SSL software is 1. If your
> system default is 2 or higher, that was done by your OS package
> maintainers.
>
>> I see that the API exposes SSL_CTX_get_security_level(); is that the
>> best way to determine minimum RSA key size, or would there be anything
>> more explicit
PI exposes SSL_CTX_get_security_level(); is that the
> best way to determine minimum RSA key size, or would there be anything
> more explicit?
The documentation for that function reads in part:
Level 0
Everything is permitted. This retains compatibility with
previous
> On Sep 26, 2022, at 10:01, Viktor Dukhovni wrote:
>
> On Mon, Sep 26, 2022 at 09:52:29AM -0400, Felipe Gasper wrote:
>
>> OpenSSL 1.1.0k introduced behaviour that rejects 1,024-bit RSA key sizes.
>
> No such change was made. Perhaps your OS distribution has b
On Mon, Sep 26, 2022 at 09:52:29AM -0400, Felipe Gasper wrote:
> OpenSSL 1.1.0k introduced behaviour that rejects 1,024-bit RSA key sizes.
No such change was made. Perhaps your OS distribution has bumped the
default (TLS) security level from 1 (80-bit or more) to 2 (~112 bit or
more). You
Hello,
OpenSSL 1.1.0k introduced behaviour that rejects 1,024-bit RSA key
sizes.
Is the new minimum key size queryable? It appears to be 2,048, but in
the event that that changes again I’d ideally love just to grab that value from
OpenSSL itself rather than hard-coding it
(), OSSL_PKEY_PARAM_RSA_N, &n);
EVP_PKEY_get_bn_param(cert.key(), OSSL_PKEY_PARAM_RSA_E, &e);
EVP_PKEY_get_bn_param(cert.key(), OSSL_PKEY_PARAM_RSA_D, &d);
Now, the reverse exercise for me: to create another RSA key, solely through
EVP_PKEY interfaces (knowing these n, e, d parameters
the reverse exercise for me: to create another RSA key, solely through
EVP_PKEY interfaces (knowing these n, e, d parameters), I think I should go
this route:
mKey = EVP_PKEY_new();
EVP_PKEY_set_type(mKey, some int type ?);
EVP_PKEY_set_bn_param(mKey, OSSL_PKEY_PAR
ncrypt
protocols).
Having an EVP_PKEY which happens to be a RSA key, I proceeded this way (1.1.1)
to extract the bignums needed for inclusion into the JWK:
// Access the numerical components of the certificate RSA keys.
BIGNUM* n;
BIGNUM* e;
BIGNUM* d;
RSA_get0
Dear all,
Testing migration to OpenSSL 3.0.
Got to update some code building a JWK (in relation to ACME LetsEncrypt
protocols).
Having an EVP_PKEY which happens to be a RSA key, I proceeded this way (1.1.1)
to extract the bignums needed for inclusion into the JWK:
// Access the
Hi there,
Thank you very much for your email.
As I was suspecting, I was making a mistake, after following the lead you
provided (the function rsa_ossl_mod_exp in the file crypto/rsa/rsa_ossl.c)
I started observing hits. I was basically making a mistake with the
addresses to watch.
Best regards,
On 12/04/2021 09:57, Danis Ozdemir wrote:
When I define a watchpoint for that address to verify that it has been
accessed when a new client connects to the server and make the server
continue, I can't see a hit which means this address hasn't been
accessed. *I'm attaching the s_client output
Hi all,
Just to see if I can help prompt a response... :-)
Danış is working with me to try see how hard it is to
reproduce meltdown and snarf a private key. Problem-N
of many in doing that is knowing where private key
bits are used in OpenSSL - so far gdb seems to be showing
no accesses to p,q
Hi all,
I hope all is good. My name is Danis Ozdemir, I'm a PhD student in Trinity
College (Ireland) and I'm studying computer security. I'm trying to
reproduce the meltdown attack as an effort to dive deep into the known
attack types with some specific scenarios and "trying to see whether
Meltdow
> From: openssl-users On Behalf Of Matt
> Caswell
> Sent: Tuesday, 5 January, 2021 09:35
>
> On 05/01/2021 11:41, y vasavi wrote:
> >
> > We currently FOM 2.0 module for FIPS certification.
> > It doesn't have support for RSA Key generation(186-4)
&
On Tue, Jan 05, 2021 at 04:34:36PM +, Matt Caswell wrote:
>
>
> On 05/01/2021 11:41, y vasavi wrote:
> >
> > Hi All,
> >
> > We currently FOM 2.0 module for FIPS certification.
> > It doesn't have support for RSA Key generation(186
On 05/01/2021 11:41, y vasavi wrote:
>
> Hi All,
>
> We currently FOM 2.0 module for FIPS certification.
> It doesn't have support for RSA Key generation(186-4)
>
> Are there any patches available ?
Definitely there are no official ones (I'm also not aware of
Hi All,
We currently FOM 2.0 module for FIPS certification.
It doesn't have support for RSA Key generation(186-4)
Are there any patches available ?
Thanks,
Vasavi.
ons are missing
> (generating probable primes P, Q as part of RSA key generation) which are
> mentioned in NIST.FIPS.186-4.pdf.
>
> B.3.3 -> Process : Points 4.4, 4.7, 5.4, 5.5 and 5.8.
>
> Can someone please confirm this behaviour.
>
> Thanks !!
Hi,
In the openssl-fips-2.0.16 version, I see that some validations are missing
(generating probable primes P, Q as part of RSA key generation) which are
mentioned in NIST.FIPS.186-4.pdf.
B.3.3 -> Process : Points 4.4, 4.7, 5.4, 5.5 and 5.8.
Can someone please confirm this behaviour.
Thanks !!
> -Ursprüngliche Nachricht-
> Von: openssl-users Im Auftrag von Paul
> Dale
> Gesendet: Freitag, 5. Oktober 2018 01:33
> An: openssl-users@openssl.org
> Betreff: Re: [openssl-users] Seeding before RSA key generation
>
> Not mentioned thus far is that if you a
mann [mailto:andres.traumann...@gmail.com]
Sent: Friday, 5 October 2018 3:54 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Seeding before RSA key generation
Thank you for your help.
Andres
On 10/4/18 6:47 PM, Matt Caswell wrote:
>
> On 04/10/18 16:14, Salz, Rich via openssl-u
Thank you for your help.
Andres
On 10/4/18 6:47 PM, Matt Caswell wrote:
On 04/10/18 16:14, Salz, Rich via openssl-users wrote:
Which version of OpenSSL are you using?
1.0.2 and 1.1.0 have a bad random number generator and must be explicitly
seeded.
This is not correct. The RNG in 1.0.2 and
>This is not correct.
Thanks for the corrections, Matt.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
We disagree, and as I wrote the latest RNG code and docs, I'm biased (sic).
I'll leave on that weak pun.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 04/10/2018 17:38, Salz, Rich wrote:
What's supposedly bad about the 1.0.x/1.1.0 OpenSSL RNG other
than not being an NSA/NIST design?
Poor locking; been known to crash.
Simple bug, not a reason to change the algorithm.
Does not reseed.
But can be reseeded if so desired, sub
On 04/10/18 16:14, Salz, Rich via openssl-users wrote:
> Which version of OpenSSL are you using?
>
> 1.0.2 and 1.1.0 have a bad random number generator and must be explicitly
> seeded.
This is not correct. The RNG in 1.0.2 and 1.1.0 automatically seeds.
There is no need to explicitly seed it.
>What's supposedly bad about the 1.0.x/1.1.0 OpenSSL RNG other
than not being an NSA/NIST design?
Poor locking; been known to crash.
Does not reseed.
Global across the process, rather than isolated for private-key generation or
per-connection.
Mixes in getpid and time to get "better"
On 04/10/2018 17:14, Salz, Rich via openssl-users wrote:
Which version of OpenSSL are you using?
1.0.2 and 1.1.0 have a bad random number generator and must be explicitly
seeded. 1.1.1 has a good random number generator and auto-seeds.
What's supposedly bad about the 1.0.x/1.1.0 OpenSSL RNG
Which version of OpenSSL are you using?
1.0.2 and 1.1.0 have a bad random number generator and must be explicitly
seeded. 1.1.1 has a good random number generator and auto-seeds.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hello,
In the documentation it is written: "The pseudo-random number generator
must be seeded prior to calling RSA_generate_key_ex()".
After reading the documentation in
https://wiki.openssl.org/index.php/Random_Numbers and investigating the
source code, it seems that the seeding is in fact
Hi,
I tried the same key generation on the default linux port from freescale on
the same board and i am getting an average of 20 seconds with the same
board.
Do you think that there is such a huge performance margin with OS.
The only other difference that i can see is that on the VX works port o
Hi Mithun,
>> I have a embedded board P1010 RDB running openssl on VXWORKS 5.4 .
>> I am generating RSA 2048 and 3072 bit key pairs.
>> I am providing entropy to openssl by using RAND_seed from a HW RNG.
>> My average generation time for RSA 2048 key pair is 2 Minutes and
3072 is 8 minutes.
I'm afraid you will have to look at the OpenSSL source code, I haven't
paid much attention to that CPU recently.
On 23/01/2017 08:09, Mithun P wrote:
Hi Jakob,
Can you please give me some reference/example of bignum optimization
which I can check on powerpc architectures.
Is this any specific
Hi Jakob,
Can you please give me some reference/example of bignum optimization which
I can check on powerpc architectures.
Is this any specific instruction set addition? or something more generic?
Thanks & Regards
Mithun
On Tue, Jan 17, 2017 at 9:38 PM, Jakob Bohm wrote:
> On 17/01/2017 07:44,
On 17/01/2017 07:44, Mithun P wrote:
Hi
I have a embedded board P1010 RDB running openssl on VXWORKS 5.4 .
I am generating RSA 2048 and 3072 bit key pairs.
I am providing entropy to openssl by using RAND_seed from a HW RNG.
My average generation time for RSA 2048 key pair is 2 Minutes and
30
Hi
I have a embedded board P1010 RDB running openssl on VXWORKS 5.4 .
I am generating RSA 2048 and 3072 bit key pairs.
I am providing entropy to openssl by using RAND_seed from a HW RNG.
My average generation time for RSA 2048 key pair is 2 Minutes and 3072 is
8 minutes.
Is there a way to reduc
Hey Openssl-User's,
I'm trying to understand the difference between how primes are generated in
RSA X9.31 ANSI standards ( which I don't have access to ) and FIPS 186-4 (
found here: http://csrc.nist.gov/groups/STM/cavp/documents/dss2/rsa2vs.pdf )
In the code at crypto/bn/bn_x931p.c::BN_X931_gene
)
{
RSA *rsa= NULL;
BIO *rsaKeyBio;
rsaKeyBio = BIO_new_mem_buf(data, -1); //creates read only memory BIO
if (rsaKeyBio==NULL)
{
std::cout<< "Failed to create key BIO" <http://openssl.6102.n7.nabble.com/Convert-RSA-key-string-to-PEM-file-tp61971p61977
On 1/1/2016 4:29 AM, Sugumar wrote:
Hi,
I have a RSA Public key as string type.
I need to convert this string to PEM file. Please help me to create PEM file
from string type.
Convert the string to a binary array.
Convert the array n and e to bignum
*bn = BN_bin2bn(bin, bytes, *bn);
Cr
Hi,
I have a RSA Public key as string type.
I need to convert this string to PEM file. Please help me to create PEM file
from string type.
If u have any sample programs pls post it also for better understanding.
--
View this message in context:
http://openssl.6102.n7.nabble.com/Convert-RSA
On Tue, Jul 28, 2015, Randy Steck wrote:
> Thus, it appears that there is a function in the FIPS API that allows
> for the creation of RSA keys in a non-approved manner.
>
> Am I missing something? Is this by design, or is it a bug?
>
Yes you're right it uses the unapproved keygen algorithm by
I posted this to openssl-dev, but didn't get a reply. Perhaps it's more
appropriate here.
In the FIPS Security Policy there are listed two functions for
generating RSA keys:
FIPS_rsa_generate_key_ex() (renamed from RSA_generate_key_ex())
and
FIPS_rsa_x931_generate_key_ex() (renamed from
R
Hello,
I currently have a FIPS module where I'm trying to add entropy to RSA key
generation pair. I've overwritten the callbacks within my application but
I'm not seeing them being executed when I generate an RSA key.
When I call RSA_generate_key_ex shouldn't my entropy
Hello,
Our product was FIPS-certified a few years ago. We are now about to start
the re-certification process.
The test for RSA X9.31 key generation have somewhat changed, or so it looks
like to me anyway.
A few years ago, we received test vectors with the following parameters:
modulus size,
Hello again,
I am resending this email in case it's been forgotten. Is there anyone who
can help me at all?
If more information is needed, please let me know.
Many thanks.
-- Forwarded message --
From: SecInterlocutor
Date: Fri, May 15, 2015 at 9:44 AM
Subject: Fwd: X9.3
Hello,
Our product was FIPS-certified a few years ago. We are now about to start
the re-certification process.
The test for RSA X9.31 key generation have somewhat changed, or so it looks
like to me anyway.
A few years ago, we received test vectors with the following parameters:
modulus size,
Hello,
I try to understand which function will be called in FIPS mode to generate an
RSA key. While looking trough the code I found two candidates:
RSA_X931_generate_key_ex (in rsa_x931g.c)
rsa_buildin_keygen in (rsa_gen.c)
They seem to use different algorithms, but both contains FIPS-checks
RSA key generation is time-nondeterministic. The reason why is because
candidate prime pairs (generated from the random number generator) must
both past primality and relative primality tests. If the tests fail,
both are supposed to be discarded and the generation go back to step 1.
If you&#x
But unfortunately it doesn't seem to improve the performance, and it seems
that it is even worse.
Do I use Haveged daemon properly?
Thanks.
P.L.
--
View this message in context:
http://openssl.6102.n7.nabble.com/Duration-of-rsa-key-generation-process-tp51673p51699.html
Sent from the
On Thu, Jul 03, 2014 at 12:46:05AM -0700, phildoch wrote:
> I tested the generation of a certificate with a keypair RSA 4096 bit on two
> different platforms.
>
> The openssl command I used is:
> /openssl req -newkey rsa:4096 -keyout clientKey.pem -out clientReq.pem/
>
> There was a huge differ
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Am 03.07.2014 09:46, schrieb phildoch:
> I tested the generation of a certificate with a keypair RSA 4096
> bit on two different platforms.
>
> The openssl command I used is: /openssl req -newkey rsa:4096
> -keyout clientKey.pem -out clientReq.
://openssl.6102.n7.nabble.com/Duration-of-rsa-key-generation-process-tp51673.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support
Hi,
I just created a key pair using:
RSA *rsa = RSA_generate_key(bits, RSA_F4, NULL, NULL);
assert(rsa);
...
EVP_PKEY *pkey = EVP_PKEY_new();
assert(EVP_PKEY_assign_RSA(pkey, rsa));
Now I want to get the public key in PEM format:
assert(EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA);
On Wed, Apr 17, 2013, Ken Goldman wrote:
> On 4/10/2013 5:14 PM, Dr. Stephen Henson wrote:
> >>
> >>Does openssl have any elegant way to cancel an RSA key generation
> >>that's taking too long?
> >
> >At the EVP_PKEY level you can return 0 fr
On 4/10/2013 5:14 PM, Dr. Stephen Henson wrote:
Does openssl have any elegant way to cancel an RSA key generation
that's taking too long?
At the EVP_PKEY level you can return 0 from the key generation callback to
cancel the operation. See EVP_PKEY_set_cb().
Thanks as always. But wher
PM driver can cancel a long command. The
> driver wants to distinguish between a long command and a failure.
>
> Does openssl have any elegant way to cancel an RSA key generation
> that's taking too long?
>
> The best I saw on the web is to do the key generation in anothe
guish between a long command and a failure.
Does openssl have any elegant way to cancel an RSA key generation that's
taking too long?
The best I saw on the web is to do the key generation in another thread.
If the command is canceled,
comes
too big for RSA to encrypt. Let me know if this is correct.
Yes that's correct. If the RSA key size is too small the default SHA512
digest and the associated ASN1 and padding overhead exceeds the maximum for
the RSA algorithm. This is only a problem with insecure keys: most stan
gt;too big for RSA to encrypt. Let me know if this is correct.
>
Yes that's correct. If the RSA key size is too small the default SHA512
digest and the associated ASN1 and padding overhead exceeds the maximum for
the RSA algorithm. This is only a problem with insecure keys: most st
Jain
From: "Dr. Stephen Henson"
To: openssl-users@openssl.org
Date: 02/27/2013 04:26 AM
Subject:Re: What is the reason for error "SSL negotiation failed:
error:04075070:rsa routines:RSA_sign:digest too big for rsa
key"
Sent by:
t; > keys. OpenSSL by default uses SHA512 hash for signature. Change the code to
> > use any other hash.
>
> Interestingly enough, it is in fact SHA384 that fails with RSA-512. The
> client and server agree on:
>
> ECDHE-RSA-AES256-GCM-SHA384
>
> > 512 bit(64 b
On Wed, Feb 27, 2013 at 01:55:24AM +0530, Thulasi Goriparthi wrote:
> > Interestingly enough, it is in fact SHA384 that fails with RSA-512. The
> > client and server agree on:
> >
> > ECDHE-RSA-AES256-GCM-SHA384
> >
>
> Signature Hash type is not controlled by the CipherSuite and can be
>
ature for the verification.
>
> > 512 bit(64 byte) RSA key can only encrypt 53 bytes at max. 64 - 11 byte
> > padding and SHA512 produces 64 bytes of hashed data.
>
> and the handshake fails when the client's key is RSA-512. Indeed
> the shortest RSA key that seems
e code to
> use any other hash.
Interestingly enough, it is in fact SHA384 that fails with RSA-512. The
client and server agree on:
ECDHE-RSA-AES256-GCM-SHA384
> 512 bit(64 byte) RSA key can only encrypt 53 bytes at max. 64 - 11 byte
> padding and SHA512 produces 64 bytes of has
Or use another hash type for signature which can produce not more than 53
bytes of hashed data. (i.e MD5, SHA1, SHA256, SHA384) while using 512-bit
keys. OpenSSL by default uses SHA512 hash for signature. Change the code to
use any other hash.
512 bit(64 byte) RSA key can only encrypt 53 bytes at
s error "SSL
> negotiation failed: error:04075070:rsa routines:RSA_sign:digest too big for
> rsa key" on client side.
>
> Can someone please explain the reason for this error ?
http://archives.neohapsis.com/archives/postfix/2013-02/0235.html
The negotiated TLSv1.2 di
SSLv23_client_method() respectively
Opensssl version used is 1.0.1c.
So, when I initiate the connection from client, I get this error "SSL
negotiation failed: error:04075070:rsa routines:RSA_sign:digest too big for
rsa key" on client side.
Can someone please explain the reason for this e
ssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: Sunday, January 20, 2013 6:04 PM
To: openssl-users@openssl.org
Subject: Re: Failure to generate RSA key in FIPS mode
On Sun, Jan 20, 2013, Oz, Tal (Tal) wrote:
> Hi,
>
> I'm using Ope
On Sun, Jan 20, 2013, Oz, Tal (Tal) wrote:
> Hi,
>
> I'm using OpenSSL 1.0.1c linked with FIPS object module.
> On startup FIPS is enabled successfully (using FIPS_mode_set function).
>
> When I try to generate rsa key it failed with error 'non fips rsa method'
Hi,
I'm using OpenSSL 1.0.1c linked with FIPS object module.
On startup FIPS is enabled successfully (using FIPS_mode_set function).
When I try to generate rsa key it failed with error 'non fips rsa method'.
I tried calling both EVP API and rsa function directly (RSA_generate_key
lowing code to calculate P, Q, DmodP-1, DmodQ-1 and IQMP
for an RSA key without. Perhaps somebody else can use it.
Regards,
---8<--
/* crypto/rsa/rsa_aug_key.c -*- Mode: C; c-file-style: "eay" -*- */
/*
* Cop
pment
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of David Madden
Sent: Thursday, August 09, 2012 5:11 PM
To: openssl-users@openssl.org
Subject: p2q RSA key augmentation
Hi, I have an RSA key { D, E, N } generated by another li
Hi, I have an RSA key { D, E, N } generated by another library. I can
use OpenSSL to encrypt & decrypt interoperably, but I would like to
extend the key with the other factors OpenSSL uses to work faster
(factors P, Q, DMP1, DMQ1, IQMP). Is there a library function that
computes these o
On Wed, Jun 13, 2012, Oleksiy Lukin wrote:
> Hi again!
>
> Andrey, thanks for testing. Seems it is platform-depended bug. My
> development platform is Linux, Fedora 17, x86_64
> I just tested It on OpenBSD 5.0/x86, it works fine too.
>
I've answered this before. The problem is your cast to (si
Hi again!
Andrey, thanks for testing. Seems it is platform-depended bug. My
development platform is Linux, Fedora 17, x86_64
I just tested It on OpenBSD 5.0/x86, it works fine too.
To OpenSSL developers: If you find my program useful as an example of
EVP/PK, please feel free to publish it.
13.0
me with a 4kbit RSA key.
There is a limit in the *RSA* module to 16kbit in all cases, and a
smaller limit on publickey operations *not* using a small exponent.
Both these limits apply whether used through EVP or directly, and
RSA keys generated by OpenSSL (always?) have small exponents.
2. If no s
1. Is there some meaningful limitation coded into EVP_PKEY_decrypt()
>> that does not allow decrypt operation?
> Not that I see, and 1c works for me with a 4kbit RSA key.
>
> There is a limit in the *RSA* module to 16kbit in all cases, and a
> smaller limit on publickey operations
decrypt operation?
Not that I see, and 1c works for me with a 4kbit RSA key.
There is a limit in the *RSA* module to 16kbit in all cases, and a
smaller limit on publickey operations *not* using a small exponent.
Both these limits apply whether used through EVP or directly, and
RSA keys generat
Hi, crypto guys!
I have problem with EVP_PKEY_decrypt() function and 4K RSA private key
decrypting data encrypted with EVP_PKEY_encrypt() and corresponding
public key. Keys generated using openssl CA shell script.
EVP_PKEY_decrypt() just returns -2 saying that this key is not
supported. BUT! RSA
On Fri, May 25, 2012, Oleksiy Lukin wrote:
> int outlen;
...
> } else if (EVP_PKEY_decrypt(ctx, NULL, (size_t *) & outlen, encoded,
> encoded_len) <= 0) { // Determine buffer length
This will cause problems if sizeof(size_t) != sizeof(int). Don't do that: make
outlen of type size_t.
Stev
Hi, crypto guys!
I have problem with EVP_PKEY_decrypt() function and 4K RSA private key
decrypting data encrypted with EVP_PKEY_encrypt() and corresponding
public key. Keys generated using openssl CA shell script.
EVP_PKEY_decrypt() just returns -2 saying that this key is not
supported. BUT! RSA
Hi, crypto guys!
I have problem with EVP_PKEY_decrypt() function and 4K RSA private key
decrypting data encrypted with EVP_PKEY_encrypt() and corresponding
public key. Keys generated using openssl CA shell script.
EVP_PKEY_decrypt() just returns -2 saying that this key is not
supported. BUT! RSA
On 10/26/2011 3:01 PM, Steffen DETTMER wrote:
4. Truncate the string to your desired file name length, but not so
short that accidental collisions become likely (Example to
keep up to 16000 file names likely different, use file names with 2
*
log2(16000)=2*14=28 bits minimum).
Where can I lear
> > 4. Truncate the string to your desired file name length, but not so
> > short that accidental collisions become likely (Example to
> > keep up to 16000 file names likely different, use file names with 2
*
> > log2(16000)=2*14=28 bits minimum).
Where can I learn more about this formula?
I th
SHA-1 is partially broken already. It should not be used unless
necessary for backwards compatibility.
On 10/25/2011 9:01 PM, Jonas Schnelli wrote:
On 10/25/2011 10:52 AM, Jonas Schnelli wrote:
How do i create a HMAC-SHA1 with a RSA Key?
What do i give as input for the param *key?
Why
> On 10/25/2011 10:52 AM, Jonas Schnelli wrote:
>> How do i create a HMAC-SHA1 with a RSA Key?
>> What do i give as input for the param *key?
>>
>> Why:
>> My encrypted file has now the filename of the unencrypted-files-sha1.
>> (unsecure!).
>>
> On 10/25/2011 10:52 AM, Jonas Schnelli wrote:
>> How do i create a HMAC-SHA1 with a RSA Key?
>> What do i give as input for the param *key?
>>
>> Why:
>> My encrypted file has now the filename of the unencrypted-files-sha1.
>> (unsecure!).
>>
On 10/25/2011 10:52 AM, Jonas Schnelli wrote:
How do i create a HMAC-SHA1 with a RSA Key?
What do i give as input for the param *key?
Why:
My encrypted file has now the filename of the unencrypted-files-sha1.
(unsecure!).
I cannot use the sha1 of the encrypted file because i use EVP_Seal
Hi
How do i create a HMAC-SHA1 with a RSA Key?
What do i give as input for the param *key?
Why:
My encrypted file has now the filename of the unencrypted-files-sha1.
(unsecure!).
I cannot use the sha1 of the encrypted file because i use EVP_Seal* (aes256
session key) so the sha1 of the
h same URL name using PK12 format to migrate to MS Windows
> platform. Can anyone help me? Thanks.
man pkcs12 # may need MANPATH if not installed systemwide
http://www.openssl.org/docs/apps/pkcs12.html#
Note: what you have is an RSA key (or more exactly keypair)
and cert in *PEM* format. You
: openssl-users@openssl.org
Subject: Migrate from RSA key to PK12 format
Hi,
I have a certificate generated with RSA format for Apache web server. Now I
have a need to convert the key and cert or generate a new key, csr with same
URL name using PK12 format to migrate to MS Windows platform. Can
Hi,
I have a certificate generated with RSA format for Apache web server. Now I
have a need to convert the key and cert or generate a new key, csr with same
URL name using PK12 format to migrate to MS Windows platform. Can anyone help
me? Thanks.
Ryan Jiang
This message (including any att
Hi,
I have problem to create certification with that specific cipher. I have to
sign pdf with certificate form CA, but it doesn't work. All other certificates
that i created in Windows or OpenSSL Works. They said that it could by because
it have 2048 long key generated with cipher SHA-256 RSA.
Hi,
I have problem to create certification with that specific cipher. I have to
sign pdf with certificate form CA, but it doesn't work. All other certificates
that i created in Windows or OpenSSL Works. They said that it could by because
it have 2048 long key generated with cipher SHA-256 RSA.
> From: owner-openssl-us...@openssl.org On Behalf Of Rick Lopes de
Souza
> Sent: Tuesday, 30 August, 2011 15:46
> Another question is: Is there any problem to use a different kind of
key
> on the request that the Certificate Authority has?
No problem, as long as both algorithms
I am doing ECDSA signing and verification of SHA-512 digests.
1.0.0a. I don't know about 0.9.8.
> From: Rick Lopes de Souza
>
> Does Openssl support ecdsa with sha256 and sha512?
> Only above of 1.0.0 ?
Actually my question continues but a resume of another question is:
Another question is: Is there any problem to use a different kind of key on
the request that the Certificate Authority has?
Does Openssl support ecdsa with sha256 and sha512?
Only above of 1.0.0 ?
On Tue, Aug 30, 2011 at 11:40 A
Maybe it's a simple question, but i want to know if there is any problem
that i have a request using a ECDSA key with SHA-256 and i want to issue a
certificate where the CA uses RSA with SHA 1.
In some tests, a ECDSA with sha1 and a CA with RSA with sha1 it was sucess.
But with ECDSA sha256 it giv
On 08/16/2011 02:58 PM, Dr. Stephen Henson wrote:
> Can you give me a more complete report?
I detailed my situation in a previous recent thread ( Please help:
OpenSSL + OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian) ).
Briefly:
- I want to use ECDSA+SHA512 for OpenVPN authenticatio
On Tue, Aug 16, 2011, Gaglia wrote:
> On 08/14/2011 03:53 PM, Dr. Stephen Henson wrote:
> > Should be fixed by this:
> >
> > http://cvs.openssl.org/chngview?cn=21247
>
> Hi and thanks, it would solve all my problems too! Unfortunately, it
> doesn't seem to work for me :(
Can you give me a more
1 - 100 of 422 matches
Mail list logo
