Re: What's the strongest encryption available

2003-05-30 Thread Rich Salz
> So when generating a key, how do I determing the size? It's typically one of the parameters. Or do you mean "how do I know what size key to generate?" The answer to that unless you have enough expertise and knowledge to know otherwise, follow the prevailing practice. > If the bits paramater i

About finding OCSP response signer

2003-05-30 Thread Wu Junwei
(B (B (BHi, (B    I am studying the verifying of the OCSP response. (B  (BI find that the function OCSP_basic_verify() in ocsp_vfy.c can do this (Bjob. (BIt is mainly devided into 2 parts. (B  (B1, to use the public key of the response signer to verify the basic (Bresponse (B2, to v

Re: What's the strongest encryption available

2003-05-30 Thread Frédéric Giudicelli
Yes it does. Frédéric Giudicelli http://www.newpki.org - Original Message - From: "Marcus Carey" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, May 30, 2003 4:12 AM Subject: Re: What's the strongest encryption available > So when generating a key, how do I determing the siz

Re: What's the strongest encryption available

2003-05-30 Thread Marcus Carey
So when generating a key, how do I determing the size? If the bits paramater in RSA_generate_key fuction equals 128, does this mean I have created a 128 bit key? RSA_generate_key(bits,RSA_F4,NULL,NULL); Marcus - Original Message - From: "Rich Salz" <[EMAIL PROTECTED]> To: "Marcus Care

Re: What's the strongest encryption available

2003-05-30 Thread Rich Salz
> VeriSign claims its 128-bit $889 Secure Site Pro Certificate is > the strongest encryption available. Is this true? That's using 128bit RC4 for the bulk encryption of SSL/TLS traffic between server and client. > If so how is it possible to create a 1024 bit or greater RSA private key > with Op

What's the strongest encryption available

2003-05-30 Thread Marcus Carey
VeriSign claims its 128-bit $889 Secure Site Pro Certificate is the strongest encryption available.  Is this true?    If so how is it possible to create a 1024 bit or greater RSA private key with OpenSSL?   Also what's the maximum bit value that OpenSSL supports?   Marcus             ---Out

RE: Chained certificates and uw-imapd (using OpenSSL)

2003-05-30 Thread David Luyer
Package: openssl Version: 0.9.7b-2 (cc to Debian BTS and above headers as I believe this is a documentation bug in the OpenSSL package) Charles Cranston wrote: > Server Certificate > First Intermediate > Second Intermediate Thanks, that worked! I actually have the two intermediates as a 'bundl

Re: openssl 0.9.7b: -crl_check vs -crl_check_all in smime -verify

2003-05-30 Thread Andreas
On Thu, May 29, 2003 at 10:24:49PM +0200, Dr. Stephen Henson wrote: > > I would think crl_check_all would check the whole chain, but it seems that > > crl_check is doing > > that instead. Any hints? > > > > Are you sure that's OpenSSL 0.9.7b? There was a bug in 0.9.7a and before that > got those

Re: openssl 0.9.7b: -crl_check vs -crl_check_all in smime -verify

2003-05-30 Thread Dr. Stephen Henson
On Thu, May 29, 2003, Andreas wrote: > I'm confused regarding the difference between -crl_check and -crl_check_all > when using openssl smime -verify. > > I have a signed email with a Thawte free-mail certificate, it's Mensagem.eml > (attached). > I signed it with mozilla. The hierarchy is the f

Some questions

2003-05-30 Thread mohamed zhaounia
Hi all! Is there anyone one in the list who can explain what is the functionnality of the file libcrpto.a? Can i modify it so that it will recognize the new referencs that are undefined,and if it i spossible how can i do so? Another Q: How can i modify the mkerr.pl in such a manner that it generat

Re: openssl 0.9.7b: -crl_check vs -crl_check_all in smime -verify

2003-05-30 Thread Andreas
On Thu, May 29, 2003 at 03:35:45PM -0300, Andreas wrote: > I'm confused regarding the difference between -crl_check and -crl_check_all > when using openssl smime -verify. > > I have a signed email with a Thawte free-mail certificate, it's Mensagem.eml > (attached). > I signed it with mozilla. The

openssl 0.9.7b: -crl_check vs -crl_check_all in smime -verify

2003-05-30 Thread Andreas
I'm confused regarding the difference between -crl_check and -crl_check_all when using openssl smime -verify. I have a signed email with a Thawte free-mail certificate, it's Mensagem.eml (attached). I signed it with mozilla. The hierarchy is the following: Thawte Personal Freemail CA Per

Re: Chained certificates and uw-imapd (using OpenSSL)

2003-05-30 Thread Charles B Cranston
I don't know if this is directly relevant, but the ONLY way I could make the Apache SSLCertificateChainFile capability work was to put ..^ the server certificate and both the intermediate certificates into the file in this specific order: Server Certificate First Int