Thanks. Now all I need to do is figure out what parameter to pass the req or
ca command to get the get the subject key info to accept the new algorithm.
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Jakob Bohm
Sent: Wednesday, October 25, 20
On 26/10/2017 03:30, Steven Madwin via openssl-users wrote:
Starting with the definition of the subjectPublicKeyInfo from RFC
5280, Section 4.1 – Basic Certificate fields we see that the entry
contains two items:
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPub
Starting with the definition of the subjectPublicKeyInfo from RFC 5280,
Section 4.1 - Basic Certificate fields we see that the entry contains two
items:
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING }
In RFC 4055 - Additional Algorithms
Jakob Bohm wrote:
>> I wanted to know when we use engine instance for encyrption/decryption
>> operation, can it be done selectively?
> Please beware that many TPM chips were recently discovered to contain a
> broken RSA key generation algorithm, so public/private key pairs keys
On 25/10/2017 19:06, Jayalakshmi bhat wrote:
Hi All,
Our device uses TPM to protect certificate private keys. We have
written engine interface to integrate TPM functionality into OpenSSL.
Thus TPM gets loaded as an engine instance.
Also we have mapped RSA operations to TPM APIS as like
encry
Hi All,
Our device uses TPM to protect certificate private keys. We have written
engine interface to integrate TPM functionality into OpenSSL. Thus TPM gets
loaded as an engine instance.
Also we have mapped RSA operations to TPM APIS as like
encryption/decryption etc.
Now we are into few issues.
Hi Matt,
Thanks a lot. This helps me. I had seen different options for OpenSSL
1.0.1e versions. Hence had some confusions.
Does this means, options specified here only can be used for OpenSSL 1.0.2x
releases.
Regards
Jayalakshmi
On Tue, Oct 24, 2017 at 2:31 PM, Matt Caswell wrote:
>
>
> On 24/
Thanks for the reply, Viktor.
Is it possible to keep searching for a valid certificate if the first
matching certificate was not valid?
Our customer claims that the NSS Mozilla didn't have this issue, so this
is considered a regression for us.
Best Regards,
-- misaki
On 10/21/2017 3:21 PM,
Hey,
I am using OPENSSL (and INDY) to send data to web service. It works
great when I use certificate in .p12 files. I need to use
cryptographic card. I have 2 card Gemalto and Athena and I notice that
in the ENGINE structure the field load_ssl_client_cert is null. Are
this card prepared properly ?
