On Tue, Apr 17, 2007, Edward Chan wrote:
> The problem with CryptoAPI is that it doesn't give you direct access to
> the shared secret. But I suspect it is wrong since the
> encryption/decryption fails (I encrypt something, and decrypt it, to
> make sure it is the same as the original).
>
It do
> Hi DS
> How do we handle closure in openssl??? . I just call:
[snip]
> But sometimes I receive return 0 for both call. I do not know why, so I
> just call one time
> SSL_shutdown(ssl);
> SSl_free(ssl);
> close(sock);
>
> Please help.
It depends on how you created the SSL connect
Honestly, I have no idea how CryptoAPI handles this stuff. And
documentation is hard to come by. But I can say that in the failure
cases I'm seeing, OpenSSL is indeed giving me back a positive BIGNUM.
So at least on our side it doesn't not appear to be a signed/unsigned
issue.
-Original Mes
On Tue, Apr 17, 2007 at 02:31:50PM -0400, Victor Duchovni wrote:
> On Tue, Apr 17, 2007 at 11:15:23AM -0700, Edward Chan wrote:
>
> > BN_bn2bin(dh->pub_key, buf);
> > ReverseBytes(buf, size); // MS CAPI requires this in little-endian
>
> Reversing the BER encoded bytes of a big endian integer do
Hmm, that's interesting. Then why does this seem to work most of the
time?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni
Sent: Tuesday, April 17, 2007 11:32 AM
To: openssl-users@openssl.org
Subject: Re: BIGNUM library
On Tue, Apr 17, 20
2007/4/10, Johans Taboada <[EMAIL PROTECTED]>:
Hi list, I ask for help please.
Still waiting...
DatabaseError: SSL error: cipher or hash unavailable\n
...
OperationalError: SSL error: cipher or hash unavailable\n
...
What does it really mean '''cipher or hash unavailable'''? (SSL Error
On Tue, Apr 17, 2007 at 11:15:23AM -0700, Edward Chan wrote:
> BN_bn2bin(dh->pub_key, buf);
> ReverseBytes(buf, size); // MS CAPI requires this in little-endian
Reversing the BER encoded bytes of a big endian integer does not yield
the BER encoding of the correspoding little-endian integer.
--
Arg, I'm still getting failures even though the pubkey computed by
openssl is not negative and padding is not required. Any other ideas?
I'm desperate. A year's supply of Guinness for the person who can help
here :)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
The problem with CryptoAPI is that it doesn't give you direct access to
the shared secret. But I suspect it is wrong since the
encryption/decryption fails (I encrypt something, and decrypt it, to
make sure it is the same as the original).
I agree that a format difference is unlikely. That's why
Hello,
> First I call DH_new() to get a new DH object.
>
> Then I fill in the p & g members of the DH obj with pre-generated prime
> and generator.
>
> Then I call DH_generate_key() which generates the pub_key and priv_key
> pair.
>
> I then do a BN_bn2bin() on the pub_key member to get a byte
On Tue, Apr 17, 2007, Edward Chan wrote:
> Right, I see what you're saying. I realize I'm not actually passing a
> BIGNUM. Let me clarify, this is what I'm doing.
>
> First I call DH_new() to get a new DH object.
>
> Then I fill in the p & g members of the DH obj with pre-generated prime
> and
Hi friends
Someone knows where I can find an implementation of a Threshold
secrect sharing ?
Best regards,
Geiza
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Right, I see what you're saying. I realize I'm not actually passing a
BIGNUM. Let me clarify, this is what I'm doing.
First I call DH_new() to get a new DH object.
Then I fill in the p & g members of the DH obj with pre-generated prime
and generator.
Then I call DH_generate_key() which generat
Edward Chan <[EMAIL PROTECTED]> wrote:
> Thanks for the reply. So I'm a bit confused as to how different crypto
> packages interoperate. I've been having a problem with MS CryptoAPI
> doing a DH key exchange with OpenSSL. There are some quirks such as
> byte order, and a couple other things. B
great. thanks victor.
i need this cert to import to keystore because that https is an webservice
with self signed certificate and i need axis to treat it as trusted.
On Tuesday 17 April 2007 17:15:04 Victor B. Wagner wrote:
> On 2007.04.17 at 16:17:03 +0200, M.Zdila/EpiSoftware Ltd. wrote:
> > h
On 2007.04.17 at 03:27:47 -0700, Mustafa Cayci wrote:
> Hi,
>
> I used Entrust/Web Connector to generate client
> certificate. It generated in raw DER format. Is there
> anyway to convert to PKC#7 format?
>
> Thanks in advance,
PKCS7 format is not a certificate format. It is format of
signed/e
On Tue, Apr 17, 2007 at 08:42:12AM -0700, Edward Chan wrote:
> Thanks for the reply. So I'm a bit confused as to how different crypto
> packages interoperate. I've been having a problem with MS CryptoAPI
> doing a DH key exchange with OpenSSL. There are some quirks such as
> byte order, and a c
Thanks for the reply. So I'm a bit confused as to how different crypto
packages interoperate. I've been having a problem with MS CryptoAPI
doing a DH key exchange with OpenSSL. There are some quirks such as
byte order, and a couple other things. But for the most part, I have it
working. But oc
On 2007.04.17 at 16:17:03 +0200, M.Zdila/EpiSoftware Ltd. wrote:
> hi
>
> i would like to use it in bash script so the certificate would be saved to a
> cert.pem and then imported to java keystore using keytool. possible?
Use openssl s_client command, and then something like sed or awk to
extr
I went to www.microsoft.com and searched for "IIS install
certificate". The first hit led me to:
http://msdn2.microsoft.com/en-us/library/ms751408.aspx
with step-by-step instructions. (Ignore the leading part about
'makecert', of course -- you already have a certificate.)
--
Mark H. Wood, L
Hello,
> actually, i know about this method but i don't consider it as very clean.
> any "native" method? :-)
Yes :-)
>From C you may establish SSL connection and get peer certificate with:
X509 *cert = SSL_get_peer_certificate(ssl);
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
hi
i would like to use it in bash script so the certificate would be saved to a
cert.pem and then imported to java keystore using keytool. possible?
thanks in advance
On Tuesday 17 April 2007 15:08:45 Marek Marcola wrote:
> Hello,
>
> > actually, i know about this method but i don't consider it
Hi DS
How do we handle closure in openssl??? . I just call:
SSL_shutdown(ssl);
SSl_free(ssl);
close(sock);
then get out both in Serevr/Client, without waiting for receiving
close_notify from either sides. Could that cause memory leak ?? I have
called:
SSL_shutdown(ssl);
Hello,
> I couldn't find out how to get a PEM file if I have a https://url.
>
> In Konqueror I am able to export certificates from Peer SSL Certificates tab,
> but I'd like to be able to get it also with openssl command.
After command:
% openssl s_client -connect url:443 -showcerts < /dev
hi
thanks for reply.
actually, i know about this method but i don't consider it as very clean.
any "native" method? :-)
On Tuesday 17 April 2007 13:32:36 Marek Marcola wrote:
> Hello,
>
> > I couldn't find out how to get a PEM file if I have a https://url.
> >
> > In Konqueror I am able to expo
Hello Mustafa,
I am confused. Please take a look at the attached
document. It gives me two options to create the
certificate and both are in PEM encoded but one is in
DER and the other one is in PKCS#7 format. According
to your statement, how could this be?
Please make a note that the attac
Hello,
I am confused. Please take a look at the attached
document. It gives me two options to create the
certificate and both are in PEM encoded but one is in
DER and the other one is in PKCS#7 format. According
to your statement, how could this be?
Thanks,
Mustafa
--- ViSolve Security Consul
Hello
I couldn't find out how to get a PEM file if I have a https://url.
In Konqueror I am able to export certificates from Peer SSL Certificates tab,
but I'd like to be able to get it also with openssl command.
Thanks in advance :-)
Regards
--
Martin Zdila
Analyst/Developer
EpiSoftware Slov
Hello Mustafa,
I used Entrust/Web Connector to generate client
certificate. It generated in raw DER format. Is there
anyway to convert to PKC#7 format?
PKCS#7 is a structure which comes in two forms PEM or DER. To convert a PEM
format PKCS#7 structure into a DER form issue the below command
> I used Entrust/Web Connector to generate client
> certificate. It generated in raw DER format. Is there
> anyway to convert to PKC#7 format?
| openssl pkcs7 [options] outfile
| where options are
| -inform arg input format - DER or PEM
| -outform arg output format - DER or PEM
| -in arg
Hi,
I used Entrust/Web Connector to generate client
certificate. It generated in raw DER format. Is there
anyway to convert to PKC#7 format?
Thanks in advance,
Mustafa
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection ar
Hello,
> Is there a specification on the format of a BIGNUM that someone can
> point me to?
Probably headers files.
> Is there a standard encoding/format that everyone adheres to?
Probably not.
> Or would different libraries have their own encodings? I hope not.
Most bignum libraries use thei
32 matches
Mail list logo
