Where do you hold your IVs for the C program? Are the Java and C
programs seperate or are you using
JNI? Also, I am not sure if "IAIK" is an actually optional Provider if
you are using JCE, possibly an
option using Bouncy Castle You also might try a different padding as
well ..
The big thin
Rush Manbert wrote:
Eventually, I was left with a list of undefined symbols that I find
rather puzzling. Each of them is the name of a function. I find function
declarations for them and I find references to them, but I do not find
definitions anywhere in the source code distribution. They are
Hi,
First of all the HEX line are important because they contained information
about the connection (SSL protocol layer: record, alert etc...), in fact in
acts as -msg option (openssl 0.9.7e).
In your case, it seemes that your server closed the connection:
read from 080ABC00 [080B1838] (7 bytes
>
> Depends on what you mean by "PKCS7 handling" if you just mean being able
to
> parse PKCS#7 structures then even SSLeay would handle it. If you mean
S/MIME
> then it first appeared in 0.9.5 but there have been *many* security and
> bugfixing changes since then.
>
> You might be able to use Crypt
Hi there!!!
I've been working very well with openssl crypto library without "unexpected" errors. But this time I get an error using X509_REQ_sign ( )... I've made a lot of CSR's in a lot of clients with this function without problems but now when I copy-paste the source code to another app the fu
On Mon, Feb 21, 2005, Christian Kreibich wrote:
> Hi all,
>
>
> I have an application in which a "master" process creates a socket,
> connects to a server app, and forks off a few children sharing the open
> file descriptor for that connection with its children. All of the
> children use the sha
On Wed, Feb 23, 2005, Pablo J Royo wrote:
>
> > > ¿Do you know if actual OpenSSL versions do (still) compile with VC1.52
> producing 16bit code?
> > > I need PKCS7 support for an old 16bit application.
> > >
> >
> > It has not been tested for a long time and I'd be surprised if it still
> > worke
On Wed, Feb 23, 2005, Tyler Durden wrote:
> Hello,
> I have next problem:
> I implement a simple TLS cliente & server with openssl that these
> funcions with all ciphers TLS suit except with the cifer DH, that are:
> DH-DSS-AES128-SHA
> DH-DSS-AES256-SHA
> DH-RSA-AES128-SHA
> DH-RSA-AES256-SHA.
>
Thank you Frederic It worked! Thanks to all that cared!
Jody Harvey, MCP
AFMIC - Publishing
BAE Systems
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of PAILLETTE Frédéric
Sent: Wednesday, February 23, 2005 12:29 PM
To: openssl-users@openssl.org
Subje
So is the problem that she has an old distro, or that she is not
asking for it correctly, or that she should not be asking at all
(that is, those SSL directives should just be removed and nothing
put in their place)?
Sorry, I don't do any work with Windows so I don't know.
Bernhard Froehlich wrote:
It's not seeing your openssl.conf file - are you sure it is in
the right place and that you are correctly pointing to it?
The reason I ask is that it was finding it before, so what did
you change to make it not find it now?
Harvey, Jody wrote:
I used the file you sent. Now I am getting:
INPUT
C:\Pr
Hi,
TLS is another name for the SSLv3.1. TLS is the result of the
standardization (and improvement I think) of the SSL v3.0 protocol by
the IETF.
Hope this Help
Frédéric.
David Gianndrea wrote:
I dont have my book handy today, but is TLS just
another name for SSL or is it different? My developme
Yes, filename error, try the next command ;-)
openssl req -config openssl.cnf -newkey rsa:1024 -keyout server.pf.key -out
req.pem
Indeed, the file is named openssl.cnf and not openssl.conf.
Sorry, I can't rename this file easily under winXP, it interpret the
extension so I must do it via a comm
I dont have my book handy today, but is TLS just
another name for SSL or is it different? My development
group is looking into encrypting a client server app data
stream before putting it on the wire.
Im thinking that TLS is better suited for that.
--
David Gianndrea
Senior Network Engineer
Comsqua
I used the file you sent. Now I am getting:
INPUT
C:\Program Files\GnuWin32\bin>openssl req -config openssl.conf -newkey
rsa:1024
-keyout server.pf.key -out req.pem
OUPUT
error on line -1 of openssl.conf
2352:error:02001002:system library:fopen:No such file or
directory:bss_file.c:10
4:fopen('ope
* Christian Kreibich <[EMAIL PROTECTED]>:
> > Could you recommend a good book on openssl?
>
> The O'Reilly book by Viega, Messier and Chandra is useful -- they show
> you one way to OpenSSL-enable an existing application, plus other parts
> of the API. It also shows you how to do nonblocking I/O w
(re)Hi,
Did you have a valid configuration file ?
Try the default file provided by the OpenSSL attached to this mail.
Be aware this file is named openssl.cnf ;-)
Hope this help
Frédéric
PS: Sorry for my bad english :-)
Harvey, Jody wrote:
OK. I think I understand. So I did this:
C:\Program Files\Gn
OK. I think I understand. So I did this:
C:\Program Files\GnuWin32\bin>openssl req -config openssl.conf -newkey
rsa:1024
-keyout server.pf.key -out req.pem
And got:
error on line -1 of openssl.conf
3700:error:02001002:system library:fopen:No such file or
directory:bss_file.c:10
4:fopen('openssl.
Charles B Cranston wrote:
[...]
but perhaps you could name some Windows log file or something.
We're way past this in Unix now because many Unix systems have
the /dev/random or /dev/urandom devices - and if these are present
OpenSSl doesn't need the RANDFILE.
Not that I'm a real big fan of Bill, bu
[EMAIL PROTECTED] schrieb das Folgende am 23.02.2005 12:09:
Hi,
You can specify the protole to use with -ssl3 or -tls1 otherwise s_client
send a ssl v2 client hello. Moreover some debug info with -state or -debug
could be usefull to find what happened. ;)
# openssl s_client -connect localhost:666
Hello,
I have next problem:
I implement a simple TLS cliente & server with openssl that these
funcions with all ciphers TLS suit except with the cifer DH, that are:
DH-DSS-AES128-SHA
DH-DSS-AES256-SHA
DH-RSA-AES128-SHA
DH-RSA-AES256-SHA.
I have proved with all functions of the generate key and I
At 01:28 PM 2/23/2005 +0100, Manuel Sánchez Cuenca writeth:
>Hello all, I have to write a C program which decrypts some data
>encrypted by a java program. The java program is the following:
>=
> KeyGenerator key_gen = KeyGenerat
> > ¿Do you know if actual OpenSSL versions do (still) compile with VC1.52
producing 16bit code?
> > I need PKCS7 support for an old 16bit application.
> >
>
> It has not been tested for a long time and I'd be surprised if it still
> worked.
>
In that case, does anybody know which version was the
From man req (which is available at www.openssl.org)
RANDFILE
This specifies a filename in which random number seed information
is placed and read from, or an EGD socket (see RAND_egd(3)). It is used
for private key generation.
===
On Unix I've used something as simple as
(date; du) >randomf
AH, that's the problem. Those are not commands for OpenSSL,
those are commands for the Apache daemon and go in your
apache httpd.conf file.
Harvey, Jody wrote:
Here is line 28 thur 30 of my ssl.conf
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random
Sigh. The diagnostic is clearly pointing at line 28 of the ssl.conf
file - do you think you could post (some context around) line 28 of
your ssl.conf file?
Harvey, Jody wrote:
I am currently setting up Open SSL on a Windows 2k system. I have followed
instructions as closely as possible. My problem
Here is line 28 thur 30 of my ssl.conf
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
Is that right?
Jody Harvey
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of PAILLETTE Frédéric
Sent: Wednesda
Hi,
The problem seems to be in your configuration file.
Verify you ssl.conf file. Perhaps that a comment do not start with # and
the program interpret it like an affectation without equal sign.
Or a equal sign has been "involuntary" replaced. The mistake is possible.
Example:
"encrypt_rsa_key
I am currently setting up Open SSL on a Windows 2k system. I have followed
instructions as closely as possible. My problem is when I use this command:
C:\Program Files\GnuWin32\bin>openssl req -config ssl.conf -newkey rsa:1024
-key
out keyreq\server.pf.key -out keyreq\req.pem
I get this:
error on
On Wed, 2005-02-23 at 13:44 +0100, Patrick Ben Koetter wrote:
> * Dr. Stephen Henson <[EMAIL PROTECTED]>:
> > Yes that's basically it. While it is also possible to restrict CA purposes
> > not all software supports and it is non standard.
>
> Could you recommend a good book on openssl?
The O'Reil
On Wed, Feb 23, 2005, Pablo J Royo wrote:
> Hi
>
> ¿Do you know if actual OpenSSL versions do (still) compile with VC1.52
> producing 16bit code?
> I need PKCS7 support for an old 16bit application.
>
It has not been tested for a long time and I'd be surprised if it still
worked.
Steve.
--
Dr
Hello all, I have to write a C program which decrypts some data
encrypted by a java program. The java program is the following:
=
KeyGenerator key_gen = KeyGenerator.getInstance("Rijndael");
SecretKey aes_key = (SecretKey)k
Hi
¿Do you know if actual OpenSSL versions do (still)
compile with VC1.52 producing 16bit code?
I need PKCS7 support for an old 16bit
application.
Thanks
* Dr. Stephen Henson <[EMAIL PROTECTED]>:
> Yes that's basically it. While it is also possible to restrict CA purposes
> not all software supports and it is non standard.
Could you recommend a good book on openssl?
I really want to learn more about it, but I find it hard to find some good
docs.
T
On Tue, Feb 22, 2005, ray v wrote:
> Ok I figured it out, doh!
>
> Here's part of my openssl command
>
> openssl x509 -req -days $days -in $csrfile -extfile
> extfile -extensions extend
>
> I use -extfile and -extensions
>
> Here's my extfile
>
> extensions = extend
> [ extend ]
> keyUsage
Hi,
You can specify the protole to use with -ssl3 or -tls1 otherwise s_client send
a ssl v2 client hello. Moreover some debug info with -state or -debug could be
usefull to find what happened. ;)
Hope it could help.
Fred
-Original Message-
From: [EMAIL PROTECTED] on behalf of Hans
Hi!
I created certs for a CA and a server and the server's keys.
I configured OpenLDAP to use TLS.
Then I connected to the server with # ldapsearch -Z -x -h localhost:666
which works fine.
Security is set to "simple bind=64" in slapd.conf, so no simple bind
without TLS (# ldapsearch -x -h localhos
Hi,
In fact, if you get connected sometimes does not mean that there is no enc/dec
problem, because it can be due to block size (for stream), padding (for CBC
mode), or things like this... ;(
Be carefull with network, because using a crypto accelerator involves
performances (RSA bottleneck rem
38 matches
Mail list logo
