Sharing anchors and blacklists between crypto libraries

that it works well with OpenSSL, there's a test day going on: https://fedoraproject.org/wiki/Test_Day:2013-03-28_Shared_System_Certificates Join us at #fedora-test-day or #p11-kit on Freenode. Cheers, Stef __ OpenSSL Pr

Re: id-RSASSA-PSS question

Hi, there's currently a mistake in the SOD, I'll probably be able to send it when it's fixed. Thx, Stef On 09/13/2011 12:07 AM, Dr. Stephen Henson wrote: > Can you include the DER format message itself instead of the ASN1 dump? This > will be very useful when C

id-RSASSA-PSS question

ID_sha256 (OK) Someone knows if the problem is with the encoding of the signature algo in the file, or with openssl itself? Thanks! Stef 0 119: [APPLICATION 23] { 4 48: SEQUENCE { 86: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2) 19 160: [0] { 23 48:

Order of the DN components in X509_NAME_cmp()

t;/CN=Test OCSP Responder/C=BE" - subject name in the cert: "/C=BE/CN=Test OCSP Responder" Is this an error in the OCSP responder, in my code or is it a limitation of X509_NAME_cmp()? Thx, Stef _

Re: CMS_verify() with a public key instead of a cert

ional, but in our case, where we read candidate certs/pubkeys from disk and try them one by one, we had to work around this. Cheers, Stef // E.g. of pubKey: // 30 81 9f //30 0d // 06 09 2a 86 48 86 f7 0d 01 01 01 // 05 00 //03 81 8d // 00 //30 81 89 //

CMS_verify() with a public key instead of a cert

CMS_verify() function to use public keys? - Create a cert (with fake signature) with the public key? - ...? (Using openssl 1.0.0) Thanks, Stef __ OpenSSL Project http://www.openssl.org User Support

BN_gcd() efficiency

also afterwards much more iterations are needed. It works more than fast enough for small numbers (1024 bits or so) but for 67.000.000 numbers (*) it takes months/years. Q: can someone confirm this? Is there a faster (experimental) algo? Would you be interested if I make one? Cheers, Stef (*) I&#x

RE: Private Key from Windows Cert Store

Hi Tom, here's the code of a little cmd line tool we use to test our CSPs. Cheers, Stef > -Original Message- > From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Fili, Tom > Sent: zondag 28 november 2010 18:19 > To: opens

RE: EC domain params instead of the OID in the pkcs8 key file?

onfig openssl.conf -nodes -subj "test" -keyout eckey.pem -newkey ec:ecparams.popenssl req -config openssl.conf -nodes -subj "test" -keyout eckey.pem -newkey ec:ecparams.p openssl pkcs8 -topk8 -in eckey.pem -nocrypt -out eckey.pkcs8 -outform DER Cheers, Stef > -Origina

EC domain params instead of the OID in the pkcs8 key file?

3 1 7' : } 274: OCTET STRING, encapsulates { ... However, instead of the 2nd object identifier (that tells which EC it is), we'd need the domain parameters of the EC themselves. It this possible with the openssl tool -- or with openssl itself?

RE: PKCS7 - SubjectKeyIdentifier CHOICE in SignerIdentifier fails?

rts). (To compile with VS: cl -I..\inc32 parseSOD.c ..\inc32\openssl\applink.c ..\out32dll\libeay32.lib) Best regards, Stef > -Original Message- > From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] > On Behalf Of Dr. Stephen Henson > Sent: maandag 2

PKCS7 - SubjectKeyIdentifier CHOICE in SignerIdentifier fails?

igestAlgorithm DigestAlgorithmIdentifier, [...] SignerIdentifier ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, subjectKeyIdentifier [0] SubjectKeyIdentifier } Could it be that the SubjectKeyIdentifier CHOICE isn't supported here, that the parser expects a IssuerAndSerialNumber on

Entering non-ASCII character with the openssl tool?

nf in some way, or tell the openssl tool to get the DN/CN from file? Many thanks, Stef __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org

Windows fd/socket problem with BIO: solved !

It's good. I have found a solution on msdn. I have to duplicate the socket handler ; DuplicateHandle(GetCurrentProcess(),(HANDLE)ctrl, GetCurrentProcess(),(HANDLE*)&ctrl_dup, 0, TRUE, /* inherit socket */ DUPLICATE_SAME_ACCESS); Then put ctrl_dup on cmd_line args for CreateProc

Windows fd/socket problem with BIO

Hi all, I'm working on a multi-clients server under Windows2k. My problem is about file descriptor / socket confusion when creating a BIO. In fact main code's jobe is to accept the socket in an "int" variable, then CreateProcess(). This function is called with newly accepted socket as argument, i

trusted options in certificate OK and in certificate request ??

hi' could s.o. say to me why in the documentation of openssl in http://www.openssl.org/docs/crypto/pem.html there are _AUX method for certificate int PEM_write_X509_AUX(FILE *fp, X509 *x); X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u); but not for certificate re

trusted certificate request and compatibility

Hi, is there s.o. who already encounter problems with "trusted" and normal certificate request with 0.9.6 ? is the trusted and untrusted certificates compatible with this version ? how create a trusted certificate request in a C code ? how to read a not "trusted" certificate request ? Is it

certificate request and trusted certificate request

Hi' everybody. I'm making a new CA server for tests. I have a problem with reading certificate request : in header file X509_REQ* m_x509Req ; in code file FILE* in=fopen(filename,"r"); if (in == NULL) { return FALSE; } X509_REQ* x = NULL; if (m_x509Re