Thanks Dr. Stephen and Victor for explanation
Some questions further in this :
Is there an API to configure programmatically , what hash algorithm it
can use. My understanding is that final ciphers which are selected are
for encryption and HMAC generation of application data packets. Th
Hi All
I need some help with this one please...
What is segment aliasing and how can I fix this error?
In my makefile, I essentially have:
export CROSS_COMPILE=$(CROSS_COMPILE) && \
export SYSTEM=Linux && \
export MACHINE=ppc && \
export RELEASE=2.4 && \
export FIPS_SIG=$(F
On Tue, Feb 26, 2013, Glenn Smith wrote:
> I'm trying to validate my build of the OpenSSL + Fips static libraries. I
> did verify that the OpenSSL.exe is fips enabled per some of the
> documentation I've seen.
>
> When I try to enable FIPs mode in my app, I get a failure in
> FIPS_check_incore_f
On Tue, Feb 26, 2013, Viktor Dukhovni wrote:
> On Wed, Feb 27, 2013 at 12:49:55AM +0530, Thulasi Goriparthi wrote:
>
> > Or use another hash type for signature which can produce not more than 53
> > bytes of hashed data. (i.e MD5, SHA1, SHA256, SHA384) while using 512-bit
> > keys. OpenSSL by def
On Wed, Feb 27, 2013 at 01:55:24AM +0530, Thulasi Goriparthi wrote:
> > Interestingly enough, it is in fact SHA384 that fails with RSA-512. The
> > client and server agree on:
> >
> > ECDHE-RSA-AES256-GCM-SHA384
> >
>
> Signature Hash type is not controlled by the CipherSuite and can be
>
> Will keep an eye on it,
> as this functionality would long term be useful to put into the 'openssl
> smime'
> apps command.
For the time being - put a version at
https://github.com/dirkx/smime-add-encryption-for-recipient
along with a small test.sh file
https://github.com
On Wed, Feb 27, 2013 at 1:39 AM, Viktor Dukhovni wrote:
> On Wed, Feb 27, 2013 at 12:49:55AM +0530, Thulasi Goriparthi wrote:
>
> > Or use another hash type for signature which can produce not more than 53
> > bytes of hashed data. (i.e MD5, SHA1, SHA256, SHA384) while using 512-bit
> > keys. Ope
On Wed, Feb 27, 2013 at 12:49:55AM +0530, Thulasi Goriparthi wrote:
> Or use another hash type for signature which can produce not more than 53
> bytes of hashed data. (i.e MD5, SHA1, SHA256, SHA384) while using 512-bit
> keys. OpenSSL by default uses SHA512 hash for signature. Change the code to
I'm trying to validate my build of the OpenSSL + Fips static libraries. I
did verify that the OpenSSL.exe is fips enabled per some of the
documentation I've seen.
When I try to enable FIPs mode in my app, I get a failure in
FIPS_check_incore_fingerprint. From what I can determine, sig has some s
I gave up on WinCrypt. I never could get a IV or KEY that was usuable by the
OpenSSL tool.
--
View this message in context:
http://openssl.6102.n7.nabble.com/Windows-WinCrypt-to-OpenSSL-help-tp43840p43955.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
___
Or use another hash type for signature which can produce not more than 53
bytes of hashed data. (i.e MD5, SHA1, SHA256, SHA384) while using 512-bit
keys. OpenSSL by default uses SHA512 hash for signature. Change the code to
use any other hash.
512 bit(64 byte) RSA key can only encrypt 53 bytes at
On Tue, Feb 26, 2013 at 11:30:18PM +0530, Nayna Jain wrote:
> Both server and client authenticate each other. And so client also sends
> the certificate.
>
> Here client certificate has RSA 512 bits and md5. Server certificates has
> RSA 1024 bits and md5.
Bottom-line: DO NOT use 512-bit RSA mod
Hi all,
I have a server and client.
Both server and client authenticate each other. And so client also sends
the certificate.
Here client certificate has RSA 512 bits and md5. Server certificates has
RSA 1024 bits and md5.
Both server and client are using the API SSLv23_server_method() and
SSL
On 26 Feb 2013, at 15:26, Dr. Stephen Henson wrote:
..
>> Note that we had to pull in some non-exposed functions from pk7_lib/doit.c -
>> so perhaps longer term it would be nice to see such as part of the API.
>>
>
> When I first looked at this I'd hoped that you could do it cleanly using the
On Tue, Feb 26, 2013, Dirk-Willem van Gulik wrote:
>
> On 23 Feb 2013, at 14:47, Dirk-Willem van Gulik wrote:
>
> > I am struggling to find a clean way to add a pub-key to encrypt against to
> > an existing pkcs7/smime file. Without having to change the existing entries.
> >
> > The use case i
15 matches
Mail list logo
