Creating a PKCS7 signed data container with no data

2011-07-06 Thread Federico Delgado
Hi, I am trying to create a pkcs7 file containing - public key. - signer info (this signer info contains a signature from another piece of data calculated previously). This pkcs7 is of type pkcs7-signedData and the (non existent) data is of type pkcs7-data. In (the simplest broken code): evp_ke

Re: signer certificate not found

2011-07-06 Thread Dr. Stephen Henson
On Wed, Jul 06, 2011, ammonite99 wrote: > > HI together, > I get an error during processing a signed CMS message. > > Verification failure > 2784:error:2E09D08A:CMS routines:CMS_verify:signer certificate not > found:.\crypt > o\cms\cms_smime.c:353: > > the command i used: > openssl cms -verify

Re: How to create PKCS10 request to get web certificate

2011-07-06 Thread Dr. Stephen Henson
On Wed, Jul 06, 2011, BHATT Mayank wrote: > How to create PKCS10 request to get web certificate ? > > I need to do following > > 1) Generate the key pair (private + public) > 2) Generate the PKCS10 request using public key > 3) Connect to Enrolment server and submit the PKCS10

Re: CMS signing with engine

2011-07-06 Thread Dr. Stephen Henson
On Wed, Jul 06, 2011, James Berry wrote: > I am trying to sign a file using the opensc pkcs11 engine. I will be doing > this in code ultimately, but I thought I would make it work from the command > line first. > > I have the pkcs11 engine working ok and can make a certificate request, for >

Re: Some Problem wiht TLS connection using OPENSLL....PLS This is urgent..

2011-07-06 Thread Victor Duchovni
On Wed, Jul 06, 2011 at 04:26:18PM +0300, islam wrote: > Hi i have some problems using openssl library. I got this error : > > 14742:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version > number:s3_pkt.c:293: You should give up and ask someone on your team who is more experienced to impleme

Some Problem wiht TLS connection using OPENSLL....PLS This is urgent..

2011-07-06 Thread islam
Hi i have some problems using openssl library. I got this error : 14742:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:293: and my code is below : #include #include #include #include #include #include #include #include #include #include #include #include

How to create PKCS10 request to get web certificate

2011-07-06 Thread BHATT Mayank
How to create PKCS10 request to get web certificate ? I need to do following 1) Generate the key pair (private + public) 2) Generate the PKCS10 request using public key 3) Connect to Enrolment server and submit the PKCS10 request to get the certificate. 4) Put all Private

CMS signing with engine

2011-07-06 Thread James Berry
I am trying to sign a file using the opensc pkcs11 engine. I will be doing this in code ultimately, but I thought I would make it work from the command line first. I have the pkcs11 engine working ok and can make a certificate request, for example, using the key on the smartcard. This works f

signer certificate not found

2011-07-06 Thread ammonite99
HI together, I get an error during processing a signed CMS message. Verification failure 2784:error:2E09D08A:CMS routines:CMS_verify:signer certificate not found:.\crypt o\cms\cms_smime.c:353: the command i used: openssl cms -verify -in c:/signed.file -inform der -signer certs/cert.cer -CAfile c

Re: Segmentation Fault when restarting apache with ssl

2011-07-06 Thread m...@smtp.fakessh.eu
hi When I started to Linux in 2001 I found the event I could not recompile perl error and corruption Le mercredi 6 juillet 2011 14:11, monloi perez a écrit : > Hi, > > > I'm new to the list and having this issue. > > I installed apache + openssl. When i started apache I get an error > "Segment

Segmentation Fault when restarting apache with ssl

2011-07-06 Thread monloi perez
Hi, I'm new to the list and having this issue. I installed apache + openssl. When i started apache I get an error "Segmentation Fault" below are the technical details. Server version: Apache/2.2.19 (Unix) Architecture: 64-bit OpenSSL 1.0.0d Loaded Modules: core_module (static) mpm_prefo

Re: Please help RFC 5746

2011-07-06 Thread Dr. Stephen Henson
On Sun, Jul 03, 2011, Ritesh Rekhi wrote: > Hi , > > I need little help in implementing RFC 5746 on server, as per RFC it is not > very clear on how to tell clients that Server doesn't support renegotiation. > > If anybody knows a way to tell clients that server doesn't support > renegotiation

Re: How is key calculated from passphrase

2011-07-06 Thread Michel
Hi Dan, You should look at : http://www.rsa.com/rsalabs/node.asp?id=2127 http://www.openssl.org/docs/crypto/EVP_BytesToKey.html and a better OpenSSL implementation using PKCS5_PBKDF2_HMAC() in crypto\evp\p5_crpt2.c Le 01/07/2011 14:58, Daniel Wambold a écrit : Hello list. I started poring ove

RE: Extracting and verifying encrypted certificate digest

2011-07-06 Thread DarkMike
Hi Dave, thanks, it works! that is exactly what I was looking for, the steps as you described: original certificate as it was created by CA.sh -sign: client_cert.pem 1. removed all comments by: openssl x509 -inform pem -in ./client_cert.pem >client_cert_clean.pem (left only the end starting w

3des-cbc

2011-07-06 Thread Prashant Batra
Hello, I am facing a problem with 3des algorithm, I am trying to encrypt 256 bytes of data, 8 bytes IV and 24 bytes of key. When I try to decrypt the encrypted result, the 1st 8 bytes are not properly decrypted. Please guide, if I am doing something wrong. Here are the details : Plain data - 2

Re: RFC 5746

2011-07-06 Thread Andrey Kulikov
It is very simple for server to tell client it not support secure renegotiation: server just should not send renegotiation_info TLS extension in ServerHello. Then client will know that server do not support (or do not wish to support) secure renegotiation. The hard part is to make it by using Ope