Hi,
Thanks for the reply Phillip. One quick question. Is the randomly-generated
key PUBLIC? I know the public RSA key to encrypt the key is public, but is
the randomly-generated key PUBLIC?
Thanks.
On Thu, Jul 8, 2010 at 8:43 PM, Phillip Hellewell wrote:
> The general approach is to encrypt data
The general approach is to encrypt data using a symmetric cipher (e.g.,
AES-256) with a randomly-generated key, and then encrypt that symmetric key
with the RSA (public) key.
And for the symmetric encryption you'll also have to make a decision about
what mode to use (ECB, CBC, CTR, etc). Whatever
Is there an algorithm that I can use, similar to RSA with public/private
key, that will allow me to encrypt really long strings (like an email/text
file)? Actually no limit on the size would be ideal.
My group is using RSA with a key thats 2048 in size. We want to encrypt
strings that are longer then this key size gives.
If we switch to a key that is 4096 what is the max string length we can
encrypt? is it double?
> From: owner-openssl-us...@openssl.org On Behalf Of Carlos Saldaña
> Sent: Thursday, 08 July, 2010 18:51
> I'm to openssl and PKI in general and got a problem whit decrypting
in my application.
> My partners provided me with two files: publickey.x509 and
publickey.pem
>
Hi,
I'm to openssl and PKI in general and got a problem whit decrypting in my
application.
My partners provided me with two files: publickey.x509 and publickey.pem to
find a wy to send messages between server and my client application.
So far I've dicovered that .pem files are just base64 encoded
OK. Thanks for replying.
On Thu, 2010-07-08 at 18:59 +0200, Dr. Stephen Henson wrote:
> The only current example of an external EVP_PKEY_METHOD (in the gost ENGINE)
> implements everything from scratch.
>
> It is perfectly reasonable for another implementation to copy existing methods
> or inter
First, let me say that this is my first attempt to install any version of
the OpenSSL other than what gets distributed w/ the Linux OS and any updates
that are provided via subscription thereafter. It is also my first attempt
at enabling the FIPS option.
On a SUSE 10 SP2 release, I have succes
I am having issues with a server, i'm getting many of these errors
especially while running a load (~80 users), up to a point that every
client i use gets this error
the decryption_failed_or_bad_record_mac flag is set in s3_pkt.c:466,
the mac does not match the 'md' variable
Here is the call stack:
On Thu, Jul 08, 2010, Jeff Saremi wrote:
> The structure itself is only forward-declared meaning that a programmer
> has no way of getting into the actual evp_pkey_method_st and its fields.
> Now that would be fine if there were a complete set of methods
> EVP_PKEY_meth_* to manipulate the pointer
On Thu, Jul 08, 2010, Brian Makin wrote:
>
> Ahh, got it.
> in crypto/evp/evp_pbe.c:EvP_PBE_alg_add
> pbe_tmp isn't initialized which means sometimes it has a bogus value.
>
> 119c119
> < EVP_PBE_CTL *pbe_tmp = NULL, pbelu;
> ---
> > EVP_PBE_CTL *pbe_tmp, pbelu;
>
> Is that all that is
On Thu July 8 2010, Dirk Menstermann wrote:
> Hi,
>
> on https://developer.mozilla.org/en/Security_in_Firefox_2 I found that FF 2
> does
> support only curves with 256, 384, and 521. Maybe this is the same for FF 3
> and
> your 160 bit curve is not supported.
>
Try: about:config in your browse
Hi,
on https://developer.mozilla.org/en/Security_in_Firefox_2 I found that FF 2 does
support only curves with 256, 384, and 521. Maybe this is the same for FF 3 and
your 160 bit curve is not supported.
Bye
Dirk
Alex Birkett wrote:
> Hi,
>
> Firefox 3.6.2 supports the TLS_ECDHE_ECDSA_WITH_AES_2
> On Wed, 2010-07-07 at 21:28 +0200, Dr. Stephen Henson wrote:
> > On Wed, Jul 07, 2010, Brian Makin wrote:
> >
> > >
> > > The snapshots all seem to be failing in make test...
> > > Is this a known issue or might it be a problem on my end?
> > >
> > > Testing key generation with NIST Binary-Cu
Hi Alex,
are you sure, ff ist talking to the same server on port 4433?
Do you get a successful handshake when using a different ciphersuite on the
server?
Patrick Eisenacher
-Original Message-
From: Alex Birkett
Hi Patrick,
openssl s_client -connect localhost:4433 -cipher ECDHE-ECDSA
The structure itself is only forward-declared meaning that a programmer
has no way of getting into the actual evp_pkey_method_st and its fields.
Now that would be fine if there were a complete set of methods
EVP_PKEY_meth_* to manipulate the pointers to EVP_PKEY_METHOD. But alas
there's only a few.
Hi Patrick,
openssl s_client -connect localhost:4433 -cipher ECDHE-ECDSA-AES256-SHA
works fine it sends the following cipher suite in the client hello message:
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Just double checked with wireshark and FF also sends
Cipher Suite: TLS_ECDHE_
Hi Alex,
if you configure s_client with the same list of ciphersuites that firefox
sends, then s_server will show the same reaction. That means your ff and your
s_client send different lists of ciphersuites.
You seem to invoke s_client with the standard list of ciphersuites...whatever
that is.
Hi Patrick,
Thanks for your response. FF 3.6.2 is
sending TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA in it's client hello message.
The command line OpenSSL client can be made to connect using this cipher
suite. Any ideas?
Thanks,
Alex
On 8 July 2010 13:41, Eisenacher, Patrick wrote:
> Hi Alex,
>
Hi Alex,
just check the list of ciphersuites that FF sends in its client hello message
and you'll see which ciphersuites FF supports.
HTH,
Patrick Eisenacher
-Original Message-
From: Alex Birkett
Hi,
Firefox 3.6.2 supports the TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA cipher suite.
I've co
Hi,
Firefox 3.6.2 supports the TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA cipher
suite. I've configured Open SSL (version 1.0.0.a) as a test server with
what I think is a suitable ECC key/certificate (attached) The keys were
created with the attached script.
The server was started like this:
openssl s
We could identify the issue. On the server we used an apache proxy to
tomcat using mod_ajp to speed up SSL downloads. Switching to mod_jk
solved the issue.
Sorry for posting to the wrong list.
Ludwig
> -Original Message-
> From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...
22 matches
Mail list logo
