Btw let me know if I can ever be of help.
Ryan Hurst
Chief Technology Officer
GMO Globalsign
twitter: @rmhrisk
email: ryan.hu...@globalsign.com
phone: 206-650-7926
Sent from my phone, please forgive the brevity.
On Jun 14, 2013, at 3:09 PM, Jakob Bohm wrote:
> On 6/13/2013 1:50 AM, Ryan Hurst
I forgot to respond the the 1 minute reference, we revoke right away and most
CAs do that is just different than pre producing all revoked responses when one
cert is revoked.
Ryan Hurst
Chief Technology Officer
GMO Globalsign
twitter: @rmhrisk
Sent from my phone, please forgive the brevity.
O
I agree 2560's lack of algorithm agility is a problem and RFC6960's lack of
specifying an indicator of which algorithm to use is also a little
problematic; that said it is one that can be worked around in most cases.
One likely way is that responders will rely on the User Agent header to
determine
On 6/15/2013 1:15 AM, Ryan Hurst wrote:
Thanks for your reply, just one tidbit that surprised me:
CAs are required to produce responses every 7 days, we comply with that but
as part of our new infrastructure investment we will be bringing that time
down quite a bit; the largest issue here being
Jakob,
Online CA signing keys for something like OCSP signing is a bad idea and
don't worry we wont do that; we are looking at doing is using pre-produced
OCSP for issuing CAs issued certificates; in this model all cache-misses and
root responses would be VA delegated still.
This protects the CA
On 6/14/2013 11:12 PM, Matt Caswell wrote:
On 14 June 2013 01:55, Jakob Bohm wrote:
On 6/12/2013 11:35 PM, Matt Caswell wrote:
On 12 June 2013 21:15, Jakob Bohm wrote:
As for the DH_check_pub_key() function, checking if pubkey is in the
range "two to large prime minus 2, inclusive" is an
On Wed, Jun 12, 2013 at 12:02:52PM -0700, anu.engineer wrote:
> Just before signing the certificate the code executes this fragment
>
> pktmp=X509_get_pubkey(ret);
> if (EVP_PKEY_missing_parameters(pktmp) &&
> !EVP_PKEY_missing_parameters(pkey))
> EVP_PKEY_copy_parameters(pktmp,pkey);
> E
On 6/13/2013 1:50 AM, Ryan Hurst wrote:
They are doing a CA signed OCSP response, this is legitimate.
We will do this in the not so distant future as well for many of our
responses also.
Please don't!
As a knowledgeable GlobalSign customer I would prefer that you keep your
root private keys
Hi Dave,
This is a very detailed and excellent answer, Thank you very much
Anu
On Wed, Jun 12, 2013 at 6:59 PM, Dave Thompson wrote:
> >From: owner-openssl-us...@openssl.org On Behalf Of anu.engineer
> >Sent: Wednesday, 12 June, 2013 15:03
>
> > I am reading thru the ca.c in the apps director
On 14 June 2013 01:55, Jakob Bohm wrote:
> On 6/12/2013 11:35 PM, Matt Caswell wrote:
>>
>> On 12 June 2013 21:15, Jakob Bohm wrote:
>
>
>> As for the DH_check_pub_key() function, checking if pubkey is in the
>> range "two to large prime minus 2, inclusive" is an insufficient chec
On 6/14/13 2:47 PM, Matt Caswell wrote:
On 14 June 2013 20:12, Steve Tarzia wrote:
I am having some trouble finding documentation or examples showing how to
perform Elliptic Curve crypto operations using the openssl command line
tool. Is possible to perform EC encryption and decryption using t
On 14 June 2013 20:12, Steve Tarzia wrote:
> I am having some trouble finding documentation or examples showing how to
> perform Elliptic Curve crypto operations using the openssl command line
> tool. Is possible to perform EC encryption and decryption using the openssl
> command line tool?
>
> I
I am having some trouble finding documentation or examples showing how
to perform Elliptic Curve crypto operations using the openssl command
line tool. Is possible to perform EC encryption and decryption using
the openssl command line tool?
In "man pkeyutl" for version 1.0.1e I see the text "
Hi,
I am using openssl 1.0.1e to create a CA and generate certificates.
I am facing an issue while generating the device certificates.
After creating the ca certificate using below command
# openssl req -x509 -new -newkey rsa:1024 -keyout private/cakey.pem -days 3650
-out cacert.pem
when we
On Fri, Jun 14, 2013, Robert Inzinger - SKIDATA wrote:
> Hi
>
> I try to use RSA_private_encrypt and OAEP and always get the error at the
> call of RSA_private_encrypt :
>
RSA_private_encrypt() is used for signing data whereas OAEP is a padding mode
used for encryption. You'd need to use RSA_pu
On Fri, Jun 14, 2013, Rengith M. wrote:
>
> I could not find the p5_crpt2.c under \crypto\evp after I unzipped the
> openssl-fips-ecp-2.0.4.tar, could you please provide the correct
> installation script needed for WinXP.
>
>
It is not present in the FIPS module source.
Steve.
--
Dr Stephen
Hi Rengith,
Sorry but I was referring to 1.0.1e source distribution.
I am not able to answer about FIPS ones.
Le 14/06/2013 11:06, Rengith M. a écrit :
Hi Michel,
I could not find the p5_crpt2.c under \crypto\evp after I unzipped the
openssl-fips-ecp-2.0.4.tar, could you please provide the co
PKCS5_PBKDF2_HMAC implementation : [openssl-src-dir]\crypto\evp\p5_crpt2.c
in [openssl-src-dir]\crypto\evp\evp.h : PKCS5_SALT_LEN is defined as 8
Le 13/06/2013 08:39, Rengith M. a écrit :
Hi,
This is to know further about implementation of PBKDF2,
PKCS5_PBKDF2_HMAC.
1.Would like to know
Hi Michel,
I could not find the p5_crpt2.c under \crypto\evp after I unzipped the
openssl-fips-ecp-2.0.4.tar, could you please provide the correct installation
script needed for WinXP.
Thanks and Regards,
Rengith M.
From: Michel [mailto:msa...@paybox.com]
Sent: Friday, June 14, 2013
Hi
I try to use RSA_private_encrypt and OAEP and always get the error at the call
of RSA_private_encrypt :
Error code: 4066076 in .\crypto\rsa\rsa_eay.c line 6029358.
Samplecode:
void SimpleTest()
{
RSA * rsa;
RSA * rsapub;
RSA * rsapri;
unsigned char src[1000] = "
Hi,
Sorry, I forgot the "-cert" option during the query.
Nicolas.
Le 13/06/2013 11:34, Nicolas ROCHE a écrit :
Hello,
I'm beginning with TSA and I'm wondering if it is possible to validate
a timestamp request against a unique (self signed) certificate.
Now I can do :
$ openssl ts -verify -quer
21 matches
Mail list logo
