On Wed, Sep 03, 2008 at 04:16:57PM +0200, Graham Leggett wrote:
> Does openssl support RFC2898
Not in 0.9.8.x.
You have to write it yourself.
--
Eric Murray Sr. Security Architect
SafeNet www.ingrian.com www.safenet-inc.
ber Debacle in '96 was posted to the
cypherpunks list. The archives move; a web search should
find them.
Newer versions might be in the Mozilla open-source project.
--
Eric Murray http://www.lne.com/ericm ericm at lne.com PGP keyid:E03F65E5
Consulting Se
On Mon, Aug 28, 2000 at 09:15:25AM +0300, Wirta, Ville wrote:
>
>
> -Original Message-
> From: Eric Murray [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 25, 2000 10:04 PM
> To: [EMAIL PROTECTED]
> Subject: Re: I'm still so very confused about certificates
?
>
> Oh... what shall I do?
Draw a pentagram on the floor, stand in the middle, wave a dead chicken
at the four compass points, and then type
% make linux-shared install
--
Eric Murray http://www.lne.com/ericm ericm
f the server will.
--
Eric Murray http://www.lne.com/ericm ericm at lne.com PGP keyid:E03F65E5
Consulting Security Architect
__
OpenSSL Project http://www.openssl.org
User Sup
t;dumpasn1" is a good asn.1 printer.
--
Eric Murray http://www.lne.com/ericm ericm at lne.com PGP keyid:E03F65E5
Security consulting: secure protocols, security reviews, standards, smartcards.
_
ml
> can't remember how one does that using the 'openssl enc *' IIRC
> anyone recall?
"Openssl enc" just does bulk symmetric encryption, not SSL.
Thus there's no ciphersuite negotiation.
--
Eric Murray http://www.ln
does session reuse. It's not the cleanest code
to read, but you can figure out what's needed from that.
--
Eric Murray http://www.lne.com/ericm ericm at lne.com PGP keyid:E03F65E5
Security consulting: secure protocols, security re
t level, layered on top of some reliable
transport protocol (e.g., TCP[TCP]), is the TLS Record Protocol."
That's not to say that someone hasn't written a spec to
run SSL over UDP, with a layer that provides reliable delivery.
Of course that's duplicating the functionality
ore though?)
It was, and you'll lose it.
> 2) we want it implement the SSL legally.
There's a number of ciphersuites that don't use the RSA algorithm, especially
in TLS1. There also ones that don't use RSA Inc's trademarked RC4
algorithm.
--
Eric Murray http://
that.
You might spend some time watching s_client under a debugger, that can
be instructive.
--
Eric Murray http://www.lne.com/ericm ericm at lne.com PGP keyid:E03F65E5
Security consulting: secure protocols, security reviews, standards, smartcards.
_
-DES-CBC3-SHA
> EXP1024-DHE-DSS-DES-CBC-SHA
> EDH-DSS-DES-CBC-SHA
All except the anon-DH (or ADH) are authenticated.
--
Eric Murray http://www.lne.com/ericm ericm at lne.com PGP keyid:E03F65E5
Security consulting: secure protocols, se
The returned signature is just a byte[] object,
> and I don't know what the encoding is.
If it starts with 0x30,0x8{1,2,3} it's probably DER.
> 2. Is DER-encoding base64 by default?
Nope.
--
Eric Murray www.lne.com/~ericm ericm at the site lne.
hat if you are using someone else's
client (i.e. a web browser), many clients won't do SSL_WITH_NULL_NULL.
or SSL_WITH_NULL_MD5.
--
Eric Murray www.lne.com/~ericm ericm at the site lne.com PGP keyid:E03F65E5
Security consulting: security reviews, protocols, crypto, ssl.
same.
That's needed for crypto apps, otherwise it's hard to
verify a signature.
> 5- Who uses Base64 encoding, and what for? Is it an alternative to DER?
Base64 is a way to encode binary data using only legal seven-bit
ASCII characters. You can use it to encode anything; it's
to send the private data to
them. But how can you do this without a cert? You can't! It's why
certs were invented in the first place!
It'd be much better to keep your private data out of the certs and send
it after the cert exchange/mutual authent
16 matches
Mail list logo
