> What is a good amount of entropy to gather for seeding the PRNG?
> I guess the more the better, but is there a magic number that most
> people use that provides enough randomness for good security?
> Ed
There are several different opinions about this. My own is that you need
enough ent
Hey, I'm new to using Openssl. I'm trying to use the BN library. For
some reason I can't use the functions defined in openssl/bn.h. Can anyone
tell me what I'm missing?
I've tried this with openssl version 0.9.7d and a snapshot from a month
ago with identical results.
Here's a really simple pi
Ralph wrote:
Hello list members,
I'm trying to set up an Apache 2 based web server for multiple name
based virtual hosts. As it is not possible with mod_ssl to have a
seperate SSL certificate file for each virtual host...
Actually, you can, but they have to have separate IP addresses.
(Requiring t
On Fri, Aug 27, 2004, Jim Adams wrote:
> I thought that at first, but I made similar certs with critical Key
> Usage parameters
> using openssl and openssl liked them.
>
If you certificate signing is absent from key usage (critical or not) then
the certificate wont be acceptable as an untrust
I thought that at first, but I made similar certs with critical Key
Usage parameters
using openssl and openssl liked them.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Goetz Babin-Ebell
Sent: Friday, August 27, 2004 12:18 PM
To: [EMAIL PROTECTED]
Sub
Dr. Stephen Henson wrote:
> You can work round that with the "preserve" config file option or
> the -preserveDN command line option.
The "preserve" option indeed allows me to sign a certificate which
includes multiple common names. Unfortunately, it now seems that both
Mozilla 1.7 and Mozilla Firef
Den 27. aug 2004, kl. 18:33, skrev Dr. Stephen Henson:
On Fri, Aug 27, 2004, Jon Bendtsen wrote:
So, am i doing anything wrong, or is there a bug in openssl?
Can i translate the -c - hex or -hex output to a binary file before i
verify that?
If so, how do i do that?
Not so much a bug as something th
Title: How much entropy is good?
What is a good amount of entropy to gather for seeding the PRNG? I guess the more the better, but is there a magic number that most people use that provides enough randomness for good security?
Ed
On Thu, Aug 26, 2004, Ralph wrote:
> Hello list members,
>
> I'm trying to set up an Apache 2 based web server for multiple name
> based virtual hosts. As it is not possible with mod_ssl to have a
> seperate SSL certificate file for each virtual host, I'd like to
> create a single certificate fil
On Fri, Aug 27, 2004, ecc samba wrote:
> Hi Everybody,
> we are trying to encrypt a file using the openssl command.
>
> openssl enc -ciphername [-in filename] [-out filename] [-pass arg] [-e] [-d] [-a]
> [-A] [-k password] [-kfile filename] [-K key] [-iv IV] [-p] [-P] [-bufsize nu
Hi Everybody,
we are trying to encrypt a file using the openssl command.
openssl enc -ciphername [-in filename] [-out filename] [-pass arg] [-e] [-d] [-a] [-A] [-k password] [-kfile filename] [-K key] [-iv IV] [-p] [-P] [-bufsize number] [-debugopenssl enc -ciphername [-in filename]
On Fri, Aug 27, 2004, Jon Bendtsen wrote:
>
> So, am i doing anything wrong, or is there a bug in openssl?
> Can i translate the -c - hex or -hex output to a binary file before i
> verify that?
> If so, how do i do that?
>
Not so much a bug as something that's not implemented. It should be doc
Hello Jim,
Jim Adams wrote:
I am experiencing a problem with self-signed server certificates generated by
z/OS's pskkyman program in my openssl-enabled telnet client. Usually, a self-
signed certificate will generate an error of "self-signed certificate" in my
certificate verify callback routine.
Hello,
I am experiencing a problem with self-signed server certificates generated by
z/OS's pskkyman program in my openssl-enabled telnet client. Usually, a self-
signed certificate will generate an error of "self-signed certificate" in my
certificate verify callback routine. If I add the certi
Running these 2 commands does work
openssl dgst -out ud -sign rsakey.pem README
openssl dgst -verify rsapub.pem -signature ud README
output is
Verified OK
but with -hex it complains
openssl dgst -hex -out ud.hex -sign rsakey.pem README
openssl dgst -verify rs
Title: Extracting user-defined attributes from certificate subject
I'm using a specific certificate profile which includes a user-defined attribute
"serialNumber" in the subject.
An example subject looks like this:
Subject: serialNumber=Z000805N, GN=Thomas, SN=Kraemmer, O=Siemens, CN=Kra
On Thu, Aug 26, 2004, Joseph Bruni wrote:
> I did as you suggested and dumped the CRL object from within the validation routine.
> Using the X509_STORE_CTX pointer passed in, I used the current_crl member to get
> to a X509_CRL pointer, and fed that to a PEM_write() routine.
>
> Interestingly, th
Hallo,
how can i compile the openssl library so i get only the rsa sign algorithm
or the key generation?
Or is it possible to compile only the cryptolib?
Thx for replay
Robert Kutsch
__
OpenSSL Project
Anyone set up SSL with Oracle 9iAS (OC4J)?
If so, how do you set up the Truststore and client authentication in the
XML? I can't find any docs on this anywhere, and the Oralce forums aren't
helping either.
Like if in Tomcat, all you have to do is "clientAuth=true", whats the
equivalent tag for
19 matches
Mail list logo
