Hi all,
How can a self signed certificate in X509 format be distinguished from a
bought one?
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.12/75 - Release Date: 17/08/2005
___
[EMAIL PROTECTED] wrote:
Who will mandate ECC by 2010???
NIST. Most likely Europe will follow.
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Auftrag von Uri
Gesendet: Mittwoch, 17. August 2005 14:54
An: openssl-users@openssl.org
Betreff: Re: RSA key si
Hi,
Is the following command for requesting OCSP status using openSSL is correct?
1) "ocsp -url http://ocsp.openvalidation.org -issuer ROOT_CA.pem -VAfile OCSPServer.pem -cert User.pem".
If i change above command, BY REMOVING OCSPServer.pem file i am getting status as good but with a message
Thanks for the advice.
Silvia Pavón
"mclellan, dave"
<[EMAIL PROTECTED]
c.com>
Probably the file command regonizes the UTF-8 Byte Order Mark as it does
other magic numbers.
UTF-8 BOM is 0xEFBBBF, a signature that indicates the encoding of the file
is UTF-8. If you have an application that is reading the file and needs to
know, read the first six bytes of the file and act
On Wed, Aug 17, 2005 at 10:01:26AM -0500, Silvia Gisela Pavon Velasco wrote:
>
>
>
>
> Hello,
>
> I would like some advice about how can I validate that a file is in utf-8
> format. I have set the proper unix environment variables to work with the
> utf-8 format; but however, I have the need t
On Wed, Aug 17, 2005, Fell, Anthony wrote:
> I don't have an answer, but I can commiserate. We have built OpenSSL
> for VxWorks and are having trouble during the certificate verification
> process; in our case, a server certificate that is valid and is verified
> correctly by an SSL client on Win
Hello,
I would like some advice about how can I validate that a file is in utf-8
format. I have set the proper unix environment variables to work with the
utf-8 format; but however, I have the need to validate if a file is in that
format.
Regards,
Silvia Pavón
___
Hi Ignacio ,
I think that the problem is that your are not linking the appropriate libraries.
Try the following steps
# ./config zlib # gmake # gcc test.c -L -I -lssl -lcrypto -lz -ldl #./a.out compression name: zlib compression
Your Method
#gcc test.c -lssl -lcrypto
//this will use the crypt
Gerd Schering writes:
Sorry for this question, of course we have rfc2459.
*ahem* 3280
Cheers,
Richard
-
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte [EMAIL PROTECTED]
Dr. Stephen Henson wrote:
However back to the original query. The countryName in the two certificates is
a different character type, in one it is PrintableString the other UTF8String.
The 'ca' utility currently regards those as different.
However in countryName only PrintableString is allowed
Gerd Schering wrote:
B.t.w. is there an rfc or something else where the allowed string types
are defined?
Sorry for this question, of course we have rfc2459.
Gerd
--
--
-- Gerd Schering, Email: [EMAIL PROTECTED] --
-- TU Berlin, Zentralei
I don't have an answer, but I can commiserate. We have built OpenSSL
for VxWorks and are having trouble during the certificate verification
process; in our case, a server certificate that is valid and is verified
correctly by an SSL client on Windows XP (using the CA's certificate),
is declared ex
Stephen T Albright wrote:
Hello to all.
First let me apologize for this message if it is not
the correct list, but I need to start somewhere.
Now my question.
I have recently been tasked with recompiling Sendmail
on a Sunfire 120 to include TLS support. I understand
I need OpenSSL, and I have
Dr. Stephen Henson wrote:
However in countryName only PrintableString is allowed so if you have a
certificate request with UTF8String in there it is broken anyway. So that's
the main problem: an invalid certificate request.
Thanks a lot for your help.
B.t.w. is there an rfc or something else
Hello to all.
First let me apologize for this message if it is not
the correct list, but I need to start somewhere.
Now my question.
I have recently been tasked with recompiling Sendmail
on a Sunfire 120 to include TLS support. I understand
I need OpenSSL, and I have found some sites with
infor
Who will mandate ECC by 2010???
> -Ursprüngliche Nachricht-
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Auftrag von Uri
> Gesendet: Mittwoch, 17. August 2005 14:54
> An: openssl-users@openssl.org
> Betreff: Re: RSA key sizes
>
>
> Please note that the importance of RSA is going
Please note that the importance of RSA is going to decline in favor of
Elliptic Curve Crypto over GF(p). In particular, by 2010 ECC will be
mandated. I suspect there are cryptographic reasons for it.
__
OpenSSL Project
On Tue, Aug 16, 2005, varma d wrote:
>
> But, In this command what is the purpose of OCSPServer.pem, i still dont
> understand the purpose of OCSPServer.pem as we need to just send our request
> and expect a response from OCSP responder irrespective of OCSPServer.pemfile.
>
This is an issue o
On Wed, Aug 17, 2005, Tan Eng Ten wrote:
> Hi all,
>
> This is a general crypto question and I hope someone could help me
> out.
>
> Often we use RSA of 512, 1024, 2048, 4096, etc. bit lengths. Are
> other sizes such as 520/1045 bit "valid"? Mathematically, it should
>
On Wed, Aug 17, 2005, Gerd Schering wrote:
> Hi,
>
> when trying to sign a CSR I get the following error:
>
> Check that the request matches the signature
> Signature ok
> The Subject's Distinguished Name is as follows
> commonName:ASN.1 12:'xxx'
> organizationName :ASN.1 12:'xx
Hi,
I have already written an OCSP server, now I want to write TSA server. I thought I would reuse some code, bot it is not so easy. I have problem with converting TR_RESP structure into DER format. In OCSP server i used the following function:
i2d_OCSP_RESPONSE_bio(_cbio, _resp);
where _cbio i
Arsen Hayrapetyan wrote:
What is in your config file [policy_match] section?
[ policy_match ]
countryName = supplied
stateOrProvinceName = optional
organizationName= supplied
organizationalUnitName = optional
commonName = supplied
emailAddress=
sorry, i though i had copied the openvpn email
address... please accept my apologies
- Original Message -
From:
[EMAIL PROTECTED]
To: openssl-users@openssl.org
Sent: Wednesday, August 17, 2005 9:45
PM
Subject: AW: Setup Help
Are
you sure this is the right
Are
you sure this is the right community to ask?
-Ursprüngliche Nachricht-Von:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Im
Auftrag von Paull DodemaideGesendet: Mittwoch, 17. August 2005
13:38An: openssl-users@openssl.orgBetreff: Setup
Help
Hi All,
I am having no
Hi All,
I am having no end of trouble trying to get this
OpenVpn to work. Here is what I have done so far. I am all out of
ideas.
I am trying to create a bridged connection (for
gaming with a few mates). I have setup the server side exactly as per
instructions however it just does not wa
Gerd Schering wrote:
> Hi,
>
> when trying to sign a CSR I get the following error:
>
> Check that the request matches the signature
> Signature ok
> The Subject's Distinguished Name is as follows
> commonName:ASN.1 12:'xxx'
> organizationName :ASN.1 12:'xxx'
> organizationalUnitN
Hi,
when trying to sign a CSR I get the following error:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName:ASN.1 12:'xxx'
organizationName :ASN.1 12:'xxx'
organizationalUnitName:ASN.1 12:'XXX'
countryName
see below
> -Ursprüngliche Nachricht-
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Auftrag von Tan Eng Ten
> Gesendet: Mittwoch, 17. August 2005 11:28
> An: openssl-users@openssl.org
> Betreff: Re: AW: RSA key sizes
>
>
> Cool.. but the key below has 128 bytes in total, but repor
> Cool.. but the key below has 128 bytes in total, but reported as being
> 1023-bit
>
> -
> Modulus (1023 bit):
> 5d:10:63:d3:d8:00:2a:50:ab:65:8a:f0:92:83:b0:
> 6a:39:e3:0c:38:aa:f5:32:23:71:25:8e:4a:8d:50:
> fd:80:a3:95:59:33:27:92:88:d0:1d:28:dd:05:7c:
> b6:a0:5e:68:
Cool.. but the key below has 128 bytes in total, but reported as being
1023-bit
-
Modulus (1023 bit):
5d:10:63:d3:d8:00:2a:50:ab:65:8a:f0:92:83:b0:
6a:39:e3:0c:38:aa:f5:32:23:71:25:8e:4a:8d:50:
fd:80:a3:95:59:33:27:92:88:d0:1d:28:dd:05:7c:
b6:a0:5e:68:9e:b4:70:c9:bd:28:8a
> A local certification authority has issued a cert and the public is as
> below (parsed with openssl) :
>
> -
> Modulus (1023 bit):
> 5d:10:63:d3:d8:00:2a:50:ab:65:8a:f0:92:83:b0:
> 6a:39:e3:0c:38:aa:f5:32:23:71:25:8e:4a:8d:50:
> fd:80:a3:95:59:33:27:92:88:d0:1d:28:dd:05:7c:
>
The main reason why we take 512, 768, 1024, 2048, 4096,... bit is, that
these numbers are multiples of 8 ans though can be fractioned into bytes
(1024 bit = 128 byte).
Withe the increase of calculation power the key size was increased, in the
end by doubling the number of bits.
To answer our secon
It probably is 1023 bit, but you can think of that as being 1024 bit with
the top bit zero. Since the modulus is effectively random (the product or
two randomly chosen large primes) then it makes sense that some of the
generated moduli will not completely fill the 1024 bits, just as choosing a
num
A local certification authority has issued a cert and the public is as
below (parsed with openssl) :
-
Modulus (1023 bit):
5d:10:63:d3:d8:00:2a:50:ab:65:8a:f0:92:83:b0:
6a:39:e3:0c:38:aa:f5:32:23:71:25:8e:4a:8d:50:
fd:80:a3:95:59:33:27:92:88:d0:1d:28:dd:05:7c:
b6:a0:5e:68:9e:
I believe it's a matter of efficiency. There are optimisations that can be
performed on the math of integers of length power-of-2. It's possible that
there are implementations out there that won't work with non-standard sizes.
I have seen 4096 bit keys in the wild. In fact, the Microsoft Root
C
36 matches
Mail list logo
