Then perhaps your company should hire a security expert to design the
security. Defects in portability or performance are low-risk and easily
detected, and the cost scales with the time until a patch is deployed.
Security vulnerabilities are much more tricky and expensive to detect and
the
On Jun 16, 2005, at 11:47 PM, coco coco wrote:
For a shameless plug, this scheme is designed by myself. I'm giving
a brief description here, so you guys can help to see if that makes
sense.
[snip]
Yeah, I know, you have not seen the implementation, so not fair
to say if that's ok or not. Thi
I thought the problem was that you were using the same keypair
for encryption and signing. So that there really is only one key.
I know, the key escrow was designed when the requirements were
only for encryption only. Digital signature requirement was added when
the consultant got on board. S
Like the commentator, I'm also a little guy. In my case, I'm a retired guy
who got his intro to this stuff from Entrust. I got convinced that their
two (or more) -certificate solution was right, based upon the following:
If you are an employee in an organization, it is valid for the organiz
Hello All,
I
used following C code to sign the data and encode in DER format.
But
JAVA Crypto code is failed to parse the DER encoded PKCS#7 data. Following is
the “C” code to sign the data.
Is
there any problem in my code
> Pease help to fill in items that I might have missed :)
The security risk that this non-standard scheme might introduce an
unforseen vulnerability. This is, IMO, as likely as that it will protect
against some unforseen vulnerability -- the alleged reason for the scheme.
Hehe, I was t
Yes, Viktor... you are right. Two certificates with the same keys is ...
as you say
One of these days, I'll figure out how to write what I really mean, instead
of assuming that all readers have the same context as I do.
And that "retirement" was (how shall I put it) ... non-voluntary.
On Jun 9, 2005, at 8:35 AM, Nabil Ghadiali wrote:
Openssl req seems to output those components...however I am not able
to find
a way to "input" these as command line parameters.
man openssl_req
Try something like:
openssl req -new -key foo.key -out foo.csr -sha1
Take care,
Bill
PGP.sig
> Pease help to fill in items that I might have missed :)
The security risk that this non-standard scheme might introduce an
unforseen vulnerability. This is, IMO, as likely as that it will protect
against some unforseen vulnerability -- the alleged reason for the scheme.
DS
__
On Thu, Jun 16, 2005 at 06:33:53PM -0700, david wrote:
> Like the commentator, I'm also a little guy. In my case, I'm a retired guy
> who got his intro to this stuff from Entrust. I got convinced that their
> two (or more) -certificate solution was right, based upon the following:
>
You say
Like the commentator, I'm also a little guy. In my case, I'm a retired guy
who got his intro to this stuff from Entrust. I got convinced that their
two (or more) -certificate solution was right, based upon the following:
If you are an employee in an organization, it is valid for the organizat
I am also facing the similar problem. I am generating signature
using OpenSSL and passing in to JAVA to verify (running JAVA test
suite). Signature format is in DER encoded PKCS#7 format.
But JAVA is not able to parse the "SignedData" content in the
PKCS#7 format. It is giving "
Like everyone else, I say this consultant doesn't know what he's
talking about (I'm tempted to ask you to tell me who it is, so I can
avoid him/her). Can I suggest a different line of attack, though?
It's obvious that confronting the consultant by calling bull doesn't
win you any points, so how
> Thanks all for replying. More heated debates I guess.
How can there be a heated debated when there is not yet one argument
advanced in favor of the double certificate scheme?
I got what you meant, sorry for not being clear. I meant there will be more
heated debate between us (the tec
I'm delaying the release of 0.9.8 beta6 until tomorrow (friday) night.
The reason is that I want to test some changes on systems that may be
sensitive to them before releasing. I believe that will be better for
the release process as a whole.
Cheers,
Richard
-
Please consider sponsoring my w
It was not the private key that got lost but me...
The private and public key are created locally - thanks to Bernhard
Froehlich for pointing this out in a private email. The private key is
never send to Thawte and hence it can not possibly be in the
deliver.exe file.
The local key generatio
In message <[EMAIL PROTECTED]> on Thu, 16 Jun 2005 11:51:57 +0200, pana <[EMAIL
PROTECTED]> said:
panasa1> The error I get when I use -genstr is:
panasa1>
panasa1> unknown option -genstr
panasa1> asn1parse [options] where options are
panasa1> -inform arg input format - one of DER TXT PEM
pan
Hello,
I am writing a 802.11 wireless client that communicates with the access
point using PEAP and MSCHAPV2. I am having trouble establishing a
secure TLS tunnel in which to perform the PEAP phase 2 handshake.
My client sends a TLS Client Hello message. The servers respond with
their "Server H
In message <[EMAIL PROTECTED]> on Tue, 14 Jun 2005 00:14:54 -1000, "coco coco"
<[EMAIL PROTECTED]> said:
coconut_to_go> We called it bullshit, and were having a hot debate,
coconut_to_go> most people (the technical people) are opposed to that,
coconut_to_go> saying that there is nothing secure ab
> Thanks all for replying. More heated debates I guess.
How can there be a heated debated when there is not yet one argument
advanced in favor of the double certificate scheme?
DS
__
OpenSSL Project
Hi Joachim,
On 6/16/05, Joachim Buechse <[EMAIL PROTECTED]> wrote:
> Good day!
>
> I am trying to extract my private key from a file downloaded from
> Thawtes "Personal Freemail" certificate service. (Thawte creates the
> private key for the user to simplify the process).
>
> The file (with the
When I try to decode a particular smime message I'll get error
"ASN1_get_object:too long". First I thought there's something
wrong with ASN.1 syntax but than I found a major difference
in openssl base64 decoding compared to other base64 tools.
Given attached PEM file with all other base64 tools t
Hello coco,
I am also facing the similar problem. I am generating signature
using OpenSSL and passing in to JAVA to verify (running JAVA test
suite). Signature format is in DER encoded PKCS#7 format.
But JAVA is not able to parse the "SignedData" content in the
PKCS#7 format. It
The error I get when I use -genstr is:
unknown option -genstr
asn1parse [options] :
> pana wrote:
> > I used those commands: "openssl asn1parse -inform TXT -in in.txt -out
> > out.tx"
>
> "openssl asn1parse ..." doesn't support "TXT" input
>
> > and "openssl asn1parse -genstr 'UTF8:Hello World'
I've not been there, but is it possible that this is a PKCS#12 bag?
Dave
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated
Good day!
I am trying to extract my private key from a file downloaded from
Thawtes "Personal Freemail" certificate service. (Thawte creates the
private key for the user to simplify the process).
The file (with the meaningfull name deliver.exe) seems to be a Netscape
Certificate Sequence in
compiling
openssl-engine-0.9.6m
on a dual opteron slamd(slack 64 10.1) box
./config completes
but then make throws and error up to do with the assemblers for md5,sha etc
so if i run ./config no-asm and then make i get no problems... however
it still only detects the system as a 32bit sys. ( .
Hello everybody !
I've got some problems with simple DES encryption; i have compared the results of my DES fonction with the examples given in the file test.cpp and when the key has a particular form (only 0, only FF, ...) the cipherdata is not the cipherdata expected...
In other (most of)
Quoting Nils Larsch <[EMAIL PROTECTED]>:
Julien ALLANOS wrote:
...
Actually, I have tested the following:
EVP_CIPHER_CTX_init(&ctx);
EVP_CipherInit_ex(&ctx, EVP_aes_192_ecb(), NULL, key->data, NULL, 1);
if (!EVP_CipherUpdate(&ctx, ciphertext->data, (int *)
&ciphertext->length,
SUMMARY:
The problem was that the root CA had a pathlen=0, so the intermediate CA
could not be recognized. Setting pathlen=1 solved it.
Many thanks to Goetz for his help.
From: Goetz Babin-Ebell <[EMAIL PROTECTED]>
Reply-To: openssl-users@openssl.org
To: openssl-users@openssl.org
Subject: R
30 matches
Mail list logo
