On 10/08/18 23:43, Felipe Gasper wrote:
> Hi all,
>
> Do EDDSA keys serialize to any format other than SPKI (public) and
> PKCS8 (private)?
>
> I ask because RSA and ECC both have “native” formats as well as SPKI
> and PKCS8.
>
> Thanks!
>
No, there are no "native" format
Hi all,
Do EDDSA keys serialize to any format other than SPKI (public) and
PKCS8 (private)?
I ask because RSA and ECC both have “native” formats as well as SPKI
and PKCS8.
Thanks!
-FG
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listin
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Salz, Rich
> Sent: Thursday, July 09, 2015 15:29
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] Old "RSA_NET" key format
>
> > Because both methods confirm y
> Because both methods confirm your prior decisions, you therefore conclude
> that you were always right in the first place.
Provably wrong. I wanted to get rid of Netware support as the first example
that comes to mind. As the second, I want to move all uses of RC4 and MD5 to
LOW strength ci
On 09/07/2015 23:09, Salz, Rich wrote:
OpenSSL is a critical part of security in too many places for us to take on
any unnecessary technical debt.
This is a somewhat empty argument as long as no one bothers to properly
determine if a piece of code is a debt or an asset.
I claim that we are b
>> OpenSSL is a critical part of security in too many places for us to take on
>> any unnecessary technical debt.
>>This is a somewhat empty argument as long as no one bothers to properly
>>determine if a piece of code is a debt or an asset.
I claim that we are being careful and doing the prop
On 09/07/2015 21:52, Karl Vogel wrote:
On 08/07/2015 20:23, Salz, Rich wrote:
> 1. Is there any good reason to remove this code?
R> Yes. If it's not tested, reviewed, or in general use, then it's
R> more likely to be harmful (source of bugs) than useful.
On Wed, 08 Jul 2015 20:47:43 +0200
>> On 08/07/2015 20:23, Salz, Rich wrote:
> 1. Is there any good reason to remove this code?
R> Yes. If it's not tested, reviewed, or in general use, then it's
R> more likely to be harmful (source of bugs) than useful.
>> On Wed, 08 Jul 2015 20:47:43 +0200, Jakob Bohm replied:
J> That's an ov
> That's an overly general criteria, and may be the source of your mysterious
> marauding of the APIs.
Well there was no intent to be mysterious although I like the alliteration. We
did mention it in the roadmap (https://openssl.org/about/roadmap.html) .
Things are evaluated on a case-by-case
so needed this
kind of cleanup, while the original eay DES API is only
invokable from code that knows about it, and would thus
not need to be removed for lack of use/testing.
2. Is this the OpenSSL name for the private key format
used by older Microsoft Authenticate tools (and thus
sometim
On Wed, Jul 08, 2015, Jakob Bohm wrote:
>
> 2. Is this the OpenSSL name for the private key format
> used by older Microsoft Authenticate tools (and thus
> sometimes converted to/from PKCS#12 when switching
> tool chains)?
>
AFAIK they only use "PVK" for
> 1. Is there any good reason to remove this code?
Yes. If it's not tested, reviewed, or in general use, then it's more likely to
be harmful (source of bugs) than useful.
> 2. Is this the OpenSSL name for the private key format
>used by older Microsoft Authentic
.
If this would cause a problem for you, please respond soon.
1. Is there any good reason to remove this code?
2. Is this the OpenSSL name for the private key format
used by older Microsoft Authenticate tools (and thus
sometimes converted to/from PKCS#12 when switching
tool chains)?
3. Is
We are thinking about removing the old "RSA_NET" format for private keys. This
is used by very old Netscape and IIS.
This would remove the d2i/i2d RSA_NET API's, and the "nss" format flag from the
openssl program. It would not remove the SPKI stuff.
If this would cause a problem for you, please
Also I found that this works fine with openssl 1.0.1
Where keys are generated in FIPS mode with the following line.
Can someone let me know why this change in behavior between 0.9.8l and
1.0.1?
-BEGIN DSA PRIVATE KEY-
Thanks,
Anamitra
On 6/12/13 12:01 PM, "Anamitra Dutta Majumdar (anma
We are using OpenSSL version 0.9.8l
And what we find is that the DSA private key formats are different in FIPS
and non-FIPS mode
In FIPS mode it starts with
-BEGIN PRIVATE KEY-
Whereas in non-FIPS mode it starts with
-BEGIN DSA PRIVATE KEY-
I understand that this is expected s
On Mon, Feb 28, 2011, Yolanda Liu (liuyu) wrote:
> Hi,
>
>
>
> I manually ran "openssl genrsa -out key.rsa 2048" in FIPS on and off
> mode, the generated private keys are in different format.
>
>
>
> In FIPS off mode:
>
> -BEGIN RSA PRIVATE KEY-
>
> MIIEpAIBAAKCAQEAwhVeHVTVFcr
Hi,
I manually ran "openssl genrsa -out key.rsa 2048" in FIPS on and off
mode, the generated private keys are in different format.
In FIPS off mode:
-BEGIN RSA PRIVATE KEY-
MIIEpAIBAAKCAQEAwhVeHVTVFcrWJn6d8WJWgQ49lETK7a7rPS8nCxgOHJWmT3bV
in FIPS on mode, the rsa key is in the
ert works fine.
> Note: I have used below command to extract public key
> in default PEM format. But the vendor requires the key format
> to be one which is compatible with Java.
> openssl rsa -in priv_key.txt -out pub_key.txt -pubout
Java, specifically the de
format that is compatible with Java sites?
Note: I have used below command to extract public key in default PEM format.
But
the vendor requires the key format to be one which is compatible with Java.
openssl rsa -in priv_key.txt -out pub_key.txt -pubout
Regards
Vivek Panikulam
Hi,
Have you seen this?
http://juliusdavies.ca/commons-ssl/utilities.html
You can probably use the "KeyStoreBuilder" utility on the command-line
to convert your OpenSSL RSA key into a java-friendly "jks" file (aka:
java keystore file). Try this command:
-
java -cp not-ye
Hi guys,
I'm currently writing a little test application using RSA's JSAFE
libraries (java version of BSAFE), and I'm generating my keys using
openssl, however I cannot get a signature to verify successfully. An
example program (with hard coded bytes for the private key) using an
rsa algorithm wor
Hello,
> I just have one qusetion, I am developing an application that makes
> use of a cryptographic token (cryptocombo2048). The token exports the
> public key to a file in the following format :
>
> Public Key Label[128byte]
> Public Key ID[128byte]
> Public Key Modulus[128 byte]
> Public Key
Hi AllI just have one qusetion, I am developing an application that makes use of a cryptographic token (cryptocombo2048). The token exports the public key to a file in the following format : Public Key Label[128byte]Public Key ID[128byte]Public Key Modulus[128 byte]Public Key Exponent[4 bytes]B
Hi AllI just have one qusetion, I am developing an application that makes use of a cryptographic token (cryptocombo2048). The token exports the public key to a file in the following format : Public Key Label[128byte]Public Key ID[128byte]Public Key Modulus[128 byte]Public Key Exponent[4 bytes]B
On Fri, Feb 11, 2005, Janin-Magnificat Thomas wrote:
> Thanks for your answer,
>
> Can SLLeavy format be encoded in DER and PEM form ?
>
Yes. The only difference between unencrypted PEM and DER is that unencrypted
PEM is the DER form base64 encoded with start and end lines.
Steve.
--
Dr Stephe
Thanks for your answer,
Can SLLeavy format be encoded in DER and PEM form ?
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] la part de Dr. Stephen Henson
Envoyé : vendredi 11 février 2005 14:44
À : openssl-users@openssl.org
Objet : Re: key format
On Fri, F
On Fri, Feb 11, 2005, Janin-Magnificat Thomas wrote:
> Hello,
>
> I'm trying to create a little program that can load certificates and keys
> in a database with openssl api. But I'm not clear with keys files format.
> Correct me if I'm wrong :
>
> - PKCS#8 format is an encrypted format that co
Hello,
I'm trying to create a little program that can load certificates and keys in a
database with openssl api. But I'm not clear with keys files format. Correct me
if I'm wrong :
- PKCS#8 format is an encrypted format that contains private and public key.
- PKCS#1 is a format for RSA key
es:d2i_PrivateKey:ASN1 lib:d2i_pr.c:
>
> Looks like the header is wrong.
>
> I am confused to the key format ASN.1 is a standard
> that can be encoded using BER or DER. BSAFE types
> reference BER not DER OpenSSL is using DER not BER.
> DER encoding provides only one strict form
EMPLATE_D2I:nested asn1
error:tasn_dec.c:566:Field=n, Type=RSA
5840:error:0D09A00D:asn1 encoding
routines:d2i_PrivateKey:ASN1 lib:d2i_pr.c:
Looks like the header is wrong.
I am confused to the key format ASN.1 is a standard
that can be encoded using BER or DER. BSAFE types
reference BER not DER Op
Hello,
How to generate private key format accept by microsoft signcode tool ?
Thanks for advance
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL
Hi,
Can anyone point me to documentation describing the format of a PEM
certificate? I would like to know the order of data in a public
certificate, i.e. modulus, exponent, etc.
Thanks!
David
--
David Mattes
"Hellan,Kim KHE" wrote:
>
> You state in the 'rsa' manual pages that you consider implementing an option
> to handle '.key' files without having to manually edit them.
> Is this still considered in future OpenSSL releases or has it been dropped?
>
Yes it should be implemented in a future versio
I was just playing with this yesterday...
I generated a CSR for thawte and imported the cert and verified it all
worked in IIS5 and then export everything for use with Apache-mod-ssl 1.3.20.
I was able to run the exported private key file through the pkcs12 util in
openssl and then edit the fi
ate key.
>I think its possible to import two files into IIS as well, one NET, the
>other a certificate.
>Steve.
Yes, you're right. It is possible to import separate key/cert. It is only
the export than only supports the '.key' format.
You state in the 'rsa' manual
"Hellan,Kim KHE" wrote:
>
> Simple question.
> Does anyone know what format the key backup file from a MS IIS webserver is?
> If yes...anyone know of a tool to parse/create such a file?
> The binary backup file contains both the private key and the belonging
> certificate, but it is not P
Simple question.
Does anyone know what format the key backup file from a MS IIS webserver is?
If yes...anyone know of a tool to parse/create such a file?
The binary backup file contains both the private key and the belonging
certificate, but it is not PKCS#12.
My guess is, that the key pr
owever, now I need to read their private key. Because it is protected with
a passphrase, I am not sure how to proceed. I am not sure if pem is the
format I should be trying to read or not.
Ideally I want to make a function:
RSA* readPrivateKey(const string& key, const string& passphrase);
W
Hello,
Can i to generate a key with openssl compatible with pgp? this means a
key that i can to import it in pgp.
if it is possible, what format is that?
thanks,
Javier Baliosian
__
OpenSSL Project
Steve
> Well I wrote the PKCS#8 code so I might be able to help :-)
>
> To change this you need to use the -topk8 option which reverses things
> so it reads a traditional format private key and converts to PKCS#8.
Oh yes, indeed, it works!!
Sometimes things are just too easy to understand. :-)
T
Jan Leßner wrote:
>
> Hello OpenSSL guys
> Does anybody know how to create a PKSC8 formatted private key file?
>
Well I wrote the PKCS#8 code so I might be able to help :-)
> As far as I understood, OpenSSL by default generates private key files
> in PKCS5 format. I was hoping that the pkcs8 t
42 matches
Mail list logo
