> application specific information in text form (maybe in base64)?
This is a non-authenticated attribute. i.e. it's not signed and can be
changed by the user without changing the certificate signature.
So don't use it for
Make sure you use the same C runtime library to link your application as you
specified to build openssl. Which makefile did you use to build openssl,
nt.mak or ntdll.mak?
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
--
Hi!
What do You think? May I use the netscape_comment extension to hold my
application specific information in text form (maybe in base64)?
Cly
__
OpenSSL Project http://www.openssl.org
User Sup
I've seen it, and fixed it. Rather unhelpfully, I can't fully remember
how.
C/C++ -> Code Generation -> (Debug) Multi-threaded DLL
Make sure that you are consistent with your use of this DLL in making
your lib, and then .exe
hth
Tat.
> Matthieu Ludinard wrote:
>
>
> Hi,
>
> We developpe
I've been trying to set up stunnel on the firewall to accept
SSL-encrypted connections and forward them to internal http
addresses. This is for staff use only, so I don't care about having a
certificate signed by a public CA. I do, however, want to require
users to have certificates.
I've fina
Hi,
We developpe an application running on NT and Solaris with
openssl 092b.
I compile openssl 096 on Solaris and NT using Visual C++
6 and when I try to recompile my
application with openssl 096 on Visual 6, I have got
the link error messages :
conflicts with default library (MSVCRT,LIBC
On Wed, 14 Feb 2001, Ben Laurie wrote:
...
> > Thanks Ben for cheering me up. Perhaps If I have a machine that can change
> > it's IP number constantly I could get round it. Or perhaps not. Maybe I
> > could disable session caching altogether. This is only a development machine
> > anyway (and ha
[EMAIL PROTECTED] wrote:
>
> > -Original Message-
> > From: Ben Laurie [mailto:[EMAIL PROTECTED]]
> > Sent: 14 February 2001 13:25
> > To: [EMAIL PROTECTED]
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: echoping 4.1 released : a tool to test SSL servers
> >
> >
> > [EMAIL PROTECTED] wrote:
>
From: "Ronald F. Guilmette" <[EMAIL PROTECTED]>
rfg> % bc
rfg> bc 1.05
rfg> Copyright 1991, 1992, 1993, 1994, 1997, 1998 Free Software Foundation, Inc.
rfg> This is free software with ABSOLUTELY NO WARRANTY.
rfg> For details type `warranty'.
rfg>
rfg>
rfg> Looks like GNU bc to me!!
rfg>
rfg> S
Hi, mads
> > Now I want to run ssl aware apache as service, but I failed, then how
> > can I let modssl read password from another way, for example, read from
> > a file? Thanks in advance.
> >
> See http://www.modssl.org/docs/2.8/ssl_reference.html#ToC2
>
> vh
>
> Mads Toftum
I am working
43 matches
Mail list logo
