p7b file from entrust is simply a pkcs7 signed envelope that contains only
certificates. You can use openssl function in order to open envelope and
extract the certificates.
Francesco Petruzzi
[EMAIL PROTECTED]
- Original Message -
From: "Thomas H Jones II" <[EMAIL PROTECTED]>
To: <[EMA
Is this abug... ? or i am doing something wrong
ok in the falowing code ... very often i can se 0123456789 (whit is the
string i want to encryp...)
in the encrypted string... most of the time at theend of the string...
ps i tries the both RSA_generate_key() that you see the coment one and t
I know this list is for discussion of OpenSSL, but I have a more general
certificate problem.
The company I work for was bought by a global telecom. This telecom uses
the Entrust PKI software. Unfortunately, new company policy means that I
have to replace my regular client certificate with this
> Now, I have to ask why you went to the trouble of doing all
> of that when the Win32 OpenSSL Installation Project does that
> and much more:
excellent question. I actually had no idea that existed. (granted, I
probably could have searched a little harder.) that would be a great link
to inc
I don't know about that. During the latest Windows exploit virus blast
(when are they going to fix their stuff?) I kept getting bombed by AV
bounces aimed at openssl-users-l. Not to mention that the list was DOWN
during that time as well. A good number of my posts just got timed out
by my legit
At 03:30 PM 3/2/2004 -0600, Jason writeth:
>Hello everyone. I'm new to the list and happy to be here. I've just
>managed to compile OpenSSL on my WinXP box and I created a walkthrough (for
>my own reference, but hopefully may help someone) and posted it at
>http://www.verysimple.com/support/viewt
On Tue, Mar 02, 2004, Florian Millet wrote:
> Hi all,
>
> I'd like to be able to print/check content of a certificate but the checking
> would be verifying the data entered at certificate generation. I'd like to
> be able to extract the fields in a string like :
> "/C=FR/ST=Paris/L=Paris/O=Test/
> I think just simply requiring people to be list members before posting
> would be enough to make a big impact.
You dont necessarily have to force people to become members. Just
ensure that all anonymous posts are be moderated, and the problem
is solved. The spam, viruses and anonymous posts g
Recv Spam wrote:
Amar,
Those articles were very informative. However, I could not find code
or porgram that converts certifcate to teh db7 formats. ANy idea where
Imay find that?
I dont know if it is available on internet. I think that you can write
the code for it using Sleepy Cat DB.
Regard
Hello everyone. I'm new to the list and happy to be here. I've just
managed to compile OpenSSL on my WinXP box and I created a walkthrough (for
my own reference, but hopefully may help someone) and posted it at
http://www.verysimple.com/support/viewtopic.php?t=89
Anyway, I'm getting set to write
Have we now crossed the threshold where there are more off-topic
messages discussing spam than spam messages themselves?
There just doesn't seem to be a real need to take any action at all
given the small number of UCE or antivirus bounce messages.
r,
Lance
__
Amar,
Those articles were very informative. However, I could not find code or porgram that converts certifcate to teh db7 formats. ANy idea where Imay find that?
++NAmar Desai <[EMAIL PROTECTED]> wrote:
This might help you.http://www.sei.cmu.edu/publications/documents/99.reports/99tn010/99tn0
In message <[EMAIL PROTECTED]> on Tue, 2 Mar 2004 16:58:29 +0100, "Giovanni Calzuola"
<[EMAIL PROTECTED]> said:
giovanni.calzuola> I'd like to use 2 or more engines without using the
giovanni.calzuola> functions ENGINE_set_default, due to problems of
giovanni.calzuola> concurrency. I want to sign
Vadim Fedukovich wrote:
a hotmail account might be considered a handy tool but it hardly could be
regarded as anonymous.
Please take a look at mixmaster.sf.net (the tool)
and network of remailers running around. There was mixmaster protocol
ietf draft published recently
That was the "or whatever".
On Tue, Mar 02, 2004, Tim Tassonis wrote:
> Hi
>
> I've got to find out the keysize used in an S/MIME encrypted mail.
>
> I looked around in the openssl code and tried the following:
>
>
> X509_ALGOR *alg;
> PKCS7 *p7;
> int p7_type;
> BIO *mail_bio *indata;
> ...
> p7 = SMIME_read_PKCS7(mail_
On Tue, Mar 02, 2004 at 11:47:43AM -0600, Scott Lamb wrote:
>
> On Feb 24, 2004, at 9:55 AM, Rich Salz wrote:
>
> >> I think I misunderstood that question. I honestly don't know what we
> >> would lose. Maybe a sense of openness.
> >
> > In the past -- at least, say, 2-3 years ago -- we had a c
Hi
I've got to find out the keysize used in an S/MIME encrypted mail.
I looked around in the openssl code and tried the following:
X509_ALGOR *alg;
PKCS7 *p7;
int p7_type;
BIO *mail_bio *indata;
...
p7 = SMIME_read_PKCS7(mail_bio, &indata);
p7_type = OBJ_obj2nid(p7->type);
switch (p7_type) {
Chris Rowe wrote:
Where's a good example that shows doing an SSL handshake with a memory
BIO_pair?
I want to do overlapped IO on sockets and pipes without going through the
SSL_connect(), SSL_write(), etc. functions,
but I'm not sure how to go about doing the handshake mechanics to perform
the cer
Hello,
thank you for your help. I tried to use the BIO as I have been advised.
I found in a man page, an example to use the BIO pair. But I get an error:
"16384:error:20067079:BIO routines:BIO_ctrl:unsupported
method:bio_lib.c:314:"
After a look at the source code, I thought it could be somethi
On Feb 24, 2004, at 9:55 AM, Rich Salz wrote:
I think I misunderstood that question. I honestly don't know what we
would lose. Maybe a sense of openness.
In the past -- at least, say, 2-3 years ago -- we had a couple of
anonymous posters who made very worthwhile contributions. Haven't
seen that
The function PEM_read_PUBKEY used in the pkcs11 engine sets only the values
relative to the public key, and the data relative to the private are left
blank. The public key, as far as i can understand, is used to find the
corresponding private key. If pkcs11 is the default RSA engine, everything
wor
On March 2, 2004 11:40 am, Giovanni Calzuola wrote:
> > That depends rather heavily on what "hardware key" means. If the
> > corresponding ENGINE supports it, you should use
> > ENGINE_load_private_key().
>
> I'd like to use a software engine by default and occasionally get a key
> from a pkcs#11 e
> That depends rather heavily on what "hardware key" means. If the
> corresponding ENGINE supports it, you should use
> ENGINE_load_private_key().
I'd like to use a software engine by default and occasionally get a key from
a pkcs#11 engine.
Such a pkcs#11 engine, in order to reteive the private
On March 2, 2004 10:58 am, Giovanni Calzuola wrote:
> I'd like to use 2 or more engines without using the functions
> ENGINE_set_default, due to problems of concurrency. I want to sign with
> a hardware key, while using software keys for SSL.
> How can I do this?
That depends rather heavily on wha
Rich Salz wrote:
Probably not worth supporting any more.
Ben Laurie wrote:
I disagree.
Ben's voice carries way more weight than mine :) I stand down...
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gatew
I'd like to use 2 or more engines without using the functions
ENGINE_set_default, due to problems of concurrency. I want to sign with a
hardware key, while using software keys for SSL.
How can I do this?
Thanks
Giovanni Calzuola
This might help you.
http://www.sei.cmu.edu/publications/documents/99.reports/99tn010/99tn010abstract.html
http://www.drh-consultancy.demon.co.uk/
Regards,
Amar
Recv Spam wrote:
All,
I am new to openssl and am trying to use openssl with Iplanet
Directory server. It seems that ldapsearch needs th
Hello,
We use a perl script to decrypt smime mails automatically. The script uses
the command line openssl tool for the crypto work and used to work
correctly. Only when we started to use a new certificate, the application
ceased to work.
We use the following command:
my $cmd = "openssl s
All,
I am new to openssl and am trying to use openssl with Iplanet Directory server. It seems that ldapsearch needs the certificate in the db7 format. Pls can one of you kindly usggest how to create a DB7 file out of a client certificate?
Thanks
RS
Do you Yahoo!?
Yahoo! Search - Find what y
Hi all,
I'd like to be able to print/check content of a certificate but the checking
would be verifying the data entered at certificate generation.
I'd like to be able to extract the fields in a string like :
"/C=FR/ST=Paris/L=Paris/O=Test/OU=None/CN=Test
Certificate/[EMAIL PROTECTED]"
How is it
> my fuction work well in windows2000 and red hat linux9,but in
> AIX, RSA_public_encrypt always return -1.who can help me?this
> is my code:(I use openssl0.9.7c)
Have you checked ERR_get_error()?
Kind regards,
Ted Lyngmo
__
Open
my fuction work well in windows2000 and red hat linux9,but in
AIX,RSA_public_encrypt always return -1.who can help me?this is my code:(I
use openssl0.9.7c)
long __cdecl CEncrypt(char* x509FileName, const unsigned char* fromBuf, int
fromLen, unsigned char* toBuf, int* toLen)
{
EVP_PKEY *pubKey
> -Original Message-
> From: Ben Laurie [mailto:[EMAIL PROTECTED]
>
> I disagree.
I've lost the thread... You want to limit posting to subscribers only or
you don't?
BTW, the mod_ssl list has been swamped by some spammer. Would this list
be immune to these posts (the spammer is craftily
Rich Salz wrote:
I think I misunderstood that question. I honestly don't know what we
would lose. Maybe a sense of openness.
In the past -- at least, say, 2-3 years ago -- we had a couple of
anonymous posters who made very worthwhile contributions. Haven't
seen that recently. Also, it used t
> -Original Message-
> From: Thomas H Jones II [mailto:[EMAIL PROTECTED]
> Sent: 27 February 2004 23:10
> To: '[EMAIL PROTECTED]'
> Subject: Virus Scanner
>
>
> Is there any possibility that this list could be run through a virus
> scanner so that we wouldn't get spammed every time a vir
35 matches
Mail list logo
