On Thu, Jul 09, 2009, tensy joseph wrote:
> when i am generating the key in Non fips mode using this command
>
> openssl genrsa -out ./server/keys/fresh.key 1024
>
> I was able to use this key in Fips Mode as well as in Non Fips mode .
>
That's because when you do that it doesn't use any encry
when i am generating the key in Non fips mode using this command
openssl genrsa -out ./server/keys/fresh.key 1024
I was able to use this key in Fips Mode as well as in Non Fips mode .
Thanks in advance
Rajan
On Wed, Jul 8, 2009 at 9:01 PM, Dr. Stephen Henson wrote:
> On Wed, Jul 08, 2009,
On Wed, Jul 08, 2009, tensy joseph wrote:
> Thanks Stephan..
>
> Was using key generated outside the FIPS mode . Is there any way , i can use
> digest as sha1 when generating the key outside the FIPS mode so that same
> key can be used in FIPS mode and non FIPS mode ?
>
A key generated inside
Thanks Stephan..
Was using key generated outside the FIPS mode . Is there any way , i can use
digest as sha1 when generating the key outside the FIPS mode so that same
key can be used in FIPS mode and non FIPS mode ?
Thanks In advance
Rajan
On Wed, Jul 8, 2009 at 8:45 PM, Dr. Stephen Hen
On Wed, Jul 08, 2009, rajanchittil wrote:
>
> I am also having the same problem .Is any one got the solution for this ...
>
>
> My configure file has this entry
>
>
> [ req ]
> default_bits = 2048
> default_keyfile = $HOME/exampleca/private/cakey.pem
> default_md = sha1
> prompt = no
> distin
t Manager majord...@openssl.org
>
>
--
View this message in context:
http://www.nabble.com/Issue-with-Private-key-with-FIPS-enabled-openssl-tp22453532p24391901.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
Kyle Hamilton wrote:
It was my mistake, I had misunderstood that DES itself was not allowed
and therefore derivatives of it were not allowed either.
While 3DES is currently legal we can expect it to be phased out at some
point just as plain DES has been, so AES is the better choice where yo
It was my mistake, I had misunderstood that DES itself was not allowed
and therefore derivatives of it were not allowed either.
-Kyle H
On Wed, Mar 11, 2009 at 5:43 AM, wrote:
>
> Triple-DES is listed in the OpenSSL 1.2 security policy and is listed as
> approved by NIST, so why would it not be
BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; }
Triple-DES is listed in the OpenSSL 1.2 security policy and is
listed as approved by NIST, so why would it not be available?
Carl
On Wed 11/03/09 12:01 PM , Kyle Hamilton aerow...@gmail.com sent:
Your key's digest is
Your key's digest is set to md5. This is disallowed in FIPS mode.
Also, 3DES is not allowed in FIPS mode, either.
-Kyle H
On Tue, Mar 10, 2009 at 3:22 PM, Davin Chan wrote:
> I am trying to to get mutt to use a FIPS validated OpenSSL to send/receive
> encrypted emails. When
> I don't set the
I am trying to to get mutt to use a FIPS validated OpenSSL to send/receive
encrypted emails. When
I don't set the environment variable OPENSSL_FIPS=1, everything works fine.
When I try the same command to decrypt an email with OPENSSL_FIPS set, it fails
with:
env OPENSSL_FIPS=1 openssl smime
11 matches
Mail list logo
