Does it *have* to be a conventional mailing list? How about a web-based
archive.
Your CA issues an SSL cert to the server. It can also issue certs to
mailing list members, and/or SSL client certs. To "post" users either
send signed mail to an alias (which verifies the signature and makes
sure
Damian Hesse wrote:
>
> Hi everybody,
>
> we have set up our own CA and generated for everybody
> user certificates for secure communication. It really works
> fine.
>
> The task: now we want to set up mailinglists (server side)
> like "[EMAIL PROTECTED]" where some users of our company and
> s
"GOLDING,CHARLTON (Non-HP-Corvallis,ex1)" wrote:
>
> Chet Golding
> Hewlett-Packard
> ESDO, Operations Engineering
>
> >-Original Message-
> >From: Dr S N Henson [mailto:[EMAIL PROTECTED]]
> >Sent: Thursday, March 07, 2002 6:01 PM
>
> Thanks, [Steve, good info!] we're on the right track
-Original Message-
From: Vadim Fedukovich [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 08, 2002 12:10 PM
To: [EMAIL PROTECTED]
Subject: Re: intermediate level CA certificates, chains
On Fri, 8 Mar 2002, Martin Witzel wrote:
>
> Hi,
>
> I have two questions about certificate chains.
I have a quick question to ask. I'm using the
EVP_EncryptInit and EVP_DecryptInit functions to stream data to a file.
Basically, I encrypt data , one byte at a time, which is in the put area of my
filebuf object and send it out. I When I get data from the file, I decrypt each
byte I receive
Chet Golding
Hewlett-Packard
ESDO, Operations Engineering
>-Original Message-
>From: Dr S N Henson [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, March 07, 2002 6:01 PM
Thanks, [Steve, good info!] we're on the right track now. A few fine
details to work out but it is running. I had a que
On Fri, 8 Mar 2002, Martin Witzel wrote:
>
> Hi,
>
> I have two questions about certificate chains.
>
> a.) Can an openssl intermediate CA create certificates which contain the
> certificate
> of an intermediate level signing CA _and_ the certificate(s) of
> higher level CAs,
> i.e. a
Hello,
I'm still newbie and I'd like to know if there is any tutorial describing
what is CRL , PKI and how to revoke or renew certificate using OpenSSL ?
Also I have one maybe off-topic question: I successfully instaled my
certificate into Apache but when connect to using IE 5.5 all seems good e
Hi All,
just for a test I would like to associate a x.509 certificate to a file,
but I would like also to have a digest in the certificate (generated
with the openssl dgst command) that certifies that this file hasn't been
modified.
Could someone please tell me if it could be possible (and how :)
Subject: Troubles Creating a Certificate for IIS
Currently our setup consists of a Linux web server running apache. Part of
the site is restricted through the use of SSL and client certificates. We
have a self-signed root certificate, created with OpenSSL, and a server
certificate signed by o
Rich Salz wrote:
> An org might consider its CRL private info ("ooh look, Fred must
> have gotten fired")
In private email, I was prompted to explain this better.
The issue is not when ONE cert is revoked, but when a large number, and
you can make guesses about the number range. For exa
Thanks alot Shawn,
Just one thing, in PKCS 5 v2 the section number is 6.1 for the padding
scheme. It says for the now preferred scheme PBES2 that (6.2.1 - 4.
encryption "This step may involve selection of parameters such as
an initialization vector and padding, depending on the underlying
s
I have more questions regarding your response since I am relatively new to
this stuff:
What's PDU?
how do you decode PrivateKeyInfo PDU to extract PrivateKeyInfo PDU struct?
and how do you then encode it?
THank you
Alex
Alex,
I guess B_GetKeyInfo(buffer, obj,KI_PKCS_RSAPrivateBER)
returns a ASN1 of PrivateKeyInfo PDU. You have to extract
RSAPrivateKey PDU from this PrivateKeyInfo PDU. Once you
get RSAPrivateKey PDU you can then use "SSL_CTX_use_PrivateKey_ASN1"
API to set the private key.
To do all these things
Hi,
I am working on putting OpenSSL into our app.
However, we are required to use RSA keys
that are produced with BSafe by another app.
Does anybody know how to get BSafe RSA Private key to work with open ssl?
I tried to use the output of B_GetKeyInfo(buffer,
obj,KI_PKCS_RSAPrivateBER)
However tha
On Fri, Mar 08, 2002 at 09:42:42AM +0100, Joerg Bartholdt wrote:
> During the SSL Handshake, OpenSSL can call a verify_callback
> that can manipulate the outcome of the certificate verification
> process.
> If I use some longterm evaluation like an OCSP-Request, my single
> threaded application
On Fri, Mar 08, 2002 at 10:37:17AM +0530, kaushik_vishwakarma wrote:
> SSL_accept error in SSLv3 read client hello C.
> If i remove client authentication from the server then i can establish many
>connections with session being reused. Its only when the client authentication is
>enabled i
I'm not sure cross posting to these two lists is appropriate for
this question, but here are some alternatives you can use.
1)OpenPGP defines the packet length in the header of the packet.
This is done with a scheme based on it being an old or new packet followed
by a set of byte
Hi Everyone
I am going to set up a Web site with SSL for a
company.And as being a newbie to SSL and cryptography,I have some foundamental
questions.
1.To the Japanese user ,which length of RSA
key can be used ? Do I have to pay money to rsasecurity for the
patent.
2.I found in the n
There are other differences:
CRL's can be big
An org might consider its CRL private info ("ooh look, Fred must have
gotten fired")
It's hard to *prove* you consulted a CRL; for OCSP use a hash of your
"real" document as the nonce, and save the response.
An OCSP re
Hi,
How do I enable the build of this lib? I cannot seem to get this lib in
place. Any help is appriciated.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[
Hi, my pseudo code solution would look about like
the following:
Legend: E...encryption function
D...decryption funtion
S...signing function
pubK[x]...public key party "x"
privK[x]...private key party "x"
--
ListContribution:
E(message+S[message,
Hi support,
Could you please tell me where I made mistake..
Below shows that it fails after I ran the following command to sign other cert:
openssl x509 -req -in ca2.csr -CA ca1.crt -CAkey ca1.key -out ca2.crt
Currently I am using Win2K with openssl 0.9.6b
thank you.
-
Hello,
i have a problem with a digital pkcs7 signed mail.
i want verify the message test.ed.text.
i have the Digitrust certs in the CA-Directory and a valid aliases
lrwxrwxrwx 1 replayer replayer 25 Oct 5 12:08 0be059c6.0 ->
../Certs/Digitrust-A1.pem
lrwxrwxrwx 1 replayer replayer
Please help. I have a major problem with SSL Telnet.
When I connect with SSL-MZtelnet-0.11.2 client from my
FreeBSD 4.4 box through a SSL proxy to a telnet server on AIX
4.3.2 and run "ls -l" command screen output sometimes does not
complete. If I hit enter then last few lines are displayed.
> Message senders encrypt the message with the public key of the
> mailinglist. The mailinglist server decrypts the message using the
> private key for the mailinglist and encrypts it again individually
> for every recipient. The problematic part is the signature, I guess.
> Would it be possible t
Hi *,
During the SSL Handshake, OpenSSL can call a verify_callback
that can manipulate the outcome of the certificate verification
process.
If I use some longterm evaluation like an OCSP-Request, my single
threaded application is blocked during this time. I cannot return
a value like "I don't k
Sorry Damian, but I don't see why the mail server needs to have the
_private_ keys of the individuals...
If I have the story correct...
1) You generate a key pair on the mail server and distribute the public
key to your users. The public keys of your users are made accessible to
the list-s
28 matches
Mail list logo
