[sorry for top posting]
This begs the question "what is your access to the encrypted datastream?"
If you are sniffing from the wire using Wireshark, then it will decode to this
level and show you a textual representation of the cipher list.
If you have access to the datastream through code, the
http://slproweb.com/products/Win32OpenSSL.html [1]
On Fri 05/10/12 2:37 PM , "engineermike" engineerm...@mindspring.com
sent:
HELLO,
Links:
--
[1] http://slproweb.com/products/Win32OpenSSL.html
Apologies for repeated top-posting. Only have crappy web-access.
See:
http://stackoverflow.com/questions/3242386/error-compiling-openssl-for-win32
[1]
You can locally fix up Op4enSSL's e_os.h to remove conflicts or find
another way to to do. I think the /G5 is being ignored.
>On Wed 25/07/12 2:16 PM , Jakob Bohm jb-open...@wisemo.com sent:
>On 7/25/2012 3:01 PM, Florian Rüchel wrote:
>> Hi,
>>
>> I have a tool which calls RAND_bytes() for a length of 16 bytes while
>> using the CAPI engine and having set it to be used for all purposes.
>> If I run it in my Visual Stu
>On Thu 12/04/12 3:08 PM , kthiru...@inautix.co.in sent:
>Carl,
>Thanks for your reply,
>
>We have a Load Balancer in between the User ( desktop ) and the Server.
>
>So, i used the getpeername and am getting only the Load Balancer IP in the
>output and not the desktop IP. Is >there any other wa
>On Tue 10/04/12 10:36 AM , kthiru...@inautix.co.in sent:
>Am using OpenSSL for one of my TCP application and can someone explain how to
>retrieve the source IP ( of the >machine ) from which the SSL connection is
>established.
>
>Am using openssl-0.9.8a version.
>
I would say:
int fd = S
>On Tue 03/04/12 2:21 PM , Balamurugan rajan balamurugan@gmail.com sent:
>I want to need to read the Certiifcate Key usage and identify the combination
>values to determine what certificate is >that . so i need the Keyuage values
>of X509V3 certificate
>
That's a completely different thing
>On Tue, Apr 3, 2012 at 6:03 PM, wrote:
>>On Tue 03/04/12 12:46 PM , brajan balamurugan@gmail.com sent:
>>
>>I want to know what is ASN1_OCTET_STRING and how to convert that into c++
>>string /char *
>>--
>
>An ASN1_OCTET_STRING is just another name for the ASN1_STRING type. Assuming
>that th
>On Tue 03/04/12 12:46 PM , brajan balamurugan@gmail.com sent:
>
>I want to know what is ASN1_OCTET_STRING and how to convert that into c++
>string /char *
>--
An ASN1_OCTET_STRING is just another name for the ASN1_STRING type. Assuming
that the data you are trying to manipulate corresponds
BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; }
My suggestion would be to use a BIO pair:
http://www.openssl.org/docs/crypto/BIO_new_bio_pair.html [1]
http://stackoverflow.com/questions/2512026/x-509-certificate-based-authentication-with-openssl-without-us
What do you think strlen(in) will return? You are mixing up variable length C
strings (nul terminated) with binary data - always pass the true data length
Carl
On Thu 29/03/12 12:58 PM , "Chandrasekhar" chandrasek...@evolute-sys.com sent:
> Hi ,
>
> I am new to this openssl libraries.
>
> I
BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; }
I can see it:
03/14/2012 01:34PM 4,453,920 openssl-1.0.1.tar.gz [1]
On Thu 15/03/12 12:50 AM , Iain Morgan iain.mor...@nasa.gov sent:
On Wed, Mar 14, 2012 at 10:09:22 -0500, OpenSSL wrote:
> -BEGIN
On Mon 12/03/12 4:02 PM , open...@master.openssl.org (OpenSSL) sent:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>OpenSSL Security Advisory [12 Mar 2012]
FTAO Dr Steve Henson,
Not that it's important, but the FAQ in 0.9.8u archive says:
* Which is the current version of OpenSSL?
T
> On Mon 31/10/11 4:25 PM , "Akanksha Shukla" akshu...@cisco.com sent:
> Hi Michael,
>
> Thanks for the reply. But I think the issue is not from the C perspective.
> As I already mentioned, that if I use fputs to directly write a string to
> file, then I am able to do that successfully. But when I
BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; }
Start second process as a daemon so it only does the entropy
gathering at process start-up?
On Wed 04/05/11 5:35 PM , Mounir IDRASSI mounir.idra...@idrix.net
sent:
Indeed, their have been already a modification to OpenSSL in orde
I used PKCS#12 files and CryptUIWizImport with these flags:
DWORD flags =
CRYPTUI_WIZ_NO_UI |
CRYPTUI_WIZ_IMPORT_TO_LOCALMACHINE |
CRYPTUI_WIZ_IMPORT_ALLOW_CERT |
CRYPTUI_WIZ_IMPORT_NO_CHANGE_DEST_STOR
BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; }
My 2-cents worth...
If you had to tweak ANYTHING then this is not a "FIPS-approved"
build.
Carl
On Thu 09/12/10 4:39 PM , Christopher A Hotchkiss
christopher.a.hotchk...@jpmchase.com sent:
To All,
BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; }
padding
On Fri 07/05/10 10:39 AM , "Johannes Bauer" jb@gmx.de sent:
Hello list,
I'm having trouble with the openssl enc feature. This here:
echo -n '0123456789abcde' | openssl enc -aes128 -nosalt -K
00112233445566778899aab
> On Thu 18/02/10 3:31 PM , Robert Doncaster b...@edp.co.uk sent:
> Hello,
>
> Is there a programmatic way to give a list of available cypher names (eg
> AES-128-ECB...)?
> i.e a list of the names that could be supplied to EVP_get_cipherbyname().
>
>
the openssl enc.c example shows a function
>On Fri 22/01/10 1:54 PM , protagora27 protagora27 protagor...@gmail.com sent:
>I want to test aes_wrap.c under sourceopenssl/crypto/aes.
Is this because AES needs 16 byte IV ??
__
OpenSSL Project
Hi,
In openssl, if I try to use anything using PBKD (PKCS#5 PBKDF2 in particular)
when in FIPS enabled mode, it returns an error.
Can someone point me to the relevant documentation in FIPS 140-2 that disallows
the use of PBKD functionality? In particular, when used to encrypt PKCS#12
files, et
> On Thu 22/10/09 9:05 AM , Misha Aizatulin ava...@hot.ee sent:
> is there a way, given an EVP_CIPHER, to find out the human-readable
> cipher name?
EVP_CIPHER_name
Carl
__
OpenSSL Project http:
>
>On Thu 17/09/09 4:37 PM , Jeffrey Walton noloa...@gmail.com sent:
>Hi Eystein,
>
>> typedef struct _STRING {
>> USHORT Length;
>> USHORT MaximumLength;
>> PCHAR Buffer;
>> } STRING, *PSTRING;
>That looks like a UNICODE_STRING (or less commonly LSA_STRING) to me.
>I don't ever recall seeing Micro
>On Thu 13/08/09 4:46 AM , Sudarshan Soma sudarshan...@gmail.com sent:
>Hi
>Can anone please clarify this data with OPENSSL 0.9.8i:
>
>RSA uses key ranges from 768-2048 and can operate only in CBC mode
>
>DSA uses key length of 1024 and operates only in CBC
? CBC chaining mode only applies to sym
>
>On Tue 4/08/09 10:19 AM , "Tom Horstmann" t...@utome.de sent:
>> Is there a way to determine if
>> a string is encrypted in DES or AES?
>
>No
>
>> Will the decrypt AES fail on a DES
>> encrypted string always or will openssl return a good return but with
>> garbage as the decrypted string?
>
>Th
Hi,
My apologies for a slightly off-topic question. When certificates are renewed
in most scenarios, is it usual to generate a new RSA key pair or would a client
re-use the existing keys and just ask for a new certificate with those keys?
Thanks for any guidance or pointers...
Regards,
Carl
I'm not going to comment on David's assertion's or anything about
wpa_supplicants, but lets take a step back:
SSL is NOT allowed in FIPS 140-2 compliant modes; TLS 1.0 IS allowed in FIPS
140-2 when using FIPS-approved security functions (see the FIPS 140-2
implementation guide).
TLS 1.0 is som
BUF_MEM * server_ptr = NULL;
BIO_get_mem_ptr(server, &server_ptr);
server_ptr->length should hold the size you want (assuming this isn't streamed
CMS)
Carl
>On Tue 16/06/09 5:05 PM , Chris Bare ch...@bareflix.com sent:
>Is there a way to find the size of the der-encoded CMS object without writ
>On Tue 16/06/09 3:09 PM , carlyo...@keycomm.co.uk sent:
>
>Is it possible that the key was not exported as PKCS#8 and was just exported
>to DER just using i2d_PrivateKey >or similar?
>
>You can use openssl asn1parse to check:
>
>"openssl asn1parse -in my.key -inform der"
>
>If it is PKCS#8 export
Is it possible that the key was not exported as PKCS#8 and was just exported to
DER just using i2d_PrivateKey or similar?
You can use openssl asn1parse to check:
"openssl asn1parse -in my.key -inform der"
If it is PKCS#8 exported, then you should see sequence, integer, sequence,
object (RSAEn
Hi,
I'm getting failures decrypting a CMS (KEK or KTRI) when using an engine (RSA
bsafe).
It appears that when the IV ( from EVP_cipher_asn1_to_param) is set into the
context, the engine is not handling this somehow.
The second call to EVP_cipher_init_ex has a NULL IV pointer in
CMS_Encrypte
Hi all.
I would like some help and guidance with using CMS in OpenSSL and general CMS I
guess. I just want to use enveloped data to transport an existing cryptogram.
The cryptogram was generated using AES-128 CBC with random IV using pre-shared
AES keys. I think I need to use "key encryption ke
> On Tue 12/05/09 1:14 PM , Harm Verhagen harm.verhagen+web...@gmail.com sent:
>As known on the openssl mailinglists there is a difference in byte order
>between openssl and MS cryptoAPI, >when doing RSA encryption.
>Googling around I find many references to claims that "openssl is PKCS#1
>comp
>On Tue 12/05/09 10:52 AM , mail man mailman.inter...@gmail.com sent:
>Small correction - the return type error came with the default file - with
>void main. Now, only this error on compilation
>[swu...@mpvmpc19 ssl]$ g++ -lssl -lcrypto cli.cpp
>cli.cpp: In function `int main()':
>cli.cpp:106:
Hi,
Could someone please explain to me in simple terms the relationship between the
OpenSSL FIPS module and OpenSSL itself?
Is the FIPS module used by OpenSSL as a crypto engine or such like or am I way
off base here?
Thanks for any assistance or pointers.
Thanks,
Carl
>On Mon 27/04/09 3:07 PM , Sever P A gnu.se...@gmail.com sent:
>
>but, I search just a library functions that allows me to implement the
>steps presented in an earlier message. Does it really exist ?
>
>If so,
>
>a) Which function(s) for generate the keys,
>b) Which function(s) to obtain them,
>c)
BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; }
First things first, I would recommend against developing your own
protocol. Look at using TLS if you can and if it fits into your
applications paradigm.
Secondly, asymmetric encryption is very slow compared to
Hi all,
I have an application that uses OpenSSL and AES 192-bit keys to encrypt data
[files]. In it's original incarnation, it used PBKDF2 to derive the key. In its
newer form, it uses a FIPS approved PRNG to generate a random key and the key
is encrypted with a large RSA key for recovery. The
BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; }
I would suspect that an 8 byte IV has been appended/prefixed
Carl
On Thu 19/03/09 9:16 PM , Dick Hollenbeck d...@softplc.com sent:
I am using on Ubuntu Hardy:
$ openssl enc -bf-cbc -K 012221222F2D9E459E41
BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; }
Triple-DES is listed in the OpenSSL 1.2 security policy and is
listed as approved by NIST, so why would it not be available?
Carl
On Wed 11/03/09 12:01 PM , Kyle Hamilton aerow...@gmail.com sent:
Your key's digest is
>>On Fri 20/02/09 10:17 AM , Tomasz Kolaj m...@abp.pl sent:
>>Hello,
>>
>>Unfortunetly I need still compile shared version also and make fails with
>>that:
>>
>>C:/msys/1.0/local/ssl/lib/libssleay32.a(ssl_lib.o)(.text+0x4ab):ssl_lib.c:
>>undefined reference to `BIO_s_socket'
That's part of opens
>>On Thu 19/02/09 1:41 PM , Tomasz Kolaj m...@abp.pl sent:
>>Hello,
>>
>>Dnia czwartek 19 luty 2009 o 11:37:20 Victor B. Wagner napisał(a):
>>> On 2009.02.19 at 09:48:20 +0100, m...@abp.pl wrote:
>>> So, changing library order to
>>> -lssleay32 -leay32 -lwsock32 -lwst -lws2_de -lz -lm
>>> might hel
>On Tue 10/02/09 10:53 PM , Michael Sierchio ku...@tenebras.com sent:
>Tomasz Kaźmierczak wrote:
>> I've managed to base64 decode a public key (at least I think so;).
>> Now I'm trying to understand how to interpret the key data. I've found the
>> definitions of RSAPublicKey and RSAPrivateKey stru
43 matches
Mail list logo
