> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Tom Francis
>
> > openssl pkcs12 -export -out mypkcs12.pfx -inkey my.private.key -in
> mycert.crt -certfile intermediate.crt -CAfile ca.crt
> > (Correct?)
So ... I just tried this, and confir
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Michael Wojcik
>
> For someone who does want more background in cryptography, I'd
> recommend Schneier's /Applied Cryptography/ over /Cryptography
> Engineering/. The latter is for people implementing
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Dave Thompson
>
> - the truststore if -CAfile and/or -CApath specified IF NEEDED
Thank you very much for your awesome detailed answer. This answers a lot of
questions, but I am left with a new one:
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Kaushal Shriyan
>
> I am new to SSL/TLS Certificates. Please help me understand what is the
> difference between ROOT CA Certs and Intermediate Certs or Chain Certs. I
> will appreciate if i can refer
A bunch of things on the internet say to do "-cafile intermediate.pem -cafile
root.pem" or "-certfile intermediate.pem -certfile root.pem" and they
explicitly say that calling these command-line options more than once is ok and
will result in both the certs being included in the final pkcs12...
At work, we develop software in .NET, currently using the built-in SslStream
class, and I'm considering abandoning it.
Is Openssl recommended for SSL/TLS communications in .NET? And if so, should I
just download the win binaries from
http://slproweb.com/products/Win32OpenSSL.html ?
I'm inter
Suppose you have a single resource to be encrypted, and it should be
accessible by multiple users. Is there a way to encrypt something such that
multiple keys would work? I can't seem to find any such solution...
How do things like FileVault implement a Master Key, and multiple users? It
see
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of MauMau
>
> But folks here gave me suggestions that different IVs should be used for
> each 4KB block. I think I should do that, and I'd like to follow those
> precious advice.
>
> (However, I'm wonde
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Jeffrey Walton
>
> On Tue, Apr 17, 2012 at 9:47 PM, Edward Ned Harvey
> wrote:
> >> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> >> us...@open
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Ken Goldman
>
> The standard answer: If this is a real security project, hire an
> expert. If you design your own crypto algorithm, you will get it wrong.
Or, if you're pretty confident you know how
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Ken Goldman
>
> The standard answer: If this is a real security project, hire an
> expert. If you design your own crypto algorithm, you will get it wrong.
>
> If this is just for fun, to learn about
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Edward Ned Harvey
>
> attacker doesn't know is your key and your plaintext. There is only one
> solution. You must use a second key. Use your first key to encrypt the
> sec
> From: Edward Ned Harvey
>
> I can't think of anything wrong with using the block number as the
> IV, and then use ECB.
Oh yeah. I can think of something wrong with that. If an attacker knows
the block number, and they have some intelligent guess about the plaintext,
then t
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Mr.Rout
>
> 1) what is intermediate certificate validation ?
When you generate a CSR, the CA can sign it directly, or they can sign it
via an intermediate. I'm not quite sure what's the point of the
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Michael S. Zick
>
> You must be new to mailing lists also.
> Start your own thread, they are cheap here, don't hijack another topic.
Mike, How do you call that a thread hijack? New subject, new threa
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of jim.armstrong
>
> openssl version -a returns OpenSSL 0.9.8g - Platform:
debian-i386-i686/cmov
>
> There's an existing csr file on the server. Can I use this csr file or do
I
> need to generate a new
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of anthony berglas
>
> Taking a different slant, is it possible to provide the "Entropy" using a
pass
> phrase. So a given pass phrase will always generate the same key pair.
This
> means that for simpl
If this subject varies based on context, then I'm specifically focusing on
generating private keys / certs via "openssl" command-line tools on linux
(rhel/centos) for use in https, etc.
My question is, assuming servers are generated from VM snapshots or clones,
or restored from backups, or oth
18 matches
Mail list logo
