> David Schwartz wrote:
> >>Dr. Stephen Henson wrote:
> >
> >>A determined and knowledgable attacker can subvert anything that's
> >>not in hardware.
> >
> > I think this is a very strange thing to say. If he has access to the
> > hardware, he can subvert it too. If he doesn't have access to
David Schwartz wrote:
>>Dr. Stephen Henson wrote:
>
>>A determined and knowledgable attacker can subvert anything that's
>>not in hardware.
>
> I think this is a very strange thing to say. If he has access to the
> hardware, he can subvert it too. If he doesn't have access to the hardware,
>
David Schwartz wrote:
> %.h: %.pem
> xxd -i $< > $@
That's compile time so it's not quite as flexible as the link time
command.
Why does this matter? You might have a situation where the source
code is managed by one group without access to the PKI objects,
and the PKI objects are managed
On Tue, Aug 16, 2005, David Schwartz wrote:
>
> > Dr. Stephen Henson wrote:
>
> > A determined and knowledgable attacker can subvert anything that's
> > not in hardware.
>
> I think this is a very strange thing to say. If he has access to the
> hardware, he can subvert it too. If he doesn
> Dr. Stephen Henson wrote:
> A determined and knowledgable attacker can subvert anything that's
> not in hardware.
I think this is a very strange thing to say. If he has access to the
hardware, he can subvert it too. If he doesn't have access to the hardware,
how can he subvert the soft
> cert.o: cert.pem
> ld -o $@ (flags) $<
Or even:
%.h: %.pem
xxd -i $< > $@
DS
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Dr. Stephen Henson wrote:
> Depends on whether you want it embedded in the executable after it has been
> linked or at compile time, i.e. embedded in a C source file.
I think this is slightly off, but at link time (using the gnu tool
chain) you can use:
ld -b binary -r -o root.o root.pem
then
On Tue, Aug 16, 2005, James Whitwell wrote:
> Hi,
>
> Can anyone tell me if it's possible to embed a client certificate inside
> my executable, and what calls I should use to tell OpenSSL to use it? I
> think I'll also need to do it for the CA, since we use self-signed
> certificates, and I w
C L wrote:
> Theoretically it's possible to embed certificates into a Windows and
> Linux executables - not sure about other architectures though.
I don't recall the exact invocation off the top of my head but you
can create a make rule that's something like:
cert.o: cert.pem
ld -o $@ (fla
Try if below works for you:
unsigned char buf[] = "- BEGIN CERTIFICATE - ... - END
CERTIFICATE -"; /* copy the entire certificate file (PEM formatted)
and stick it in here */
BIO *bio = NULL;
X509 *x509 = NULL;
bio = BIO_new_mem_buf(buf, -1);
x509 = PEM_read_bio_X509(bio, NUL
Theoretically it's possible to embed certificates into a Windows and Linux
executables - not sure about other architectures though.
In my spare time I've been researching this topic as well. You can use the
ImageAddCertificate() Win32 API from Imagehlp.dll to programmatically store
a certific
11 matches
Mail list logo
