This is the openssl client output from my desktop:
$ openssl s_client -connect 192.168.3.152:443 -debug
CONNECTED(0003)
write to 0x8518108 [0x8522373] (139 bytes => 139 (0x8B))
- 16 03 00 00 86 01 00 00-82 03 00 52 70 85 71 16 ...Rp.q.
0010 - 49 b7 70 da 0b 4c b0 72-c1 a
On Tue, Oct 29, 2013, cellecial wrote:
>
> I have a problem with i2d_ASN1_BIT_STRING().
> If I set data with a 0x00-terminated string , i2d_ASN1_BIT_STRING() will
> trim off 0x00.
>
Usually a BIT STRING is a, err, string of bits and DER dictates that trailing
zero bits are removed. In some case
Hello,
Just to get the feel for how to use these functions, I am writing a test
program that encrypts a string using RSA_public_encrypt, and then decrypts
the encrypted string using RSA_private_decrypt. I am observing random
failures, on Windows only. On OSX, it works consistently. I have done
Thank you, I rewrite the code ,but 0x00 is still trimmed off.
int main()
{
unsigned char *buf = NULL,*temp_buf = NULL;
int buflen = 128;
ASN1_BIT_STRING *bs = NULL,*bs2 = NULL;
int i = 0,j = 0;
int ret = 0;
int derlen = 0;
unsigned char *p = NULL;
buf = OPENSSL_malloc(150);
temp_buf = OPE
That's very weird. alert 51 = decrypt_error received by the servers - in the
lighttpd log
or s_server output - is certainly consistent with Firefox thinking a
signature is bad.
And the signature on the cert in your capture looks right (although it
doesn't have
either subject.CN or SAN identify
>From: owner-openssl-users On Behalf Of Luis Rocha
>Sent: Monday, October 28, 2013 18:48
>I'm trying to compare the results of the openssl tool with the cryptool
1.4.31
>+ Filename topsecret.txt which only contains the character 'a'
>+ Encrypt it with DES using CBC mode with key and iv = 0 produc
On Tue, Oct 29, 2013 at 05:26:39PM +0100, Luis Rocha wrote:
> btw a interesting phenomenon where encrypting with the same key reveals the
> plaintext.
There are two such keys among the 4 weak DES keys:
0101010101010101
fefefefefefefefe
1f1f1f1f1f1f1f1f
e0e0e0e0e0e0e0e0
http:
Following up with myself:
1. I was using the ENGINE_get_cipher_engine function to tell if a
particular cipher was implemented in an engine, but I was not calling
ENGINE_finish after each call, which is probably bad.
2. As best as I can tell, it doesn't make sense to call get_cipher_engine
for thi
Thanks guys! really learning cool stuff I will take it from here and
appreciate your time.
btw a interesting phenomenon where encrypting with the same key reveals the
plaintext.
echo -n 'deadbeef' > topsecret.txt
xxd topsecret.txt
6465 6164 6265 6566
openssl enc -des-cbc -nosalt -nopad -K 0
On Tue, Oct 29, 2013 at 03:54:50PM +0100, Luis Rocha wrote:
> The X.923 padding attaches to a complete message block another block of
> zeros: A = 00 00 00 00 00 00 00 00
I would expect the last padding byte to be 08, not 00, since 8 padding
bytes were added. PKCS#7 padding for the same complete
why not use -nopad when calling openssl enc, and add the zero padding
yourself?
> echo -n '' > topsecret.txt
> head -c8 /dev/zero >> topsecret.txt
> xxd topsecret.txt
000: 6161 6161 6161 6161
> openssl enc -des-cbc -K 0101010101010101 -
On Tue, Oct 29, 2013 at 03:18:44PM +0100, Luis Rocha wrote:
> In the cryptool I'm only able to introduce the 8 bytes key and not the IV.
> The documentation from CrypTool says" CBC mode is used with zero
> initialization vector and X.923 padding."
>
> user@debian:~$ openssl enc -des-cbc -K 010101
Ok so I read more about it and for DES a block consists of 64 bit = 16 hex
characters
The X.923 padding attaches to a complete message block another block of
zeros: A = 00 00 00 00 00 00 00 00
so I created a text file with 64 bits (16 hex characters)
$echo -n '' > topsecret.txt
$xxd t
On 10/28/2013 02:41 AM, Abdul Anshad wrote:
> Hello all,
>
> Could anyone please explain me the whole process for building FIPS
> capable openssl on solaris 10 SPARC architecture ?
Well, you would build it the same as for any Linux/Unix platform, as
described in the Security Policy:
http://csr
On 10/28/2013 12:38 AM, Sg, Prasad (STSD) wrote:
> Hi,
>
> I am trying to get a FIPs certifier version of openssl built on
> HP-UX I64 11.31.
>
> The build of FIP's module is successful and i could even use it
> to build openssl (libcrypto.so.1.0.0).
>
> I was looking if anybody could check the
Thank you Victor!
In the cryptool I'm only able to introduce the 8 bytes key and not the IV.
The documentation from CrypTool says" CBC mode is used with zero
initialization vector and X.923 padding."
user@debian:~$ openssl enc -des-cbc -K 0101010101010101 -iv
-nosalt -in topsecre
Hi,
I'm doing some work for a client who has a requirement to use ECDSA. However,
I am having a hard time working out which curves I should enable.
This site - http://safecurves.cr.yp.to/ - seems to be the current
state-of-the-art on which curves to use. It recommends five: Curve2213,
Curve117
You are comparing the native form to the DER encoding. You need to d2i back
and see that the data is preserved.
Not only is “the 0x00 trimmed” but those bytes at the front 03 81 80 01 are
also a clue. ☺
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
Hi,
I have a problem with i2d_ASN1_BIT_STRING().
If I set data with a 0x00-terminated string , i2d_ASN1_BIT_STRING() will
trim off 0x00.
Here is a sample code:
--
#include
#include "openssl/asn1.h"
int main()
{
unsigned char *buf = NULL,*temp_buf = NULL;
int
On 28 Oct 2013, at 11:56, redpath wrote:
> I would like to know why the openssl CA command to revoke a cert
> (myfiletorevoke)
> needs the CA cert other than the cert I want to revoke.
>
> openssl ca -revoke myfiletorevoke -keyfile cakey -cert cacert -passin
> pass:CApass -config myconfig
Hi,
I am trying enable ssl in lighttpd web server.
My OS is "Arago linux" running on "Beaglebone black".
I did the proper SSL configuration for the webserver . But When I access
the https page from browser (Firefox), I am getting the "This Connection
is Untrusted" message. But when I accept t
Hello Frank,
Sorry for the delayed reply. You mean to say S/MIME Capabilities
understands this extension but they is no logic to handling the ASN1
sequence?
-mithun
On Wed, Aug 7, 2013 at 1:57 PM, Frank Migge wrote:
> Dear Mithun,
>
> I came across this thread by researching the same questio
typo error
Hello Frank,
Sorry for the delayed reply. You mean to say Openssl understands S/MIME
Capabilities extension but they is no logic to handling the ASN1 sequence?
On Tue, Oct 29, 2013 at 3:20 PM, Mithun Kumar wrote:
> Hello Frank,
>
> Sorry for the delayed reply. You mean to say S/M
Dorin & others,
Has this got resolved? we have been experiencing exactly the same behaviour
in our Client Simulor.
any clue why we only see for first connect only?
however, we see varying blockage (from 3 to 40s) based on number of user
simulated. Does it depend on client simulator's memory uti
24 matches
Mail list logo
