om -recip
cert1.pem -recip cert2.pem -keyopt rsa_padding_mode:oaepI maybe could provide a
problematic e-mail including private keys - off the list - due privacy concerns
to investigate - would that be acceptable ? If so - what e-mail address can i
sent it to
From: Dr. Stephen Henson
To
Im using the cmd client openssl cms -decrypt with the "debug_decrypt" option to
have the same behaviour as before the bleichenbach security patch to use
decryption without recipient public keys.
For some reason, some messages will produce the following error on OpenSSL
1.0.2d and even OpenSSL 1.
Can i set the padding RSASSA-PSS or alg ECDSA via command line when using
openssl smime or openssl cms command?
I can't find an option for it.--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Im getting the following error using openssl x509 -inform DER -in cms_cert.der
-text
140026491385512:error:100D7010:elliptic curve routines:ECKEY_PUB_DECODE:EC
lib:ec_ameth.c:206:
140026491385512:error:0B07707D:x509 certificate routines:X509_PUBKEY_get:public
key decode error:x_pubkey.c:164: I
Im getting the following error
using openssl x509 -inform DER -in cms_cert.der -text
140026491385512:error:100D7010:elliptic curve routines:ECKEY_PUB_DECODE:EC
lib:ec_ameth.c:206:
140026491385512:error:0B07707D:x509 certificate routines:X509_PUBKEY_get:public
key decode error:x_pubkey.c:164:
Im getting the following error with OpenSSL 1.0.1e 11 Feb 2013 during openssl
smime -decrypt -in
140050001958568:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:tasn_dec.c:1319:
140050001958568:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
error
This commit:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=146b52edd122f55e2b2bfeb486dae8dbe96f739e
Introduced an error/new behavior, specifically this file
http://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff;f=crypto/cms/cms_smime.c;h=8c56e3a8520d73802c7ea00f81e81c1d574bc49b;hp=
sl.org
> On Behalf Of Harakiri
> > Sent: Thursday, 28 October, 2010 07:52
>
> >
> BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL)
>
> Output doesn't generate (any) linebreaks. Input doesn't
> REQUIRE them every <80, but does ALLOW them anywhere.
i tried th
sl.org
> On Behalf Of Harakiri
> > Sent: Thursday, 28 October, 2010 07:52
> >
> > However, it would be easy to fix i guess - the base64
> reader
> > simply must ignore the rule that each line has to be a
> certain length.
> >
> BIO_set_flags(b64,BIO_FLAGS_BAS
I'm getting alot of wrongly encoding mails lately from different sources, they
have base64 lines which exceeds the standard. I.e. in between one line
is 4 characters longer, then the next lines are all shifted by these 4
characters.
i.e.
3/BExiJWU6pKjH8JFebBYjHyYYbVYdIqpm6HeKJd2QdGIWXqaUacDXdEZ
--- On Wed, 8/4/10, Dr. Stephen Henson wrote:
> From: Dr. Stephen Henson
> >
> > Solution: Disable the recipient check, when i manually
> assign the private
> > key - just use it to decrypt the message.
>
> If you don't supply the certificate to the cms or smime
> command it doesn't
> atte
Problem: Outlook 2010 violates CMS rfc, it sets the SubjectKeyIdentifier in an
smime encrypted message, even tho the x509 certificate used to encrypt this
message does not have this extension set. Outlook synthesize this value
somehow. When trying to decrypt the message with the private key, ope
--- On Wed, 1/7/09, Dr. Stephen Henson wrote:
> Incorrect checks for malformed signatures
> - ---
It is not perfectly clear to me if regular certificate validiations and smime
signature validiation is also affected by this. Could you please elaborate if
Hello,
i've not digged through the whole openssl source yet - but it seems to me that
the recent Debian
Issue with the ssleay_rand_add method here
http://svn.debian.org/viewsvn/pkg-openssl/openssl/trunk/rand/md_rand.c?rev=141&view=diff&r1=141&r2=140&p1=openssl/trunk/rand/md_rand.c&p2=/openssl/tru
Nice advertising here by john..
i think there are more products =) - try bouncycastle
API they can do it too ... for free
--- John Pattern <[EMAIL PROTECTED]> wrote:
> As far as I know the only product that supports this
> is iSafeGuard from MXC Software
> (http://www.mxcsoft.com). You might be
--- "Steven A. Bade" <[EMAIL PROTECTED]> wrote:
> >the IBM 4758 card.
> The engine code you refer to was not done by IBM as
> far as I know, I
> believe it was done at a university.
Yes i know, therefor i ask if anyone already has done
something similar. Or even if someone in-the-known can
tell
Hello list,
i know that openssl ships with the ENGINE source for
the IBM 4758 card.
Is anyone aware of an implementation for the IBM 4764
card ?
I contacted IBM crypto support and they said they do
not have nor will develope any openssl integration.
(which is kinda funny judging by the price of
Depending on what you want to do - mostly you are
better of with Bouncycastle if you want just a crypto
libary for Java instead of a "wrapper"...
--- "comeochris (sent by Nabble.com)"
<[EMAIL PROTECTED]> wrote:
> I would like use the OpenSSL libraries from Java
> with windows,
> I search a java w
Thank you
--- "Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote:
> The current behaviour of the pkcs12 utility is to
> effectively only support
> passwords in ISO8859-1 format.
>
> Support may be added with a -utf8 command line
> switch option to the pkcs12
> utility at some point.
>
> Steve.
_
Hello,
there seems to be an issue with the openssl pkcs12
command and passwords which are UTF-8 encoded.
(OpenSSL 0.9.7d 17 Mar 2004)
Im using the option -passin file:mypin.txt
When mypin.txt contains a password (i.e. german
umlauts) which is UTF-8 encoded (bash: file mypin.txt
returns : UTF-8 U
Is there an actual version of openssl that i could
build under Suse 9.1 ?
And, what is the ETA on a new official openssl release
? The SMIME encrypt bug is major onw, i dont
understand
why nothing had been done yet to release new RPMs for
major distributions (suse 9.1 ships with the latest
officia
Lets say i use 2 certs/private keys (or more), and i
do not know which of my public keys was used to
encrypt a message to me. Is it possible to supply
multiple secret keys to the openssl smime -decrypt
command, and openssl will be "smart" enough to figure
out the correct key ?
I tried to no avail,
Well, the RFC allows other algorithms apart from SHA1,
also mail programms like outlook (ugh) allow it too -
so why should there be a reason to FORCE using of SHA1
?
> Not with the smime command line tool no. SHA1 is the
> mandatory algorithm and
> I haven't even seen any mention of older digest
There seems to be no option on the command line
(openssl smime -sign) tool to sign with another hash
algorithm (SHA1, MD5) sha1 is default and i cannot
change this it seems.. is there no way to use another
for smime signing ?
Another question, is it also possibile to select a
signature algorit
24 matches
Mail list logo
