[openssl-users] Escaped Issuer/Subject

2017-04-12 Thread c.hol...@ades.at
I thought about escaping regarding DN itself (LDAP DN). https://www.ietf.org/rfc/rfc4514.txt https://www.ibm.com/support/knowledgecenter/en/ssw_i5_54/rzahy/rzahyunderdn.htm https://msdn.microsoft.com/en-us/library/aa366101%28v=vs.85%29.aspx Best regards -- openssl-users mailing list To unsubsc

[openssl-users] Escaped Issuer/Subject

2017-04-11 Thread c.hol...@ades.at
Hi! Is it possible to get the distinguished name of issuer or subject in a escaped form out of the box? e.g. C=US, O=test, Inc., OU=department=1, CN=tester " C=US, O=test\, Inc., OU=department\=1, CN=tester \" cheers, chris -- openssl-users mailing list To unsubscribe: https://mta.openssl.o

[openssl-users] GCM cipher decryption

2016-07-13 Thread c.hol...@ades.at
Thanks! It works. Chris -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] GCM cipher decryption

2016-07-12 Thread c.hol...@ades.at
Hi! 2 questions about GCM and the following OpenSSL-Sample please. https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Decryption_using_GCM_mode and the function int decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *aad, int aad_len

[openssl-users] Padding OAEP

2016-07-05 Thread c.hol...@ades.at
Hi! I had a look into Apache Santuario. A XML-Security-Framework using OpenSSL. For my eyes it looks like only OAEP with MGF SHA1 is supported out of the OpenSSL-box. Other digests need to be handeled manually. In Santuario they wrote an own RSA_padding_check_PKCS1_OAEP with 2 new parameters

[openssl-users] Padding OAEP

2016-07-04 Thread c.hol...@ades.at
I had some further analysis. I am looking for RSA-decryption with OAEP-padding and MGF1 and digest SHA-256. Is there a way to do it?? Thanks! -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Padding OAEP

2016-07-04 Thread c.hol...@ades.at
Hello! I try to do some XML-ENC with OpenSSL (https://www.w3.org/TR/xmlenc-core1/#sec-RSA-OAEP, section 5.5.2) and I have some problems with the padding. Now I have some problems with decrypting a RSA-encoded string. For identifier "rsa-oaep-mgf1p" I use RSA_PKCS1_OAEP_PADDING for padding an

[openssl-users] CMS: Encrypt with binary encoding

2016-06-22 Thread c.hol...@ades.at
Yes, but then there is no MIME-Header. Can I have MIME with binary encoding?? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] CMS: Encrypt with binary encoding

2016-06-22 Thread c.hol...@ades.at
Hi! Is there a way to get binary (not base64) encoding out of CMS-encrypt?? openssl cms -encrypt -in plain.txt mycer.cer gives me a MIME-part with Content-Transfer-Encoding: base64 But I'd like to have binary. Thanks for help! Chris -- openssl-users mailing list To unsubscribe: https://mta.o

[openssl-users] RSA-OAEP (without MGF1P)

2016-06-14 Thread c.hol...@ades.at
Hi! Dealing with XML Security and enncryption/decryption I am looking for support of padding RSA-OAEP. As far I can see PKCS 1.5 and RSA-OAEP-MGF1P is supported within OpenSSL. Can anyone tell me what about RSA-OAEP and the support for it? Thanks! Chris -- openssl-users mailing list To uns

[openssl-users] Missing ctrl-defines for GCM

2016-05-01 Thread c.hol...@ades.at
Hi! I am trying OpenSSL EVP for some AES-GCM encryption/decryption testing. Having Debian 8.4 (testing) my installed evp.h does not include the following defines I need. #define EVP_CTRL_AEAD_SET_IVLEN 0x9 #define EVP_CTRL_AEAD_GET_TAG 0x10 #define EVP_CTRL_AEAD_SET_TAG 0x11 If I set it manu

Re: [openssl-users] Verify signature without certificate included in it

2016-04-23 Thread c.hol...@ades.at
Ahh... i see. -certfile Thanks! Chris On 2016-04-22 20:22, c.hol...@ades.at wrote: hi! I am using openssl-smime for signing outgoing messages and verifying incoming. My question is about verifying. If the partner signs a message where the certificate is included in the signature all is

[openssl-users] Verify signature without certificate included in it

2016-04-22 Thread c.hol...@ades.at
hi! I am using openssl-smime for signing outgoing messages and verifying incoming. My question is about verifying. If the partner signs a message where the certificate is included in the signature all is OK. If he signes only with issuer and serial included in the signature i get an error ("

[openssl-users] SMIME: 1.0.0e vs. 1.0.1e

2016-02-26 Thread c.hol...@ades.at
Hi! I'd like to finish the thread I started. - My first statement was wrong. Also 1.0.0e is not able to process my SMIME-sample. The reason was that I had a smime-binary-patch installed at the 1.0.0e some years ago and I did not remember about it. Without the patch installed in the 1.0.1e it l

[openssl-users] SMIME: 1.0.0e vs. 1.0.1e

2016-02-18 Thread c.hol...@ades.at
I'd like to add the following to my thread. - If I use option -nosigs then it is working. But sure its not verifying. If I change the content it is still ok with this option in place. - I tried also the current 1.0.1r and get the same behaviour with 1.0.1e. - Option -binary does not help. Th

[openssl-users] SMIME: 1.0.0e vs. 1.0.1e

2016-02-18 Thread c.hol...@ades.at
Hello! I have a little problem with an update from an old 1.0.0e (vanilla compiled) vs. debians (7.9, stable) 1.0.1e. I try to verify an smime-signature Tried with the same smime-file and with the same certificates on the same machine. The certificates are fine and are ok if I verify them.