Re: ECDH Group 19 (256-bit Elliptic curve) key length

se it to work with AES-128 CBC encryption algorithm. As > the key length generated by ECDH is 32 bytes, is there any way to > generate the key length of 16 bytes/128 bit with group 19 ECDH > algorithm? >   > On one of the article, it is mentioned that encryption or > authentication alg

ECDH Group 19 (256-bit Elliptic curve) key length

Hi OpenSSL, I am using group 19 which is ECDH elliptic curve group (NID_X9_62_prime256v1) and is giving 32 bytes/256 bit of shared secret key. I want to use it to work with AES-128 CBC encryption algorithm. As the key length generated by ECDH is 32 bytes, is there any way to generate the key

RE: Maximum encryption key length supported by AES-128 CBC

That answers my questions. Thanks Viktor. General -Original Message- From: openssl-users On Behalf Of Viktor Dukhovni Sent: Friday, July 5, 2024 08:01 AM To: openssl-users@openssl.org Subject: Re: Maximum encryption key length supported by AES-128 CBC [External email: Use caution

Re: Maximum encryption key length supported by AES-128 CBC

On Thu, Jul 04, 2024 at 06:20:25PM +, Vishal Kevat via openssl-users wrote: > I want to know what length of encryption key does AES-128 CBC supports? Exactly 128 bits, no more, no less. > I believe that it supports key length max upto 128 bits that is 16 bytes. It makes little se

Maximum encryption key length supported by AES-128 CBC

Hi OpenSLL users, I want to know what length of encryption key does AES-128 CBC supports? I believe that it supports key length max upto 128 bits that is 16 bytes. What happens if I give the input key of more than 16 bytes? Will the AES-128 drop the remaining bytes and consider only first 16

Re: [openssl-users] Default key length of DH/DHE/ECDH/ECDHE

enSSL 1.0.2l only ECDHE and DHE are available, but I do not have the option to define a key length, so I assume OpenSSL's default key length will be used. What is the default key length of OpenSSL for DH, DHE, ECDH and ECDHE? For DHE, the key size is set by the group parameters, for which t

Re: [openssl-users] Default key length of DH/DHE/ECDH/ECDHE

For the elliptic curve choices, the curve picked (NIST256, NIST384, whatever) determines the keysize. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Default key length of DH/DHE/ECDH/ECDHE

, but I do not have the option to define a key length, so I assume OpenSSL's default key length will be used. What is the default key length of OpenSSL for DH, DHE, ECDH and ECDHE? Thank you and regards, SaAtomic   -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailma

Re: [openssl-users] Some S/MIME CMS encrypted messages produce invalid key length when using the debug_decrypt option

: Harakiri ; openssl-users@openssl.org Sent: Tuesday, May 9, 2017 1:04 AM Subject: Re: [openssl-users] Some S/MIME CMS encrypted messages produce invalid key length when using the debug_decrypt option On Mon, May 08, 2017, Harakiri via openssl-users wrote: > Im using the cmd client openssl

Re: [openssl-users] Some S/MIME CMS encrypted messages produce invalid key length when using the debug_decrypt option

On Mon, May 08, 2017, Harakiri via openssl-users wrote: > Im using the cmd client openssl cms -decrypt with the "debug_decrypt" option > to have the same behaviour as before the bleichenbach security patch to use > decryption without recipient public keys. > For some reason, some messages will p

[openssl-users] Some S/MIME CMS encrypted messages produce invalid key length when using the debug_decrypt option

Im using the cmd client openssl cms -decrypt with the "debug_decrypt" option to have the same behaviour as before the bleichenbach security patch to use decryption without recipient public keys. For some reason, some messages will produce the following error on OpenSSL 1.0.2d and even OpenSSL 1.

Re: [openssl-users] ECC private key length

It's because of the form of the group order for the curves you list. They look roughly like 2**n + 2**(n/2). So while technically possible to end up with 161 bits, with overwhelming probability you end up with less. BBB On Wed, Apr 6, 2016 at 9:22 PM, Frode Nilsen wrote: > Hi, > > When printing

[openssl-users] ECC private key length

Hi, When printing the contents of a PEM ECC keypair file for the secp160k1/r1/r2 curves, OpenSSL says the private key is 161 bits: $ openssl ecparam -name secp160k1 -genkey -out test.pem $ openssl ec -in test.pem -text -noout read EC key Private-Key: (161 bit)

Re: [openssl-users] What key length is used for DHE by default ?

at it is showing only 2048. Can someone help me to explain this ? Is there also an option to set the key length manually and check if it will negotiate that. ? Thanks & Regards, Nayna Jain From: Jakob Bohm To: openssl-users@openssl.org Date: 05/25/2015 06:02 AM Subject:Re:

Re: [openssl-users] What key length is used for DHE by default ?

o any configuration setting done for DH parameters explicitly. But I couldn't verify what is the key length did it use by default 512/1024/2048 ? Eg. the one it negotiated was DHE-RSA-AES128-SHA256 and for TLSv1.2 protocol ? Will the key length be different for different protocols like SSL

Re: [openssl-users] What key length is used for DHE by default ?

dn't do any configuration setting done for DH parameters > > explicitly. > > > > But I couldn't verify what is the key length did it use by default > > 512/1024/2048 ? > > > > Eg. the one it negotiated was DHE-RSA-AES128-SHA256 and for TLSv1.2 > &

Re: [openssl-users] What key length is used for DHE by default ?

I couldn't verify what is the key length did it use by default > 512/1024/2048 ? > > Eg. the one it negotiated was DHE-RSA-AES128-SHA256 and for TLSv1.2 > protocol ? > > Will the key length be different for different protocols like > SSLv3/TLSv1.0/TLSv1.1/TLSv1.2

[openssl-users] What key length is used for DHE by default ?

Hi, With the latest logjam attack, as I was trying to verify if my server (lighttpd) accepts DHE_xxx ciphers, I saw that it accepted and I didn't do any configuration setting done for DH parameters explicitly. But I couldn't verify what is the key length did it use by default 512

Re: Issue with key length

> From: owner-openssl-us...@openssl.org On Behalf Of Ken Goldman > Sent: Monday, January 13, 2014 10:09 > > static char evc41_lg_n[] = > > > "1554614688781379247809520819030312275762225093858462793190489160 > 0175202510061523794334042548615734687660421922313164335745291109 > 786474147016936927527

Re: Issue with key length

On 1/10/2014 4:20 AM, Som M wrote: static char evc41_lg_n[] = "15546146887813792478095208190303122757622250938584627931904891600175202510061523794334042548615734687660421922313164335745291109786474147016936927527006755886906416183365029894549142316203446261188204728397612179022068004146715593144

Re: [openssl.org #3229] Fwd: Issue with key length

On 1/12/2014 2:04 AM, Som M wrote: [openssl.org #3229] Yes, I suspected the same. But even though it returns 129, I prepended "00" to the hex string and sent it as argument to to RSA_verify. authMsgLen = RSA_size(rsa_pb); authMsgHexStr = "00" + authMsgHexStr; This might wo

Re: [openssl.org #3229] Fwd: Issue with key length

[openssl.org #3229] Yes, I suspected the same. But even though it returns 129, I prepended "00" to the hex string and sent it as argument to to RSA_verify. authMsgLen = RSA_size(rsa_pb); authMsgHexStr = "00" + authMsgHexStr; RSA_verify(NID_md5, digest, MD5_DIGEST_LENGTH, (unsigned char *)a

Issue with key length

Hi, We are facing some issue with rsa key size while porting our application from montavista to RHEL 6.4. The RSA key size(RSA_size) for montavista is returning 128 bytes but on RHEL its returning 129 bytes. #include #include #include #include #include #include #include /*using namespac

OT: Microsoft Security Advisory: Update for minimum certificate key length

certificate policies (such as intended purposes). The update implements an additional check to make sure that no certificate in the chain has an RSA key length of less than 1024 bits. ... __ OpenSSL Project

Re: Blowfish and key length

@openssl.org/msg25808.html, and the discussion ends without useful information. I suspect something in my code being wrong, but I cannot understand what. You need to make two call to EVP_EncryptInit_ex etc if you want a non-default key length. Check out the examples in the manual page: http

Re: Blowfish and key length

openssl-users@openssl.org/msg25808.html, > and the discussion ends without useful information. > I suspect something in my code being wrong, but I cannot understand what. You need to make two call to EVP_EncryptInit_ex etc if you want a non-default key length. Check out the examples in the man

Blowfish and key length

delete [] res; return result; } std::string testEVP_bf_ecb(std::string in_data, const std::string &key) { // unused unsigned char iv[] = {0, 0, 0, 0, 0, 0, 0, 0}; EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); EVP_EncryptInit_ex(&ctx, EVP_bf_ecb(), NUL

Re: key length discrepancy in key generated by sect233r1

It's not clear if you're talking about the private or public part of the key. If you're talking about the private part, that's because only a negligible number of private keys for that curve need 233 bits to be stored. This is due to the fact that the large, prime-order subgroup has the form 2^{23

RE: key length discrepancy in key generated by sect233r1

dhoward wrote on Wednesday, May 11, 2011 20:01: > I was recently playing around with OpenSSL's EC_KEY interface, specifically > generating and examining keys generated using the curve sect233r1, when I > decided to print the raw key out, in hex form. A quick analysis showed me > that the key was s

key length discrepancy in key generated by sect233r1

http://old.nabble.com/key-length-discrepancy-in-key-generated-by-sect233r1-tp31596580p31596580.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org

Re: DH session Key length

On Thu, Apr 21, 2011 at 7:44 AM, ikuzar wrote: > Ok, > I see now what you mean. I 'll try to hash the shared value with SHA1, then > truncate it to obtain 128 bits ... In addition to Dave's comments, see NIST 800-135 and RFC 5869 for guidelines and recommendations on extract-and-expand key derivat

RE: DH session Key length

> From: owner-openssl-us...@openssl.org On Behalf Of ikuzar > Sent: Tuesday, 19 April, 2011 18:57 > So, have I to generate a prime with length = 3200 bits ?, > ( the corresponding exponent will belong to 3200-bit MODP group ) > in order to generate an AES 128 session key ? ( I

Re: DH session Key length

Ok, I see now what you mean. I 'll try to hash the shared value with SHA1, then truncate it to obtain 128 bits ... 2011/4/20 Mike Mohr > Look, the typical way you'd use the DH shared secret would be to hash > it using an appropriate hash function. I personally like using Tiger > with AES-192, Y

Re: DH session Key length

128 is not secured ? > I am confused... > Is there any way to understand in 2, 3 words how to generate a shared key > with 128 bits length from Dh params ?  For example g = 2, P = 128 => shared > key length = 128 > Thanks, > Ikuzar > > >> >> (I know

Re: DH session Key length

2 bits is not secure so shared key ( 512 bits ) generated with this P is not secured. Necessarily, shared key with 128 bits is not secured, and then AES 128 is not secured ? I am confused... Is there any way to understand in 2, 3 words how to generate a shared key with 128 bits length from Dh pa

Re: DH session Key length

Sorry I do not see the link between my previous post and your answer. 2011/4/20 Mike Mohr > Look, the typical way you'd use the DH shared secret would be to hash > it using an appropriate hash function. I personally like using Tiger > with AES-192, YMMV. > > On Tue, Apr 19, 2011 at 3:56 PM, iku

Re: DH session Key length

Look, the typical way you'd use the DH shared secret would be to hash it using an appropriate hash function. I personally like using Tiger with AES-192, YMMV. On Tue, Apr 19, 2011 at 3:56 PM, ikuzar wrote: > So,  have I to generate a prime with length = 3200 bits ?, ( the > corresponding exponen

Re: DH session Key length

So, have I to generate a prime with length = 3200 bits ?, ( the corresponding exponent will belong to 3200-bit MODP group ) in order to generate an AES 128 session key ? ( I use 2 as generator ). Here http://tools.ietf.org/html/rfc3526, it is said : "The new Advanced Encryption Standard (AES)

Re: DH session Key length

Addendum - depending on the use of DH (usually using the DH shared secret as a basis for key exchange), the choice of prime is more important than private exponent length. Safe primes or strong primes are warranted. Most systems use small generators (e.g., 2). - M On Mon, Apr 18, 2011 at 7:25 P

Re: DH session Key length

The private exponent length need only be sufficient to make a brute force search (using the public exponent as a target) computationally infeasible, since the discrete log problem is still in the "hard" category. Cogent DH Private Exponent recommendations are always stated in terms of P, e.g., x :

Re: DH session Key length

You might take a look at RFC 3526: http://tools.ietf.org/html/rfc3526 It is my understanding that the DH exponent can be significantly shorter than the modulus without compromising security. RFC 3526 is from 2003, but I haven't found anything published since then that would make me think its ass

RE: DH session Key length

> From: owner-openssl-us...@openssl.org On Behalf Of ikuzar > Sent: Monday, 18 April, 2011 11:01 > I 'd like to know the length of DH session key generated by > DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) . > Here : http://www.openssl.org/docs/crypto/DH_generate

DH session Key length

Hello, I 'd like to know the length of DH session key generated by DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) . Here : http://www.openssl.org/docs/crypto/DH_generate_key.html It is said that *key* must point to *DH_size(dh)* bytes of memory. is 128 bits the default length ? how can

RE: EVP_BytesToKey Key length of 56?

> From: owner-openssl-us...@openssl.org On Behalf Of Eric Nichols (DirWiz) > Sent: Thursday, 16 September, 2010 17:35 > I am working with a legacy app and need to use OpenSSL to decrypt > Blowfish-cbc. The library in question > (http://search.cpan.org/~lds/Crypt-CBC-2.30/CBC.pm) uses a 56 > byte

Re: EVP_BytesToKey Key length of 56?

> I think part of my problem is that EVP_BytesToKey only returns a 16 byte key. You will probably need to duplicate Crypt-CBC-2.30's algorithm for creating or deriving the key. Blowfish uses a variable length key (some hand waiving) [1], so there should be no algorithm to duplicate. Use the 56 byte

EVP_BytesToKey Key length of 56?

I am working with a legacy app and need to use OpenSSL to decrypt Blowfish-cbc. The library in question (http://search.cpan.org/~lds/Crypt-CBC-2.30/CBC.pm) uses a 56 byte key size while OpenSSL defaults to a 16 byte key size. I think part of my problem is that EVP_BytesToKey only returns a 16 byt

Re: question about exponent, key length and all other RSA parameters not configurable

hi jeffrey, i was wondering if there was a way to import my private key into my application to use to decrypt without exposing it? Can I use the methods provided in the link you provided? Can I use key containers? Do you have any experience with this? On Sun, May 23, 2010 at 8:22 PM, Jeffrey Walto

RE: question about exponent, key length and all other RSA parameters not configurable

> From: owner-openssl-us...@openssl.org On Behalf Of Chuck Pareto > Sent: Monday, 24 May, 2010 19:13 > When I run openssl rsa to display my public key info. I see this below. > How do I convert this output to a byte array? What is this output? Is it ascii or base64? > 0

Re: question about exponent, key length and all other RSA parameters not configurable

* Chuck Pareto wrote on Mon, May 24, 2010 at 16:12 -0700: >Hi, >When I run openssl rsa to display my public key info. I see this >below. How do I convert this output to a byte array? What is this >output? Is it ascii or base64? it's ASCII and in the Mail potentially base64... :) su

Re: question about exponent, key length and all other RSA parameters not configurable

Hi, When I run openssl rsa to display my public key info. I see this below. How do I convert this output to a byte array? What is this output? Is it ascii or base64? 00,ac,80,e7,da,fb,6b,82,d2,01,ac,cf,74,fa,dc, 66,44,24,5e,04,01,88,35,5f,6f,39,85,1d,7c,e0 81,d8,b1,d7,87,8f,f7,a9,01,91,67,ed,2d

RE: question about exponent, key length and all other RSA parameters not configurable

> From: owner-openssl-us...@openssl.org On Behalf Of Chuck Pareto > Sent: Sunday, 23 May, 2010 22:06 > I'm a newbie when it comes to RSA, the last time I learned it was > in school over 7 years ago in one lecture. > Maybe I'm missing something but I will try to explain my

Re: question about exponent, key length and all other RSA parameters not configurable

OpenSSL is closer to Java than C# or Crypto++. So where you see Java, thisnk OpenSSL. Cryptographic Interoperability: Keys http://www.codeproject.com/KB/security/CryptoInteropKeys.aspx Cryptographic Interoperability: Digital Signatures http://www.codeproject.com/KB/security/CryptoInteropSign.aspx

Re: question about exponent, key length and all other RSA parameters not configurable

Hi, I'm a newbie when it comes to RSA, the last time I learned it was in school over 7 years ago in one lecture. Maybe I'm missing something but I will try to explain my problem again. A former co worker generated a public and private key for our group. (I think he used PGP but not sure). So I hav

RE: question about exponent, key length and all other RSA parameters not configurable

> From: owner-openssl-us...@openssl.org On Behalf Of Pareto, Charles > Sent: Friday, 21 May, 2010 17:14 > I'm trying to get the same result with the c# RSACryptoServiceProvider class > that 'openssl.exe rsautl ' gives me. > > The c# class wants more properties set before

question about exponent, key length and all other RSA parameters not configurable

Hi, I'm trying to get the same result with the c# RSACryptoServiceProvider class that 'openssl.exe rsautl ' gives me. The c# class wants more properties set before you can encrypt a message. How can I obtain the parameters that 'openssl.exe rsautl' implements. For example the exponent, q

RE: Maximum RSA/DSA key length

> From: owner-openssl-us...@openssl.org On Behalf Of Alexander Lamaison > Sent: Thursday, 30 July, 2009 08:05 > I'm calling PEM_read_bio_RSAPrivateKey and > PEM_read_bio_DSAPrivateKey with private keys loaded from > files on disk. I read the file into a string, put that into > a BIO and then c

Re: Maximum RSA/DSA key length

On 07/30/2009 08:05 AM, Alexander Lamaison wrote: I'm calling PEM_read_bio_RSAPrivateKey and PEM_read_bio_DSAPrivateKey with private keys loaded from files on disk. I read the file into a string, put that into a BIO and then call the function. At the moment, I'm reading the entire key file into

Maximum RSA/DSA key length

I'm calling PEM_read_bio_RSAPrivateKey and PEM_read_bio_DSAPrivateKey with private keys loaded from files on disk. I read the file into a string, put that into a BIO and then call the function. At the moment, I'm reading the entire key file into memory but, of course, this isn't very safe. The u

Diffie-Hellman: check for key length

Dear all, I was wondering what key size checks really make sense for a Diffie-Hellman calculation. DH_size() checks the size of Dh->p using BN_num_bytes(). Is it correct that the main intention is to know the size required for storing a copy of Dh->p, in other words: this is not a security featur

Re: AES_set_encrypt_key() function fails for 256 bit key length on solaris10amd64

Radhika Hebbar wrote: Hi, I’m writing an application on Solaris10AMD64 using 0.9.7d version of OpenSSL (comes along with the OS). In my application, AES_set_encrypt_key() is returning -2 for 256 bit key length. I also found that it works only for 128 bit key length. I came to know that

AES_set_encrypt_key() function fails for 256 bit key length on solaris10amd64

Hi, I'm writing an application on Solaris10AMD64 using 0.9.7d version of OpenSSL (comes along with the OS). In my application, AES_set_encrypt_key() is returning -2 for 256 bit key length. I also found that it works only for 128 bit key length. I came to know that this is a known issue

RE: Private Key Length

> From: owner-openssl-users On Behalf Of Pierce Ward > Sent: Wednesday, 31 October, 2007 09:07 > openssl genrsa -out private_key.pem -f4 768 > openssl pkcs8 -in private_key.pem -nocrypt -topk8 -out PK.pem > cat PK.pem | openssl enc -base64 -d > PK.key You don't need a separate step there; just

Private Key Length

Hi guys, I'm generating some keys with OpenSSL, and converting them to byte format using the following commands: -- openssl genrsa -out private_key.pem -f4 768 openssl pkcs8 -in private_key.pem -nocrypt -topk8 -out PK.pem cat PK.pem | openssl enc -base64 -d > PK.key rm -f private_key.

Re: AES key length selection bug in OpenSSL 0.9.8a

Hi Michal, > OpenSSL 0.9.8a does not allow to properly select AES key length. > It selects both 128-bit and 256-bit AES no matter which one was specified: I reported this same bug in February 17th, and Dr. Steven Henson has confirmed it is a bug so hopefully it will be fixed soon. If yo

AES key length selection bug in OpenSSL 0.9.8a

Dear OpenSSL users, OpenSSL 0.9.8a does not allow to properly select AES key length. It selects both 128-bit and 256-bit AES no matter which one was specified: [EMAIL PROTECTED]:~$ /usr/local/ssl/bin/openssl version OpenSSL 0.9.8a 11 Oct 2005 [EMAIL PROTECTED]:~$ /usr/local/ssl/bin/openssl

Key length and other questions

customer is asking the following questions: 1) What is the key-length of the symmetric and assymetric encryption for the TLS1.0 and SSL3.0 protocols? It should be the following: "TLS 1.0 as described in [RFC2246] must support 128bit and 1024 key length for symmetric and asymmetric encry

Re: EVP_SealInit and key length

On Mon, Mar 28, 2005, Michael D'Errico wrote: > Is there any way to specify the key length to use > in EVP_SealInit? (Besides AES where the EVP_CIPHER > specifies the length.) If not, how do you figure > out how long a key was used? > Depends on how its used. In some cases

EVP_SealInit and key length

Is there any way to specify the key length to use in EVP_SealInit? (Besides AES where the EVP_CIPHER specifies the length.) If not, how do you figure out how long a key was used? Thanks, Mike __ OpenSSL Project

Re: RSA key length and size

Erik Norgaard wrote: pair (n,e) and the private key can be respresented either as a pair (n,d) or in its Chinese Remainder Theorem form (CRT). The latter should be faster, but only applies for keys with more than two primefactors. Oh, I see, you use CRT to designate the key with the added speedup

Re: RSA key length and size

Charles B Cranston wrote: Doing it the hard way requires roughly 1.5 times key length number of modular multiplies (assuming about half the bits are ones and half zeroes) so if the shortcutted public key operation takes 17 units of time the non-shortcutted private key operation takes about 1500

Re: RSA key length and size

Erik Norgaard wrote: Charles B Cranston wrote: Doing it the hard way requires roughly 1.5 times key length number of modular multiplies (assuming about half the bits are ones and half zeroes) so if the shortcutted public key operation takes 17 units of time the non-shortcutted private key

Re: RSA key length and size

Charles B Cranston wrote: Doing it the hard way requires roughly 1.5 times key length number of modular multiplies (assuming about half the bits are ones and half zeroes) so if the shortcutted public key operation takes 17 units of time the non-shortcutted private key operation takes about 1500

Re: RSA key length and size

Doing it the hard way requires roughly 1.5 times key length number of modular multiplies (assuming about half the bits are ones and half zeroes) so if the shortcutted public key operation takes 17 units of time the non-shortcutted private key operation takes about 1500 (assuming a 1000 bit key

Re: RSA key length and size

Charles B Cranston wrote: You should factor in the RSA speedups in your space estimates. Typically a public exponent of 2^16+1 is used so you need not pass this separately for a public key. However, the speedup for the private key operation involves all those other fields in a private key, which e

Re: RSA key length and size

Here's a crazy idea: The computer talking to the Java card rolls a random session key. In the first operation transfer a private key into the device, encrypted by the session key. In the second operation transfer the data to be encrypted and the session key. The Java card can decrypt the private k

Re: RSA key length and size

You should factor in the RSA speedups in your space estimates. Typically a public exponent of 2^16+1 is used so you need not pass this separately for a public key. However, the speedup for the private key operation involves all those other fields in a private key, which expands the space requireme

RSA key length and size

Hi, Sorry, I haven't written to the list before, if you know of sources of information that will answer my question, please just give me a link. I am programming a JavaCard v2.1, to provide encryption and decryption using either stored private/public keys or keys passed to the input data buffer

max key length ?

Title: max key length ? hi All, I'm currently implementing a Certificate Manager for a file broker, and I need to known what is the maximun of key length supported by openssl ? thanks, Thomas Janin

Re: Key Length

Davy Durham wrote: I'm really naive about encryption if you couldn't tell already. Where are some online resources that explain in plain terms what SSL uses (i.e. RSA, DSA, IDEA, RC4,.. ) I ready the informative 2 documents already: http://www.openssl.org/docs/HOWTO/keys.txt and http://www.o

Key Length

I saw a thread about this before, but I had a follow up question. I'm wanting to use SSL simply to garbage-ify the data between my server application and the client. I'd like to use only 128 bit encryption (CPU limitations). But I cannot generate a certificate with a key this small. Do I need

Blowfish Key Length

Hi, What blowfish key length is used when I run a command like: openssl enc -bf -in "file.txt" -out "file.txt.enc" -pass file:./passfile -e -nosalt Can the key length be changed? I cant seem to find an option in the manpages that does this. Thanks, Patrick -- RedHerring: Li

Re: Key length used in SMIME Mails

side the capabilities a client supports. When you received an S/MIME encrypted mail various algorithm specific parameters are set. How the parameters are interpreted depends on the algorithm in use and the S/MIME specifications. alg->parameter will typically not be an ASN1_INTEGER. For 3DES the key siz

Key length used in SMIME Mails

Hi I've got to find out the keysize used in an S/MIME encrypted mail. I looked around in the openssl code and tried the following: X509_ALGOR *alg; PKCS7 *p7; int p7_type; BIO *mail_bio *indata; ... p7 = SMIME_read_PKCS7(mail_bio, &indata); p7_type = OBJ_obj2nid(p7->type); switch (p7_type) {

Re: Elliptic key length

Nils Larsch wrote: ... (Note: the current OpenSSL EC PKCS#8 format is incorrect, I'm currently testing a patch to fix it, so please don't use the current PKCS#8 format). The pkcs8 ec private key format should be fixed now. Nils

Re: Elliptic key length

Henrik Nordal Rask wrote: Didn't get an answer the last time I asked this so I thoght i'd try one time more :-) When I create an elleiptic curve key using the command lline ´openssl ecparam -genkey -name ´curve´´ I get a relatively small key file. But if I try to generate a key using the function

Elliptic key length

Didn't get an answer the last time I asked this so I thoght i'd try one time more :-) When I create an elleiptic curve key using the command lline ´openssl ecparam -genkey -name ´curve´´ I get a relatively small key file. But if I try to generate a key using the function EC_KEY_generate_key and

Re: Minimum RSA Key length ?

On Thu, Jun 05, 2003, [EMAIL PROTECTED] wrote: > Are we at cross-purposes here? I'm referring to server certificates, not > client certificates (about which I am completely clueless as I currently > have no business reason to use them). > > Anyway, the proof of the pudding is in the eating. Can y

Re: Minimum RSA Key length ?

[EMAIL PROTECTED] wrote: Anyway, the proof of the pudding is in the eating. Can you point me to a secure site that uses a key size >1024 bits? I can't find one for love nor money. This root certificate was found in the binary code for Netscape 7 Data: Version: 3 (0x2) Serial N

Re: Minimum RSA Key length ?

[EMAIL PROTECTED] Subject: Re: Minimum RSA Key length ? >>>To answer your other question, I don't believe there are >>any browsers that can accept a RSA key > 1024 bits. I did look into this >>last year as I was >>>creating a new SSL key but was advised by

RE: Minimum RSA Key length ?

> -Original Message- > From: Ridge Cook [mailto:[EMAIL PROTECTED] > Sent: 03 June 2003 03:10 > To: [EMAIL PROTECTED] > Subject: Re: Minimum RSA Key length ? > > > >>>To answer your other question, I don't believe there are > >>any browse

Re: Minimum RSA Key length ?

On Wed, Mar 26, 2003, Asad Ali wrote: > > Does TLS support any "non-static" RSA ciphersuites. For example is > it possible to use a 128 bit key to encrypt the pre-master secret > in chunks of 16 bytes (including the padding), or use a 256 bit > key to encrypt it in 32 byte chunks. > No, the sta

RE: Minimum RSA Key length ?

om: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson Sent: Wednesday, March 26, 2003 11:30 AM To: [EMAIL PROTECTED] Subject: Re: Minimum RSA Key length ? On Wed, Mar 26, 2003, Asad Ali wrote: > > Hi, > > I am experimenting with the minumum RSA key lenght allowe

Re: Minimum RSA Key length ?

On Wed, Mar 26, 2003, Asad Ali wrote: > > Hi, > > I am experimenting with the minumum RSA key lenght allowed > by TLS 1.0. What I gather from reading the specification is > that it is left to applications to enforce minimum/maximum > lenghts - please correct me if this is not the case. > Ther

Minimum RSA Key length ?

Hi, I am experimenting with the minumum RSA key lenght allowed by TLS 1.0. What I gather from reading the specification is that it is left to applications to enforce minimum/maximum lenghts - please correct me if this is not the case. Assuming that TLS 1.0 spec does not place any restriction on

Longer Key-Length than 512 Bit

policy_any -config d:/iwadis/Zertifikate/config.cnf d:\iwadis\openssl\openssl.exe crl2pkcs7 -certfile Host_001_14.pem -in crl.pem -out Host_001_14.p7b The problem ist that although "default_bits" is set to 2048 the key-length of the public key is always 1024. How could I increase the key-length

Re: Key length with IE and Xenroll?

- Original Message - > From: "Maxime Dubois" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, February 06, 2001 6:20 AM > Subject: Key length with IE and Xenroll? > > > Hi all, > > > > I am using Xenroll.dll to create certif

Determining Key Length

Hello, I really don't know whether I can post this question here or not, but I don't have an alternative. Sorry for those who got disturbed with this mail. I have got the RSA Public Key (for that matter some public key of any algorithm). I have got the methods to know the Modulus a

Key Length Legality

m based in the UK, I believe that my company is shipping with *it's* -US- rules, this is not the problem. And RSA is not the problem, configuring with no-rsa etc works AFAIK with the exception of NT where def files need hacking, but that's not a problem. The problem is I would like to know