Hi Shaheed,
The OpenSSL error you are getting means that OpenSSL decrypted the
ciphered text but couldn't find the PKCS1 padding byte. This means that
the wrong CRT parameters were supplied. Usually this comes from the fact
that the parameters p and q (and the corresponding dmp1, dmq1) must be
Hi Victor,
Your analysis is not true because the original poster says he has dmp1,
dmq1 and iqmp, not only p and q. With these 5 parameters, it is possible
to recover the plain text from the ciphered text thanks to the Chinese
Reminder Transformation (CRT). Moreover, it is possible to recover
Hello,
Try to disable RSA blinding with:
RSA_blinding_off(new_key);
before RSA_private_decrypt().
Best regards,
--
Marek Marcola
owner-openssl-us...@openssl.org wrote on 02/24/2011 03:46:53 AM:
> "Shaheed Bacchus (sbacchus)"
> Sent by: owner-openssl-us...@openssl.org
>
> 02/24/2011 03
Hello,
If you have on the receiving site n, p, q, dmp1, dmq1, and iqmp components
then you may
decrypt message M from ciphertext C with CRT:
Cp = C mod p
Cq = C mod q
Mp = Cp^dmp1 mod p
Mq = Cq^dmq1 mod q
h = (Mp?Mq) * iqmp mod p
M = Mq + qh
where:
dmp1= d mod (p?1)
dmq
On Wed, Feb 23, 2011 at 09:03:13PM -0600, Shaheed Bacchus (sbacchus) wrote:
> Just to be clear, below is not the actual code, but what I would *like*
> to be able to do (or something close).
What you are asking to do is not possible, not because of API limitations,
but as a matter of principle (m
Just to be clear, below is not the actual code, but what I would *like*
to be able to do (or something close).
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Shaheed Bacchus
(sbacchus)
Sent: Wednesday, February 23, 2011 9:47 PM
To: openssl-users@open
Hi,
I have a situation where I have a message that has been encrypted via
RSA_public_encrypt. On the receiving end I have the n, p, q, dmp1,
dmq1, and iqmp components (I know it might sound odd that I don't have
the e and d components but that is the case). I'm trying to do
something like:
Thanks for your prompt response . Do you have the name of the patch to share
with us?
Thanks
Anamitra
On 2/23/11 1:42 PM, "Dr. Stephen Henson" wrote:
> On Wed, Feb 23, 2011, anmajumd wrote:
>
>>
>> We recently built FIPS compliant openssl 0.9.8q. Earlier we were using
>> 0.9.8l . With ssh b
On Wed, Feb 23, 2011, anmajumd wrote:
>
> We recently built FIPS compliant openssl 0.9.8q. Earlier we were using
> 0.9.8l . With ssh binaries linked to FIPS compliant OpenSSL 0.9.8q, when
> running the OpenSSH client, connection setup fails during verification of
> the server key.
> We did not
We recently built FIPS compliant openssl 0.9.8q. Earlier we were using
0.9.8l . With ssh binaries linked to FIPS compliant OpenSSL 0.9.8q, when
running the OpenSSH client, connection setup fails during verification of
the server key.
We did not not run into this SSH issue with 0.9.8l. Has anythi
Thanks alot Mike it turns out all that googling is not gold after all...!
On Wed, Feb 23, 2011 at 7:33 PM, Michael S. Zick wrote:
> On Wed February 23 2011, Hammad Bhutta wrote:
> > thanks for your reply but can you direct me with the link. Plus how can i
> > make the appache listne to port 443
>
On Wed February 23 2011, Hammad Bhutta wrote:
> thanks for your reply but can you direct me with the link. Plus how can i
> make the appache listne to port 443
>
Here is a good starting point:
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html
Google can probably answer anything you don't find a
Yes, you should open a ticket on the issue tracker. However, I'm not
sure if Dr. Stephen Henson will agree to add this change to the current
stable versions (0.9.8x and 1.0.0x) as he usually delays header changes
till the 1.1.0 release.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/23/20
Thanks Mounir,
I'd like to use ECDSA_METHOD to implement a dynamic engine for
ecdsa. I want to avoid copying the header files from the upstream
source so that my engine package can compile stand-alone. This should
be in line with the way dynamic engines have worked for other
algorithms since 0
wao .. thanks :D
On Wed, Feb 23, 2011 at 7:44 PM, John Doe wrote:
> From: Hammad Bhutta
> > On Wed, Feb 23, 2011 at 4:40 PM, John Doe wrote:
> >> It seems apache is listening on 80 and not 443...
> >> Maybe ask on the apache mailing list.
> > thanks for your reply but can you direct me with th
From: Hammad Bhutta
> On Wed, Feb 23, 2011 at 4:40 PM, John Doe wrote:
>> It seems apache is listening on 80 and not 443...
>> Maybe ask on the apache mailing list.
> thanks for your reply but can you direct me with the link. Plus how can i
> make
> the appache listne to port 443
http://tinyu
Hello!
Thanks for your help and monitoring.
Yes, I get the same error, I also throws the same when tested with the
files you
sent me.
I think there must be something I missed or did wrong in the installation.
Which version did you use for this package:
openssl
mod_tsa
Apache
mod_ssl
mysql
ts-patch_
thanks for your reply but can you direct me with the link. Plus how can i
make the appache listne to port 443
On Wed, Feb 23, 2011 at 4:40 PM, John Doe wrote:
> From: Hammad Bhutta
> > Whenever i type https://bhutta.com my browser pops up eror.
> > when i type http://bhutta.com/file.php everyt
From: Hammad Bhutta
> Whenever i type https://bhutta.com my browser pops up eror.
> when i type http://bhutta.com/file.php everything works
It seems apache is listening on 80 and not 443...
Maybe ask on the apache mailing list.
JD
19 matches
Mail list logo
