Thanks all guys for your opinion.
There is a HSM used which vendor provides hardware RSA encryption and
decryption. However, the key of to the hardware is one way-- I can only pass
in the key to the hardware, but cant pass out. Due to the low performance of
the hardware decryption, I decide to use
You need to add/change the "default_md" for the "req" section. You are
probably changing the value in "CA_default" section and thats why its not
reflecting in your certificate. Heres what needs to be done in openssl.cnf
file.
[ req ]
default_md = sha1
-Sandeep
On Mon, Oct 26, 2009 at 2:12 AM,
Peter Lin wrote:
> Hi folks,
>
> I have a problem about key security.
>
> If a RSA private key is encrypted by an AES key, which is again encrypted by
> the same RSA private key itself, is this considered as a secure procedure?
> Obtaining the encrypted RSA private key and the AES key, is there a
Peter Lin wrote:
> The reason for this strange design is that, the plain text RSA
> private key is stored in some hardware chip which can only do
> en/decryption but cannot pass the key out. However, I need to
> save a copy of the private key in a unsafe place for other
> purpose, but need to mak
Konstantin Ivanov wrote:
> I am developing a server application which is based on Windows IO
> Completion ports which basically means that the reads and write to
> the socket are asynchronous. This also means that I cannot use the
> SSL_read and SSL_write functions which are tied to the socket fd
Konstantin Ivanov wrote:
I am developing a server application which is based on Windows IO
Completion ports which basically means that the reads and write to the
socket are asynchronous. This also means that I cannot use the SSL_read
and SSL_write functions which are tied to the socket fd if I
Kyle Hamilton wrote:
My understanding is that if SSL_ERROR_WANT_WRITE happened with
SSL_read(), the next SSL_read() would actually call write() to make
the forward progress.
Yes that is possible, as the data for the write is already inside
OpenSSL library. Infact all the write to BIO/kernel d
By encrypting using RSA private key, you have gained nothing - because
anyone can decrypt using the corresponding Public Key. If you encrypt using
the Public Key, how would you decrypt? You have a chicken-egg problem.
Not sure if encrypting using AES key (only) is considered secure enough but
You are correct, I made a paste error in the mail. The certs were correct at
the time I tested however (my test script just regenerates things each time and
I pasted an old ee with a new root ca).
I just tried openssl-SNAP-20091026.tar.gz and still get Different CRL Scope.
Here is the EE
Hi folks,
I have a problem about key security.
If a RSA private key is encrypted by an AES key, which is again encrypted by
the same RSA private key itself, is this considered as a secure procedure?
Obtaining the encrypted RSA private key and the AES key, is there any way to
"calculate" or "recov
My understanding is that if SSL_ERROR_WANT_WRITE happened with
SSL_read(), the next SSL_read() would actually call write() to make
the forward progress.
-Kyle H
On Sun, Oct 25, 2009 at 11:03 PM, Darryl Miles
wrote:
> David Schwartz wrote:
>>
>> Darryl Miles wrote:
>>
>>> I do not believe the SSL
Hi all,
I am developing a server application which is based on Windows IO Completion
ports which basically means that the reads and write to the socket are
asynchronous. This also means that I cannot use the SSL_read and SSL_write
functions which are tied to the socket fd if I am correct. So I
Hello,
I want to generate a self signed certificate that uses 'sha1RSA' as signature
algorithm.
I tried changing the default signature algorithm in OpenSSL config file
(default_md), but there is no effect of the change on the certificate. The
certificate shows 'md5RSA' as the signature algorit
Hi,
I am facing some problem( segmentation fault) with the function call
X509_LOOKUP_add_dir.
I could not post the total code here but from the backtrace ( GDB) file I
could see it crashed with X509_LOOKUP_add_dir.
Can any one tell the possible cause of crash with the function call
X509_LOOKUP_
Nevermind. I have found the error #1. By appending the CRLs to the
CA-chain, the CRL-error 3 disappears now. (The appending of CRLs to
the chain were not descriped in the manual!)
But the second issuer subject error makes me crazy.
I noticed that I have the same problems as descripted here:
http:
Hello.
I have a problem with verification of certificates.
I have a root, a intermediate and a client certificate. Every
certificate has CRL information (client shows the intermediate CRL).
The chain is:
ViaThinkSoft Root Certificate Signing Authority (CRL: Root)
- ViaThinkSoft Intermediate Cli
16 matches
Mail list logo
