How did you make your EC certificates?
Here is the result (truncated as yours is) by using OpenSSL - I had to
use a Name Constraint and a prime curve @ 384 for a proof-of-concept:
...
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
EC Public Key:
pub:
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Kyle Hamilton
Sent: Wednesday, August 19, 2009 10:42 AM
To: openssl-users@openssl.org
Subject: Re: Prevent concurrent operator in FIPS mode
The API does not prevent concurrent
zation Vector)
6) Save off the remainder of the BodyCipherValue.bin (len-16 - this was where I
messed up)
7) Decrypt with cipher -in BodyCipherValueRemainder.bin with -K and -iv values
The -K is RSA encrypted with the public key, but the IV is in "cleartext",
prepended to the AES/bulk encryp
Try LinkedIn - a business-oriented social networking site.
- Original Message -
From: owner-openssl-us...@openssl.org
To: openssl-users@openssl.org
Sent: Sun Aug 09 10:12:58 2009
Subject: Non-technical question on entrepreneurship
Hi All,
This has nothing to do with OpenSSl per se and
I'm trying to illustrate how to take an OASIS WSSE SOAP Message and
operate on it with the commands in OpenSSL.
The SOAP Message encrypts the contents of an element in the Body with
AES-256-CBC with a key that was encrypted with RSA-1_5 using a public
key. We have an RSA encryption of a key for bul
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of gao yi
Sent: Tuesday, December 30, 2008 5:14 AM
To: openssl-users@openssl.org
Subject: vs2008 express + openssl 0.98i error when nmake
OS: windows vista ultimate
visual studio 2008 express
openss
...and the relevant doc is here:
http://www.openssl.org/docs/apps/x509v3_config.html#Subject_Alternative_Name_
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carlo Milono
Sent: Monday, December 08, 2008 1:48 PM
To: openssl-users@openssl.org
Cc: mohammed
For example: set emailAddress in [ req_distinguished_name ] of your
configuration, then direct it in [ usr_cert ] with subjectAltName=email:copy
...
X509v3 Subject Alternative Name:
email:[EMAIL PROTECTED]
...
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Be
I can sympathize with Steve, having gone through a Common Criteria
certification and finally understanding that what I considered the
"truth" was misleading to the validators, leading to numerous
inconclusive verdicts.
As to the real-worldness aspect, this is often a 'checkbox' that gives
assuranc
om: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: Monday, November 24, 2008 2:47 PM
To: openssl-users@openssl.org
Subject: Re: Building fipscanister.o 1.2 with 0.9.8i
On Mon, Nov 24, 2008, Carlo Milono wrote:
> The error is in making fips - ("config fips
:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: Monday, November 24, 2008 12:52 PM
To: openssl-users@openssl.org
Subject: Re: Building fipscanister.o 1.2 with 0.9.8i
On Mon, Nov 24, 2008, Carlo Milono wrote:
> A couple of questions:
>
> Is there a new User's Guide for OpenSSL F
t".
What can I do to overcome this error? I am getting this on Linux RHEL4
and on MSYS for WindowsXP:
make[2]: *** No rule to make target
`/usr/local/ssl/lib/fips-1.0/fipscanister.o'
The builds for 0.9.8i complete fine.
---___
Carlo Milono
How curious that this topic would come up today as I had a discussion on
it just two days earlier.
The OpenSSL FIPS 140-2 Security Policy Version 1.1.2 states:
"The FIPS Object Module is not a static library. It may be incorporated
into shared library files or runtime executable application fil
I have built several platforms of 0.9.8h, including some with asm and a
few with the fips container for FIPS 140-2; all tests pass.
I see the EC and ECPARAMS functions and all of those tests
(ecdhtest/ecdsatest) pass as well, but I don't see the ECDHE ciphers.
I'm trying to get a build that is
I made a "self-serve" model with a simple form POST and a script - I
received four input parameters and assembled a text file and passed the
parameters to the script:
REM set the basic configuration parameters
set OPENSSL_CONF=C:\OpenSSL\bin\OpenSSL.cnf
REM %1 is emailAddress, %2 is password,
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:owner-openssl-
> [EMAIL PROTECTED] On Behalf Of Jeremiah Martell
> Sent: Friday, July 06, 2007 6:03 AM
> To: openssl-users@openssl.org
> Subject: Re: Question: ASCII Armored text signature
>
> On 7/5/
Radix-64 - if you want the PGP/GPG stuff.
See: http://en.wikipedia.org/wiki/Binary_to_text_encoding
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:owner-openssl-
> [EMAIL PROTECTED] On Behalf Of Jeremiah Martell
> Sent: Thursday, July 05, 2007 12:02 PM
> To: openssl-users@openssl.
DH is used for the Key Agreement or Key Exchange. Here is another
article - by cisco - that is more detailed.
http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-1/ssl.h
tml
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of jacki
[EMAIL PROTECTED] [mailto:owner-openssl-
> [EMAIL PROTECTED] On Behalf Of Troy Monaghen
> Sent: Friday, June 01, 2007 7:20 AM
> To: openssl-users@openssl.org
> Subject: Re: Q's on making 0.9.8e with FIPS 1.1.1 andno-cipher/enable-
> cipher
>
>
> On Thu, 2007-05-31
On a Linux AS4 machine, I was able to successfully build both 0.9.8.e and FIPS
1.1.1 and have both pass all tests :-)
The VERSION in the FIPS Makefile is different than the version of the base
OpenSSL, and the only way to change the output of "openssl version" is to
change the header file. I'v
20 matches
Mail list logo
