be re-based
and then you're bound to get a fingerprint mismatch.
I used the Process Explorer tool to verify that when my dll loaded, the
address it wanted was already occupied. I would suggest you do the same as a
first step to make sure this is actually the problem you are experiencing.
Unfort
Result
1.
On executing 64-bit FipsApp.exe, the FIPS mode gets set and working with
64-bit myapp.dll
2.
But on executing 32-bit FipsApp.exe which uses 32-bit myapp.dll with
same configuration, FIPS_mode_set() fails with reason 111 (Fingerprint
mismatch)
Attempted
Since above
with 64-bit myapp.dll
2) But for 32-bit myapp.dll with same configuration, FIPS_mode_set() fails
with reason 111 (Fingerprint mismatch)
Tried following
Since above 32-bit myapp.dll did not work, some additional configuration
changes were made.
1) ReBuilt FIPS capable OSSL with additional LFLAGS
Hi Experts,
Looking for some assistance. I’ve compiled one of the App in FIPs mode and
while running the App. I’m getting fingerprint mismatch error. I’ve followed
the standard procedure to build a FIPS module using OpenSSL UserGuide 2.0. But
not sure what part is missing.
:~$ openssl
FIPS compliant iOS library and am having
> issues with the fingerprint. I had to add a CPU adjustment to the
> incore_macho but I wouldn't think that would cause a FIPS fingerprint
> mismatch.
>
> https://gist.github.com/jostster/ebbc6925c668b632d8b185293080256c
>
> Does anyone h
I modified a script to get a FIPS compliant iOS library and am having
issues with the fingerprint. I had to add a CPU adjustment to the
incore_macho but I wouldn't think that would cause a FIPS fingerprint
mismatch.
https://gist.github.com/jostster/ebbc6925c668b632d8b185293080256c
Does a
By running the command fips_premain.dso, I found that my lib crypto.so
library file does not have the following two symbols:
FINGERPRINT_ascii_value
FINGERPRINT_remain
Could the missing of these two symbols caused the problems of fingerprint
mismatch which I ran into (during the run time
Thanks for the information.
I checked the Makefile and build logs of both cases (i.e. built with Ubuntu
packaging script and built with the standard way), and I saw the fipsld was
run in both cases:
Makefile for both:
*libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
On Wed, Feb 24, 2016, cloud force wrote:
> Actually it looks like when I ran the tests using the OpenSSL FIPS library
> which I built using Ubuntu build script, the content of FIPS_SIGNATURE
> seemed to be empty.
>
> Can anyone tell me how was the value of sig and FIPS_SIGNATURE (near fips.c
> li
s anyone know what could cause the content of "sig" and
> "FIPS_SIGNATURE" to be different (and hence causes the "fingerprint does
> not match" error)?
>
> Thanks and any suggestions are truly appreciated.
>
>
>
> On Tue, Feb 23, 2016 at 5:01 PM, D
e different when the OpenSSL lib was built using the
Ubuntu build script. When building the lib using the standard way, the
content of "sig" and "FIPS_SIGNATURE" are the same.
Does anyone know what could cause the content of "sig" and "FIPS_SIGNATURE"
to be
>
> > I built the FIPS modules on Ubuntu platform and was trying to build the
> > FIPS capable OpenSSL library.
> >
> > The build went fine but when I ran the following test, the fingerprint
> > error showed up:
> >
> > *OPENSSL_FIPS=1 openssl md5*
> &
On Tue, Feb 23, 2016, cloud force wrote:
> Hi All:
>
> I built the FIPS modules on Ubuntu platform and was trying to build the
> FIPS capable OpenSSL library.
>
> The build went fine but when I ran the following test, the fingerprint
> error showed up:
>
> *OPENSS
Hi All:
I built the FIPS modules on Ubuntu platform and was trying to build the
FIPS capable OpenSSL library.
The build went fine but when I ran the following test, the fingerprint
error showed up:
*OPENSSL_FIPS=1 openssl md5*
*139728296724128:error:2D06B06F:FIPS
wrong? I only want to build the simplest application using FIPS.
From: marcosbonte...@hotmail.com
To: openssl-users@openssl.org
Subject: RE: [openssl-users] FIPS_check_incore_fingerprint: fingerprint does
not match
Date: Wed, 23 Dec 2015 08:25:41 -0200
Thanks for the answer! I searched about t
Thanks for the answer! I searched about the FIPS linker script but I couldn't
find any content. Can you tell how can I run it?
To: openssl-users@openssl.org
From: jb-open...@wisemo.com
Date: Wed, 23 Dec 2015 02:58:22 +0100
Subject: Re: [openssl-users] FIPS_check_incore_fingerprint: finger
; linker script on your
application, which sets the value of that fingerprint based
on the load address and relocations of your application.
Note, that this means that the design of the FIPS module
security policy is incompatible with ASLR on almost every
operating system having that feature
Hello,
I'm getting this error when call the function FIPS_mode_set(1):
error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not
match
Does anybody know how to correct it?
Any tip will be very helpful,Thanks. __
Hi,
Our win32 applications will sometimes fail to start due to a
fingerprint mismatch in the fips module. It appears this is caused by
the fixed baseaddr used to verify the checksum. We are building with
the /FIXED and /DYNAMICBASE:NO options.
The User Guide states:
"The standard OpenSSL
Hello,
I am working on a validation with a FIPS lab including algorithm testing
etc. and not claim any OpenSSL 2.0.5 FIPS certs.
For this, i have made minor changes to the fips-openssl-2.0.5 source
including the fips_test_suite.c file.
This (modified) fips_test_suite binary with fipscanister.o stat
On Wed, Jun 11, 2014, Bala Duvvuri wrote:
> Hi All,
>
> During linking my application with the OpenSSL FIPs, fipsld is invoked to
> embed the digest and during runtime it is calculated and verified during
> FIPS_mode_set.
>
> Can you help me to understand if digest is calculated only for fipscan
Hi All,
During linking my application with the OpenSSL FIPs, fipsld is invoked to embed
the digest and during runtime it is calculated and verified during
FIPS_mode_set.
Can you help me to understand if digest is calculated only for fipscanister
module or the entire application code?
My obser
lookup may search the TXT record of the domain.
> This record may contain one or multiple records in this form:
>
> mydomain.com IN TXT "tls-sec v=1.0 sock=443/tcp crypto=required
> fingerprint=00:12:34:..."
> mydomain.com IN TXT "tls-sec v=1.0 sock=25/tcp crypto=desi
record may contain one or multiple records in
this form:
mydomain.com IN TXT "tls-sec v=1.0 sock=443/tcp crypto=required
fingerprint=00:12:34:..."
mydomain.com IN TXT "tls-sec v=1.0 sock=25/tcp crypto=desired
fingerprint=ab:cd:ef:..."
So the TLS/SSL client is able to chec
Hi,I am a newbie to openssl, I do have a question related to client
hello/server hello authentication flow in openssl.I have to use
pre-available fingerprint to verify the server certificate during TLS
connection establishment.Is there any way/mechanism in openssl to verify
certificate against
I am building a DLL that includes the OpenSSL FIPS object module. This is on
Windows using Visual Studio 10.0. I have the 64-bit version working fine but
when I build a 32-bit version, the "incore fingerprint" fails to match when I
load the DLL and call FIPS_mode_set(1). I had the sa
This was tracked down to the makefile's `install` rule. The rule
builds components rather than only copying the executable and axillary
files.
The original `install` rule (fails the fingerprint check):
install: all install_docs install_sw
The modified `install` rule (passes the finger
Hi All,
When linking to the FIPS Capable shared object, the program fails its
fingerprint check:
$ arm-linux-androideabi-gcc --sysroot="$ANDROID_SYSROOT"
-I/usr/local/ssl/android-14/include fips_hmac.c -o fips_hmac.exe
/usr/local/ssl/android-14/lib/libcrypto.so.1.0.0
$ adb push /usr
the vxworks
version we use does not support
the __attribute__ and constructor etc defined in fips_premain.c. So, I copied
all the code from fips_premain.c
to fips.c and compiled the FOM (3.0) and SSL modules to create libcrypto.a and
libssl.o. I know this will
create fingerprint mismatch for the
Comparing printed debug values that I put into the incore script, it
looks like our compileris putting the signature somewhere between
FIPS_rodata_start and FIPS_rodata_end resulting in the"fingerprint does
not match segment aliasing" error. I can get around this by removing the
-f
> How do I make the FIPS module point to the FIPS capable version that has been
> built?
Look for the --with-fipslibdir option referenced in UserGuide 2.0. There is
also a --with-fipsdir that I don't believe is talked about in the document.
You might want to run ldd on your app executable to che
Eventually I solved this problem. Here is the set of commands I need to use to
generate the shared fips-capable openssl libraries:
su
cd fips // wherever that may be
./config
make
make install
// this installs fipscanister.o and adjacent files into /usr/local/ssl/fips-2.0/
cd openssl // still as
On Fri, Jul 27, 2012, Cassie Helms wrote:
> Dr. Stephen Henson writes:
>
> > > Integrity test started
> > > ERROR:2D06B06F:lib=45,func=107,reason=111:file=fips.c:line=229
> > > Integrity test Failed Incorrectly!!
> >
> > We
Dr. Stephen Henson writes:
> > Integrity test started
> > ERROR:2D06B06F:lib=45,func=107,reason=111:file=fips.c:line=229
> > Integrity test Failed Incorrectly!!
>
> Well that error indicates the fingerprint error. The question is what is
> di
rget machine. I get different results now -- can anyone
> point to what this might indicate, coupled with the fips fingerprint error?
>
> # fips_algvs fips_test_suite post
>
> FIPS-mode test application
> FIPS 2.0 validated module 14 Mar 2012
>
> DRBG
indicate, coupled with the fips fingerprint error?
# fips_algvs fips_test_suite post
FIPS-mode test application
FIPS 2.0 validated module 14 Mar 2012
DRBG AES-256-CTR DF test started
DRBG AES-256-CTR DF test OK
POST started
I
Apologies, this thread is a duplicate of the one Dr. Henson is already
responding to. The authentication system made it unclear whether or
not my original question would post yesterday. Please do not respond
to this thread.
Cassie
___
> What platform is the target system?
cat /etc/*-release: RHEL Server 5.5 (Tikanga)
uname -mrs: Linux 2.6.18-194.el5 x86_64
Build system specs are the same as these.
> After you build the validated module do this:
>
> make build_algvs
>
> This should build an fips_algvs binary in the test direct
On Wed, Jul 25, 2012, Cassie Helms wrote:
> Hi folks,
> I have dynamically linked a FIPS capable OpenSSL library (libcrypto.so and
> libssl.so) into my product's build, but still get a "fingerprint does not
> match"
> error when I call FIPS_mode_set(1). This is
milar
fingerprint text as found in an objdump on fipscanister.o.
My total build generates an rpm of my source with the linked ssl libraries,
which I install on a different machine that does not have openssl or fips
installed.
Unfortunately, FIPS_mode_set(1) still fails for me with the following:
Hi folks,
I have dynamically linked a FIPS capable OpenSSL library (libcrypto.so and
libssl.so) into my product's build, but still get a "fingerprint does not
match"
error when I call FIPS_mode_set(1). This is using a validated copy of FIPS 2.0
source and OpenSSL 1.0.1c.
Th
g
Cc:
Sent: Wednesday, July 18, 2012 6:55 PM
Subject: Re: FIPS: Incore fingerprint check fails on Android?
On Wed, Jul 18, 2012, AJ wrote:
This explains it -- thank you -- I was using a static library -- so I would
need to use fipsld, if I continue to use static.
However, knowing this, I wan
this point would seem to going back to static build, and
getting fipsld working for the android build. Unless I am missing something.
Thanks,
AJ
- Original Message -
From: Dr. Stephen Henson
To: openssl-users@openssl.org
Cc:
Sent: Wednesday, July 18, 2012 6:55 PM
Subject: Re: FIPS:
On Wed, Jul 18, 2012, AJ wrote:
> This explains it -- thank you -- I was using a static library -- so I would
> need to use fipsld, if I continue to use static.
>
> However, knowing this, I wanted to try with shared OpenSSL library instead,
> but my build fails on "multiple definition" errors
iple definition of
`fips_rsa_padding_add_none'
/usr/local/ssl/fips-2.0/lib//fipscanister.o:fips_canister.c:(.text+0x283f8):
first defined here
Any ideas?
Thanks,
AJ
- Original Message -
From: Dr. Stephen Henson
To: openssl-users@openssl.org
Cc:
Sent: Wednesday, July 18, 2012 4:15
On Wed, Jul 18, 2012, AJ wrote:
> Its my application producing the error.
>
> I've been reading more... perhaps I need to get Android build to link via
> fipsld to get the valid fingerprint?
>
> Does this sound right? Any tips?
>
How are you linking your application
-- Original Message -
> From: Jeffrey Walton
> To: openssl-users@openssl.org
> Cc:
> Sent: Wednesday, July 18, 2012 2:27 PM
> Subject: Re: FIPS: Incore fingerprint check fails on Android?
>
> On Wed, Jul 18, 2012 at 11:15 AM, Aunt Jomamma wrote:
>> Sorry if this is
I'm running on 4.0.4 and 2.3.4, with same results on both.
- Original Message -
From: Jeffrey Walton
To: openssl-users@openssl.org
Cc:
Sent: Wednesday, July 18, 2012 2:27 PM
Subject: Re: FIPS: Incore fingerprint check fails on Android?
On Wed, Jul 18, 2012 at 11:15 AM, Aunt Jo
t/darwin-x86/bin:$PATH;
> export PATH
> export MACHINE=armv7l
> export RELEASE=2.6.32.GMU
> export SYSTEM=android
> export ARCH=arm
> export CROSS_COMPILE="arm-linux-androideabi-"
> export ANDROID_DEV="$ANDROID_NDK/platforms/android
Its my application producing the error.
I've been reading more... perhaps I need to get Android build to link via
fipsld to get the valid fingerprint?
Does this sound right? Any tips?
Thanks.
"Dr. Stephen Henson" wrote:
>On Wed, Jul 18, 2012, Aunt Jomamma wrote:
>
On Wed, Jul 18, 2012, Aunt Jomamma wrote:
> Sorry if this is duplicate, but I had an issue with the mailer, and not sure
> if this went...
>
> I have successfully built openssl-fips-2.0 + openssl-1.0.1c for Android using
> ndk-r8.
> I am doing cross-compile on Mac OSX.
>
> However, I cannot
MPILE="arm-linux-androideabi-"
export ANDROID_DEV="$ANDROID_NDK/platforms/android-14/arch-arm/usr"
export HOSTCC=gcc
Any ideas why I cannot pass incore fingerprint validation? Do I need anything
special wrt incore
On Tue, Feb 21, 2012 at 3:51 PM, Andy Polyakov wrote:
>> Another option (but shoot it down if its bogus :-): I noticed that if I
>> compile
>> fipscanister.o without "-fPIC", then the const variables do get placed in
>> the (really readonly) .rodata section as desired. I thought maybe if I did
>>
On Tue, Feb 21, 2012 at 3:51 PM, Andy Polyakov wrote:
>> Another option (but shoot it down if its bogus :-): I noticed that if I
>> compile
>> fipscanister.o without "-fPIC", then the const variables do get placed in
>> the (really readonly) .rodata section as desired. I thought maybe if I did
>>
> Another option (but shoot it down if its bogus :-): I noticed that if I
> compile
> fipscanister.o without "-fPIC", then the const variables do get placed in
> the (really readonly) .rodata section as desired. I thought maybe if I did
> that and went the static route - build libcrypto with no-sh
On Tue, Feb 21, 2012 at 1:11 PM, Andy Polyakov wrote:
>> Though in FIPS 2.0 there is new option that might work in this case.
>> Besides switching to another compiler that is. Introduced to rectify
>> situation with rodata segments not being position-independent on Win64,
>> defini
> Though in FIPS 2.0 there is new option that might work in this case.
> Besides switching to another compiler that is. Introduced to rectify
> situation with rodata segments not being position-independent on Win64,
> defining __fips_constseg might prove useful even in this situatio
On Mon, Feb 20, 2012 at 5:18 AM, Andy Polyakov wrote:
>
> >>> Though in FIPS 2.0 there is new option that might work in this case.
> >>> Besides switching to another compiler that is. Introduced to rectify
> >>> situation with rodata segments not being position-independent on Win64,
> >>> defining
>>> Though in FIPS 2.0 there is new option that might work in this case.
>>> Besides switching to another compiler that is. Introduced to rectify
>>> situation with rodata segments not being position-independent on Win64,
>>> defining __fips_constseg might prove useful even in this situation. See
>
On Sun, Feb 19, 2012 at 3:50 PM, Kevin Fowler wrote:
>
>
> On Sun, Feb 19, 2012 at 11:52 AM, Andy Polyakov wrote:
>
>> >>> After I had gotten the extra "-f" options from Harvey for this
>> platform
>> >>> (BSD-powerpc),
>> >> Using -f[data|function]-sections options is inappropriate as they
>> >
On Sun, Feb 19, 2012 at 11:52 AM, Andy Polyakov wrote:
> >>> After I had gotten the extra "-f" options from Harvey for this platform
> >>> (BSD-powerpc),
> >> Using -f[data|function]-sections options is inappropriate as they
> >> undermine the idea of "capturing" fipscanister code and rodata betw
>>> After I had gotten the extra "-f" options from Harvey for this platform
>>> (BSD-powerpc),
>> Using -f[data|function]-sections options is inappropriate as they
>> undermine the idea of "capturing" fipscanister code and rodata between
>> start/end symbols. It was bad advice/idea, do *not* use th
On Sat, Feb 18, 2012 at 6:13 PM, Andy Polyakov wrote:
> > The key thing I realized is that the incore script that comes with the
> FIPS
> > Object Module v2.0 tarball
> > handles both native AND cross-compile scenarios.
>
> Even though FIPS 2.0 util/incore is capable of handling arbitrary ELF
>
> The key thing I realized is that the incore script that comes with the FIPS
> Object Module v2.0 tarball
> handles both native AND cross-compile scenarios.
Even though FIPS 2.0 util/incore is capable of handling arbitrary ELF
binary (native or not), it's not used in non-cross-compile/native cas
On Fri, Feb 17, 2012 at 10:25 PM, Dr. Stephen Henson wrote:
> On Fri, Feb 17, 2012, Kevin Fowler wrote:
>
> > Thanks Harvey,
> > This seems to have worked as far as getting the .rodata section used.
> This
> > is what I see now:
> >
> > 001b5740 g O .rodata0010 FIPS_rodata_start
>
untered this problem when compiling the 1.2.3 FIPS object module
> some time ago, with exactly the same compiler. After some experimentation I
> managed to get it to embed the fingerprint correctly using the following
> compiler options:
>
> -fno-common -fdata-sections -ffunction-secti
Hi Kevin,
I encountered this problem when compiling the 1.2.3 FIPS object module some
time ago, with exactly the same compiler. After some experimentation I managed
to get it to embed the fingerprint correctly using the following compiler
options:
-fno-common -fdata-sections -ffunction
need to add?
>
> The fingerprint that openssl computes is the hash of the entire certificate
> in DER format. You should be able to recover the DER-formatted certificate
> by base64-decoding the block of text between the BEGIN/END lines in the
> PEM-formatted certifcate.
>
> There
On 19 Apr 2011, at 10:55 AM, Matt C wrote:
> Should I be hashing the entire contents of the PEM file, only part, or is
> there additional data I need to add?
The fingerprint that openssl computes is the hash of the entire certificate in
DER format. You should be able to recover t
The thumbprint is the hash of the certificate data in DER format. For example,
the following commands would work for both forms:
openssl x509 -in user.pem -fingerprint -md5 -noout
openssl x509 -in user.cer -inform der -fingerprint -md5 -noout
But I f you want to use a raw hash then only the
Hello,
I am able to generate an MD5 fingerprint with the following command.
openssl x509 -in user.pem -fingerprint -md5 -noout
This fingerprint matches the fingerprint displayed by Thunderbird/Firefox.
I am trying to generate an MD5 using a hash function in PHP,
http://nl2.php.net/manual/en
Double check your fipsld link line when generating the executable . I
suspect an issue with fingerprint which gets generated/embeds by using
the fipsld tool.
HTH
Jatheen Anand
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Justin A
Sent: Thursday, October 30, 2008 4:01
Hi,
While running my application and getting this error, when I invoke the
FIPS_mode_set. I am linking my application with fipsld
CC=fipsld FIPSLD_CC=gcc
1075438240:error:2D06906E:FIPS
routines:FIPS_CHECK_INCORE_FINGERPRINT:fingerprint does not match:fips.c:238:
1) Followed the right instr
On Thu, Sep 25, 2008, joshi chandran wrote:
> I am using openssl 0.9.7m . Yes,I have the used the OPENSSL_FIPS=1 when
> calling the command . i am attaching the testscript which i am using.
> please help me
>
[snipped]
Your config files have default_md = md5 in several places. Change those to
s
#x27;UTF8:some random string'
report
echo "*Completed Testing ASN.1 parsing
tool*"
# Testing Certificate display and signing utility
echo "*Testing Certificate display and signin
On Thu, Sep 25, 2008, joshi chandran wrote:
> I am trying to test the Fips capable openssl and when i am testing it i am
> getting some error
>
> openssl req -x509 -newkey rsa:2048 -out $HOME/exampleca/cacert.pem -outform
> PEM
>
> Generating a 2048 bit RSA private key
>
On Thu, Sep 25, 2008, joshi chandran wrote:
> I am trying to test the Fips capable openssl and when i am testing it i am
> getting some error
>
> openssl req -x509 -newkey rsa:2048 -out $HOME/exampleca/cacert.pem -outform
> PEM
>
> Generating a 2048 bit RSA private key
>
I am trying to test the Fips capable openssl and when i am testing it i am
getting some error
openssl req -x509 -newkey rsa:2048 -out $HOME/exampleca/cacert.pem -outform
PEM
Generating a 2048 bit RSA private key
+
David Schwartz wrote:
> In many cases, FIPS actually results in (you might reasonably think, at
> least) reduced security. ...
>
> C) Quasi-FIPS. All FIPS rules are followed, except where it is genuinely
> believed that these rules reduce security or are unreasonably impractical.
> For example,
> I am rather confused why people need to drop out of FIPS mode. The
> Federal Information Processing Standard dictates that FIPS-validated
> cryptography be used for everything that requires cryptographic
> transformation for storage (or really anything that enters or leaves
> the cryptograpic s
In a word: no.
That's one of the goals of the FIPS 1.2.0 release and 0.9.8-fips branches.
-Kyle H
On Wed, Sep 24, 2008 at 7:38 AM, joshi chandran
<[EMAIL PROTECTED]> wrote:
> Is it possible to create FIPS enabled openssl shared library(openssl 0.9.7m)
> ? I am not able to build shared library .I
This is a known issue.
This workflow fails:
FIPS_mode_set(1);
FIPS_mode_set(0);
FIPS_mode_set(1); /* fails */
This workflow succeeds:
FIPS_mode_set(1);
FIPS_mode_set(0);
RAND_set_rand_method(NULL);
FIPS_mode_set(1); /* succeeds */
The reason is that the 1.1.x series of FIPS did not properly hand
Is it possible to create FIPS enabled openssl shared library(openssl 0.9.7m)
? I am not able to build shared library .I am using AIX unix system
Thanks
Joshi
On Wed, Sep 24, 2008 at 6:47 PM, joshi chandran
<[EMAIL PROTECTED]>wrote:
> when i have done FIPS_mod_set(1),it goes into the fips mode an
when i have done FIPS_mod_set(1),it goes into the fips mode and when i am
doing FIPS_mod_set(0), it come out of fips mode but when i again apply
FIPS_mod_set(1) ,it does not goes to fips mode
can u please help me out
Thanks
Joshi
On Wed, Sep 24, 2008 at 3:55 AM, Tim Hudson <[EMAIL PROTECTED]> w
joshi chandran wrote:
when i am using make CC=fipsld FIPSLD_CC=gcc , i am getting error message
> gcc: unrecognized option `-qnostdinc'
> gcc: unrecognized option `-qnolm'
Those are xlc options - i.e. the IBM compiler.
Perhaps
make CC=fipsld FIPSLD_CC=xlc
might be a better option. Look
org
Subject: Re: FIPS-capable curl: Solaris 9 - fingerprint does not match
when i am using make CC=fipsld FIPSLD_CC=gcc , i am getting error message
if test ! -z ""; then /.../
austin.ibm.com/fs/projects/aix/aix53L/53L_SERVICE/ode_tools/power/usr/bin/perl
./fixprogs ssh_prng_cmds
alf Of Dr. Stephen Henson
> Sent: Monday, September 22, 2008 3:44 AM
> To: openssl-users@openssl.org
> Subject: Re: FIPS-capable curl: Solaris 9 - fingerprint does not match
>
>
> On Sun, Sep 21, 2008, Welling, Conrad Gerhart wrote:
>
> > Back to square 2 out of 3:
>
course, my FIPS-capable curl built successfully.
Thanks again.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson
Sent: Monday, September 22, 2008 3:44 AM
To: openssl-users@openssl.org
Subject: Re: FIPS-capable curl: Solaris 9 - fingerprin
joshi chandran wrote:
> how to link fipsld with the application .Can u please explain
Please read the documentation:
http://www.openssl.org/docs/fips/SecurityPolicy-1.1.2.pdf and
http://www.openssl.org/docs/fips/UserGuide-1.1.1.pdf.
-Steve M.
--
Steve Marquess
Open Source Software institute
[EM
how to link fipsld with the application .Can u please explain
On Mon, Sep 22, 2008 at 4:14 PM, Dr. Stephen Henson <[EMAIL PROTECTED]>wrote:
> On Sun, Sep 21, 2008, Welling, Conrad Gerhart wrote:
>
> > Back to square 2 out of 3:
> >
> > Platform:
> > SunOS bear 5.9 Generic_118558-34 sun4u sparc S
On Sun, Sep 21, 2008, Welling, Conrad Gerhart wrote:
> Back to square 2 out of 3:
>
> Platform:
> SunOS bear 5.9 Generic_118558-34 sun4u sparc SUNW,Ultra-5_10
> gcc (GCC) 3.4.6
> GNU ld version 2.17
> GNU ar 2.17
>
> 1. Built fips-1.1.2 successfully
>
> 2. Built openssl-0.9.7m successfully with
Back to square 2 out of 3:
Platform:
SunOS bear 5.9 Generic_118558-34 sun4u sparc SUNW,Ultra-5_10
gcc (GCC) 3.4.6
GNU ld version 2.17
GNU ar 2.17
1. Built fips-1.1.2 successfully
2. Built openssl-0.9.7m successfully with ...
./Configure solaris-sparcv9-gcc27 fips
--with-fipslibdir=/export/home/
On Fri, Jul 25, 2008 at 10:01:23PM +0800, Anri Lau wrote:
> Hi All
>
> Is the thumbprint digest of Public key or certificate? Is the thumbprint is
> the same as fingerprint?
> It is confused but I did not found any standard to define these. Anyone can
> give me some sugg
Hi All
Is the thumbprint digest of Public key or certificate? Is the thumbprint is
the same as fingerprint?
It is confused but I did not found any standard to define these. Anyone can
give me some suggestion?
--
Best regards to you and your family
Hello,
> When I ssh into a box it presents me with a rsa finger print as below:
>
> The authenticity of host 'samplehost (xxx.xxx.xxx.xxx)' can't be
> established.
> RSA key fingerprint is 2f:e4:d2:75:5a:a1:55:b4:42:54
> :69:91:72:dd:72:4a
>
> I'
On Thu, Jun 14, 2007 at 09:00:51AM -0400, Chris Hatko wrote:
> When I ssh into a box it presents me with a rsa finger print as below:
>
> The authenticity of host 'samplehost (xxx.xxx.xxx.xxx)' can't be
> established.
> RSA key fingerprint is 2f:e4:d2:75:5a:a1
When I ssh into a box it presents me with a rsa finger print as below:
The authenticity of host 'samplehost (xxx.xxx.xxx.xxx)' can't be
established.
RSA key fingerprint is 2f:e4:d2:75:5a:a1:55:b4:42:54:69:91:72:dd:72:4a
I'd like to confirm which certificate is being used on
erver via email,
fax, postal, etc.
The question: Is it possible, using only the encrypted data, to know which
private key will decrypt the data? I was not sure if there is some kind of
"fingerprint" the encryption process left on the resulting data that could
be used to determine th
This is one reason why military-grade fingerprint scanners require a
galvanic skin resistance check. In addition, many of the devices send
a hash of the fingerprint's features -- not a key or password unlocked
by it -- to the host.
-Kyle H
On 9/12/06, Bernhard Froehlich <[EMAIL P
Bernhard Froehlich wrote:
[...]
As I understand it a fingerprint scanner does not send the fingerprint
itself to the computer but uses the fingerprint to unlock an internal
storage containing a private key (or maybe a password). So you don't
have to contact a surgeon if your machi
1 - 100 of 123 matches
Mail list logo
