RE: How to use PKCS5_PBKDF2_HMAC_SHA1()

Firstly i am really thankful for you to being patient and throwing some light on basic... even thought i was aware of few things, it was like a refresh course :) ... thanks for that... Coming to the usage, i really don't want to use HEX for the PKCS5_PBKDF2_HMAC_SHA1(). I just want to input the v

RE: How to use AES_wrap_key() in openssl

> From: owner-openssl-us...@openssl.org On Behalf Of pkumarn > Sent: Monday, 19 March, 2012 09:17 > I have a requirement of wrapping a 512-bit DEK witk 256 bit > KEK. I picked up > openssl API and figured out that it provides AES_wrap_key() > to do the job. I OpenSSL's AES_{wrap,unwrap}_key doe

RE: How to use PKCS5_PBKDF2_HMAC_SHA1()

> From: owner-openssl-us...@openssl.org On Behalf Of pkumarn > Sent: Tuesday, 20 March, 2012 00:36 > Thanks a lot Dave for pointing out few things which i need to > take care. By > the way as this is not complete code, original code already > has taken care > of few things. > > Now coming to th

Adding new cipher suites to Openssl

I would like to experiment with the PSK cipher suites defined in RFC 5487  (http://tools.ietf.org/html/rfc5487) and I am struggling to add support for these in Openssl. I am only interested in the variants compatible with TLS 1.1 : CipherSuite TLS_PSK_WITH_AES_128_CBC_SHA256    = {0x00,0xA

Re: Why does openssl still pad data for aes-128-cbc encrypting when the file-size%16==0?

It depends on the padding scheme. E.g., PKCS#7 / RFC2630 pads with k bytes, all with value k. So you decrypt the 32 bytes and look at the pad bytes. If the pad values are 16, the actual size is 16. If they're 15, the actual size is 17. On 3/20/2012 12:04 AM, Nicle wrote: And I have more

stunnel 4.53 released

Dear Users, I have released version 4.53 of stunnel. This is major a bugfix release. Upgrade is highly recommended. The ChangeLog entry: Version 4.53, 2012.03.19, urgency: MEDIUM: * New features - Added client-mode "sni" option to directly control the value of TLS Server Name Indicat

needs some ideas on listening to stunnel

Hi, I am working on a project which needs to do the encryption and decryption between server and terminals. Both the server and the terminals have OpenSSL. Our plan is to use stunnel. But Implement stunnel in every terminal will bring complexity. So I am thinking just using stunnel on the ser

Re: Why does openssl still pad data for aes-128-cbc encrypting when the file-size%16==0?

It makes the response unambiguous. If a 16 byte file was not padded, how does the receiver know whether the file was 16 bytes or 1-15 bytes plus padding. By having at least one byte of padding, and (in some padding schemes) having the padding itself define the number of padding bits, one can