Hi,
On Thursday 03 November 2011 04:12 AM, Dave Thompson wrote:
[..]
For SSL/TLS protocol,
set by client as encryption key, set by server as decryption key
key_block[49..64] - server Write key
set by server as encryption key, set by client as decryption key
32..47 and 48..63 (off by 1) IF fo
Thanks Dave.
Probably i have not understood the things properly.
After surfing through Google i got confused.
Actually I am doing TLS Client Testing which authenticate the
Server(www.https.com in my example).
Steps I followed to achieve this:
1) Created a Self signed Certificate where Issuer &
> From: owner-openssl-us...@openssl.org On Behalf Of Michael S. Zick
> Sent: Tuesday, 01 November, 2011 09:15
> On Mon October 31 2011, Dave Thompson wrote:
> > compiled without error, and gave the symptom reported --
> > because CRYPTO_cfb128_1_encrypt treats the length as bits
> >
>
> My cop
> From: owner-openssl-us...@openssl.org On Behalf Of Mr.Rout
> Sent: Monday, 31 October, 2011 13:43
> I am newbie to Openssl. I am confused about Chained ROOT
> certificates?
> Could someone please guide me the step by step approach for generating
> Chained ROOT certificate?
>
> e.g. My Server
> From: owner-openssl-us...@openssl.org On Behalf Of re.est
> Sent: Tuesday, 01 November, 2011 10:22
> > I am a newbie in the cryptography area and learning by writing some
> > test code.
> > I have setup the apache server and capturing packets using
> wireshark.
> > I have a query specific to R
> From: owner-openssl-us...@openssl.org On Behalf Of evansda
> Sent: Tuesday, 01 November, 2011 11:43
> My customer(Government) wants to block use of SSLv2 with the
> INN server due
> to security vulnerabilities. I recompiled the INNews source
Good for them (and you), although several years la
On 11/2/2011 8:41 PM, SiSt wrote:
Where is the error message invalid slot number coming from? From the
carddriver? Anything to do with Multipart/Singlepart sign. It used to work
with previous driver.
openssl> req -config /etc/ssl/openssl.cnf -x509 -engine pkcs11 -new -key
id_1 -keyform engine -o
Where is the error message invalid slot number coming from? From the
carddriver? Anything to do with Multipart/Singlepart sign. It used to work
with previous driver.
openssl> req -config /etc/ssl/openssl.cnf -x509 -engine pkcs11 -new -key
id_1 -keyform engine -out req.pem -text -subj "/CN=Name Nam
Then is it correct to consider the code for FIPS 2.0 validation(in terms of the
cryptographic algorithms, not including the FIPS specific stuff, such as
CAVP/CMVP testing etc) is a subset of the FIPS capable OpenSSL?
The issue for us is that we need to use additional features in the FIPS capabl
Hi!
I searched a bit around and came up with this. I used v1.0.0.5 OpenSSL Dlls,
but if you compile 0.9 with engine enabled, it should work.
function UsePKeyFromCapi(const ASSLCtx: PSSL_CTX; const ACert: PCCERT_CONTEXT):
Boolean;
var
CapiEngine: PENGINE;
EngStatus: Integer;
ProvLen, ContN
Hi Jeff.DOH! I was staring right into the face of two bits on, and didn't
even see it. thanks.
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Jeffrey Walton
Sent: Tuesday, November 01, 2011 8:02 AM
To: openssl-users
On Mon, Oct 31, 2011 at 3:01 PM, Guilherme G. Rafare wrote:
> Hi, how can I unsubscribe to the list and stop receiving emails?
http://www.openssl.org/support/community.html
Check your SPAM folder for the confirmation emails. I recently noticed
Google swallowed nine separate unsubscribe conformati
> PGP?
Hi
I would look at the openPGP specs.
http://en.m.wikipedia.org/wiki/OpenPGP#OpenPGP
I think you can solve your projects requirements with GnuPG.
If you like to "weld" it better with you software project, you might look at
Gpgme (http://www.gnupg.org/related_software/gpgme/).
It's basi
Hi,
I am testing a dummy code for AES256_SHA decryption. Please see the
attached server private key and the C code.
The same code works for "OpenSSL 0.9.8r" and "OpenSSL 0.9.8k".
But it produces junk after decryption on machine with OpenSSL version
"OpenSSL 1.0.0b".
Could someone please comm
This is a classic FAQ (it is in the very old crypto FAQ), but I will give
a more detailed explanation of the standard answer.
This is impossible! Once you give any user a password to the file, then
he can secretly share it with other people with the same CD (because
nothing on the CD can be diff
Bill,
This may help - I just did the same using latest Ubuntu Release
Jack D. Pond
"It's not hard to meet expenses, they're everywhere."
--
sudo apt-get build-essential # if you haven't already
wget http://www.openssl.org/source/openssl-fips-1.2.3.tar.gz.sha1
wget http://www.openssl
On Wed November 2 2011, Joe Flowers wrote:
> PGP?
>
Password protected PDF?
Mike
>
>
> On Wed, Nov 2, 2011 at 8:27 AM, Joe Flowers wrote:
>
> > Hello Everyone,
> >
> > I would like recommendations and suggestions for encrypting a document on
> > a distributed CD. I would like someone to be ab
PGP?
On Wed, Nov 2, 2011 at 8:27 AM, Joe Flowers wrote:
> Hello Everyone,
>
> I would like recommendations and suggestions for encrypting a document on
> a distributed CD. I would like someone to be able to open and read the
> document only if they have a "password" or secret string or other(?)
Hello Everyone,
I would like recommendations and suggestions for encrypting a document on a
distributed CD. I would like someone to be able to open and read the
document only if they have a "password" or secret string or other(?).
I understand there is a limit to how secure this really is, but I w
On Tue, Nov 01, 2011, William A. Rowe Jr. wrote:
> On 11/1/2011 8:35 PM, Bin Lu wrote:
> >
> > Do you have an answer for my question below? Is the fips-2.0-test code
> > branched off from a
> > FIPS-capable version? Which version is it based on if yes?
>
> AIUI, fipscanister doesn't include TLS
Yep, that solved it! That makes sense.
Thankyou so much!
On Wed, Nov 2, 2011 at 12:08 AM, re.est wrote:
> Hello,
>
> I added *8 in length for both encrypt/decrypt call to make it bit length.
> AES_cfb1_encrypt(data, ciphertext, length*8, &key, iv, &num,
> AES_ENCRYPT);
>
> As you can see,
Hi there,
We just released an SSL scanner we've been working on for a while. It's
written in Python and based on OpenSSL.
Long story short, in order to scan for "newer" issues (like insecure
renegotiation), I needed access to OpenSSL APIs that aren't exposed by
M2Crypto or PyOpenSSL and direct ac
22 matches
Mail list logo
