Hello
I generated the certificate programmatically, but I shall look at the
ecparam.c file and see how the public key is generated there and do the
same. The jave keytool-generated certificate did not have any extensions
attached, so I am guessing those can be stripped.
The code I used for g
The API does not have any mechanism for enforcing a lack of concurrency.
Each system that the FIPS module goes into is supposed to be
custom-built, anyway, so that the entire thing adheres to FIPS 140-2
processing policies.
-Kyle H
On Wed, Aug 19, 2009 at 4:55 PM, Pandit Panburana wrote:
> I wou
I would like to get a clarification. The OpenSSL Security Policy version 1.2
states the followings.
"Only one role may be active at a time and the Module does not allow
concurrent operators."
Do you mean the Module does not have any prevention for conncurrent operators
and it depends on the
How did you make your EC certificates?
Here is the result (truncated as yours is) by using OpenSSL - I had to
use a Name Constraint and a prime curve @ 384 for a proof-of-concept:
...
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
EC Public Key:
pub:
Hello!
I'm trying to connect to a WPA2 EAP network via NetworkManager and get the
following error in the wpa_supplicant log. I searched for "Failed to parse
ca_cert_blob" on google but did not find anything useful.
I'm not familiar with openssl but to me it looks like there are issues with
cer
Hi Goetz, *,
> There is the man page x509v3_config.
> It should contain the info you need.
> A hint: x509v3_config describes data found in the openssl.cnf file.
> So this data is used on creating a certificate / CSR...
well I have created a certificate with all neccessary data. At least I think
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Kyle Hamilton
Sent: Wednesday, August 19, 2009 10:42 AM
To: openssl-users@openssl.org
Subject: Re: Prevent concurrent operator in FIPS mode
The API does not prevent concurrent
The API does not prevent concurrent operators. The guidance from the
CMVP is that an application (even if operated by a webserver on behalf
of someone else) is an operator for purposes of determining compliance
with that restriction.
Of course, the CMVP seems to want to reduce the functionality o
> Can someone please shed some light on this? This are the
> test-certificates I have been using.
I figured it out:
$ man 1 verify
[...]
-CAfile file: A file of trusted certificates. The file should contain
multiple certificates in PEM format concatenated together.
[...]
$ cat rootCA.crt subRo
Hello,
The security policy of states that the module does not allow concurrent
operators. How does API prevent concurrent operator?
Thank you,
-Pandit
10 matches
Mail list logo
