On Sat, Jun 08, 2024 at 08:12:57AM -0400, Neil Horman wrote:
> > I see someone at
> > https://github.com/openssl/openssl/issues/13382#issuecomment-1181577183
> > with a similar concern suggested -macopt keyfile:file
The requested feature (explicit keyfile option) makes sense to me. Is
there a mo
On 6/8/2024 5:12 AM, Neil Horman wrote:
printf '%s' "hello" | LD_LIBRARY_PATH=$PWD ./apps/openssl dgst -sha1
-hmac $(cat key.txt)
SHA1(stdin)= c3b424548c3dbd02161a9541d89287e689f076d7
That will expose the key in the process args, so is NOT secure.
--
Carson
the openssl-mac utility already contains such a option (though it doesn't
circumvent the issue as the option for the key is also passed on the
command line)
It seems some bash magic solves this problem though. By putting your key
in a file, you can use command substitution to solve
2024-06-08 08:43:26 +0100, Stephane Chazelas:
[...]
> Would it be possible to have a: -macopt keyenv:varname and
> -macopt keyexenv:varname for instance to be able to pass the
> secret via environment variables instead (which on most systems
> are a lot less public than command arguments)?
[...]
I
2022-08-07 18:20:56 +0200, Francois:
[...]
> I am reading some doc instructing me to run
>
> printf '%s' "${challenge}" | openssl dgst -sha1 -hmac ${APP_TOKEN}
>
> Doing so would leak the APP_TOKEN on the command line arguments (so a
> user running
Greetings
I am reading some doc instructing me to run
printf '%s' "${challenge}" | openssl dgst -sha1 -hmac ${APP_TOKEN}
Doing so would leak the APP_TOKEN on the command line arguments (so a
user running a "ps" at the right time would see the APP_TOKEN in
c
Ask LibreSSL for support here. LibreSSL it **not** OpenSSL.
Pauli
On 4/3/22 3:55 pm, Edward Tsang via openssl-users wrote:
the openssl I'm using is in mac
openssl version -a
LibreSSL 2.8.3
On Thu, Mar 3, 2022 at 8:05 PM Edward Tsang wrote:
Ok here is what I tried but still complaining
> On 3 Mar 2022, at 11:55 pm, Edward Tsang via openssl-users
> wrote:
>
> the openssl I'm using is in mac
> openssl version -a
> LibreSSL 2.8.3
LibreSSL is not OpenSSL. This is not the right forum for LibreSSL
questions.
--
Viktor.
the openssl I'm using is in mac
openssl version -a
LibreSSL 2.8.3
On Thu, Mar 3, 2022 at 8:05 PM Edward Tsang wrote:
> Ok here is what I tried but still complaining about unknown options
> -verify_hostname
> openssl s_client -connect google.com -CAfile etc/auth/cacert.pem
> -verify_hostname goog
On Thu, Mar 03, 2022 at 08:05:34PM -0800, Edward Tsang via openssl-users wrote:
> Ok here is what I tried but still complaining about unknown options
> -verify_hostname
> openssl s_client -connect google.com -CAfile etc/auth/cacert.pem
> -verify_hostname google.com -verify_return_error
Perhaps y
Ok here is what I tried but still complaining about unknown options
-verify_hostname
openssl s_client -connect google.com -CAfile etc/auth/cacert.pem
-verify_hostname google.com -verify_return_error
unknown option -verify_hostname
usage: s_client args
On Thu, Mar 3, 2022 at 4:10 PM Viktor Dukhovni
> On 3 Mar 2022, at 6:09 pm, Edward Tsang via openssl-users
> wrote:
>
> openssl s_client -CApath . -CAfile ./cacert.pem -verify_hostname example.com
>
> All I get is "unknown option -verify_hostname
> usage: s_client args"
>
> Have tried combinations of that and check out of doc... really no
Hi,
I am having a very hard time to get the command line working.
Basically just trying to verify hostname via opoenssl command line:
openssl s_client -CApath . -CAfile ./cacert.pem -verify_hostname
example.com
All I get is "unknown option -verify_hostname
usage: s_client args"
"openssl ciphers" will show you the correct names which in this case is
DHE-RSA-AES128-GCM-SHA256
On Wed, 2021-11-17 at 16:25 +0800, M K Saravanan wrote:
> Hi,
>
> Do I need to do any config to enable DHE based ciphers in openssl for
> command line usage?
>
>
gt; >
> >
> > On 17/11/2021 08:25, M K Saravanan wrote:
> > > Hi,
> > >
> > > Do I need to do any config to enable DHE based ciphers in openssl for
> > > command line usage?
> > >
> > > $ openssl s_client -cipher 'DHE_RSA_WITH_
Thanks Matt.
I am extremely for making such a basic stupid mistake.
On Wed, 17 Nov 2021 at 18:33, Matt Caswell wrote:
>
>
>
> On 17/11/2021 08:25, M K Saravanan wrote:
> > Hi,
> >
> > Do I need to do any config to enable DHE based ciphers in openssl for
> > c
On 17/11/2021 08:25, M K Saravanan wrote:
Hi,
Do I need to do any config to enable DHE based ciphers in openssl for
command line usage?
$ openssl s_client -cipher 'DHE_RSA_WITH_AES_128_GCM_SHA256' -connect
10.10.16.100:443
You have the wrong name for this ciphersuite. OpenSSL us
Hi,
Do I need to do any config to enable DHE based ciphers in openssl for
command line usage?
$ openssl s_client -cipher 'DHE_RSA_WITH_AES_128_GCM_SHA256' -connect
10.10.16.100:443
Error with command: "-cipher DHE_RSA_WITH_AES_128_GCM_SHA256"
13977599845689
Hi Michael,
On 28/04/2020 15:21, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
tincanteksup
Sent: Tuesday, April 28, 2020 07:02
[tct@arch-hyv-live-64 pki]$ openssl ca -verbose -config safessl-easyrsa.cnf
-keyfile private/ca.key -cert ca.crt
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> tincanteksup
> Sent: Tuesday, April 28, 2020 07:02
> [tct@arch-hyv-live-64 pki]$ openssl ca -verbose -config safessl-easyrsa.cnf
> -keyfile private/ca.key -cert ca.crt -status $serial_number
>
> [tct@arch-hyv-live-64
ust point out, in advance, that I am using EasyRSA and EasyTLS to
build my
PKI and I am using OpenSSL command line to get the serial number status.
So,
apologies in advance if this is an off-topic or spammy question.
Also, I am not asking for help with either EasyRSA or EasyTLS, I only
pe=PKCS7
>
> openssl asn1parse and other online tools correctly parse and display ASN1
> of pkcs7 envelopedData.
>
> I want to run openssl utility under debugger to see what is happening
> inside the library function.
>
> I've found OpenSSL library source code https://
On 10/14/2019 10:59 PM, Anton Schmidt wrote:
> I've found OpenSSL library source
> code https://github.com/openssl/openssl but not the sources for
> command line utility. Are the sources available?
I believe they are in the "apps" directory of that repository.
--
ugger to see what is happening
inside the library function.
I've found OpenSSL library source code https://github.com/openssl/openssl but
not the sources for command line utility. Are the sources available?
Or as an option is there a guide how I could write a simple pkcs7
envelopedData reade
Actually, it all works just fine. Viktor's point about adding terminating "\n"
to the input text helped.
-BEGIN PRIVATE KEY-
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDGlXflMDDD8kOP
TP5y06tSXe1g8G3uJAoGHT8NewYANIONuJEZveXnfL8+bJRIu8FDzeCc4SWsCISK
WMmX/VY+IzZxLvUlOzRaKmO3Su7A9ABSc/
> On Aug 1, 2018, at 12:47 PM, timmy pony wrote:
>
> On Wed, Aug 1, 2018 at 4:28 PM Viktor Dukhovni
> wrote:
> On Wed, Aug 01, 2018 at 09:24:38AM +0100, timmy pony wrote:
>
> > I have tried this
> >
> > openssl dgst -sha256 -sign my_private.key -out /tmp/sign.sha256
> > codeTosign.txt
>
>
Hi Vicktor - I put a '\n' at end of java snippet
Both are now equal
Thank you for your help.
On Wed, Aug 1, 2018 at 5:47 PM timmy pony wrote:
> Hi Vicktor, Speed read the previous mail.
>
>
>
> On Wed, Aug 1, 2018 at 4:28 PM Viktor Dukhovni
> wrote:
>
>> On Wed, Aug 01, 2018 at 09:24:38AM +0
Hi Vicktor, Speed read the previous mail.
On Wed, Aug 1, 2018 at 4:28 PM Viktor Dukhovni
wrote:
> On Wed, Aug 01, 2018 at 09:24:38AM +0100, timmy pony wrote:
>
> > I have tried this
> >
> > openssl dgst -sha256 -sign my_private.key -out /tmp/sign.sha256
> codeTosign.txt
>
> This produces raw
> On Aug 1, 2018, at 12:14 PM, timmy pony wrote:
>
> Thanks Viktor,
> for assistance .
> The embedded private key "skeleton" is only for visualisation purposes; No it
> will not.
>
>
> the openssl command returns binary.
> so i can do .But they are still coming out different.
>
> ope
Thanks Viktor,
for assistance .
The embedded private key "skeleton" is only for visualisation purposes; No
it will not.
the openssl command returns binary.
so i can do .But they are still coming out different.
openssl base64 -in /tmp/sign.sha256 -out
On Wed, Aug 1, 2018 at 4:28 PM Viktor D
On Wed, Aug 01, 2018 at 09:24:38AM +0100, timmy pony wrote:
> I have tried this
>
> openssl dgst -sha256 -sign my_private.key -out /tmp/sign.sha256 codeTosign.txt
This produces raw binary output, no base64 encoding. What is the
content of the file "codeToSign.txt"? Post the output of:
od -
Hi,
Could some openssl expert please advise ?
Trying to get the equivalent Openssl command-line version of the following
java snippet.
I have tried this openssl dgst -sha256 -sign my_private.key -out
/tmp/sign.sha256 codeTosign.txt
But the the results do not match ?
```
From
Thanks Rich, I will take a look at this also.
Bob
On 08/09/2017 09:49 AM, Salz, Rich via openssl-users wrote:
https://www.openssl.org/~rsalz/pki.tgz but only a root and end-entity. Adding
an intermediate should not be incredible difficult :)
--
openssl-users mailing list
To unsubscribe: htt
https://www.openssl.org/~rsalz/pki.tgz but only a root and end-entity. Adding
an intermediate should not be incredible difficult :)
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
I want to build a PKI structure of a root CA, intermediate CA(s), and
user and server certs. So I went looking for some guidance and found:
https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html
Anything else out there?
The certs will all be ECDSA, P256 SHA256. L
I need these openssl parameters to be used without specifying it in command
line. It doesn't matter, if it is in config file or environment variables.
How to do that?
(I need to sign xml documents via xmlsec. xmlsec can use openssl as crypto,
but I do not have idea, how xmlsec call openss
econd command should be:
>
> $ openssl base64 -A -in cf.enc -out cf.enc.b64
>
> The "-e" and "-base64" options are not needed (default behaviour of
> "base64").
>
> --
> Viktor.
>
> --
> openssl-users mailing list
> To unsubscribe:
> On Apr 5, 2017, at 6:23 AM, Marina wrote:
>
> I have been requested to fill a field 344 characters long with a crypted
> string.
Why?
> My program uses a command to produce this string (cf.enc.b64),
> starting from a string 16 char long (cf.inp)
>
>$ openssl rsautl -encrypt -in cf.inp
sl.6102.n7.nabble.com/Use-of-command-line-openssl-exe-tp70350.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On Mon, Feb 13, 2017, Harakiri via openssl-users wrote:
> Can i set the padding RSASSA-PSS or alg ECDSA via command line when using
> openssl smime or openssl cms command?
> I can't find an option for it.
You have to use the cms command and -keyopt rsa_padding_mode:pss
Can i set the padding RSASSA-PSS or alg ECDSA via command line when using
openssl smime or openssl cms command?
I can't find an option for it.--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
t de
Jakob Bohm
Envoyé : mardi 27 octobre 2015 02:21
À : openssl-users@openssl.org
Objet : Re: [openssl-users] suggested enhancement documentation or warning
for pkey command line tool
On 26/10/2015 14:02, Viktor Dukhovni wrote:
> On Mon, Oct 26, 2015 at 01:21:24PM +0100, Michel wrote:
>
On 27/10/2015 03:42, Viktor Dukhovni wrote:
On Tue, Oct 27, 2015 at 02:21:13AM +0100, Jakob Bohm wrote:
More specifically, the issue is that the currently
recommended command "openssl pkey", allegedly silently
omits the encryption when told not to Base64 encode the
encrypted key.
I agree this
On Tue, Oct 27, 2015 at 02:21:13AM +0100, Jakob Bohm wrote:
> More specifically, the issue is that the currently
> recommended command "openssl pkey", allegedly silently
> omits the encryption when told not to Base64 encode the
> encrypted key.
I agree this is a bug, and needs to be fixed. A fat
On 26/10/2015 14:02, Viktor Dukhovni wrote:
On Mon, Oct 26, 2015 at 01:21:24PM +0100, Michel wrote:
I believe it might be usefull to remind in the documentation that the
-cipher argment for openssl pkey command line tool is silently ignore when
combined with -outform DER.
May be it is worth
On Mon, Oct 26, 2015 at 01:21:24PM +0100, Michel wrote:
> I believe it might be usefull to remind in the documentation that the
> -cipher argment for openssl pkey command line tool is silently ignore when
> combined with -outform DER.
>
> May be it is worth to add a warning to
Hi,
I believe it might be usefull to remind in the documentation that the
-cipher argment for openssl pkey command line tool is silently ignore when
combined with -outform DER.
May be it is worth to add a warning too ?
___
openssl-users mailing list
or to the function ENGINE_by_id() and it should load it.
> >
> > I suggest you try it with the command line utility first.
>
> Does openssl trunk already have API to load certificate from the engine?
> Last time I've looked for this API I've only found
&g
client machine. In
>
> You may be able to make use of the automatic dynamic engine loading
> mechanism to simplify things. You can pass the ENGINE DSO path as the
> ENGINE name or to the function ENGINE_by_id() and it should load it.
>
> I suggest you try it with the command l
and then use it in further server client communication.
>
You may be able to make use of the automatic dynamic engine loading mechanism
to simplify things. You can pass the ENGINE DSO path as the ENGINE name or to
the function ENGINE_by_id() and it should load it.
I suggest you try it with th
Hello,
I want to write a program in which I can load a certificate from a smartcard
instead of having it in a file on the client machine. In order to do so I will
be using the opensc's engine_pkcs11 module. The module works fine using the
shell but I want to implement it as an independent prog
Ben,
I think you are right. My verify test is okay now if I match the
subjectAltName to the nameConstraints defined by the subCA.
Thanks.
David
On Mon, Jun 29, 2015 at 6:23 PM, Ben Humpert wrote:
> Yes, because nameConstraints are inherited.
>
> I don't know exactly where the bug lies but I st
Yes, because nameConstraints are inherited.
I don't know exactly where the bug lies but I strongly advise NOT to
use nameConstraints because while there is a standard nobody has
implemented full or correctly working support for it. I ran various
tests some weeks ago and the result was horrible. Se
The subCA has nameConstraints in the subCA configuration file:
[name_constraints]
permitted;DNS.0 = example.com
client configuration file has subjectAltName:
subjectAltName = DNS: www.cs.com
So is this a mismatch? How come s_client/s_server test was okay?
On Mon, Jun 29, 2015 at 2:12 PM, B
Do you use nameConstraints or have specified IP in subjectAltName?
Because OpenSSL can't handle that correctly.
2015-06-29 22:51 GMT+02:00 David Li :
> Hi,
>
> As a test, I have created a rootCA, a subCA (signed by the rootCA) and
> a client cert (signed by the subCA). Now I want to use verify,
>
Hi,
As a test, I have created a rootCA, a subCA (signed by the rootCA) and
a client cert (signed by the subCA). Now I want to use verify,
s_client and s_server to test them together.
However I searched and tried a number of times but still unsure about
the correct syntax format in verify command.
> I wonder if this is an expected behavior change or it is a bug.
As Dave Thompson said, you haven't yet shown that there is a "bug" or change.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
I wonder if this is an expected behavior change or it is a bug.
Thanks,
Aaron
--
View this message in context:
http://openssl.6102.n7.nabble.com/The-behavior-change-of-command-line-utility-openssl-tp58557p58578.html
Sent from the OpenSSL - User mailing list archive at Nabble.com
Hi Jakub,
I have my custom solution in place and it works well, but I'm always willing to
learn other ways to solve the problem.
I'll take a look this coming week. Thanks!
Sent from my mobile
> On Feb 20, 2015, at 3:34 PM, Jakub Zelenka wrote:
>
> Hi,
>
>> On Tue, Feb 10, 2015 at 3:31 PM, S
Hi,
On Tue, Feb 10, 2015 at 3:31 PM, Sec_Aficionado
wrote:
> Matt,
>
> Thanks for keeping me honest! I see it now, but I totally missed it
> before. I must have just played with the cli and not read the full page.
>
> Can you please confirm that EVP is the way to go? I'll create my own
> little
On 10/02/15 15:31, Sec_Aficionado wrote:
> Matt,
>
> Thanks for keeping me honest! I see it now, but I totally missed it before. I
> must have just played with the cli and not read the full page.
>
> Can you please confirm that EVP is the way to go? I'll create my own little
> PHP extension s
or retrieve the authentication tag."
>
>>
>> Regarding AES-GCM from the command line, or PHP bindings, is that something
>> that any of the OpenSSL components support? I think EVP is the intended way
>> but there are no PHP bindings, only C from what I can tell.
&
does not support authenticated encryption modes like
CCM and GCM. The utility does not store or retrieve the authentication tag."
>
> Regarding AES-GCM from the command line, or PHP bindings, is that something
> that any of the OpenSSL components support? I think EVP is the intended way
> bu
Ah, thank you! I tried a lot of things and was very frustrated. I wish the
documentation reflected that. I'll see if I can contribute by updating it.
Regarding AES-GCM from the command line, or PHP bindings, is that something
that any of the OpenSSL components support? I think EVP i
6 Jan 14) on an Ubuntu 14.04 LTS VM with current
> patches.
>
AES GCM is not supported by the 'enc' utility. More recent versions of OpenSSL
throw out and error message if you try to use it from the command line.
Steve.
--
Dr Stephen N. Henson. Op
Hello,
I am trying to encrypt a short message using AES-256-GCM as mentioned in the
subject.
My command is:
openssl enc -aes-256-gcm -p -in payload.txt -out enc.txt
I get prompted for password as expected.
The encryption goes well, and then I proceed to decrypt using:
openssl enc -d -aes-256-g
> But in certificate chain, I only get 2 certificates information (I think this
> two
> are return by website.)
That's right. The server returns up to, but not including, the root. The
client is supposed to have the root stored somewhere as an out-of-band trust
anchor. This is the way TLS/
On 22/12/2014 11:52, Jerry OELoo wrote:
Hi All:
I have used openssl command line to get some website's certificate
chain. Now, I want to show root certificate information. but I do not
find any command argument to do it.
openssl s_client -showcerts -CApath /etc/ssl/certs -co
Hi All:
I have used openssl command line to get some website's certificate
chain. Now, I want to show root certificate information. but I do not
find any command argument to do it.
openssl s_client -showcerts -CApath /etc/ssl/certs -connect
studentexclusives.hsbc.co.uk:443
I use -CApath t
On Thu, May 15, 2014 at 2:37 PM, Matt Caswell wrote:
> On 15 May 2014 10:39, Jeffrey Walton wrote:
>> On Tue, May 13, 2014 at 12:06 PM, Tom stone wrote:
>>>
>>> Am I missing something or is there a bug in the openssl gcm implementation?
>>
>> If its any consolation, your question triggered a doc
On 15 May 2014 10:39, Jeffrey Walton wrote:
> On Tue, May 13, 2014 at 12:06 PM, Tom stone wrote:
>>
>> Am I missing something or is there a bug in the openssl gcm implementation?
>
> If its any consolation, your question triggered a documentation patch.
> Matt Caswell recently committed it. "Add
On Tue, May 13, 2014 at 12:06 PM, Tom stone wrote:
> Using openssl-1.0.1g command line for simple file encryption/decryption,
> when I issue the commands
>
> openssl enc -aes-256-cbc -k secret -in file.txt -out file.ssl
> openssl enc -d -aes-256-cbc -k secret -in file.ssl
>
On Tue, May 13, 2014, Tom stone wrote:
> Jeremy,
>
> Thank you for your quick response. I am definitely interested in
> additional details. If you know who I should contact that would be great.
> Do you know whether this only effects simple file encryption or is it
> general to the gcm mode, ie
urns out that there's a bug in
>> setting up the GCM cipher, so the enc part is not working correctly for
>> GCM. More than that, someone else will have to elaborate if you are
>> interested.
>>
>> --Jeremy
>>
>>
>> On Tue, May 13, 2014 at 12
ted.
>
> --Jeremy
>
>
> On Tue, May 13, 2014 at 12:06 PM, Tom stone wrote:
>
>> Using openssl-1.0.1g command line for simple file
>> encryption/decryption, when I issue the commands
>>
>> openssl enc -aes-256-cbc -k secret -in file.txt -out file.ssl
>
t; Using openssl-1.0.1g command line for simple file encryption/decryption,
> when I issue the commands
>
> openssl enc -aes-256-cbc -k secret -in file.txt -out file.ssl
> openssl enc -d -aes-256-cbc -k secret -in file.ssl
>
> The contents of file.txt go to stdout as expected. H
Using openssl-1.0.1g command line for simple file encryption/decryption,
when I issue the commands
openssl enc -aes-256-cbc -k secret -in file.txt -out file.ssl
openssl enc -d -aes-256-cbc -k secret -in file.ssl
The contents of file.txt go to stdout as expected. However, when I issue
the
On Tue, May 06, 2014, Jeremy Gray wrote:
>
> I'm seemingly able to enc and dec from the command line using -aes-128-gcm,
> but get a "bad decrypt" error (despite being able to recover the plain
> text).
>
It's a bug: you shouldn't be able to use GCM in t
Hi,
I'm seemingly able to enc and dec from the command line using -aes-128-gcm,
but get a "bad decrypt" error (despite being able to recover the plain
text).
Is getting this error message the expected behavior? The only thing I've
found via google is a couple years old, and
On Mar 18, 2014, at 2:19 PM, Clesmon University
wrote:
> Hello:
>
> What I can find online or in book "Network security with OpenSSL" is using
> command line to generte a CRL. However, what I want to do is to let my
> server receive a serial number from outside int
Hello:
What I can find online or in book "Network security with OpenSSL" is using
command line to generte a CRL. However, what I want to do is to let my
server receive a serial number from outside interface and generate a CRL.
I have looked many place and never find a article to mentio
I'm probably missing something really obvious here
I've got a couple of non-makefile based scripts to build my program.
The program is a mix of C and C++, so the FIPSLD_CC/fipsld does not
work due to c++ name mangling.
The scripts have a couple of variables:
FIPS_PREMAIN=`find $OPENSSLDIR -i
Hi there
We're looking at introducing Mobile Device Management into our
organization and we have a home-built PKI based around openssl command
line tools and a bunch of shell scripts. Works well, very bespoke -
moving away from it would be a major drama (ie changing to a better PKI
that had
: openssl-users@openssl.org
Subject: SMIME CRLF line ending on command line also with -binary flag
Hi,
I'm currently using OpenSSL to encrypt and decrypt SMIME messages.
A new request from our customer is the possibility to prevent storing decrypted
plaintext on harddisk. My idea is now to de
Hi,
I'm currently using OpenSSL to encrypt and decrypt SMIME messages.
A new request from our customer is the possibility to prevent storing decrypted
plaintext on harddisk. My idea is now to decrypt the message on command line
with "openssl.exe smime" without -out parameter.
On Thu, 7 Nov 2013, Dr. Stephen Henson wrote:
On Thu, Nov 07, 2013, Dimitrios Apostolou wrote:
how can I read the details of a public key written by
PEM_write_RSAPublicKey()? I have tried all the "openssl pkey" and
"openssl rsa" combinations without much success, unfortunately.
If possible
On Thu, Nov 07, 2013, Dimitrios Apostolou wrote:
>
> how can I read the details of a public key written by
> PEM_write_RSAPublicKey()? I have tried all the "openssl pkey" and
> "openssl rsa" combinations without much success, unfortunately.
>
If possible you should use PEM_write_RSA_PUBKEY inst
Hello list,
how can I read the details of a public key written by
PEM_write_RSAPublicKey()? I have tried all the "openssl pkey" and "openssl
rsa" combinations without much success, unfortunately.
Thanks in advance,
Dimitris
On Thu, Aug 29, 2013 at 04:38:17PM -0700, Erich Weiler wrote:
> I was wondering if there was also a way to quickly create a certificate and
> key file in a similar fashion while also designating SubjAltName options on
> the openssl command line?
The bash script below uses inline com
You can use the $ENV:xxx construct. It's a bit of a hack, but you only need
one config file and change the env var each time...
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
__
OpenSSL Project
gnating SubjAltName options on
the openssl command line? Something like this maybe?
openssl req -newkey rsa:2048 -x509 -nodes -out test.pem -keyout test.pem
-days 3650 -subjAlt "DNS:foo.com, DNS:bar.com"
or whatever. I know the "-subjAlt" option doesn't exist, but may
On 6/14/13 2:47 PM, Matt Caswell wrote:
On 14 June 2013 20:12, Steve Tarzia wrote:
I am having some trouble finding documentation or examples showing how to
perform Elliptic Curve crypto operations using the openssl command line
tool. Is possible to perform EC encryption and decryption using
On 14 June 2013 20:12, Steve Tarzia wrote:
> I am having some trouble finding documentation or examples showing how to
> perform Elliptic Curve crypto operations using the openssl command line
> tool. Is possible to perform EC encryption and decryption using the openssl
> comma
I am having some trouble finding documentation or examples showing how
to perform Elliptic Curve crypto operations using the openssl command
line tool. Is possible to perform EC encryption and decryption using
the openssl command line tool?
In "man pkeyutl" for version 1.0.1e I se
Hi all,
I happened upon an inconsistency in the openssl command line tool. I think
it's a bug, but I wanted to ask the list before filing a report.
OAEP is a supported RSA padding mode on the pkeyutl command. However,
there's a typo in how it's implemented on the command line. OA
I'm running a tool via a python library that uses ssl and would like
to use a different cipher other than the one being negotiated. Is it
possible to do this via an env variable or some config change on my
workstation, perhaps a config file?
-mark
__
Thanks for the explanation Mr. Henson.
I do not wish to take up too much of your time, but as I am still trying
to understand OpenSSL, I would be grateful if you can add a few words on
how you cope with this in TLS, and point me to the corresponding source
code.
Thanks again,
Michel.
Le 12
On Fri, Oct 12, 2012, Michel wrote:
> I am guessing that 'special handling' is linked to the 'no
> additional authentication data' issue discussed in :
> http://incog-izick.blogspot.fr/2011_08_01_archive.html
>
It's to do with the fact that additional parameters are required with GCM and
how the
I am guessing that 'special handling' is linked to the 'no additional
authentication data' issue discussed in :
http://incog-izick.blogspot.fr/2011_08_01_archive.html
Le 11/10/2012 22:33, Erik Tkal a écrit :
I think Steve posted a while back that those ciphers require special handling
and do n
e...@mit.edu
Sent: Thursday, October 11, 2012 12:19 PM
To: openssl-users@openssl.org
Subject: id-aes256-GCM command line encrypt+decrypt fail
Hello,
I am trying to encrypt and decrypt a string using command-line openssl (1.0.1c)
with the id-aes256-GCM algorithm, but every time it fails
echo -n
1 - 100 of 318 matches
Mail list logo
