Re: TLS server/client with self-signed certificate

2012-08-03 Thread Harald Latzko
Hello Jakob, Am 03.08.2012 um 09:52 schrieb Jakob Bohm: >> My assumption of a chain of trust is that the end of a trust chain is >> reached (=a server or client certificate is seen as valid and secure) if the >> whole chain of certificates ends in an entifiy where subject=issuer and >> CA:true

Re: TLS server/client with self-signed certificate

2012-08-03 Thread Harald Latzko
Hello Dave, Am 03.08.2012 um 03:55 schrieb Dave Thompson: > Aside: it's a good thing you gave the server, because Outlook > (which we use) blocks *.cer. I wish it didn't, but it does. I've reached this "great" functionality last week, too. There's a possibility to allow filename extensions ins

TLS server/client with self-signed certificate

2012-08-02 Thread Harald Latzko
Hell,I've got a question regarding self-signed X509v3 certificates used in a TLS1.0 server/client environment. A communication partner uses a self-signed certificate as attached to this mail (can be retrieved from the TLS server 87.236.105.37:6619). My TLS client uses the following options: SSL_CTX

Re: openssl smime -stream issue

2009-05-11 Thread Harald Latzko
Hi! Please correct me if I'm wrong, but afaik the "-stream" option doesn't work for the openssl smime commands "decrypt" and "verify" (tested with openssl-1.0.0-stable-SNAP-20090511, openssl-SNAP-20090511 and openssl-1.0.0-beta2). Regards, Harald Am 08.05.2009 um 12:07 schrieb kha...@sb

Re: how to know the flags of pkcs7_sign at receieing side

2008-04-21 Thread Harald Latzko
Hi Shankar, if you're dealing with OFTP2 (I assume you're implementing this because of older posts refering to the protocol and its RFC), you may inspect the field SFIDSEC. Taken from the RFC 5024, ch. 5.3.3: Value: '00' No security services '01' Encrypted

Re: CMS usage with OpenSSl

2008-04-02 Thread Harald Latzko
is Joerg Walter ([EMAIL PROTECTED]) or contact me ([EMAIL PROTECTED]) for openSSL specific topics. Regards, Harald Latzko c-works GmbH > Hi Stephen, > > We are developing a secure communication on OFTP(RFC-5024), as per the RFC > we need to sign the file, compress the file , encr

PKCS#7 streaming in smime utility

2007-12-20 Thread Harald Latzko
Hello, I've read the following in the latest CHANGES file of the openSSL 0.9.9 snapshot 20071220: *) Add option -stream to use PKCS#7 streaming in smime utility. New function i2d_PKCS7_bio_stream() and PEM_write_PKCS7_bio_stream() to output in BER and PEM format. Does this work f

Re: EVP_DecryptFinal_ex:bad decrypt

2007-11-10 Thread Harald Latzko
Hello Pankaj, Am 09.11.2007 um 23:33 schrieb Pankaj Mathur: Hi , I am trying to encrypt and decrypt a large file using the Openssl API. I am doing this by calling EVP_EncryptUpdate / EVP_DecryptUpdate iteratively for a block size of 1024 and then calling the EVP_EncryptFinal_ex/ EVP_Dec

Re: AW: via padlock support much slower in 0.9.8e than in 0.9.8d, why?

2007-09-26 Thread Harald Latzko
both versions and not going up to over 600MB/s like you posted. Any clues? -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Harald Latzko Gesendet: Dienstag, 25. September 2007 20:25 An: openssl-users@openssl.org Betreff: Re: via padlock support much slow

Re: via padlock support much slower in 0.9.8e than in 0.9.8d, why?

2007-09-25 Thread Harald Latzko
Hi! I cannot confirm these performance differences between 0.9.8d and 0.9.8e. My results on a Via CPU are: 0.9.8d == engine "padlock" set. Doing aes-256-cbc for 3s on 16 size blocks: 11906104 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 64 size blocks: 9088256 aes-256-cbc's in 2

Re: openssl smime -enc speed question

2007-08-16 Thread Harald Latzko
oh, I forgot to mention that this behaviour appears in the latest snapshot (20070816) of openssl-0.9.9-dev. Am 16.08.2007 um 10:30 schrieb Harald Latzko: Hello! Am 14.04.2007 um 00:04 schrieb Dr. Stephen Henson: 'tis done. I found a quiet period to look into it and test it a l

Re: openssl smime -enc speed question

2007-08-16 Thread Harald Latzko
Hello! Am 14.04.2007 um 00:04 schrieb Dr. Stephen Henson: 'tis done. I found a quiet period to look into it and test it a little. Check out the new -stream option in the smime utility for OpenSSL 0.9.9. Support in the API is quite simple too, just include the PKCS7_STREAM flag in the cal

compiling openssl-0.9.9dev on AIX5.3 64bit

2007-07-11 Thread Harald Latzko
Hello, after having read several documents, howtos, READMEs etc., i wasn't able to compile actual daily snapshots of openssl 0.9.9 on AIX5.3 64bit with GCC 4.0.0. I've tried various combinations of ./Configure- options, linker options and others, but none worked. It always stops at the app

decryption of large file

2007-06-02 Thread Harald Latzko
D2I_READ_BIO:malloc failure:a_d2i_fp.c:229: The memory consumption raised about 1.5GB on this machine before no more memory was available, so I think the OS (Debian Linux) had no more memory available for allocation (which explains the error message). Is there a way to decrypt large fi

Re: Encrypt the big file with symmetric algorithm

2007-05-19 Thread Harald Latzko
model to work from. Which would you like me to do: AES, 3DES or BLOWFISH? Peace, Charles Harald Latzko wrote: Hi! I tried to compile your code, but the following include files are missing (or not included in MacOS, Linux and openSSL distribution): - portable.h - exception.h - ltscrypto.h

Re: Encrypt the big file with symmetric algorithm

2007-05-19 Thread Harald Latzko
.: Here are examples, from my code, of both 3DES and AES. Any questions, ask away. Chaz. Harald Latzko wrote: Hi! Do you have a solution for deryption of big files using des3 and/ or aes256, too? The openSSL command line smime utility eats up all my memory and crashes after a while

Re: Encrypt the big file with symmetric algorithm

2007-05-18 Thread Harald Latzko
Hi! Do you have a solution for deryption of big files using des3 and/or aes256, too? The openSSL command line smime utility eats up all my memory and crashes after a while... Greetings, Harald Am 17.05.2007 um 01:15 schrieb Chaz.: [EMAIL PROTECTED] wrote: Hi, all I have encrypted the fi

Re: Encrypt the big file with symmetric algorithm

2007-05-16 Thread Harald Latzko
Hi! I use for big file encryption the new "stream" support of openSSL 0.9.9, it works perfectly. For decryption (and signature verification), the stream support is not implemented yet. So we have to wait until it's implemented, or find another solution. If you have found another way to do

Re: smime stream support; was: openssl smime -enc speed question

2007-05-03 Thread Harald Latzko
Hello! Am 14.04.2007 um 00:04 schrieb Dr. Stephen Henson: Sorry to have given you false hopes. The issue that all the data has to be in working memory to be encrypted is indeed starting to become a real annoyance in some practical circumstances. So perhaps if Stephen Henson should develop

Re: openssl smime -enc speed question

2007-04-16 Thread Harald Latzko
Hello, Am 14.04.2007 um 00:04 schrieb Dr. Stephen Henson: 'tis done. I found a quiet period to look into it and test it a little. Check out the new -stream option in the smime utility for OpenSSL 0.9.9. Support in the API is quite simple too, just include the PKCS7_STREAM flag in the call

Re: openssl smime -enc speed question

2007-04-16 Thread Harald Latzko
tely satisfied :-) Thank you very much for the great work. I'm testing at the moment with encoding files, resulting in an extremely good performance using hardware engines. If anything is open or unclear, I will reply to this message. Reg

Re: openssl smime -enc speed question

2007-03-24 Thread Harald Latzko
Hello, Am 24.03.2007 um 14:39 schrieb Dr. Stephen Henson: No, sorry I do not know how to enable the streaming encryption support and it very probably will not be in the command line tool. I only know beginnings of streaming encryption support exist from posts by Dr. Stephen Henson on this

Re: openssl smime -enc speed question

2007-03-24 Thread Harald Latzko
Hello! Am 23.03.2007 um 20:01 schrieb Marco Roeland: can anybody even confirm that encrypting files via "openssl smime" command consumes very much memory? Yes. The PKCS7_encrypt(3ssl) function needs to hold all the data in memory as specified in the BUGS section of its man page. As far as I kno

Re: openssl smime -enc speed question

2007-03-23 Thread Harald Latzko
Hello again, can anybody even confirm that encrypting files via "openssl smime" command consumes very much memory? Regards, Harald Am 22.03.2007 um 19:29 schrieb Harald Latzko: Hi! I encrypt files via openssl on commandline using the following command: openssl smime -encryp

openssl smime -enc speed question

2007-03-22 Thread Harald Latzko
Hi! I encrypt files via openssl on commandline using the following command: openssl smime -encrypt -in /tmp/testfile -out /tmp/testfile.enc - nodetach -binary -aes256 -outform DER -engine padlock /tmp/public.pem Since I use the engine "padlock" on a VIA CPU (openssl speed show an enormous s

AIX 5.x file encryption problem

2007-03-09 Thread Harald Latzko
Hello list! I have problems encrypting files with the following command: openssl smime -encrypt -in /tmp/infile -out /tmp/testencrypted -nodetach -binary -des3 -outform DER /tmp/mypub.cer This command is running in several versions of openSSL successfully on several platforms (Linux, MacOS X, Wi