Hi all,
Did anyone try to set some custom information in certificate? For
example, if I want to set a simple string, "This is my proxy", in
certificate, what shall I do? Can it be implemented
by standard openssl command?
I tried to set the custom information in extension section, however it
did
Raymond: It is possible that the functions you are referring to may be
required to support RSA (key wrapping; key establishment) methodology as
described on page 19 of the Security Policy.
You also have to take into consideration that all algorithms are
supported in the code, but certain algor
I donot want to receive anything about yours.
Thanks very much!
Jeremiah Martell <[EMAIL PROTECTED]> 写道:
So just base64 encode the signature, and that's all?
>From what I could tell from some examples, it looked like they had
more than one "thing" encoded. There was one base64 blob, but th
Marek,
Thanks for your reply.
That page in security policy, 17& 18, is really what I'm referring to.
Based on that I drew a conclusion that RSA public-key encyrption is not
approvied algorithms in the OpenSSL FIPS module. However in the FIPS source
code in /fips-1.0/rsa/fips_rsa_eay.c ,
Jim,
Thanks again for pointing in the right direction! I really appreciate the help!!
On 7/5/07, Jim Fox <[EMAIL PROTECTED]> wrote:
>
> Yes, my data is less than 128 bytes. I ran across that when I was
> doing my original research and saw the approach you recommend for
> larger files.
>
> So f
Yes, my data is less than 128 bytes. I ran across that when I was
doing my original research and saw the approach you recommend for
larger files.
So for a small file, do I have the methodology correct?
Yes. Didn't try the code, but it's the right approach.
Jim
Hello,
>
> According to my understanding on OpenSSL FIPS module security
> policy, RSA public-key encryption scheme is not approved algorithm in
> the module. However, in OpenSSL FIPS module source code, I saw the API
> like RSA_eay_public_encrypt(). Could someone shed a light on this?
Look at
Hi, cmose,
The KeyStoreBuilder utility in "not-yet-commons-ssl" can probably
create a java keystore file for you. Take a look at this java
library:
http://juliusdavies.ca/commons-ssl/download.html
The KeyStoreBuilder in particular is documented here:
http://juliusdavies.ca/commons-ssl/utiliti
Jim,
Yes, my data is less than 128 bytes. I ran across that when I was
doing my original research and saw the approach you recommend for
larger files.
So for a small file, do I have the methodology correct?
Thanks!
On 7/5/07, Jim Fox <[EMAIL PROTECTED]> wrote:
>
> I grabbed "Network Security
Hi,
According to my understanding on OpenSSL FIPS module security policy, RSA
public-key encryption scheme is not approved algorithm in the module. However,
in OpenSSL FIPS module source code, I saw the API like
RSA_eay_public_encrypt(). Could someone shed a light on this?
Thanks
Raymond
I grabbed "Network Security with OpenSSL" on Safari and have been
reading the relevant sections.
That's a useful book.
If I understand correctly, to read an
external file, decrypt it using an internal private key and write the
decrypted out to internal data, I would do:
Is your file real
You've been very helpful Jim.
I grabbed "Network Security with OpenSSL" on Safari and have been
reading the relevant sections. If I understand correctly, to read an
external file, decrypt it using an internal private key and write the
decrypted out to internal data, I would do:
void fn(char *inf
So just base64 encode the signature, and that's all?
From what I could tell from some examples, it looked like they had
more than one "thing" encoded. There was one base64 blob, but then a
3-4 character base64 encoding right after.
Rough example...
--begin something--
Hash: Sha1
this is my t
Radix-64 - if you want the PGP/GPG stuff.
See: http://en.wikipedia.org/wiki/Binary_to_text_encoding
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:owner-openssl-
> [EMAIL PROTECTED] On Behalf Of Jeremiah Martell
> Sent: Thursday, July 05, 2007 12:02 PM
> To: openssl-users@openssl.
Hello,
I'm using openssl in some software I'm writing, and so far I've
extracted a private rsa key from a pem file, hashed some text using
sha1, and then called RSA_sign to sign the hash.
Now I have this binary blob for a signature. But what I'm after is
to put the text and the signature int
Hello Florian,
--On Donnerstag, Juli 05, 2007 17:59:01 +0200 Florian MANACH <[EMAIL PROTECTED]>
wrote:
No, I didn't even know that function.
What does it do ?
It loads all certificate files (and CRL files) in the directory
and generates a short 4 byte hash from the common name of the cert.
No, I didn't even know that function.
What does it do ?
--
Florian Manach
NUMLOG
[EMAIL PROTECTED]
(+33)0130791616
Goetz Babin-Ebell a écrit :
--On Donnerstag, Juli 05, 2007 14:55:59 +0200 Florian MANACH
<[EMAIL PROTECTED]> wrote:
I have a directory where I store CA root certificates. I w
--On Donnerstag, Juli 05, 2007 14:55:59 +0200 Florian MANACH <[EMAIL PROTECTED]>
wrote:
I have a directory where I store CA root certificates. I want my app to
check if a certificate is signed by the mentioned CA on the ISSUER field.
In order to do this, it might look on this directory and c
Hi
Thank for your help. I learn a new thing every day.
I really do not know there is a different between SERVER cert and
Client cert. If I am have a self sign CA certificate, what is the
different in option in openssl command which allow me to generate
Server cert signed by my CA and Client cer
Hi,
I'm trying to devellop an app which should be able to verify if a
certificate might be trusted.
I have a directory where I store CA root certificates. I want my app to
check if a certificate is signed by the mentioned CA on the ISSUER
field. In order to do this, it might look on this dir
20 matches
Mail list logo
