> From: openssl-users On Behalf Of George
> Sent: Tuesday, 12 January, 2021 00:18
> I'm running this in Windows 10 and when I load the smart card middleware
> PKCS11 DLL, I see the exception:
> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception:
> unsigned long at memory locati
I'm running this in Windows 10 and when I load the smart card middleware
PKCS11 DLL, I see the exception:
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++
exception: unsigned long at memory location 0x07FCFA00.
During mutual authentication, I also see alot of other exceptions
I found out what my problem is! I'm running it in FIPS mode and this
causes the PKCS11 engine to fail during mutual authentication. I
eventually traced the problem to the following issue:
https://bugzilla.redhat.com/show_bug.cgi?id=1827535
It looks like there is a bug in libp11. Once I made the
Hi,
On 08/01/21 22:35, George wrote:
Hi,
I have been trying to setup mutual authentication using a smart
card but I can't seem to get the OpenSSL Engine to send a response
back to the server containing client's certificate from the smart card.
I'm using the following to configure the cer
> From: openssl-users On Behalf Of George
> Sent: Sunday, 10 January, 2021 21:01
> Right now I am using the "libp11" DLL (i.e.
> libp11-libp11-0.4.11\src\pkcs11.dll)
> with my PKCS11 smart card middleware DLL. Should I be using the OpenSC pkcs11
> DLL
> instead of my middleware DLL if I am usin
Hi,
I had a look at the pkcs11-helper and can see where the
RSA_METHOD_FLAG_NO_CHECK is being set. It's using a session object
called pkcs11h_openssl_session_t, which I do not see in the libp11 or
openSC code.
Right now I am using the "libp11" DLL (i.e.
libp11-libp11-0.4.11\src\pkcs11.d
> From: openssl-users On Behalf Of George
> Sent: Friday, 8 January, 2021 14:35
> The comment indicates that the flag RSA_METHOD_FLAG_NO_CHECK should be set
> for smart cards[...]
> However, it is not actually set when I use a debugger to inspect the flag.
> Does it need to be set? If so, how is
Hi,
I have been trying to setup mutual authentication using a smart card
but I can't seem to get the OpenSSL Engine to send a response back to
the server containing client's certificate from the smart card.
I'm using the following to configure the certificate and private key:
ENGINE_c
Hi,
On 05/01/21 07:39, George wrote:
Hi,
I was looking at the code in
https://github.com/jjkeijser/ppp/blob/eap-tls/pppd/eap-tls.c and
realized I forgot to call ENGINE_ctrl_cmd(...) to setup
"LOAD_CERT_CTRL". However, when I do this, the callback function is no
longer being called duri
Hi,
I was looking at the code in
https://github.com/jjkeijser/ppp/blob/eap-tls/pppd/eap-tls.c and
realized I forgot to call ENGINE_ctrl_cmd(...) to setup
"LOAD_CERT_CTRL". However, when I do this, the callback function is no
longer being called during the mutual authentication handshake.
Hi,
On 20/12/20 09:39, George wrote:
Hi,
I tried running the "s_client" command and it appears to be working.
I guess there must be something wrong in my code.
it is good news that the s_client command is working - it means there is
something wrong with your code but you have everything
Hi,
I tried running the "s_client" command and it appears to be working.
I guess there must be something wrong in my code.
My crash occurs when I call
ENGINE_init(pkey_engine);
I notice your code does not call this function. Is this needed needed?
If so, when/where should it be called?
Hi,
On 19/12/20 04:48, George wrote:
Hi,
I narrowed the problem down to
ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL)
This causes the initial exception
Exception thrown at 0x757346D2 in GENCom.exe: Microsoft C++ exception:
unsigned long at memory location 0x006FCD68.
It looks like so
Hi,
I narrowed the problem down to
ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL)
This causes the initial exception
Exception thrown at 0x757346D2 in GENCom.exe: Microsoft C++ exception:
unsigned long at memory location 0x006FCD68.
It looks like some of the Engine methods cause an excep
Hi,
On 18/12/20 06:21, George wrote:
Hi,
I'm able to setup the engine now, but as soon as I attempt to
execute the command
ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL);
,I see all kinds of middleware exceptions being generated:
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft
Hi,
I'm able to setup the engine now, but as soon as I attempt to
execute the command
ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL);
,I see all kinds of middleware exceptions being generated:
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception:
unsigned long at memor
On 17/12/20 14:55, George wrote:
Ok. So I use the libp11 project DLL file for the SO_PATH and my smart
card middleware DLL for the MODULE_PATH when setting up the OpenSSL
Engine?
yes just like in the example I posted below.
I would recommend the p11 wiki page to do it using the command line
Ok. So I use the libp11 project DLL file for the SO_PATH and my smart
card middleware DLL for the MODULE_PATH when setting up the OpenSSL Engine?
Thanks,
George
On 2020-12-17 3:22 a.m., Jan Just Keijser wrote:
Hi,
On 16/12/20 20:26, George wrote:
Hi,
I've been looking at the code in t
Hi,
On 16/12/20 20:26, George wrote:
Hi,
I've been looking at the code in the pppd EAP-TLS patch, but I
can't seem to load the engine with the pkcs11 DLL. It is failing with
the error:
error:2507606A:DSO support routines:WIN32_BIND_FUNC:could not bind to
the requested symbol name
I've
Hi,
I've been looking at the code in the pppd EAP-TLS patch, but I can't
seem to load the engine with the pkcs11 DLL. It is failing with the error:
error:2507606A:DSO support routines:WIN32_BIND_FUNC:could not bind to
the requested symbol name
I've verified the path is correct.
I am usi
Hi,
On 14/12/20 21:01, George wrote:
Ok, so I am not actually going to populate EVP_PKEY with a private key
in the callback function:
int (*client_cert_cb)(SSL *ssl, X509 **x509, *EVP_PKEY **pkey*)?
Instead, I will call
EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
UI_METHO
> From: openssl-users On Behalf Of George
> Sent: Monday, 14 December, 2020 13:01
> Once I get the resulting EVP_PKEY using ENGINE_load_private_key(...),
> how do I assign it to pkey in the callback function?
I don't know offhand. As I said in my other message, that's not an area I had
to get
Ok, so I am not actually going to populate EVP_PKEY with a private key
in the callback function:
int (*client_cert_cb)(SSL *ssl, X509 **x509, *EVP_PKEY **pkey*)?
Instead, I will call
EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
UI_METHOD *ui_method, void *callback_data);
to
> From: openssl-users On Behalf Of George
> Sent: Monday, 14 December, 2020 09:36
> I see what you mean. So once I have everything setup, i use the following
> to get the private key:
> EVP_PKEY *pkey = ENGINE_load_private_key(...);
>
> Will pkey actually contain the private key from the smart
How I did this:
1) You can make up your own EVP_PKEY that uses your own engine implementation
and attach a data ptr to it
EVP_PKEY* returnPKey;
returnPKey = EVP_PKEY_new();
if( returnPKey )
{
Hi Michael,
I see what you mean. So once I have everything setup, i use the
following to get the private key:
EVP_PKEY *pkey = ENGINE_load_private_key(pkey_engine, pkey_identifier,
transfer_pin, &cb_data);
Will pkey actually contain the private key from the smart card? I
thought it was no
> From: openssl-users On Behalf Of George
> Sent: Monday, 14 December, 2020 08:15
> Thanks for your response. It looks like I don't already have the PPP and
> PPPD.
You don't need PPP to use a smartcard or other PKCS#11 device. Jan just
mentioned the source as a exemplar of the interactions
Hi Jan,
Thanks for your response. It looks like I don't already have the PPP
and PPPD. Do I need to download and install the following?
https://github.com/jjkeijser/ppp/tree/eap-tls
I am using OpenSSL in Windows 10 and compiled it with Visual Studio
2019. Will this EAP-TLS code compile/wor
Hi,
On 14/12/20 08:08, George wrote:
Hi,
I'm new to OpenSSL and am trying to set up mutual authentication in
a client. The client is setup with OpenSSL 1.0.2u. and the client's
certificate + private key is stored on a Smart Card. When the client
receives a certificate request from the se
You can write your own engine that calls the routines you have.
You can also write a shim library that wraps the library you have and presents
it as PKCS#11. Then you can use a PKCS#11 engine.
The first approach is easiest but the second gives you more options down the
line (you don't need to i
Also I found that this works fine with openssl 1.0.1
Where keys are generated in FIPS mode with the following line.
Can someone let me know why this change in behavior between 0.9.8l and
1.0.1?
-BEGIN DSA PRIVATE KEY-
Thanks,
Anamitra
On 6/12/13 12:01 PM, "Anamitra Dutta Majumdar (anma
>From: owner-openssl-us...@openssl.org On Behalf Of Evan Brown
>Sent: Wednesday, 13 March, 2013 11:02
>openssl genrsa -aes256 -out private.pem 2048
>Am I correct in my understanding that OpenSSL adds a salt
>to the passphrase that I specify when this command runs?
>How is the salt computed and w
On 2/22/2013 9:16 AM, Rajeswari K wrote:
Hello Team,
We have a requirement to support onboard crypto engine which doesn't
share private keys to openssl. Current openssl code requires private
keys in its possession to succeed with handshake process.
Is there any way to skip updation of private ke
I am getting below error when i enable the error tag
EC_KEY_check_key failed:
70error:100B1043:elliptic curve routines:EC_KEY_check_key:passed a
null parameter
Can I load only private part of the key for signing the data?
On 14 December 2012 15:34, jeetendra gangele wrote:
> HI
> I tried the be
HI
I tried the below code but still failed. below is my keys also
ec -in ec_key.pem -noout -text
read EC key
Private-Key: (224 bit)
priv:
00:ca:9e:dd:d8:f0:e0:48:35:2c:f7:82:33:24:61:
78:36:df:0d:83:8f:b6:02:97:b1:e3:29:4e:e4
pub:
04:ca:92:89:e7:00:51:43:28:64:89:e5:ed:36:2e:
65:64
> From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele
> Sent: Friday, 14 December, 2012 02:59
> I run the below two command and generated the private key for
> ecdsa sign .
Actually you generated two keypairs and ignored one of them.
But what the hey, they're cheap (unlike say l
On Sun, May 15, 2011 at 1:55 AM, Larry Bugbee wrote:
>
>
> It is a matter of trust. If your server is serving a very small group that
> will trust your self-signed cert, then fine. If however your server is to
> be visited by a large number of people most of which won't know you, they
> would l
On May 14, 2011, at 11:54 AM, Zico wrote:
> Do we "actually" need a third party to make our certificate? I mean, we can
> generate self-certified certificates, right? So, will my production machine
> not run if I don't use CAcert.org or GoDaddy or Verisign?
It is a matter of trust. If your se
On Sat, May 14, 2011 at 8:06 AM, Dave Thompson wrote:
>
> The latter, as long as you transfer the private key from your machine
> to the server along with the certificate from the CA.
>
> You do need to keep *both* machines (keygen and server) secure
> and also the transfer process. It's usually a
> From: owner-openssl-us...@openssl.org On Behalf Of Zico
> Sent: Friday, 13 May, 2011 06:10
> Hi, is it necessary to generate private from "that server"
> in which I will install SSL certificate? I mean, say, I want to
> install SSL certificate for my www.mysite.com, now, is i
> From: owner-openssl-us...@openssl.org On Behalf Of Zico
> Sent: Friday, 13 May, 2011 06:10
> Hi, is it necessary to generate private from "that server"
> in which I will install SSL certificate? I mean, say, I want to
> install SSL certificate for my www.mysite.com, now, is i
nssl.org] On Behalf Of Fili, Tom
> Sent: Friday, December 03, 2010 3:48 PM
> To: openssl-users@openssl.org
> Subject: RE: Private Key from Windows Cert Store
>
> Ok, I got it loading. Thanks.
>
> I'm still have an issue, which would stem from my lack of understanding
-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Fili, Tom
Sent: Friday, December 03, 2010 3:48 PM
To: openssl-users@openssl.org
Subject: RE: Private Key from Windows Cert Store
Ok, I got it loading. Thanks.
I'm still have an issue, which would stem fr
all I have to make?
>
> Again, thanks. You have been so helpful.
>
> -Original Message-
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson
> Sent: Friday, December 03, 2010 12:27 PM
> To: openssl-users@o
openssl-users@openssl.org
Subject: Re: Private Key from Windows Cert Store
On Fri, Dec 03, 2010, Fili, Tom wrote:
> I rebuild OpenSSL and didn't get a capi.dll. I'm using 0.9.8k. Is
there
> something I'm missing in the build process that I need to change to
get
> the eng
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Fili, Tom
Sent: Friday, December 03, 2010 12:01 PM
To: openssl-users@openssl.org
Subject: RE: Private Key from Windows Cert Store
I rebuild OpenSSL and didn't get a capi.dll. I'm using 0.9.8k. Is there
s
On Fri, Dec 03, 2010, Fili, Tom wrote:
> I rebuild OpenSSL and didn't get a capi.dll. I'm using 0.9.8k. Is there
> something I'm missing in the build process that I need to change to get
> the engines to compiled in. From what I've read it looks like it builds
> these engines into the openssl dlls
Of Fili, Tom
Sent: Friday, December 03, 2010 12:01 PM
To: openssl-users@openssl.org
Subject: RE: Private Key from Windows Cert Store
I rebuild OpenSSL and didn't get a capi.dll. I'm using 0.9.8k. Is there
something I'm missing in the build process that I need to change to get
the engines
November 30, 2010 11:49 AM
To: openssl-users@openssl.org
Subject: Re: Private Key from Windows Cert Store
On Tue, Nov 30, 2010, Fili, Tom wrote:
> Thanks, but I was more looking for docs on the interop of OpenSSL and
> the Crypto API. I got pretty most info from the capi that I needed
> excep
On Tue, Nov 30, 2010, Fili, Tom wrote:
> Thanks, but I was more looking for docs on the interop of OpenSSL and
> the Crypto API. I got pretty most info from the capi that I needed
> except the private key, which from what I've read may not always be
> exportable anyway. I was looking for how to ca
load as I get NULL from ENGINE_by_id("capi");
>
> -Original Message-
> From: owner-openssl-us...@openssl.org [
> mailto:owner-openssl-us...@openssl.org ]
> On Behalf Of Stef Hoeben
> Sent: Sunday, November 28, 2010 12:58 PM
> To: openssl-users@openssl.org
>
I get NULL from ENGINE_by_id("capi");
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Stef Hoeben
Sent: Sunday, November 28, 2010 12:58 PM
To: openssl-users@openssl.org
Subject: RE: Private Key from Windows Cert Store
Hi T
sl-users@openssl.org
> Subject: RE: Private Key from Windows Cert Store
>
> Is there a place that has some docs or examples of the capi API? I've
> looked around, but haven't found any good source for these.
>
> Tom Fili
> Software Engineer
> Analytical Graphics In
/26/2010 4:35 AM
To: openssl-users@openssl.org
Subject: Re: Private Key from Windows Cert Store
I think you may use the CAPI engine instead.
2010/11/24 Fili, Tom
> I'm trying to load a private key file of a personal cert from a key file
> and load it like so:
>
> SSL_CTX_use_
I think you may use the CAPI engine instead.
2010/11/24 Fili, Tom
> I'm trying to load a private key file of a personal cert from a key file
> and load it like so:
>
> SSL_CTX_use_PrivateKey_file(pSSLContext, privateKeyFile, SSL_FILETYPE_PEM)
>
> However the certificate is in the Windows Certif
Hodie XIV Kal. Iun. MMX, Dr. Stephen Henson scripsit:
> On Wed, May 19, 2010, Eisenacher, Patrick wrote:
>
> > Hi Bram,
> >
> > > -Original Message-
> > > From: Bram Cymet
> > >
> > > I am wondering if with the latest version of Openssl it is possible to
> > > set the Private Key Usage Pe
On Wed, May 19, 2010, Eisenacher, Patrick wrote:
> Hi Bram,
>
> > -Original Message-
> > From: Bram Cymet
> >
> > I am wondering if with the latest version of Openssl it is possible to
> > set the Private Key Usage Period extension and if so what is
> > the format
> > of the parameters?
>
Hi Bram,
> -Original Message-
> From: Bram Cymet
>
> I am wondering if with the latest version of Openssl it is possible to
> set the Private Key Usage Period extension and if so what is
> the format
> of the parameters?
this is how I do it in my config file:
[ ca_ext ]
basicConstraints
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Donald Beck wrote:
| I am a bit new to this, so I need a little help.
|
| I created my own CA using openssl and I just want to make sure I have
| this right. I imported my signed certificate on my server from the
| request I created from my server.
> From: owner-openssl-users On Behalf Of Pierce Ward
> Sent: Wednesday, 31 October, 2007 09:07
> openssl genrsa -out private_key.pem -f4 768
> openssl pkcs8 -in private_key.pem -nocrypt -topk8 -out PK.pem
> cat PK.pem | openssl enc -base64 -d > PK.key
You don't need a separate step there; just
Original-Nachricht
Datum: Thu, 3 May 2007 12:20:28 +0200
Von: "Dr. Stephen Henson" <[EMAIL PROTECTED]>
An: openssl-users@openssl.org
Betreff: Re: Private Key problem
> On Thu, May 03, 2007, [EMAIL PROTECTED] wrote:
>
> > Thanks!
> > I cur
On Thu, May 03, 2007, [EMAIL PROTECTED] wrote:
> Thanks!
> I currently dont have access to the key generator, so cant post an example.
> However, the key actually DOES start with 30.
> The first chars are:
> 30820
> the last ones are:
> F750
>
> then theres a newline at the end. i tried removing
again
alois
Original-Nachricht
Datum: Wed, 2 May 2007 17:44:14 -0700
Von: "David Schwartz" <[EMAIL PROTECTED]>
An: openssl-users@openssl.org
Betreff: RE: Private Key problem
>
> > Ok, so i guess i do somehow have to convert that hex data into
> > binar
Thanks!
I currently dont have access to the key generator, so cant post an example.
However, the key actually DOES start with 30.
The first chars are:
30820
the last ones are:
F750
then theres a newline at the end. i tried removing that, ..same.
anyway, im pretty confused. No idea what else i coul
> Ok, so i guess i do somehow have to convert that hex data into
> binary, right?
> i tried to do this with xxd, but i cant seem to find the option i
> need. i pasted the output of -help for xxd below. I tried:
> xxd -r infile outfile
> but had to learn that a hexdump is not quite what my key is .
On Wed, May 02, 2007, [EMAIL PROTECTED] wrote:
> (openssl-dev readers ignore, crosspost...)
>
> Hey all,
>
> Im tearing my hair out here with what is probably a stupid problem.
> I'm new to openssl , rsa, etc... , so bear with me please:)
>
> Im doing the server-side things of an authorization
Got it. Thanks.
Sonia
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Marek Marcola
Sent: Tuesday, July 04, 2006 3:48 AM
To: openssl-users@openssl.org
Subject: RE: Private Key Type and PEM Length
Hello,
> One more question before I move to new age
Hello,
> One more question before I move to new agenda.
> Is siglen RSA_size? Should rsa_pv and rsa_pb the same size?
Yes, and this is size of modulus, RSA_size simply
returns BN_num_bytes(rsa->n);
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
same size?
Thanks again.
Sonia
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Marek Marcola
Sent: Monday, July 03, 2006 2:13 PM
To: openssl-users@openssl.org
Subject: RE: Private Key Type and PEM Length
Hello,
> This is what I up to,
>
>
Hello,
> This is what I up to,
>
> $ openssl genrsa -out private.pem 2048
> $ openssl rsa -in private.pem -out public.pem -pubout
>
> to gen the private & public keys
>
> pvk_fd = fopen("private.pem","r");
> rsa_pv = PEM_read_RSAPrivateKey(pvk_fd,&rsa_pv,NULL,NULL);
> ret = RSA_sign(NID_md5,tes
keys, they
are the same. RSA_sign/verify does not work. What did I miss?
Thanks.
Sonia
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Marek Marcola
Sent: Monday, July 03, 2006 8:57 AM
To: openssl-users@openssl.org
Subject: RE: Private Key Type and PEM Len
Hello,
> I want to read public part of RSA.
> The input file is PEM format file generated by openssl genrsa
> for private and openssl rsa for public.
> Do you mean this is not the correct format for PEM_read_RSAPublicKey?
Yes, PEM_read_RSAPublicKey require PKCS#1 but if public key was
generated w
] Behalf Of Marek Marcola
Sent: Monday, July 03, 2006 8:25 AM
To: openssl-users@openssl.org
Subject: RE: Private Key Type and PEM Length
Hello,
> I tried the PEM_read_RSAPrivateKey and PEM_read_RSAPublicKey pair.
> PEM_read_RSAPrivateKey seems work fine.
> PEM_read_RSAPublicKey failed.
>
Hello,
> I tried the PEM_read_RSAPrivateKey and PEM_read_RSAPublicKey pair.
> PEM_read_RSAPrivateKey seems work fine.
> PEM_read_RSAPublicKey failed.
> By tracing, it failed in BIO_gets(), returning 0. Any idea?
PEM_read_RSAPublicKey reads from PKCS#1 ASN1 structure public
part of RSA key (n,e).
:[EMAIL PROTECTED] Behalf Of Marek Marcola
Sent: Friday, June 30, 2006 10:01 AM
To: openssl-users@openssl.org
Subject: RE: Private Key Type and PEM Length
Hello,
> I am working on something similar. if I generated a private key with no
> password,
> can I pass NULL to PEM_read_bio_privateKey(
Thanks Marek,I Got the function Wanted !!--sudhir
Hello,
> I think the modulus field of the rsa_t / dsa_t structure gives the
> Key Length in Bytes,
> am i correct ??
Oh, you mean size of RSA key, try RSA_size();
(and yes - this is size of modulus)
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
Hi, I think the modulus field of the rsa_t / dsa_t structure gives the Key Length in Bytes, am i correct ??--SudhirOn 7/3/06,
Sudhir Voona <[EMAIL PROTECTED]> wrote:
Hi, Thanks for the suggestion Marek. As posted earlier, my requirement is to know the Private Key Type and its PEM Length
Hi, Thanks for the suggestion Marek. As posted earlier, my requirement is to know the Private Key Type and its PEM Length. EVP_PKEY would give me the private key Type and not its PEM Length. How do i extract the PEM Length of the EVP_PKEY ?
Is there an API for getting the EVP_PKEY
Hello,
> I am working on something similar. if I generated a private key with no
> password,
> can I pass NULL to PEM_read_bio_privateKey(bio,&pkey,NULL,NULL)?
Yes,
> Is there lib function that reads DER format?
Try d2i_RSAPrivateKey_bio();
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
_
arek Marcola
Sent: Thursday, June 29, 2006 6:52 AM
To: openssl-users@openssl.org
Subject: Re: Private Key Type and PEM Length
Hello,
> > Can anyone tell me how to get the Private Key Type(DSA /RSA ) and its
> > PEM Length given the buffer containing the Private Key in PEM / DER
> >
Hello,
> > Can anyone tell me how to get the Private Key Type(DSA /RSA ) and its
> > PEM Length given the buffer containing the Private Key in PEM / DER
> > format.
> If you have buffer in PEM format, key tape can be read from
> first "line" (for example: -BEGIN DSA PRIVATE KEY-)
>
> If y
Hello,
> I am sending my Query again ..
>
> Is there any OpenSSL API which would give me the Key Type and its PEM
> Length if I pass the buffer containing the Private Key in DER /PEM
> format to it ??
>
> Can anyone tell me how to get the Private Key Type(DSA /RSA ) and its
> PEM Length given th
Tomas Anderson wrote:
>
>
> I have a java keystore and want to export the private
> key and certificate (Verisign 128-bits) in it for use
> with Apache (we are changing server from a java-based
> server to Apache (mod_ssl)). Apache works like a dream
> when tested (compared to java.) with O
From: "Alexander Kuit" <[EMAIL PROTECTED]>
AKuit> On 13.12.2001 16:45:15 Richard Levitte - VMS Whacker wrote:
AKuit>
[...]
AKuit> >AKuit> I don't have and need access to the private key in the card, I only
AKuit> >AKuit> have to make sure the right key is used during the SSL handshake,
AKuit> >A
On 13.12.2001 16:45:15 Richard Levitte - VMS Whacker wrote:
>What you're talking about below is something different than what I
>answered above.
Ok, this seems to be going into the wrong direction, but that's probably
my own fault. Let me put some things straight.
>Ah. Well, the very simple a
Alexander Kuit wrote:
>
> On 13.12.2001 10:49:31 Richard Levitte - VMS Whacker wrote:
>
> >Assuming you have reached a point where you have a RSA that contains
> >the public data in a form that OpenSSL understands, and a reference
> >(completely chosen by you) to the private data on the card in
From: "Alexander Kuit" <[EMAIL PROTECTED]>
AKuit> On 13.12.2001 10:49:31 Richard Levitte - VMS Whacker wrote:
AKuit>
[...]
AKuit> >This is exactly how it's done in crypto/engine/hw_ncipher.c, why don't
AKuit> >you take a look at that file?
AKuit>
AKuit> Hi Richard,
AKuit>
AKuit> I had a look a
On 13.12.2001 10:49:31 Richard Levitte - VMS Whacker wrote:
>Assuming you have reached a point where you have a RSA that contains
>the public data in a form that OpenSSL understands, and a reference
>(completely chosen by you) to the private data on the card in ex_data,
>you can now do the follo
Alexander Kuit wrote:
>
> On 12.12.2001 11:12:35 Vadim Fedukovich wrote:
>
> >On Wed, 12 Dec 2001, Alexander Kuit wrote:
> >
> >>
> >> >> I'm using the engine version to let the client do rsa private encryption
> >> >> by a smartcard. This means of course that the private key is hidden
> >> >> i
On 12.12.2001 11:12:35 Vadim Fedukovich wrote:
>On Wed, 12 Dec 2001, Alexander Kuit wrote:
>
>>
>> >> I'm using the engine version to let the client do rsa private encryption
>> >> by a smartcard. This means of course that the private key is hidden
>> >> inside the card. However, during debuggin
From: "Alexander Kuit" <[EMAIL PROTECTED]>
AKuit> As far as I understand this function, it requests the private key from the
AKuit> engine. Unfortunately (but not surprisingly), the private key is inside
AKuit> the smartcard and cannot be read (only selected for cryptographic
AKuit> operations).
Francisco Castillejo wrote:
>
> Very Thanks!! XD
> i didn't know that i was using the default config file located into
> /usr/local
> in windows the openssl.cnf file is in the subdirectory apps .
> Finally i execute:
> req -new -x509 -config c:\openssl\apps\openssl.cnf -out CAcert.pem -keyou
s :)
Lidia
- Original Message -
From: "Neff Robert A" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, November 13, 2001 9:02 PM
Subject: RE: private key and certificate to the CA
> Since you didn't specify the -config option, you are using the
&g
Since you didn't specify the -config option, you are using the
default config file with a location of /usr/local/ssl/openssl.cnf.
That directory doesn't exist in Windows. A simple solution is to
place the following into a .bat file in your openssl\ms directory,
and run it from that directory:
se
Thanks. I looked at the asn1parse output and found
that d2i_RSAPrivateKey() expected an INTEGER for the
version number in the ASN1.DER file but it read
something else so it exited.
--- Dr S N Henson <[EMAIL PROTECTED]> wrote:
> Fiel Cabral wrote:
> >
> > I'm writing a program that uses openssl t
Fiel Cabral wrote:
>
> I'm writing a program that uses openssl to read the
> private key from a ASN1.DER encoded file. The openssl
> API outputs the following:
>
> 17752:error:0D080071::lib(13) :func(128)
> :reason(113):a_int.c:191:
> 17752:error:0D09D082::lib(13) :func(157)
> :reason(130):d2i_r
Gil Schindler wrote:
>
> Hi,
>
> Since I missed one detail, I am talking about migration from IIS and
> Netscape to Apache
>
IIS: read the rsa(1) manual page for OpenSSL.
Netscape Web server. Older versions: check my home site. Newer versions
you can copy and rename the databases to a form
]
Subject:Re: Private key migration
1) ftp. 2) ssh. 3) floppy disk. 4) theft and deposit by a friendly
hacker.
5) ...
But the real answer to your question is probably a function of what
the two
webservers in question are, which you neglected to mention
1) ftp. 2) ssh. 3) floppy disk. 4) theft and deposit by a friendly hacker.
5) ...
But the real answer to your question is probably a function of what the two
webservers in question are, which you neglected to mention. Private keys
maybe protected by proprietary password schemes, and/or stored in
1 - 100 of 109 matches
Mail list logo
