Never mind my question. Apparently the Base64 interpreter only accepts
data if it's newline-terminated. Sorry for the bother.
On 21-Jul-09, at 5:59 PM, Jeremy R. wrote:
Hello:
I'm trying to do something that should be fairly simple: read Base64-
encoded data in memory block A and write it i
Michael Kurecka wrote:
> Thank you David for your bluntness. Trust me, I'm aware of how
> significant making wpa_supplicant FIPSable is. I've been working
> on it for several months. Over the past few months I've been in
> the process of removing non-compliant code, updating MD5 to SHA-1,
> etc.
Darragh Bailey wrote:
> Since then we are occassionally seeing a problem where if a
> subprocess executed manages to hang, closing down the daemon
> and restarting it will run into a problem with binding to the port.
> My suspicion is that when we create the socket connections to
> listen on usi
Hello:
I'm trying to do something that should be fairly simple: read Base64-
encoded data in memory block A and write it in decoded form to memory
block B. I used the example here:
http://www.openssl.org/docs/crypto/BIO_f_base64.html
…as a starting point. When I try to read in-memory data,
On Tue, Jul 21, 2009 at 10:46, Dr. Stephen Henson wrote:
> On Tue, Jul 21, 2009, Fred Keet wrote:
>> At this point I've got code that generates the ec keys from the sect163k1
>> curve, and then signs a block of data. When I compare this with the ecsign
>> utility they provide (apparently built on M
Title: Fullnet Solutions Limited
Hi
Thank you for all the help. You have been most kind
Kobus
javierm wrote:
Very good.
In case you need a CA outside of your company saying "we know those guys"
(instead of "I know myself") you can count on our company (energiash.com) of
course without an
Very good.
In case you need a CA outside of your company saying "we know those guys"
(instead of "I know myself") you can count on our company (energiash.com) of
course without any cost involved, or buy your first CA with signing
attributes from a well known source that is already in the browsers
I thought I should be specific about cert creation because I've seen big
corporations issueing pure CA certs for all, and they actually never create
a client cert. And no matter how many approaches one take to explain that
such thing is not right, they keep issueing CA'sCerts for all purposes,
(i
Title: Fullnet Solutions Limited
No this is great thanks.
My ultimate aim is to create certs for a site. Then to distribute the
certs to only those I want to be able to access the site, any other
attempted access need to be denied and do this for each virt host.
Sounds like it is possible, bu
Hi Again:
Not exactly to associate one CA pero virtual host. This all can be done by
only one virtual host, even though you can have all the VH you need. Apache
allows you to do many things with just one virtual host.
For example, If you notice the directive SSL_Require, it is inside a
LOCATIO
Title: Fullnet Solutions Limited
Hi
Thank you for this, this is great. So to recap.
I have on CA
That one CA can generate multiple Certs that can then be used per
apache virtual host to allow only that one client to connect to that
virtual host with a specified port number?
End result = bet
Kobus Bensch - No Sig wrote:
>
> They want a unique ca per client to be able to sign certs for each client
> using their own CA.
>
Hi Kobus:
CA allow CA chains, this is, only one CA being a true root signing sub-CA
certs. Having many root CA's create the feeling of disorganization, though
Check the man pages (man req), the -x509 option is for a self signed cert
(root), while the -new option produces a new cert request (so you are asking
for conflicting tasks). In this case no request is needed because the it's
the root cert. Your config option is ok.
This way a root and its asoc
On Tue, Jul 21, 2009, Fred Keet wrote:
>
> At this point I've got code that generates the ec keys from the sect163k1
> curve, and then signs a block of data. When I compare this with the ecsign
> utility they provide (apparently built on Miracl) the two signatures do not
> match, so it seems th
Hello Everyone
I am currently looking at a SSL solution for a client and need to do the
following:
They want a unique ca per client to be able to sign certs for each client using
their own CA.
Can anybody point me in the direction of some docs that will help me to set
this up.
I have Googled
On Tue, Jul 21, 2009, carlyo...@keycomm.co.uk wrote:
>
> TLS 1.0 DOES use MD5 and SHA-1 in combination, and - despite MD5 not being
> allowed by the FIPS 140-2 standard - it is allowed in this case because the
> combined 'strength" of the two, when used in unison, is not less than SHA-1
> itself.
I'm not going to comment on David's assertion's or anything about
wpa_supplicants, but lets take a step back:
SSL is NOT allowed in FIPS 140-2 compliant modes; TLS 1.0 IS allowed in FIPS
140-2 when using FIPS-approved security functions (see the FIPS 140-2
implementation guide).
TLS 1.0 is som
Thank you David for your bluntness. Trust me, I'm aware of how significant
making wpa_supplicant FIPSable is. I've been working on it for several
months. Over the past few months I've been in the process of removing
non-compliant code, updating MD5 to SHA-1, etc. I'm close for the AP side
with host
Bailey, Darragh wrote:
Running into a problem at here at work where we have a daemon process that was
converted to use BIO's for SSL support. Since then we are occassionally seeing
a problem where if a subprocess executed manages to hang, closing down the
daemon and restarting it will run into
Andreas Wagner wrote:
Hi guys i want to sign a message (an array of char) out of my source
code. The problem is that i do not know exactly how to sign this message.
There are two possibilites (ECDSA_do_sign or the
EVP_DigestSignFinal(...) functions). which do i have to use? where is
the differn
Running into a problem at here at work where we have a daemon process that was
converted to use BIO's for SSL support. Since then we are occassionally seeing
a problem where if a subprocess executed manages to hang, closing down the
daemon and restarting it will run into a problem with binding
Is there any documentation on the conversion from a hex public key to
the EC_POINT struct? I assume I just need to split the key into the
three BIGNUM coordinates, but where do I split my key? I'm using a
664bit public key.
I can't find an implementation of an oct2point method (like the one
Mike Frysinger wrote:
On Mon, Jul 20, 2009 at 09:51, Fred Keet wrote:
I'm in the process of writing an application that signs binary data for
loading
onto a Analog Devices BlackFin microprocessor. These chips have "built in"
support for verification of code. The chip gets loaded with the EC p
Hi there,
I followed the instructions given in this HowTo:
http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html
and came smooth and with no probs to the point where I should create a
master certificate using this command:
openssl req -config openssl.conf -new -x509 -days 1001 -key keys/
Krzysztof Koston wrote:
Thank you for quick answer. We are actually planning to submit our
final product for validation so my understanding is that it needs to
be validated again with all the modifications we have made. Am I
correct?
Correct. The existing v1.2 and earlier validations don't
Does anyone know how to approach generating certificates to be used with
Elliptic Curve Cryptography (TLS) and OpenVPN? The normal generation process
for RSA certificates does not work, so it looks like there is a different
procedure (as with Apache and ECC certificates). I compiled openvpn us
26 matches
Mail list logo
