Hi again,
shouldn't it be?
static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef};
instead of
static int ext_nid_list[] = { NID_ms_ext_req, NID_ext_req, NID_undef};
I guess it was a typo.
regards,
aleix
On Fri, 10 Sep 2004 22:29:10 +0200, Dr. Stephen Henson
<[EMAIL PROTECTED]
Well, this is great.
Thank you very much!
regards,
aleix
On Fri, 10 Sep 2004 22:29:10 +0200, Dr. Stephen Henson
<[EMAIL PROTECTED]> wrote:
>
> I've just fixed OpenSSL to check for the PKCS#9 extension request first and
> only use MS if its not found.
>
> This will be in the next stable snap
"[EMAIL PROTECTED]" <[EMAIL PROTECTED]> writes:
> Hello,
>
> I try to write some beginner sample codes. Compilation is ok in Visual
> C++ 6.0.
> But when I execute it, program raise error on function
> PEM_read_X509 at line 34.
>
> I don't know, where is problem...
>
you forgot to call OpenSSL
hi!
is there any way to do a "copy_extension = copy" as in 0.9.7 in version 0.9.6?
thanks in advance.
regards,
aleix
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
hi,
i have sent a message to the list, and some anti spam software that this
user ([EMAIL PROTECTED]) has installed has sent to me an email asking
me to accept it if i really wanted to send the message to him.
what is this? i do not want more spam. it is really annoying.
anti-spam filters are g
i think that by default OpenSSL is installed in /usr/local/ssl, so
libcrypto.a is in /usr/local/ssl/lib.
you probably would want to do:
./config --prefix=/usr/local
now libcrypto will be installed in /usr/local/bin and openssl executable
in /usr/local/bin
may be this was the problem.
hth.
al
hi again,
here is a dummy example that reads the key usage extension from a
certificate.
thanks Steve.
regards,
aleix
==
int
main(int argc, char** argv)
{
FILE* in;
int pos;
int crit;
X509* cert;
X509_EXTENSION* ext;
ASN1_B
"Dr. Stephen Henson" <[EMAIL PROTECTED]> writes:
> ... then search and parse it using X509V3_get_d2i().
>
> For keyUsage you get back an ASN1_BIT_STRING structure. From that you can test
> individual bits using ASN1_BIT_STRING_get_bit().
>
great! that is what i needed.
thank you!
aleix
_
hi,
i've added key usage extensions to some CSR and these have been added to
the certificate. for this, i've use the function X509V3_EXT_conf_nid
(like in the mkreq.c example).
now, i'd like to obtain key usage values from an X509_EXTENSION
structure. how can i obtain each of these values? that
hi,
everytime i send a message to the list i'm getting a mail notification
about delivery problems to GregH at ceoworkz dot com.
is that normal?
regards,
aleix
__
OpenSSL Project http://www.ope
"Howard Chan" <[EMAIL PROTECTED]> writes:
>
> I have this file which used sha1 hash algorithm to obtain it's message
> digest, and subsequently the digest was encrypted (signed) using RSA
> algorithm with a private key from a X.509 certificate.
>
i don't think you can get a private key from an X5
"Dr. Stephen Henson" <[EMAIL PROTECTED]> writes:
>
> Creating a random OID is a bad idea. You should get a number assigned for your
> organisation and use a subtree of that.
>
> See:
>
> http://www.iana.org/cgi-bin/enterprise.pl
>
> If you, for example were allocated the number you could
please, feel free to modify this, because my english needs to be
polished.
best regards,
aleix
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTEC
.
*/
int n = X509_get_ext_count(cert);
printf("Extensions: %d\n", n);
for (i = 0; i < n; ++i)
{
X509_EXTENSION* ext = X509_get_ext(cert, i);
nid = OBJ_obj2nid(ext->object);
printf("short name: %-22s
hi,
i've been looking at the archives list trying to search how to add
additional extensions to certificates.
i found the thread "Adding Application Attributes to X509 Certificates?"
that is about what i'm asking but using openssl commands and openssl
configuration file. eventhoug, i don't know i
hi,
basically, the question is: which are the security benefits of adding a
MAC to a PKCS#12?
thanks in advance.
regards,
aleix
__
OpenSSL Project http://www.openssl.org
User Support Mailing Li
hi Krzysztof,
try "openssl speed rsa". it will compute some rsa exponentiations and it
will give you some times. you can also try "openssl speed" for all
tests.
regards,
aleix
__
OpenSSL Project
hi,
well, first of all, let me thank you for the mail again.
i was thinking the same thing yesterday morning: if you need your CPU to
do other things, the cryptographic hardware can help you. the problem is
when you only need cryptographic results in a real-time large process
(let's say talling
hi,
i'll definetly have a look at the old posts if i find them. :-)
thank you very much for this mail. it has really helped me understanding
a bit more of what i was doing. now, results really make sense.
hardware disabled
=
openssl speed -elapsed
signveri
hi again,
as i said yesterday i'm doing some tests with cryptographic hardware (in
my case nCipher's).
now that i have loaded the engine, i'm getting real strange results. the
same test with hardware enabled is much slower than the software version.
it is really weird, because the "openssl speed
Aleix Conchillo Flaque <[EMAIL PROTECTED]> writes:
>
> ENGINE*
> setup(char const* engine)
> {
> if (::ENGINE_by_id(engine) == NULL)
> {
> return NULL;
> }
>
> ENGINE* e = ::EN
hi,
i've just started testing an ncipher hardware module using openssl.
the "openssl" application seems to find the shared library
(libnfhwcrhk.so), with just specifying "-engine chil".
but my code, doesn't want to find the library. i get this error:
"error:25066067:DSO support routines:DLFCN_L
On Fri, 11 Oct 2002 18:42:02 +0200, Joern Sierwald wrote:
>
> If the certificates are encrypted, you need to decrypt them. Sorry for
> stating the obvious. However: there is no need to encrypt them
> in the 1st place. A pkcs#12 file can contain the cert unecrypted
> and the key encrypted.
>
> o
hi!
this is probably basic question. i'd like to know if there is any way
to obtain the public certificates inside a PKCS#12 without the need
of decrypt it.
if the certificates are public it should be obvious to be able to
read them. is it possible?
regards,
aleix
___
Begin forwarded message:
Date: Thu, 12 Sep 2002 16:30:13 +0100
From: "Andy Schneider" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
Subject: RE: someone in the UK phone Andy pls
Have just text'ed Andy's mobile.
Aleix - can you fwd to openssl-users if it doesn't appear on
On Thu, 12 Sep 2002 16:59:17 +0200, Jose Correia (J) wrote:
> and tell him to phone someone at his company to disable his
> auto-response thingy. Otherwise we are going to end up with hundreds
> of these things...!!
>
yeah, it's really annoying.
aleix
_
On Thu, 25 Jul 2002 17:33:49 +0200 (CEST), Erwann ABALEA wrote:
>
> How is that localKeyID calculated? Is it a hash of the public key? If
> yes, then this sounds an acceptable practice, if you really *need* to
> keep separate PKCS#12 files, which is uncommon.
>
it's a digest of the x509 certif
On 23 Jul 2002 17:44:15 -, ganesh kumar godavari wrote:
> hello group,
> i have create RSA private key using
> openssl genrsa -out KEY.pem 1024
> openssl rsa -in KEY.pem -out private.pem
> openssl rsa -in KEY.pem -pubout -out public.pem
>
hi
first, you don't need to call
openssl rsa -in
Frank Geck <[EMAIL PROTECTED]> writes:
> I was wondering if someone could tell me what i2d_PKCS7_bio() and
> d21_PKCS7_bio() do. I think that they take a pkcs7 data structure and
> put it in a memory bio but what type of encoding (DER, PEM/base 64)?
>
DER encoding
check out the faq, section P
Ryan Hagan <[EMAIL PROTECTED]> writes:
> Greetings,
>
> I've installed OpenSSL (0.9.6c-2) along with sslwrap (2.0.6-5) and
> apache (1.3.24-3) and PHP (4.1.2-4) on a debian system. I created my
> own certificate with no problems, installed the necessary lines into my
> /etc/services file and ra
hi all,
does anyone knows how to obtain a big random seed in systems
that doesn't provide /dev/urandom?
may be i could initialize RAND_seed with current time, and then generate
random numbers and provide them as the new random seed. is this a good
choice?
thanks in advance,
aleix
___
Leendert Meyer <[EMAIL PROTECTED]> writes:
> Hi all,
>
> Ok here is my problem :
>
> I have a encrypted private key in a .pem file.
>
> How can I convert it to be an unencrypted version of the
> key.
>
openssl rsa -in privkey.pem -out privkey_unenc.pem
regards,
aleix
_
isn't this a repeated thread? or i have a dejabou? :)
aleix
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
Stella Power <[EMAIL PROTECTED]> writes:
> okidokey, the code is attached.
> The encryption/decryption function is in do_crypt.c
>
hi,
i think you have the problem when you get the size of your buffer.
inlen = strlen(i_p);
you are treating the result as a string. this is not correct because
On Wed, 2002-05-22 at 09:16, [EMAIL PROTECTED] wrote:
>
> I have a problem doing a simple program. I want to convert to and from a
> rsa structure to a DER. When I do it, I get a segmentation fault and I
> don't know why. Please can anybody help me?
>
> The code is:
hi luis,
next time, please
On Tue, 2002-04-02 at 17:34, Chris Cleeland wrote:
>
> You can also just modify the .conf file to not prompt, e.g., I have something
> like this in a customized version of openssl.conf
>
>[snip]
this way is just better :-)
--
Aleix Conchillo Flaqué
http:
S
Your state
Your city
Your organization
Your organizational unit
Your name
--
if you don't want to fill any of the fields just leave a blank line.
hope this helps.
best regards,
--
Aleix Conchillo Flaqué
http://www.scytl.com
---
P
hi kevin,
i don't understand when you say "is obviously not importable by IE or
Netscape". your PKCS12 file seems to be fine. i can export mines in
windows and netscape without any problems, and are exactly like yours, a
typical PKCS12 file. :?
may be your problem is that you are using your own
i forgot to say that i use the code i send you in https posts.
aleix
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manag
hope this helps. i don't remember where i found it...
any way, here you are.
#include
#include "base64.h"
unsigned char alphabet[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
int
base64_decode(unsigned char *outbuf, unsigned char *inbuf, int size)
{
static un
Hi Alvaro,
I had a similar problem with netscape. When i generated the
certificates, i initialized the certificates serial number file (ca.srl)
to 00 and netscape correctly exported the user certificate, but not the
ca. i repeated all steps again without reseting ca.srl to 00 and then it
i);
X509_NAME* name = X509_get_subject_name(x509);
text = malloc(sizeof(x->cert_info));
text = X509_NAME_oneline(name, text, 200);
printf("Subject name data: %s\n", text);
free(text);
}
--
Aleix
--
Aleix Conchillo Flaqué
SCYTL founder & R&D Engine
Hi,
I have a few questions about the usage of the PKCS7 functions in
OpenSSL.
My code works: it creates a PKCS7 SignedAndEnveloped. I get the idea
from the enc.c and dec.c files in crypto/pkcs7 directory.
Before my code worked i wrote another code that seemed to be ok bu
more concrete details on how to generate those files you can
send me an email. an i'll help you if i can.
regards,
--
Aleix
--
Aleix Conchillo Flaqué
SCYTL founder & R&D Engineer
e-mail: [EMAIL PROTECTED]
phone: +34 933 016 547
_
On Mon, 2001-11-26 at 11:27, Lidia Castillejo wrote:
> Hi,
> Thanks Dr S N Henson XDD
> I'm using RSA keys.How i can create a PKCS#12 file from the certificate and
> private key?
> Thanks
>
using the command line:
openssl pkcs12 export -in your_cert.pem -out your.p12 -inkey
privatekey.pem
rega
ples, they're
really cool. openssl has functions to read certificates and they are
really easy to use.
what do you exactly need for your application?
regards,
--
Aleix
------
Aleix Conchillo Flaqué
SCYTL founder & R&D Engineer
e-mail: [EM
46 matches
Mail list logo
