It probably doesn't help you, because it requires complex deployment and
is not open-source, but I thought that it might be interesting to know
that there is a multi-prime RSA based technology that is actively used in
practice.
It is used for mobile authentication and digital signatures an
On Fri, 11 Apr 2014, Steve Marquess wrote:
Swift/IBAN electronic bank transfers as done in most of the world are
difficult here, with fees. I could set up a charge card
(Visa/Mastercard) merchant account, but the recurring fees for that
would eat up much of what is typically received in donati
On Fri, 15 Mar 2013, Dr. Stephen Henson wrote:
Analysing that CSR the actual signature isn't in the correct form: it just
contains the raw SHA1 digest instead of the required DigestInfo structure.
You can check that using rsautl in a manner similar to that for certificates
mentioned in the ma
On Tue, 16 Dec 2008, BiGNoRm6969 wrote:
Ok. I am a little bit confused. You are telling me that a same data encrypted
with the same key can generate different results? How can the decryption
process can succeed ?!
Maybe it's my cryto knowledge that are limited, but I was sure that one
output
On Mon, 26 Jun 2006, Darryl Miles wrote:
Bodo Moeller wrote:
When using SSL_write() over a non-blocking transport channel, you may
have to call SSL_write() multiple times until all your data has been
transferred. In this case, the data buffer needs to stay constant
between calls until SSL_
On Wed, 27 Oct 2004, Thomas Anders wrote:
Arne Ansper wrote:
The one in Woody has dysfunctional session cache when used together with
client authentication. Client cert makes the encoded session structure too
big and it is not stored in cache.
The original query said "Debian 3.1" whic
On Wed, 27 Oct 2004, Victor B. Wagner wrote:
At least, libapache-mod-ssl package work for me without any problem. I've not
tried apache-ssl, but it should be same quality.
The one in Woody has dysfunctional session cache when used together with
client authentication. Client cert makes the encoded
> I try to sign the data with OpenSSL and to check up the signature in MSIE
> with Capicom.
Check the list archives. If I remember correctly the OpenSSL and CAPICOM
had the signatures in reverse order. I.e. if you take the byte string
created by the OpenSSL signing process and reverse it (swap t
On Wed, 3 Sep 2003, Kent Yoder wrote:
> Hi,
>
> Under heavy load (> 95%) on s390 (SLES8, openssl-0.9.7b), I've been
> seeing these bad write retries. We're using 12 PCICA cards with IBMCA engine
> enabled and home-brew openssl client/server apps, and the errors only happen
> when doing
> the libcsufsapi.a module is either compiled for the wrong machine
> or has been corrupted in transit. Secondary possibility: it is not
> there at all and the "magic number" diagnostic is misleading.
4758 with CCA software is supported only under Windows NT/2000 (and
perhaps XP too) and AIX.
> >>It is almost always an error to use 'select' with non-blocking
> >>sockets.
>
> >Er, why do you think so? It's pretty standard to use 'select' (or
> >'poll') with non-blocking sockets to avoid busy waiting.
>
> You either can block or you can't. If you can block, why are you
> call
> I did not read your conversation from the start but did you try the
> driver from
> http://oss.software.ibm.com/developerworks/opensource/4758/index.html ?
yes. it's the driver for 2.2.x kernels.
> I very concerned by using the linux driver because I would like to use
> it under QNX V6 and I
> I'm looking for the libCSUNSAPI.so file in order to use openssl engine
> with my IBM 4758 CCA device.
> Can you tell me where can I found it ???
What OS? Last time I checked the CCA was supported only under Windows and
AIX.
Arne
__
> pkcs7 structure before sending it to windows client. On windows client we
> are trying to use capicom library to decrypt the data where we are failing.
> I will keep you posted as we make progress. Meanwhile if you got any
> pointers, please do send us.
i haven't looked at encryption, but capi
> Or do I just need to tear apart the "openssl req" command source, find
> what library calls it does, and just call the library myself, and thus
> re-invent the wheel? Has anyone already done this?
OpenSSL 0.9.7 req command has two useful options:
-subj arg set or modify request subje
> > 1) short lived certs
> > 2) CRL's published at regular intervals.
> >
> > both involve a regularly-signed short-lived objects.
>
> Errr - OCSP?
last year we implemented a system that used DNS (with security extensions)
to distribute ceritificate validity information (among other things)
hi!
is it possible to determine between cached and non-cached SSL connection
on the server side after the handshake is complete?
arne
__
OpenSSL Project http://www.openssl.org
User Support Mail
> Hmm .. would you mind explaining where this needs to be set?
ok, i looked into stunnel. yes, it does not set OOB_INLINE. look into
stunnel.c. in function connect_remote declare varianle int on and
following code after call to socket:
on= 1;
if(setsockopt(s, SOL_SOCKET, SO_OOBINLINE,
> > I have been running a powerbuilder app through stunnel and am
> running across an issue where the server is waiting for the app to
> send a command and the client is frozen. > The appllication works
> without sending it through a tunneling server i.e. pointed directly at
> the Sybase server.
> > i would recommend you to use STL instead.
>
> I do not know it, could you expand more on it?
STL is Standard Template Library. it contains different data structures
and algorithms and is now part of C++. there are free implementations and
nowdays pretty much every C++ compiler comes with i
> Does GDBM work on Win32 and all the Unixen we support? In that case,
> this should be perfectly possible. On VMS, we'll just use the
> built-in ISAM (not really, but almost) file format...
when you look at AnyDBM_File manpage of perl you will find following
table:
> > >What is the purpose of global CAs such as
> > >Verisign if I can't trust the certificates to identify an end user?
to make money?
> I'm not looking for a magic bullet. What I am looking for is a method
> to package and distribute clients and servers that will work out of
> the box.
in
> >What I was hoping to determine from this thread was whether or not by
> >using a verified cert one could determine in a trusted manner who the
> >user is.
you should read SPKI RFC's (2692 and 2693).
arne
__
OpenSSL Projec
> > > Now on Windows NT SP4 this code does not detect the closing of the
> > WSAGetLastError is actually same as GetLastError, which returns the result
> > of the last system call.
>
> This is true on NT, not on Windows 9x.
yes. but you had problems under NT, right?
arne
___
24 matches
Mail list logo
