Re: Decrypting pkcs7 messages

Hi, U can loop through every PKCS7_RECIP_INFO object in P7->d.enveloped->recipientinfo stack and print the issuer and serial like: X509_NAME_print(bio, recp_info->issuer_and_serial->issuer, ) i2a_ASN1_INTEGER(bio, recp_info->issuer_and_serial->serial, .) Hadmut Danisch wrote: Hi, a q

Re: AW: RSA key sizes

number of bits. To answer our second question: A real 1024-bit-key must have at least 1017 bit, so it consits of 128 byte (= 1024 bit) with 7 leading zeros. Regards Thomas Beckmann -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Auftrag von Tan Eng Ten Gesendet

What size is this key?

A local certification authority has issued a cert and the public is as below (parsed with openssl) : - Modulus (1023 bit): 5d:10:63:d3:d8:00:2a:50:ab:65:8a:f0:92:83:b0: 6a:39:e3:0c:38:aa:f5:32:23:71:25:8e:4a:8d:50: fd:80:a3:95:59:33:27:92:88:d0:1d:28:dd:05:7c: b6:a0:5e:68:9e:

RSA key sizes

Hi all, This is a general crypto question and I hope someone could help me out. Often we use RSA of 512, 1024, 2048, 4096, etc. bit lengths. Are other sizes such as 520/1045 bit "valid"? Mathematically, it should work, but are there reasons why odd sizes are not to be used? _

Re: certificate embedded into the executable

o_X509(bio, NULL, NULL, NULL); -Tan Eng Ten James Whitwell wrote: Hi, Can anyone tell me if it's possible to embed a client certificate inside my executable, and what calls I should use to tell OpenSSL to use it? I think I'll also need to do it for the CA, since we use self-signed cert

Re: bug in PKCS7_free ?

This is another example of the problem I highlighted a few days ago. You need to be very careful with which getter methods return a new instance (or inc the ref count), and which ones do not. Definitely not a bug but a matter of consistency. Nils Larsch wrote: Alexandre Belloni wrote: Hi,

"getter" methods

to ensure if I need to do a *_free on the returned object. Is there a general guideline on which "getter" methods return new instances (or inc ref), and which do not? Tan Eng Ten __ OpenSSL Project

Re: BER to DER conversion

Hi, You may be in for some luck, the FAQ says "...OpenSSL ASN1 decoders can process BER." Give it a try and see if OpenSSL is able to decode what your HSM exports. No guarantees and don't quote me. Lincoln wrote: Hello all, Does OpenSSL have a routine to convert BER encoded blob into D

Re: Creating certs for others (without their private keys)

enssl req" to sign the request. CSR's have to be signed... You know this, right? :)) Uri wrote: Tan Eng Ten wrote: But how??? Could you give an example please (of [a] creating, and [b] signing a "req")? How is in the HOWTO (http://www.openssl.org/docs/HOWTO/) Dar

Re: Creating certs for others (without their private keys)

But how??? Could you give an example please (of [a] creating, and [b] signing a "req")? How is in the HOWTO (http://www.openssl.org/docs/HOWTO/) __ OpenSSL Project http://www.openssl.org User Supp

Re: C & C++ difference.

Hi Rohan, Why do you need "if (!bio_err)" at the start if program? rohan shrivastava wrote: Hello, I have written a program in C & C++, for testing OpenSSL. The C program works fine, whereas in C++ I receive segmentation fault error while executing SSL_CTX_use_certificate_file() function.

Re: X509 Cert dates

ll terminate the buffer *(bigBuffer + l) = '\0'; fclose(fp); } _unlink(tmpFile); free(tmpFile); // -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behal

Re: X509 Cert dates

Hi, U could try: BIO *bio = BIO_new_fp(stdout, BIO_NOCLOSE); ASN1_TIME_print(bio, X509_get_notBefore(cert)); BIO_free(bio); Tell me if it works. Pj wrote: Hi All, How can I print localised, human readable certificate dates into a null terminated string buffer?

Re: PROBLEMS with PKCS7 type signedAndEnveloped

Before PKCS7_dataInit(), try adding: PKCS7_content_new(thePKCS7, NID_pkcs7_data) U might also want to explore PKCS7_set_detached() to see if this applies for you. -ET Tan Luis Alberto Pérez Paz wrote: Hi everybody, I need your help, I'm trying to make a PKCS7 signedAndEnveloped. I have read some

Re: "decryption failed or bad record mac"

I'm no expert either, but could u show some code snippets on how u handle threads and these 2 very important structures -- SSL and SSL_CTX. I suspect that your threads might be re-initializing SSL_CTX. And when that happens under heavy load, the problem you described might occur. dan trainor wr

Re: How to get SSL DLL's compiling from Cygwin?

C++. Do we need to compile OpenSSL with VC too? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tan Eng Ten Sent: Wednesday, May 04, 2005 8:37 AM To: openssl-users@openssl.org Subject: Re: How to get SSL DLL's compiling from Cygwin? I think u get l

Re: How to get SSL DLL's compiling from Cygwin?

I think u get libcrypto.so and libssl.so instead Manel Rodero wrote: Hello, I'm trying to compile OpenSSL 0.9.7f under Windows 2000 (using Cygwin) but I don't know if I get all the files after the compilation process. For example, I don't have libeay32.dll nor ssleay32.dll. To setup the compilation

EVP_PKEY_get1_RSA

Hi, I need to set app data to an RSA object encapsulated in an EVP_PKEY, so I did the following: void set_app_data(EVP_PKEY *pkey) { ... rsa = EVP_PKEY_get1_RSA(pkey); RSA_set_app_data(rsa, app_data); RSA_free(rsa); ... } We shouldn't access pkey->pkey.rs

Re: PKI setup

Start with certificates.txt and keys.txt in docs/HOWTO Prashant Sodhiya wrote: Hi All, pls help in setting up PKI environment in unix. i've downloaded "openssl-0.9.7f" configured /installed it. Now how should i proceed...(configuring CA, generating certificates etc) thnx in advance Prashant ___

Re: sk_X509_CRL_delete

How abt adding decreasing the iterator (i--) in the if-block so it looks like: for(i=0; i < num_crls; i++) { crl = sk_X509_CRL_value(crl_stack, i); . X509_verify_CRL(); if (above check fails) { sk_X509_CRL_delete(crl_stack, i) i--; } } Does it work for you? __

Re: Generate symmetric key DES3

ret must have been allocated prior DES_random_key(ret); Angel Martinez Gonzalez wrote: Hello: I want to generate a symmetric key with DES. But I don´t know very well, how do it. I tried the following: void GenerateKey() { DES_cblock *ret ; RAND_screen(); printf("Staus of PRNG: %i\n",RAND_stat

Re: Use of Engines

Thanks for highlighting this. I see that cmd's of type ENGINE_CMD_FLAG_STRING, ENGINE_CMD_FLAG_NUMERIC and ENGINE_CMD_FLAG_NO_INPUT could be expressed easily as strings ('EMPTY' for ENGINE_CMD_FLAG_NO_INPUT) in the conf file, but how about ENGINE_CMD_FLAG_INTERNAL? How do I express a function call

Re: Use of Engines

ec - Or you could just look into the ubsec engine codes for the definitions. -Tan Eng Ten Edward Chan wrote: Is it required to call ENGINE_init()? Or is this sufficient ENGINE* e = ENGINE_by_id(id); ENGINE_set_default(e, ENGINE_METHOD_ALL); I have looked in various code, and I mostly see

Re: Use of Engines

engine codes for the definitions. -Tan Eng Ten Edward Chan wrote: Is it required to call ENGINE_init()? Or is this sufficient ENGINE* e = ENGINE_by_id(id); ENGINE_set_default(e, ENGINE_METHOD_ALL); I have looked in various code, and I mostly see the latter. But in the stunnel code, I see them doing

Re: Newbie: how to use openssl library

why did you have to manually (or separately) compile the /crypto/rsa/rsa_test.c? that should be done when you compile the entire openssl package with nmake; and subsequently nmake test. okay, maybe you decided to try it out on your own VC workspace. have you included libeay32.lib and ssleay32.l

Re: Field CN and the certificates

Netscape on Solaris even shows "You have attempted to establish a connection with "abc.mydomain.com". However the security certificate presented belongs to "abc.mydomain.com" Uhhh.. I'm clueless __ OpenSSL Project

Re: Field CN and the certificates

Back to your original problem -- You said you were accessing the web server by using IE, was that client machine in the same private network (as the server)? Have you tested accessing the web server from another client machine? Maybe you should start looking from the client-end. Vu Pham wrote: -

Re: Can't compile my small program on Cygwin

try: gcc -Wall foo.c -o foo -lcrypto -lssl [EMAIL PROTECTED] wrote: Hi, I tried to compile my program and ran into trouble. I am new to both: cygwin and openssl, I don't know what I do wrong. Can someone please help me? I am happy to provide any information needed. I have installed the cygwin opens

Re: Whya are there .so.2, .so.4 and .so.0?

I think one of them is the default that came along with your OS. This is to avoid conflict when user installs a different version of the lib later on. Just my guess. tj wrote: I am condused, really a normal state for me :-). I have a slackware install and it has libssl.so.0, but some apps requi

Re: How small in codesize and ramsize can openssl be cut down to?

Maybe this is what you're actually looking for: www.matrixssl.com Jon Bendtsen wrote: i'm working on an embedded micro computer, and i would like to have a webservice. However the data needs to be encrypted. I was thinking of using SSL for that, but i only have 32K for everything. OS, tcp/ip,

Re: decrypting using AES_decrypt()

Hi, remember the entire openssl is open-source? if you would like to know how to code certain things the openssl command line utility can perform, look right into its source codes in apps\ as for the enc/dec functions, look in the file apps\enc.c i'm sure u can figure out from there Brian Murphy

Re: TLS application data MAC

Before seq no, there should be either the client MAC or server MAC (depending on who you are). Avinash Agarwal wrote: Hello dragos, I think you are referring to the problem with decrypting/encrypting the TLS app data...I faced the problem but i was finally successful in decrypting/encrypting th

Re: TLS application data MAC

Look at the Appendix -- Sample Code in http://www.ietf.org/rfc/rfc2104.txt Avinash Agarwal wrote: Hello all, I'm trying to figure out how to generate the MAC for application data in TLS v1. The rfc (2246) says at § F.2 "protecting application data" "Outgoing data is protected with a MAC before tra

Re: using the bn library tips, faq or howto anywhere

Hmm, i think that depends on which BN_ functions. In your example, BN_bin2bn() returns a new BIGNUM object, so you do not need to BN_new(). b l wrote: Hi, If i reuse a BIGNUM created with BN_new() without freeing it first will i cause a memory leak? does the BIGNUM dynamically allocate memory eac

Re: mutual authentication

I think this is OpenSSL's mailing list and not JSSE :) (B (BAnyway, my quick guess is probably you need to add the "-trustcacert" (Boption when doing the Java's keytool import. (B (BCheers (B (B[EMAIL PROTECTED] wrote: (B> Hi! (B> (B> I have the following problem in mutual authentication

Re: RSA encryption - to encrypt a c structure ??

First of all, you need to write functions that do serialization and de-serialization of your own C structure. Think about network programming, how do you send a C structure using sockets to a receipient? And having the receipient assemble it back into a C structure? Without such functions, any