Re: TLS key strength?

2007-12-04 Thread Marek Marcola
On Thu, 2007-11-29 at 11:36 -0500, Marty Lamb wrote: > Hello, > > I'm currently auditing an application (my own) and have come up with a > question I cannot answer: how secure is a TLS session? > > The app is the server side of a client-server communication protocol > using TLS. The socket is

Re: asymmetric file encryption

2007-12-04 Thread Marek Marcola
On Tue, 2007-12-04 at 15:50 +0200, Aleksander Kamenik wrote: > Hi, > > I want to use openssl to encrypt and decrypt files using asymmetric > encryption. > > I tried to do symmetric encryption with enc, works fine. Example: > > openssl enc -e -aes128 -pass file:/path/to/passkey > > What command

Re: CA certificate with only client or server signing rights?

2007-12-04 Thread Eljas Alakulppi
Well, you can do this via your Certificate Policy document, and assert a certain OID for each CA. This is rather unusual, as most of the time, a certificatePolicy OID is for an assurance level, but there's nothing to stop you from stating in your CP that a CA asserting a given OID is only able

Re: CA certificate with only client or server signing rights?

2007-12-04 Thread Dr. Stephen Henson
On Tue, Dec 04, 2007, Eljas Alakulppi wrote: > > I would like to seprate my client signing CA and server signing CA. I would > also like them to force their purpose, so if someone gets a hold of my > client signing CA, they can't use it to sign server certificates and thus > cannot claim they a

CA certificate with only client or server signing rights?

2007-12-04 Thread Eljas Alakulppi
Hello. I would like to seprate my client signing CA and server signing CA. I would also like them to force their purpose, so if someone gets a hold of my client signing CA, they can't use it to sign server certificates and thus cannot claim they are a server on which clients can trust. Is

Re: ssl version compatibility

2007-12-04 Thread Marek Marcola
On Tue, 2007-12-04 at 16:34 +0100, [EMAIL PROTECTED] wrote: > Hello, > > I developped a server that uses Openssl version 0.9.8.d > > I try to connect a client who uses Openssl version 0.9.6. > I uses SSLV3 mode with 4096 bit RSA length key. > > What I can see in stream traces is that the handsha

ssl version compatibility

2007-12-04 Thread jfhuynh
Hello, I developped a server that uses Openssl version 0.9.8.d I try to connect a client who uses Openssl version 0.9.6. I uses SSLV3 mode with 4096 bit RSA length key. What I can see in stream traces is that the handshake between the two achieves. But just after having received the last messag

asymmetric file encryption

2007-12-04 Thread Aleksander Kamenik
Hi, I want to use openssl to encrypt and decrypt files using asymmetric encryption. I tried to do symmetric encryption with enc, works fine. Example: openssl enc -e -aes128 -pass file:/path/to/passkey What command is used for asymmetric? What kind of keys do you recommend to generate for th