Very good.
In case you need a CA outside of your company saying "we know those guys"
(instead of "I know myself") you can count on our company (energiash.com) of
course without any cost involved, or buy your first CA with signing
attributes from a well known source that is already in the browsers
I thought I should be specific about cert creation because I've seen big
corporations issueing pure CA certs for all, and they actually never create
a client cert. And no matter how many approaches one take to explain that
such thing is not right, they keep issueing CA'sCerts for all purposes,
(i
Hi Again:
Not exactly to associate one CA pero virtual host. This all can be done by
only one virtual host, even though you can have all the VH you need. Apache
allows you to do many things with just one virtual host.
For example, If you notice the directive SSL_Require, it is inside a
LOCATIO
Kobus Bensch - No Sig wrote:
>
> They want a unique ca per client to be able to sign certs for each client
> using their own CA.
>
Hi Kobus:
CA allow CA chains, this is, only one CA being a true root signing sub-CA
certs. Having many root CA's create the feeling of disorganization, though
Check the man pages (man req), the -x509 option is for a self signed cert
(root), while the -new option produces a new cert request (so you are asking
for conflicting tasks). In this case no request is needed because the it's
the root cert. Your config option is ok.
This way a root and its asoc
mahendra [MinG] wrote:
>
> Questions:
> 1. What is the encoding format for the encrypted text that is generated
> from openssl_public_encrypt?
> 2. Is it possible that because when i generate the encrypted text, i echo
> it into a HTML textarea and hence changing the encoding?
>
For the openss
Loke Foo Soon wrote:
>
> (1) May I know what different between openssh and openssl?
> (2) Do they have any command prompt feature?
>
Hello, ssh means "secure shell" it's like a telnet but over SSL
Yes OpenSSL has a command line tool.
--
View this message in context:
http://www.nabble.com/
Jeremy R. wrote:
>
> ... I'd like to be able to use the openssl command-line utility
> to generate messages manually during development.
>
Hello Jeremy
You can see my code at http://sourceforge.net/projects/as2openssl/files/ and
all is done using the command line openssl. I found quite ok
Frans de Boer wrote:
>
> @Kyle, one site using multiple CA's? ...
>
> Frans.
>
Not meaning multiple CA's, but rather sub-CA's. As you know the chain to
get to the final cert can have several steps. You still have MyCorp or
MyOrg as the only self signed CA, but MyOrg-Plants sub CA and MyOrg
This is the template in apache SSL virtual host:
Check the SSLRequire directive, which applies to specific clients,
considering a previous directive ( SSLCACertificateFile
/etc/apache2/ssl.crt/ca-bundle.crt) has verified the client's cert is issued
by a valid CA. Notice it can also be appli
Hello, I have uploaded the -perl- scripts to SF
(http://sourceforge.net/projects/as2openssl/) that try to follow the
RFC-4130 (AS2) and they have been tested to some level. Many things work,
others don't -not that there is syntax errors, more likely some transport
header could have a wrong char
On Aug 07, 2008; 02:18am, Marco Roeland wrote:
Marco Roeland wrote:
>
>
> [ RFC 4130 calculating MIC, mostly offtopic for OpenSSL ]
>
>
It is trivial that a checksum on same data produce the same result, that's
by definition right with a very small probability to find two sets of data
which
Thanks Marco:
...and thanks for every detailed comment. I just noticed that there were a
couple of things where I was not clear:
Sorry about the lengthy post, but it's worth to seem or be redundant. I
give proofs
1.- On your first quote about canonicalization, . I mentioned that not only
M
Thanks Marco:
Sorry about the delay, but today all got very well cleared and I will
describe the solution (which is not very complex by the way, but rather
easy)
The canonicalization (what you call normalization) has to be performed also
on the message, not only the headers. I tested this with
Well, for the moment all succeeded in practical terms, by just parsing the
ASN1 structure and getting what is read there as "messageDigest". That is
what the trading partner expects to "see", but I'm not so happy not knowing
how this message digest is obtained
So I did another test that I would
Oh Boy!! Eureka,
Yes the HEX number in "messageDigest" converted to base64 gives me the MIC
that the trading partner expects, though, I can not figure out how this
value is obtained based on the original content between the first and second
boundary. I calculated the message digest for this "or
Ok following your quoted note, I got the asn1 structure to see what was
inside there:
Which value contains the hash you mention? Is it the messageDigest?
Thanks
jkoehring wrote:
>
>
> Another way to look at it is when the original AS2 message is signed, the
> MIC for the MDN should be ex
Your logic is correct, in Thunderbird, you have the preferences|advanced and
this shows you a set of tabs, the last one of which is "Certificates". Press
View Certificates Button and you get another dialog with 4 tabs
1.- the first tab (your certificates) is for the pk12 ones
2.- other people's c
I have to admit, I am not very familiar with the openssl commands. The one
> question I have is exactly what are the contents of original.txt after
> running the commands you list? Does it contain exactly the contents of the
> first part of the multipart/signed?
>
> javierm wrot
ultipart/signed?
>
> javierm wrote:
>>
>> Thanks for the wait:
>>
>> Well, these are the steps followed
>>
>>
>> Encrypted body with Mime headers.- body decrypted and
>> multipart/signed message obtained
>> Signature in binary, so processed wi
Hi and thanks again:
Completely clear. I found some weird content in the original message which
is only a XML in 2 lines. It's not a multipart (not a multipart inside
another multipart, but only an XML in UTF-8, which is then signed and
finally encrypted, then sent).
The weird content to which
I have a possible similar problem with checksums in MIC inside AS2. I did
Marek's test just inside Kate editor saving in utf8, with and without the
last newline. The one without gives the right code beginning with 8aa...
AND yes with openssl, so there is no bug in it.
My problem is with this f
Just a note, I've found documents like
http://ietfreport.isoc.org/all-ids/draft-ietf-ediint-compression-08.txt
which in secction 2.1 says to calculate MIC on the original data that was
signed as PER [AS1] (but 4130 is AS2)
In section 7.3.1.3 of 4130, first paragraph in bullets it is said:
For
ner is right)
openssl sha1 -binary original.txt|openssl enc -a ,
and... I don't get the signature that the signer claims I should get!!
:confused:
What do you think?
Thanks
javierm wrote:
>
> Hi jkoehring:
>
>
Thanks a lot for the help, (ah just noticed another reply from
the second boundary marker includes
> the leading CRLF. Thus, those CRLF sequences should not be included in the
> MIC calculation.
>
>
> javierm wrote:
>>
>> Can anyone help me with the procedure to calculate the message integrity
>> check in this RFC?
>>
>
Hi Siddhartha:
It's never a problem, but the procedure is as follows:
1.- You sign with private key and certificate connected with that key
2.- If you then encrypt, you encrypt with the certificate of your
counterpart or recepient
When the recepient gets the encrypted block of data, he decrypts
Can anyone help me with the procedure to calculate the message integrity
check in this RFC?
it's about calculating the sha1 checksum over a multipart message.
This is the text in the RFC (http://www.ietf.org/rfc/rfc4130.txt), chapter
7.1, paragraph 8)
The EC Interchange and the RFC 1767 MI
Hi,
This is for AS2, specifically Signed, then Encrypted message.
Before I encrypt I simply checksum SHA1 the file with the muitipart content:
EDI data on first part and signature on second. Mime Headers are canonical
at end of each mime header. Signature is binary because my trading
partner
28 matches
Mail list logo
