I wrote Tuesday, 18 June, 2013 22:29:
> if [DH peer] is using the
> other cert fields for anything, or relying on CA issuance of
> the cert as a trust check, then you need the cert.
>
> If you do need to create a cert yourself,
> Alternatively if the Java example is
> getting the cert from a
> From: owner-openssl-us...@openssl.org On Behalf Of Dr. Stephen Henson
> Sent: Tuesday, 18 June, 2013 13:40
To add some more:
> On Tue, Jun 18, 2013, Aleix Ventayol wrote:
>
> > Hi everyone,
> >
> > I'm using a Diffie Hellman Agreemant on one app. I've been able to
generate
> > the DH without
>From: owner-openssl-us...@openssl.org On Behalf Of Rodney Simioni
>Sent: Tuesday, 18 June, 2013 15:52
>I'm trying to get LDAP to work with TLS but when I used the
>ldapsearch command to verify TLS is working, this error is showstopping me.
>TLS: cannot open certdb '/etc/openldap/cacerts', error
>From: owner-openssl-us...@openssl.org On Behalf Of Aleix Ventayol
>Sent: Tuesday, 18 June, 2013 17:33
>I've tried it using the following code:
>EVP_PKEY * pp = EVP_PKEY_new();
>EVP_PKEY_set1_DH(pp, dh);
>char *buff;
>BUF_MEM *bptr;
>int write_rc = 0;
>BIO *bme
Hi,
I am wondering if it is possible to do TLS only through memory buffers. I
have an application where I'd like to add encryption and authentication to
the communication layer. During a TLS handshake the application could send
and receive memory buffers. But I do not have access to the socket. (S
On 18 June 2013 19:22, Jakob Bohm wrote:
> Fundamentally, every CBC block except the first will use what you call a
> "predictable" IV, namely the previous ciphertext block. To make any sense
> security arguments about this need to be very clear about what is
> and is not vulnerable.
Your clarif
I've tried it using the following code:
EVP_PKEY * pp = EVP_PKEY_new();
EVP_PKEY_set1_DH(pp, dh);
char *buff;
BUF_MEM *bptr;
int write_rc = 0;
BIO *bmem = BIO_new(BIO_s_mem());
write_rc = PEM_write_bio_PUBKEY(bmem, pp);
But I'm not getting anything in pp and write_rc
On Tue, Jun 18, 2013 at 04:50:06PM -0400, Dave Thompson wrote:
> > From: owner-openssl-us...@openssl.org On Behalf Of Carl Young
> > Sent: Tuesday, 18 June, 2013 07:10
>
> > Sorry for top-post - webmail :(
> >
> > In TLS, the server should not send the root certificate - it
> > sends the chain
> From: owner-openssl-us...@openssl.org On Behalf Of Carl Young
> Sent: Tuesday, 18 June, 2013 07:10
> Sorry for top-post - webmail :(
>
> In TLS, the server should not send the root certificate - it
> sends the chain up to, but not including, the root certificate.
>
> From (sorry)
> http://te
Greetings,
I'm trying to get LDAP to work with TLS but when I used the ldapsearch
command to verify TLS is working, this error is showstopping me.
The error is:
TLS: cannot open certdb '/etc/openldap/cacerts', error -8018:Unknown
PKCS #11 error.
!!Here's how this surfaced!!
I
test
This email message is intended for the use of the person to whom it has been
sent, and may contain information that is confidential or legally protected. If
you are not the intended recipient or have received this message in error, you
are not authorized to copy, distribute, or otherwise
You cannot generate a private key from a public key.
Typically, the receiver generates the key pair and sends the public key
to the sender. The sender encrypts with the public key. The receiver
decrypts with the private key.
A typical format for sending a public key across a channel is an X
Hello Michel,
Thanks for the link.
I have the following code.
int main()
{
RSA *key;
unsigned char input_ptext[] =
"58FD6F1C310FC9D0194FB8B0E99070A6CBA3473BFE69F953E60E99070A6CBA3473BFE69F953E0E99070A6CBA3473BFE69F953E0E99070A6CBAE";
unsigned char ctext[256];
unsigned char ptext[256];
On 6/17/2013 5:11 PM, Matt Caswell wrote:
On 17 June 2013 15:17, Jakob Bohm wrote:
IV's should always be random - you should not reuse an IV.
Using the the last block of cipher-text from a previous message as the
IV gives a predictable IV which is insecure in CBC mode for certain
classes of at
On 14 Jun 2013, at 6:09 AM, anand rao wrote:
> I am using openssl 1.0.1e to create a CA and generate certificates.
>
> I am facing an issue while generating the device certificates.
> After creating the ca certificate using below command
>
> # openssl req -x509 -new -newkey rsa:1024 -keyout priv
On Tue, Jun 18, 2013, Aleix Ventayol wrote:
> Hi everyone,
>
> I'm using a Diffie Hellman Agreemant on one app. I've been able to generate
> the DH without any problems, but now I should send the DH information to
> the server.
>
> We've an example of the same process written in Java, what this
Hi everyone,
I'm using a Diffie Hellman Agreemant on one app. I've been able to generate
the DH without any problems, but now I should send the DH information to
the server.
We've an example of the same process written in Java, what this app
generates to send to the client is:
SEQUENCE {
SEQUE
Hi I would suggest you to garb some documentation of openssl commands.
Thats enough for
your problem.
Well, you can get certificate get imported to your firefox using following
commands.
1)
openssl s_client -connect www.google.co.in:443 -showcerts
here copy text between last
-BEGIN CERTIFIC
Sorry for top-post - webmail :(
In TLS, the server should not send the root certificate - it sends the chain up
to, but not including, the root certificate.
>From (sorry) http://technet.microsoft.com/en-us/library/cc783349(v=ws.10).aspx
Server Certificate Message
The server sends its certifica
If the only certificate that is shown is the server certificate, the server
is not providing the certificate chain, only the server certificate. This
way, you wont be able to get the CA certificate from the SSL connection.
Maybe your network admins want to fix that too.
What is strange is that exc
Hi,
I'm implementing a software very similar to yours.
This is a small function that I used to generate private and public key:
#include
int main()
{
char * file_pem = "key_priv";
char * file_pem_pub = "key_pub";
FILE * fp;
int bits = 1024;
unsigned long exp = RSA_F4;
RS
On 18 June 2013 09:43, Michel wrote:
> Hi Yamini,
>
> I would suggest looking at the 'EVP Envelope' API :
> https://www.openssl.org/docs/crypto/EVP_SealInit.html
>
Also see:
http://wiki.openssl.org/index.php/EVP_Asymmetric_Encryption_and_Decryption_of_an_Envelope
Matt
__
Hi Yamini,
I would suggest looking at the 'EVP Envelope' API :
https://www.openssl.org/docs/crypto/EVP_SealInit.html
Le 17/06/2013 19:26, yamini a écrit :
Hello,
I am implementing the DES algorithm between my client and server systems for
encryption. The DES key is transmitted in encrypted fo
Hello,
I am implementing the DES algorithm between my client and server systems for
encryption. The DES key is transmitted in encrypted form between Client and
Server using RSA encryption and decryption.
My idea of implementing the above task is creating RSA key
(RSA_generate_key) and using the pu
24 matches
Mail list logo
