Re: Playing nice between OpenSSL and Microsoft libraries with 3DES pass phrases?

2004-01-26 Thread Kenneth R. Robinette
Do yourself a favor and just have one of the OpenSSL crypto experts do the function on a consulting basis. Will save you a lot of time, and misery! And it will be crypto correct. Ken > > There are a few other complications which you may not be aware of. > > But I am terrified that they exis

Re: ftp implicit ssl connection

2003-03-15 Thread Kenneth R. Robinette
Take a look at: http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html Ken > > PBSZ is used when you are negotiating the size of the buffer to be > > encrypted. > > If you are using FTP over SSL, the FTP protocol is not performing any > > authentication or encryption. Therefo

Re: IMPORTANT: The release of 0.9.6h is postponed

2002-11-22 Thread Kenneth R. Robinette
Date sent: Fri, 22 Nov 2002 10:21:30 EST From: Jeffrey Altman <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Copies to: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject:Re: IMPORTANT: The release of 0.9.6h is

Re: OpenSSL on WIN2K

2002-11-05 Thread Kenneth R. Robinette
Date sent: Tue, 05 Nov 2002 13:12:27 To: [EMAIL PROTECTED] From: "Thomas J. Hruska" <[EMAIL PROTECTED]> Subject:Re: OpenSSL on WIN2K Send reply to: [EMAIL PROTECTED] Passing out this type of advice may end up getting appli

Re: Windows, MS VC++, MFC and OpenSSL

2002-10-02 Thread Kenneth R. Robinette
Date sent: Wed, 02 Oct 2002 11:26:19 +0200 From: Michael Voucko <[EMAIL PROTECTED]> Organization: Fillmore Labs GmbH To: [EMAIL PROTECTED] Subject:Re: Windows, MS VC++, MFC and OpenSSL Send reply to: [EMAIL PROT

Re: zlib double free bug and openssl question.

2002-06-04 Thread Kenneth R. Robinette
Date sent: Tue, 4 Jun 2002 19:45:55 +0200 From: Lutz Jaenicke <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject:Re: zlib double free bug and openssl question. Organization: BTU Cottbus, Allgemeine Elektrotechnik Send repl

Re: About OpenSSL 0.9.7 release

2002-04-05 Thread Kenneth R. Robinette
Date sent: Fri, 5 Apr 2002 14:03:03 +0200 From: Lutz Jaenicke <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject:Re: About OpenSSL 0.9.7 release Organization: BTU Cottbus, Allgemeine Elektrotechnik Send reply to:

Re: What chars are valid in a CN

2002-03-05 Thread Kenneth R. Robinette
From: "Dilkie, Lee" <[EMAIL PROTECTED]> To: "'[EMAIL PROTECTED]'" Subject:What chars are valid in a CN Date sent: Tue, 5 Mar 2002 08:31:28 -0500 Send reply to: [EMAIL PROTECTED] http://docs.iplanet.com/docs/manuals/cms/

Re: SSL for telnet

2001-09-10 Thread Kenneth R. Robinette
From: "Dilkie, Lee" <[EMAIL PROTECTED]> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> Subject:SSL for telnet Date sent: Mon, 10 Sep 2001 15:31:45 -0400 Send reply to: [EMAIL PROTECTED] http://www-cs-students.stanford.edu/

TLS/SSL Authentication

2001-09-02 Thread Kenneth R. Robinette
If I understand the handshaking of TLS/SSL between a host a client, the client sends a certificate to the host, then performs a RSA encryption operation using the certificate private key on challenge data sent by the host. If the certificate and private key is located on a USB token/Smart Car

Re: can we prevent export of a personal certificate?

2001-08-28 Thread Kenneth R. Robinette
From: "Greg Stark" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject:Re: can we prevent export of a personal certificate? Date sent: Tue, 28 Aug 2001 17:40:31 -0400 Send reply to: [EMAIL PROTECTED] If they are using the

DSA Keys

2001-08-19 Thread Kenneth R. Robinette
As quoted from several sources by Simon Tatham: "PuTTY also does not support DSA for user authentication keys, for security reasons." What security issues is he referring to? Ken __ Support InterSoft International, Inc. Voice: 888-823-1541, I

RSA Structure Enhancements

2001-08-16 Thread Kenneth R. Robinette
Will the functions: RSA_set_ex_data RSA_get_ex_data contained within OpenSSL version 0.9.6 remain valid in future versions of OpenSSL? Ken __ Support InterSoft International, Inc. Voice: 888-823-1541, International 281-398-7060 Fax: 888-823-1542

Re: Problems with SSL V3 and IIS

2001-08-09 Thread Kenneth R. Robinette
co.uk Ken --- "Kenneth R. Robinette" <[EMAIL PROTECTED]> > You must be running a version I have never seen or a > real old one. IIS 4.0 which is the latest version that runs under NT4. The behavior you are describing sounds like IE, which is much nicer abou

Re: Problems with SSL V3 and IIS

2001-08-09 Thread Kenneth R. Robinette
ut you can export just the certificate. Ken --- "Kenneth R. Robinette" <[EMAIL PROTECTED]> wrote: > > Yes, it does support pkcs-12 but Microsoft refers to > them as .pfx. > Simple use the openssl command Eric referenced and > use a > filename such as out.pfx

Re: Problems with SSL V3 and IIS

2001-08-09 Thread Kenneth R. Robinette
Date sent: Wed, 8 Aug 2001 19:05:53 -0700 (PDT) From: Michael Shanzer <[EMAIL PROTECTED]> Subject:Re: Problems with SSL V3 and IIS To: [EMAIL PROTECTED] Send reply to: [EMAIL PROTECTED] Mike Yes, it does support pkcs-12

Re: Using Microsoft CA generated certificates or Accessing other CSPs using OpenSSL generated Certificates?

2001-07-25 Thread Kenneth R. Robinette
From: "Kevin Elliott" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Copies to: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject:Using Microsoft CA generated certificates or Accessing other CSPs using OpenSSL generated Certificates? Date s

Re: FTP over SSH2

2001-07-25 Thread Kenneth R. Robinette
Date sent: Wed, 25 Jul 2001 14:02:26 -0600 From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject:Re: FTP over SSH2 Send reply to: [EMAIL PROTECTED] SecureNetTerm. Take a look a www.securenetterm.com

Re: Where are the low-level crypto functions implemented?

2001-04-30 Thread Kenneth R. Robinette
Date sent: Mon, 30 Apr 2001 18:01:22 -0400 From: Gila Sheftel <[EMAIL PROTECTED]> Organization: Gemplus Inc. To: [EMAIL PROTECTED] Subject:Where are the low-level crypto functions implemented? Send reply to: [EMA

Re: Smart Card Readers

2001-04-24 Thread Kenneth R. Robinette
on. We have had several iButtons fail in a period of a few months. But, if you want to use the iButton, have at it. Ken "Kenneth R. Robinette" wrote: > But no problem, if you order one, and try it out, you will not have to worry > about the license. You will have given it

Re: Smart Card Readers

2001-04-24 Thread Kenneth R. Robinette
ll take your word for it on the ibutton. It did strike me as odd a semi conductor company was making this. The licence thing is really bizzare. What happens to your private key when the licence runs out? I really liked the jewlery concept though. Thanks, Oliver - Original Message -

Re: Smart Card Readers

2001-04-24 Thread Kenneth R. Robinette
From: "Oliver Bode" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject:Re: Smart Card Readers Date sent: Wed, 25 Apr 2001 01:17:18 +1000 Send reply to: [EMAIL PROTECTED] Oliver You should forget that the Java iButton ev

Cryptlib

2001-04-23 Thread Kenneth R. Robinette
What is the relationship between cryptlib and OpenSSL? I noticed that Eric Young name appears in the cryptlib credits. Does cryptlib use OpenSSL as its core software component? Ken __ Support InterSoft International, Inc. Voice: 888-823-1541, I

Re: MD5 and X509

2001-04-21 Thread Kenneth R. Robinette
n that outputs four bytes. What exactly do you need for your 'unique enough' property? _ Greg Stark Ethentica, Inc. [EMAIL PROTECTED] _ - Original Message - From: "Rich Salz" <[EMAIL PROTE

Re: MD5 and X509

2001-04-21 Thread Kenneth R. Robinette
Date sent: Sat, 21 Apr 2001 08:06:03 -0400 From: Rich Salz <[EMAIL PROTECTED]> To: "Kenneth R. Robinette" <[EMAIL PROTECTED]> Copies to: [EMAIL PROTECTED] Subject:Re: MD5 and X509 Send rep

Re: Using "external" certificates in web browsers

2001-04-17 Thread Kenneth R. Robinette
From: "Greg Stark" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Copies to: <[EMAIL PROTECTED]> Subject:Re: Using "external" certificates in web browsers Date sent: Tue, 17 Apr 2001 15:19:35 -0400 Send reply to:

Re: Extract Smart Card Cert to X509 struct

2001-04-14 Thread Kenneth R. Robinette
[EMAIL PROTECTED] Dr. Henson Thanks again. I took the lazy way and just modified a function I already had to convert the DER encoded cert data for output to a file and just passed the memory bio to the PEM_read_bio_X509 function. Ken "Kenneth R. Robinette" wrote: > > Is there any d

Re: pem/bio/evp help

2001-04-09 Thread Kenneth R. Robinette
Date sent: Mon, 09 Apr 2001 14:52:57 -0400 From: Gila Monstre <[EMAIL PROTECTED]> Organization: Gemplus To: [EMAIL PROTECTED] Subject:pem/bio/evp help Send reply to: [EMAIL PROTECTED] Gila Convince your company

Re: Is there a Telnet app?

2001-04-06 Thread Kenneth R. Robinette
Date sent: Fri, 06 Apr 2001 15:33:24 -0400 From: Steve Roche <[EMAIL PROTECTED]> Organization: Powerlan USA, Inc. To: [EMAIL PROTECTED] Subject:Is there a Telnet app? Send reply to: [EMAIL PROTECTED] Steve Depe

Re: JAVA/JNI Wrapper for OpenSSL.

2001-03-28 Thread Kenneth R. Robinette
Date sent: Thu, 29 Mar 2001 10:46:41 +0800 From: qun-ying <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject:Re: JAVA/JNI Wrapper for OpenSSL. Send reply to: [EMAIL PROTECTED] Yes, this normally is the result of including

Many Thanks and a Recommendation

2001-03-26 Thread Kenneth R. Robinette
With the assistance of the SSL users group, I was able to complete our project to link OpenSSH/OpenSSL to the use of Smart Cards for both SSH-1 and SSH-2 rsa_private_decrypt and rsa_private encrypt processing. The use of the RSA method within the OpenSSL RSA key structure, combined with the C

Re: RSA Private Encrypt

2001-03-25 Thread Kenneth R. Robinette
e how brilliant and sophisticated the whole design is. And the support from the mailing list is first class. Ken "Kenneth R. Robinette" wrote: > > > I was hoping that this was the case. Now if I set the > RSA_FLAG_EXT_PKEY flag, how do I specify the function that will

SmartCard Public Key

2001-03-23 Thread Kenneth R. Robinette
I am trying to import the public RSA key (modulus) created on a Smart Card into an OpenSSL/OpenSSH key structure. The size of the Smart Card public/private key pair is 1024 bits, and the key pair was generated onboard the Smart Card. I use the following code: Key *k; k = key_new(KEY_RSA); if

Re: How can I encrypt public key in handshake?

2001-03-20 Thread Kenneth R. Robinette
Date sent: Tue, 20 Mar 2001 16:22:53 -0800 Subject:Re: How can I encrypt public key in handshake? From: "corky peavy" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Send reply to: [EMAIL PROTECTED] Again, if you are looking fo

RE: How can I encrypt public key in handshake?

2001-03-20 Thread Kenneth R. Robinette
From: Bill Browning <[EMAIL PROTECTED]> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> Subject:RE: How can I encrypt public key in handshake? Date sent: Tue, 20 Mar 2001 15:29:05 -0800 Send reply to: [EMAIL PROTECTED] I do

RE: Legality question.

2001-03-19 Thread Kenneth R. Robinette
From: "David Schwartz" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject:RE: Legality question. Date sent: Mon, 19 Mar 2001 14:42:36 -0800 Send reply to: [EMAIL PROTECTED] That is true, but if you let a loose end slip b

Re: Client Certificate Presentation

2001-03-10 Thread Kenneth R. Robinette
From: ,,8000"Sandipan Gangopadhyay" <<[EMAIL PROTECTED]> To: ,,8000<<[EMAIL PROTECTED]> Subject: ,,8000Client Certificate Presentation Date sent: ,,8000Sun, 11 Mar 2001 10:38:57 +0530 Send reply to:

ThumbDrive

2001-03-07 Thread Kenneth R. Robinette
For all of you that have been looking into a way to save your private keys, certs, etc. offline on a very small device, take a look at a device referred to as the ThumbDrive. They are solid state memory memory "disks" that connect to your computer via a USB port and have storage from 16MB to

License Issue

2001-03-06 Thread Kenneth R. Robinette
Just as a point of reference, who is OpenSSL. Is it a corporation, a public trust, a private company or what? If we had a license issue, and I wanted our attorney to clarify any license issues, where does he go? Would any agreement made be legally binding? If so, under the laws of what cou

Re: Secure Telnet

2001-03-05 Thread Kenneth R. Robinette
Date sent: Mon, 05 Mar 2001 16:01:29 -0800 To: [EMAIL PROTECTED], [EMAIL PROTECTED] From: Rodney Thayer <[EMAIL PROTECTED]> Subject:Re: Secure Telnet Send reply to: [EMAIL PROTECTED] I agree, even though we support both t

PEM_read_PrivateKey - Memory to Memory

2001-03-01 Thread Kenneth R. Robinette
Is there some magic function within OpenSSL where the contents of a private RSA/DSA file can be passed via memory to the equivalent of the PEM_read_PrivateKey function? Ken __ Support InterSoft International, Inc. Voice: 888-823-1541, Internation

Re: building openSSL under Win32

2001-02-08 Thread Kenneth R. Robinette
From: "Doug Allen" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject:building openSSL under Win32 Date sent: Thu, 8 Feb 2001 16:29:52 -0800 Send reply to: [EMAIL PROTECTED] Doug I built a snapshot released about a week b

Re: Compiling OpenSSH w/OpenSSL & KerberosIV

2001-02-07 Thread Kenneth R. Robinette
From: [EMAIL PROTECTED] Date sent: Wed, 7 Feb 2001 19:58:24 -0500 (EST) To: <[EMAIL PROTECTED]> Copies to: <[EMAIL PROTECTED]> Subject:Compiling OpenSSH w/OpenSSL & KerberosIV Send reply to: [EMAIL PROTECTED]

Re: Openssl on Win32 (help!)

2001-01-29 Thread Kenneth R. Robinette
file you used when you compiled the OpenSSL .dll's. You must use the same options in VC 6.0 when you compile within your project. The most common problem is the type of executable you are creating in VC, multithreaded dll, etc. Ken - Original Message - From: "Kenneth R. R

Re: Openssl on Win32 (help!)

2001-01-26 Thread Kenneth R. Robinette
xe. any ideas? i've been working on other os's for the past few years so im rusty as hell with windoze your help is appriciated. - Original Message ----- From: "Kenneth R. Robinette" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sent: Sat, 27 Jan 2001 00:22:38

Re: Openssl on Win32 (help!)

2001-01-26 Thread Kenneth R. Robinette
l intergration into an application. So i'm looking for source code examples and linking information etc etc. StOo - Original Message - From: "Kenneth R. Robinette" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sent: Fri, 26 Jan 2001 23:32:47 + (GMT+00:00) Subject:

Re: Openssl on Win32 (help!)

2001-01-26 Thread Kenneth R. Robinette
Original Message ----- From: "Kenneth R. Robinette" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sent: Fri, 26 Jan 2001 18:25:49 + (GMT+00:00) Subject: Re: Openssl on Win32 > From: stuart hodgkinson <[EMAIL PROTECTED]> > Subject: Openssl on Win32

Re: openssl on NT

2001-01-23 Thread Kenneth R. Robinette
From: Mark Swarbrick <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject:openssl on NT Date sent: Tue, 23 Jan 2001 10:43:30 -0700 Send reply to: [EMAIL PROTECTED] Mark All you need is Perl and the normal Microsoft C compil

Re: MS Explorer Client Certificate

2001-01-22 Thread Kenneth R. Robinette
rtificate do you have? Have you imported it successfully into the "Personal" area? On Mon, 22 Jan 2001, Kenneth R. Robinette wrote: > The apache/mod_ssl "HowTo" states that a directory can be defined > to require clients to be authenticated for a particular URL bas

MS Explorer Client Certificate

2001-01-22 Thread Kenneth R. Robinette
The apache/mod_ssl "HowTo" states that a directory can be defined to require clients to be authenticated for a particular URL based upon client certificates signed by a certificate specified by the keyword SSLCACertificateFile. I assume that this implies that I can use my own self-signed CA c

Re: Win32 CA signed Apache Server-Netscape .CRT Problem

2001-01-19 Thread Kenneth R. Robinette
o you as soon as I resolve a production problem we are currently having. Thanks for the offer for assistance. Ken "Kenneth R. Robinette" wrote: > > > The .csr/.key is generated using the following commands: > > openssl genrsa -out server.key 1024 > openssl req -

RE: Win32 CA signed Apache Server-Netscape .CRT Problem

2001-01-19 Thread Kenneth R. Robinette
.pem I hope this help -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kenneth R. Robinette Sent: Friday, January 19, 2001 1:14 PM To: [EMAIL PROTECTED] Subject: Re: Win32 CA signed Apache Server-Netscape .CRT Problem Date sent: Fri, 19 Jan 20

Re: Win32 CA signed Apache Server-Netscape .CRT Problem

2001-01-19 Thread Kenneth R. Robinette
he Netscape client does not like the cert received from the Apache/mod-ssl server. The Microsft Explorer thinks it is ok, and other programs that I use with the "problem" server cert likes it. Ken "Kenneth R. Robinette" wrote: > > Problem: > > An Unix Apach

Win32 CA signed Apache Server-Netscape .CRT Problem

2001-01-19 Thread Kenneth R. Robinette
Problem: An Unix Apache/mod-ssl server .crt/.key pair generated from a .csr/.key signed by a self generated CA Cert on 32 bit Windows will not work with the Netscape 4.72 client running on Linux Redhat 6.2. However the same .csr/.key signed by the same self generated CA Cert on Redhat 6.2 L

Re: mechanical extraction of roots from netscape?

2001-01-18 Thread Kenneth R. Robinette
Date sent: Thu, 18 Jan 2001 16:39:58 + From: Hannu Krosing <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Copies to: [EMAIL PROTECTED] Subject:Re: mechanical extraction of roots from netscape? Send reply to: [E

Win32 CA signed Apache Server-Netscape .CRT Problem

2001-01-18 Thread Kenneth R. Robinette
Problem: An Unix Apache/mod-ssl server .crt/.key pair generated from a CSR/KEY signed by a self generated CA Cert on 32 bit Windows will not work with the Netscape 4.72 client running on Linux Redhat 6.2. However the same CSR/KEY signed by the same self generated CA Cert on Redhat 6.2 Linux