"Fisk, Kevin" <[EMAIL PROTECTED]> writes:
> I believe this was actually from a sample provided to us by Eric in response
> to a question we posted on the list.
SOP for OpenSSL prior to the wide availability of /dev/random. was to
collect a bunch of "random" data from various sources on the machi
At 04:12 PM 7/25/2002 +0100, [EMAIL PROTECTED] writeth:
>On 25/07/2002 15:47:30 owner-openssl-users wrote:
>
>>My question is whether this compromises security in any way. Especially
>if
>>this same "random.pem" file is being used on multiple clients and is being
>>freely and openly distributed,
I believe this was actually from a sample provided to us by Eric in response
to a question we posted on the list.
Kevin
-Original Message-
From: Xperex Tim [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 25, 2002 3:35 PM
To: [EMAIL PROTECTED]
Subject: Re: Is a 'random.pem' file secure?
Tim
That's the one.
It's off Eric's website that includes sample code to go with the book.
http://www.rtfm.com/sslbook/
and hit the link for 'C example code'
Great book, BTW
~S
>Do you mean Rescorla's book "SSL and TLS"? On what
>page in Rescorla is the random.pem technique
>mentioned?
Do you mean Rescorla's book "SSL and TLS"? On what
page in Rescorla is the random.pem technique
mentioned? I was unable to find it. Thanks.
Tim
--- "Moffet, Scott" <[EMAIL PROTECTED]> wrote:
> Good day all,
>
> I'm building an SSL client app that will run on a
> wide variety of platforms
Is there documentation (aside from looking at the header files) on how to
use things like STACK_OF(type) and the sk_*_find() functions?
Perhaps I'm going about it wrong, but I can't figure it out.
Any help would be most apprecianted. I'm trying to do this:
given a STACK_OF(PKCS12_SAFEBAG) instan
Hello,
I am having trouble generating certificates for Mozilla 0.9.9 and
Netscape 6.x. The command that I use for Netscape 4.x cert generation
is below:
openssl ca -key jwilkat25 -spkac $DIR/req.raw \
-config ca.config \
-out c:/progra~1/apache~1/apache/htdocs/$CERT.cert
where $DIR is t
amos blackman schrieb:
> On Wed, Jul 24, 2002 at 09:51:20PM +0200, Götz Babin-Ebell wrote:
>
>>Amos Blackman schrieb:
>>
>>>i was just wondering if there was a simple way to generate all the
>>>makefiles and supporting scripts such that they create differently named
>>>libraries (eg. libcrypto-0
On Thu, Jul 25, 2002 at 09:50:07AM -0400, [EMAIL PROTECTED] wrote:
> Hello all,
> I was wondering if there will be a 0.9.7 beta 3 coming soon
> or whether we will go directly to a full release?
> Does any one know the approximate dates (ball park) for
> beta 3 or release?
Several changes have bee
"Jean nmard" <[EMAIL PROTECTED]> wrote:
> Does anybody know if a version of openSSL with FTP exist on WinNT ?
> All I found deal with FTP and OpenSSL, but it is separated of the
> global OpenSSL project, and it doesn't work on WinNT...
There's no directly integrated Secure FTP client in the Open
On Thu, Jul 25, 2002, Aleix Conchillo wrote:
> On Thu, 25 Jul 2002 02:27:06 +0200, Dr. Stephen Henson wrote:
>
> with PKCS5_pbe i get the original data perfectly but with PKCS5_pbe2 i
> just get decrypted well the second 8 byte block. so i just get right the
> last 6 bytes of my 14 orginal.
>
>
Erwann ABALEA wrote:
> > friendlyName, then look for their public key cert using that friendlyName,
> > then look for a corresponding private key using the friendlyName. If I
> > can't find a private key with that friendlyName, I use the localKeyID from
> > the public key cert to match. If th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Maybe I am misunderstanding the question... are you looking for an
SSL-enabled ftp client? If so, you can try PSFTP from:
http://www.chiark.greenend.org.uk/~sgtatham/putty/
thanks,
shawn p. duffy
http://codepiranha.org/~pakkit
email: [EMAIL PROTECT
Hi there,
Does anybody know if a version of openSSL with FTP exist on WinNT ?
All I found deal with FTP and OpenSSL, but it is separated of the global
OpenSSL project, and it doesn't work on WinNT...
Thanks,
Jean.
___
On Thu, 25 Jul 2002, Ken Hoo wrote:
> What happened to the rsaref directory in the 097 beta 2 version?
RSAREF is no more needed in the US, so you can safely ignore anything
about RSAREF.
--
Erwann ABALEA <[EMAIL PROTECTED]> - RSA PGP Key ID: 0x2D0EABD5
-
Expliquez-moi, car je ne comprends
What happened to the rsaref directory in the 097 beta 2 version?
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
On Wed, Jul 24, 2002 at 09:51:20PM +0200, Götz Babin-Ebell wrote:
> Amos Blackman schrieb:
> >i was just wondering if there was a simple way to generate all the
> >makefiles and supporting scripts such that they create differently named
> >libraries (eg. libcrypto-096d and libssl-096d), so that
On Thu, 25 Jul 2002 17:33:49 +0200 (CEST), Erwann ABALEA wrote:
>
> How is that localKeyID calculated? Is it a hash of the public key? If
> yes, then this sounds an acceptable practice, if you really *need* to
> keep separate PKCS#12 files, which is uncommon.
>
it's a digest of the x509 certif
On Thu, 25 Jul 2002, Chris Jarshant wrote:
[...]
> Also, my app will support multiple keys/certs in a variety of places. For
> example,
> the public key cert for user X is in one PKCS12-format file, and the
> corresponding private key is in a separate PKCS12-format file. Are there
> any offici
On 25/07/2002 15:47:30 owner-openssl-users wrote:
>My question is whether this compromises security in any way. Especially
if
>this same "random.pem" file is being used on multiple clients and is being
>freely and openly distributed, is this making my system less secure and
more
>vulnerable to
Chris Jarshant wrote:
> Erwann ABALEA wrote:
>
> > Probably a limitation of the actual browsers. But you might want to check
> > Mozilla 1.0, which seems to be able to save a bunch of private
> > key/certificate pairs at once. I haven't tested this functionality, but it
> > might be possible th
Hey there,
On Thu, 25 Jul 2002, Frederic DONNAT wrote:
> A sample of programming with engine is mod-ssl (initialize ENGINE before
> everything else). You can also see "apps" directory of OpenSSL s_client,
> s_server ... files
>
> Be also carefull between openssl-engine-0.9.6x and openssl-0.9.7 t
Hi Markus,
it's very easy,
Mak a new root ca (e.g. with script MakeRootCA.sh from openvalidation.org)
make a openssl.cnf- file with some place-holders for name an orgunit and so
on.
put in the req-section promt = no
build a simple (perl) skript
do
parse config and replace place-holders
writ
Good day all,
I'm building an SSL client app that will run on a wide variety of platforms
and OS's, and a primary requirement is that it must be easily installed.
The trouble I've had is with platforms that don't have a built-in PRNG. I
don't want to have to install additional modules to get a
Indeed. In the UK there was recently an issue of the security of
cash-machines because of a bug in the implementation of a similarly
certified protocol. It meant that you could potentially get card details by
sniffing what went down the telephone lines. I haven't heard whether this
has been resolv
> Just to add my thoughts to the cooking pot, FIPS-140 probably isn't worth a
> string of beans.
You are technically savvy enough to decide that for yourself. Many
folks are not -- who, really, is equipped to run RNG tests and
understand the importance for keygen?
The FIPS-140 specs are remar
One of the main reasons for FIPS is to make writing (US Federal)
government "requests for proposals" easier. Without dwelling on
that, the FIPS is mostly a procurement-thing, not a technical thing.
(Look at the relationship of GOSIP with OSI, the FIPS version of
POSIX...) FIPS is mostly impo
Erwann ABALEA wrote:
> Probably a limitation of the actual browsers. But you might want to check
> Mozilla 1.0, which seems to be able to save a bunch of private
> key/certificate pairs at once. I haven't tested this functionality, but it
> might be possible that there's only one output file, and
All,
hhmmm, how best to describe this. a version of OpenSSL has been FIPS 140-1 certified.
go to http://csrc.nist.gov/cryptval/140-1/1401val2001.htm and look for Corsec Security Inc.
They we hired by tne NIST to do this as a reference implementation.
It is thought that NIST may eventually release t
Maya wrote:
>When I create signed or encrypted message, I get as input param SMTP header + MIME
message.
>Do I have to signed and encrypt both (SMTP header + MIME message) or just the
second part?
>What should be the SMTP header of the Signed or(and) Encrypted message?
As others have noted, you
30 matches
Mail list logo
