Convert pem key to ssh-rsa format

Hi I have a certificate in der format, from it with this command i generate a public key: openssl x509 -inform der -in ejbcacert.cer -noout -pubkey > pub1key.pub result is this: -BEGIN PUBLIC KEY- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7vbqajDw4o6gJy8UtmIbkcpnk O3Kwc4qsEnSZp/TR+fQi62F79

RE: A question about X509 certificates

> From: owner-openssl-us...@openssl.org On Behalf Of Satish Chandra Kilaru > Sent: Wednesday, 17 June, 2009 13:50 > In the following sample certificate, there is a tun of > information before --BEGIN CERTIFICATE--. > Who is this for? Is it for a human reader to make sense of > who/what this cert

RE: DH prime over 1024 bits capped by OpenSSL?

> From: owner-openssl-us...@openssl.org On Behalf Of Domingo Kiser > Sent: Tuesday, 16 June, 2009 13:18 > -- Forwarded message -- > From: Domingo Kiser > Date: Mon, 15 Jun 2009 16:00:20 -0700 > Does the "SSL_EXPORT_PKEYLENGTH" macro defined in > "ssl_locl.h" force non-export ciph

RE: Maximum size of a x509 certificate file

> From: owner-openssl-us...@openssl.org On Behalf Of Kyle Hamilton > Sent: Wednesday, 17 June, 2009 17:38 > There is no upper limit on the size of an x.509 certificate > file in DER. Right. Although the size of the basic elements can be estimated fairly well: the size of KeyInfo is determined

RE: Build problem: WinCE

> From: owner-openssl-us...@openssl.org On Behalf Of Mykhaylo Mastykash > Sent: Tuesday, 16 June, 2009 07:35 > C:\openssl-1.0.0-beta2>nmake -f ms\cedll.mak > clarm.exe /Fotmp32dll_ARMV4I\cryptlib.obj -Iinc32 -Itmp32dll_ARMV4I /MC >/O1i /W3 /WX /GF /Gy /nol

RE: openssl with DJGPP under XP

> From: owner-openssl-us...@openssl.org On Behalf Of Coleson, Greg > Sent: Tuesday, 16 June, 2009 16:42 > I am trying to build openssl under XP command prompt for > MS-DOS. I have Configure working with no errors: > > #!/dev/env/DJDIR/bin/bash > WATT_ROOT=/dev/env/DJDIR/watt32 && \ > perl ./C

Re: Newbie questions: generating RSA PGP private & Public key pair

Are you doing this for a certificate request? openssl genrsa -des3 2048 > mykey.key openssl req -new -key mykey.key -sha256 I do not believe that OpenSSL implements CAST. (the -des3 tells it to use triple-DES; you can instead use -aes256 to use AES at 256 bits.) -Kyle H On Thu, Jun 18, 2009 at

Newbie questions: generating RSA PGP private & Public key pair

HI I have never used openssl and need to get some info quickly. I greatly appreciate if you could help me out by providing me exact command syntax. I am suppose to create "2048-bit RSA PGP private & public key pair". With a preferred CAST cipher and SHA-2 256 hash. Could I use openssl to do this

Re: BIO_set_nbio_accept

I did a bit of reading and may have found the reason for the compiler error. I am using g++ 4.1.2. In c++ string literals are defined as const char* and c defines them as char *. The c++ standard allows implicit casts from const char* to char* for backward compatibility reasons with ANSI c. The

Re: test

test confirmed. On Thu, Jun 18, 2009 at 4:10 PM, Bizhan Gholikhamseh (bgholikh) < bghol...@cisco.com> wrote: > test > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List

Re: pkcs12 command does not work in FIPS mode

On Thu, Jun 18, 2009 at 11:28:48AM -0400, Jim Adams wrote: > The private key is probably encoded with a non-FIPS-compliant algorithm. > Try encoding the private key with PKCS8. No. See my previous post. In any case, the browser is generating the container. The container can be re-encoded, to use

test

test __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org

how can I sign a public key?

Hello, Apparently I can't find a way to create an X.509 Web Server certificate for a given public key with openssl. I have a CSR with bad data, but I don't have the private key it has been signed with. I need a certificate, signed by my own local CA key, containing corrected data. So - is there

RE: pkcs12 command does not work in FIPS mode

The private key is probably encoded with a non-FIPS-compliant algorithm. Try encoding the private key with PKCS8. Jim Adams Principal Software Developer Rocket Software Email: jad...@rs.com Web: bluezone.rocketsoftware.com

Re: pkcs12 command does not work in FIPS mode

On Thu, Jun 18, 2009 at 12:16:21PM -0700, Kyle Hamilton wrote: > Mozilla Firefox, when the Platform Security Module is in FIPS mode. > Just in case anyone is confused, the 40-bit RC2 encrypts the certificate, not the private key. From the pkcs12(1) manpage: -descert encrypt the certifi

Re: pkcs12 command does not work in FIPS mode

Mozilla Firefox, when the Platform Security Module is in FIPS mode. -Kyle H On Jun 18, 2009, at 11:39 AM, Randy Turner wrote: That would imply that, when operating in FIPS mode, FIPS sites in the US Govt. can't import or export certificates. In the comment below, the phrase "Most browser

Re: pkcs12 command does not work in FIPS mode

That would imply that, when operating in FIPS mode, FIPS sites in the US Govt. can't import or export certificates. In the comment below, the phrase "Most browser output...". Is there any browser that uses FIPS algorithms to import/export certs? Randy On Jun 18, 2009, at 9:55 AM, Dr. S

Re: pkcs12 command does not work in FIPS mode

- Original Message - From: "Dr. Stephen Henson" On Thu, Jun 18, 2009, Lior Aharoni wrote: I have encountered a problem when trying to use OpenSSL command to decode PKCS12 file, I am using OpenSSL 0.9.8j that was build with FIPS support enabled. snip * Can someone shed light on why

Re: pkcs12 command does not work in FIPS mode

On Thu, Jun 18, 2009, Lior Aharoni wrote: > Hello, > > I have encountered a problem when trying to use OpenSSL command to decode > PKCS12 file, I am using OpenSSL 0.9.8j that was build with FIPS support > enabled. > > When working in non FIPS mode I perform the following operation > successfully

RE: example code for OpenSSL

> From: patfla > Sent: Thursday, June 18, 2009 12:46 AM > > ... > > I'm on the latest build of Windows Server 2008 R2 from MSDN. > Build 7100. > > First built using > > ./config > > which more-or-less worked but didn't produce any DLLs which > was unsurprising > given that /.config is the u

RE: pkcs12 command does not work in FIPS mode

Lior Aharoni wrote: > I have encountered a problem when trying to use OpenSSL command to > decode PKCS12 file, I am using OpenSSL 0.9.8j that was build with FIPS > support enabled. > When working in non FIPS mode I perform the following operation successfully: > K:\>openssl > OpenSSL> pkcs12 -in

RE: why is my post'd data is being changed?

> This is an extract of the code I am using > > > === > CURLcode last_error = curl_global_init(needSSL ? CURL_GLOBAL_SSL : > CURL_GLOBAL_NOTHING); > curlHandle = curl_easy_init(); > > curl_easy_setopt(curlHandle, CURLOPT_URL,

pkcs12 command does not work in FIPS mode

Hello, I have encountered a problem when trying to use OpenSSL command to decode PKCS12 file, I am using OpenSSL 0.9.8j that was build with FIPS support enabled. When working in non FIPS mode I perform the following operation successfully: * K:\>openssl OpenSSL> pkcs12 -in k:\server.p12.pfx *

Re:why is my post'd data is being changed?

Hi Peter, > I have this really annoying problem, where the data I'm sending to a > webservice via libcurl is being changed :{ It's nothing to do with openssl, it's somewhere else in the chain (servlet framework?). > The data in question is something like "ad76/fg8+/rt+g35s" and is being > receiv

RE: why is my post'd data is being changed?

UPDATE: I have now used the exact same cgi that I use to post to the webservice, to post the exact same data to a perl script cgi on my server. The perl script simply dumps env, stdin and argv. It shows the data has been received unchanged, i.e. + characters are + characters. So is there something

why is my post'd data is being changed?

I have this really annoying problem, where the data I'm sending to a webservice via libcurl is being changed :{ The data in question is something like "ad76/fg8+/rt+g35s" and is being received by the webservice as "ad76/fg8 /rt g35s" notice the + characters are being converted to a space character

Re: Creating certificate from meta data

* Mirko Velic wrote on Wed, Jun 17, 2009 at 20:21 +1000: > I was wondering if i could convert the data outputted by this command: > openssl x509 -noout -fingerprint -text < test.cert > info.txt > > Back into a certificate after I modify it, as it would make it easier to > generate certificates.

Re: SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

Yes client is not able to connect and ssl23_get_client_hello is returning -1 and so its going in in s23_srvr.c . 568 if ((type < 1) || (type > 3)) (gdb) n 571 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL); (gdb) n 572 goto err; The value of type is 0

about the ec_group_st struct

hello, I find the structure of EC_GROUP, and there is a variable i don't understand. it is the variable order, what 's the role of the order . who knows ? Thank u. struct ec_group_st { 36 const EC_METHOD *meth; 37 EC_POINT *generator

Re: SSL_accept error, but I don't know is wrong exactly

Victor Duchovni wrote: > On Wed, Jun 17, 2009 at 02:51:10PM -0700, Kyle Hamilton wrote: > >> This isn't really an OpenSSL issue, and I'd suggest asking for help >> from people who are more familiar with postfix. However... > > That's what I told him on the Postfix-users list, but he chose > to c

BIO_set_nbio_accept

Does anyone have an answer to the following post from 2003? http://marc.info/?l=openssl-dev&m=104635293932621&w=2 List: openssl-dev Subject:BIO_set_nbio_accept From: "p b" Date: 2003-02-27 13:34:53 [Download message RAW] I use openssl openssl-0.9.7-stable-SNAP-20030226.t