Subject: I have finally figured out how to export Private Key from
Fortigate firewall and successfully install Godaddy Wildcard SSL
certificate in UniFi Cloud Key Gen 2 Plus Network Controller
Good day from Singapore,
Author: Mr. Turritopsis Dohrnii Teo En Ming
Country: Singapore
Date: 26 Oct
k you
> Setsuo Imazu
>
> On 2022/10/05 15:36, Tomas Mraz wrote:
> > Hello,
> > most probably the key is stored in the OpenSSH private key format.
> > You'll need to use ssh-keygen -p -m PKCS8 to convert the key into a
> > format that OpenSSL can read.
>
future?
best regards, thank you
Setsuo Imazu
On 2022/10/05 15:36, Tomas Mraz wrote:
Hello,
most probably the key is stored in the OpenSSH private key format.
You'll need to use ssh-keygen -p -m PKCS8 to convert the key into a
format that OpenSSL can read.
Tomas Mraz, OpenSSL
On Wed, 2022-10-
Hello,
most probably the key is stored in the OpenSSH private key format.
You'll need to use ssh-keygen -p -m PKCS8 to convert the key into a
format that OpenSSL can read.
Tomas Mraz, OpenSSL
On Wed, 2022-10-05 at 15:00 +0900, Imazu Setsuo wrote:
> Hello.
>
> When I read the R
Hello.
When I read the RSA private key file created with the ssh-keygen command that
comes with Windows 10 with the PEM_read_PrivateKey() function, the following
error occurred.
error: 0906D06C: lib(9): func(109): reason(108)
The platform is CentOS7, OpenSSL 3.0.5.
Is the private key file
t; > replaced by someone else's key, and the ensuing communication is
> > neither authentic nor private.
>
> Maybe I'm ignorant but shouldn't this be prevented by ensuring the
> authenticity and correct identity mapping of the public key?
Exactly. In most protocols
On 9/18/22 06:09, Philip Prindeville wrote:
On Sep 15, 2022, at 4:27 PM, Michael Wojcik via openssl-users
wrote:
You still haven't explained your threat model, or what mitigation
the application can take if this requirement is violated, or why
you think this is a "best practice". >
The threat
> On Sep 15, 2022, at 4:27 PM, Michael Wojcik via openssl-users
> wrote:
>
>> From: openssl-users On Behalf Of Philip
>> Prindeville
>> Sent: Thursday, 15 September, 2022 15:41
>
>> I was thinking of the case where the directory containing the keys (as
>> configured) is correctly owned, but
> From: openssl-users On Behalf Of Philip
> Prindeville
> Sent: Thursday, 15 September, 2022 15:41
> I was thinking of the case where the directory containing the keys (as
> configured) is correctly owned, but contains a symlink pointing outside of
> that directory somewhere else... say to a file
On 9/15/2022 3:15 PM, Shawn Heisey via openssl-users wrote:
If symlinks are used responsibly, they won't have security risks. In
general, if the program checks the ownership and permissions of the
actual file before using it, it shouldn't matter whether there is a
symlink or not.
As long as
On 9/15/22 15:40, Philip Prindeville wrote:
I was thinking of the case where the directory containing the keys (as
configured) is correctly owned, but contains a symlink pointing outside of that
directory somewhere else... say to a file owned by an ordinary user.
In that case, as has been poin
sions aren't 0600 0r
>> 0400... Or the target is a symlink, or there's a symlink somewhere in the
>> target path, etc.
>>
>> So... what's the Best Practices list for handling private key materials?
>> Has anyone fleshed this out?
>
> This is not
arget path, etc.
So... what's the Best Practices list for handling private key materials? Has
anyone fleshed this out?
This is not really related to openssl, but I will tell you what you are
likely to hear in another setting:
In most cases, applications are not really aware of symlinks, un
the problem?
> If the symlink is
> owned by root but the target isn't, or the target permissions aren't 0600 0r
> 0400...
So what?
You can use lstat if you're really worried about symlinks, but frankly I'm not
seeing the vulnerability, at least at first
somewhere in the
target path, etc.
So... what's the Best Practices list for handling private key materials? Has
anyone fleshed this out?
The specific bug, if anyone is interested, is:
https://issues.asterisk.org/jira/browse/ASTERISK-30213
Thanks,
-Philip
On 11/04/2022 16:53, Alon Bar-Lev wrote:
On Mon, Apr 11, 2022 at 11:52 AM Matt Caswell wrote:
On 10/04/2022 19:18, Alon Bar-Lev wrote:
Hello,
I am trying to migrate to openssl-3.0 API, it seems to be very
complicated to hook primitive private key usage to a custom function.
This is
On Mon, Apr 11, 2022 at 11:52 AM Matt Caswell wrote:
>
>
>
> On 10/04/2022 19:18, Alon Bar-Lev wrote:
> > Hello,
> >
> > I am trying to migrate to openssl-3.0 API, it seems to be very
> > complicated to hook primitive private key usage to a custom function.
&
On 10/04/2022 19:18, Alon Bar-Lev wrote:
Hello,
I am trying to migrate to openssl-3.0 API, it seems to be very
complicated to hook primitive private key usage to a custom function.
This is required, for example, to use private keys that reside on
hardware devices or when an application
Hello,
I am trying to migrate to openssl-3.0 API, it seems to be very
complicated to hook primitive private key usage to a custom function.
This is required, for example, to use private keys that reside on
hardware devices or when an application wishes to externalize private
key operations to
ary mary wrote:
>
> > But now the issue would become different, and I'll try to share it
> > possibly even if the subject changes, in case i could get advice. I
> > needed the private key for adding it in wireshark for decoding some
> > encrypted messages excha
On Wed, Feb 16, 2022 at 11:16:03AM +0100, mary mary wrote:
> But now the issue would become different, and I'll try to share it
> possibly even if the subject changes, in case i could get advice. I
> needed the private key for adding it in wireshark for decoding some
> e
Hello Mark,
Thank you so much for your input.
Indeed there is not an entry for the private key, and that let me
understand why i could not extract it.
But now the issue would become different, and I'll try to share it
possibly even if the subject changes, in case i could get advice.
I neede
Use keytool -list -v to ensure that the original store actually
contains a private key
If there is no entry of Entry type: PrivateKeyEntry then the store has
no private key
Mark Hack
On Tue, 2022-02-15 at 18:30 +0100, mary mary wrote:Hello community,
> A beginner here.
>
> I woul
Hello community,
A beginner here.
I would need to extract a private key, PEM or RSA format, from a keystore
file ("server.keystore") which I have.
I've executed:
keytool -importkeystore -srcstorepass 123456 -srckeystore server.keystore
-deststorepass 123456 -destkeys
Every once in a while IIRC there are posts asking about how to create an
RSA private key from the two prime factors (p and q) and exponent.
Though there are surely simple examples in Python or Perl, I happened to
write on in Haskell. Here it is for posterity (Main.hs and .cabal spec).
Input is
; >
> >
> >
> > On 03/09/2021 14:49, Billy Brumley wrote:
> > >>> Hello,
> > >>> Is there any command-line tool to get the plain text rsa
> > private key
> > >>> like the following format from .pem file?
&
>
>
>
>
i, Sep 3, 2021 at 7:55 AM Matt Caswell <mailto:m...@openssl.org>> wrote:
On 03/09/2021 14:49, Billy Brumley wrote:
>>> Hello,
>>> Is there any command-line tool to get the plain text rsa
private key
>>> like the following format fro
any command-line tool to get the plain text rsa private key
> >>> like the following format from .pem file?
> >>
> >> openssl rsa -in mykey.pem -noout -text
> >
> > It would in fact be much more educational to advocate pkey, which is
> > crypt
On 03/09/2021 14:49, Billy Brumley wrote:
Hello,
Is there any command-line tool to get the plain text rsa private key
like the following format from .pem file?
openssl rsa -in mykey.pem -noout -text
It would in fact be much more educational to advocate pkey, which is
cryptosystem agnostic
> > Hello,
> > Is there any command-line tool to get the plain text rsa private key
> > like the following format from .pem file?
>
> openssl rsa -in mykey.pem -noout -text
It would in fact be much more educational to advocate pkey, which is
cryptosystem agnostic
op
On 03/09/2021 00:21, Shariful Alam wrote:
Hello,
Is there any command-line tool to get the plain text rsa private key
like the following format from .pem file?
openssl rsa -in mykey.pem -noout -text
Matt
On Thu, Sep 02, 2021 at 05:21:22PM -0600, Shariful Alam wrote:
> Is there any command-line tool to get the plain text rsa private key like
> the following format from .pem file?
Yes, if you're willing to tolerate slightly different labels and ":"
every two nibbles.With slig
Hello,
Is there any command-line tool to get the plain text rsa private key like
the following format from .pem file?
N
Ecmdv1CofjZCniQ9vWFSLu4Bjfm7bYuShGcdG1J0IRZzjQ?e=p5s3uV>
> 2021/08/30 16:57、Matt Caswell のメール:
>
>
>
> On 29/08/2021 20:41, Nobuo Aoki wrote:
>> I am trying to identify the implementation
>> where “ephemeral public key” and “ephemeral private key” can be added,
>
&g
it will not be lost?
>
> On Tue, Aug 31, 2021 at 10:01 AM Brahmaji K wrote:
>
>> Hi Team,
>>
>> I'm trying to decode the RSA private key which was DER encoded earlier
>> without CRT components (p, q, dmp1, dmq1 and iqmp is NULL). I'm using the
>> sam
Hello,
First, may I ask you which version of OpenSSL do you use?
Secondly, could you please report the issue via GitHub to make sure that it
will not be lost?
On Tue, Aug 31, 2021 at 10:01 AM Brahmaji K wrote:
> Hi Team,
>
> I'm trying to decode the RSA private key which w
Hi Team,
I'm trying to decode the RSA private key which was DER encoded earlier
without CRT components (p, q, dmp1, dmq1 and iqmp is NULL). I'm using the
same openssl version for both encoding and decoding, encoding works fine
but decode fails. In decode, we call EVP_PKEY2PKCS8() func
On 29/08/2021 20:41, Nobuo Aoki wrote:
I am trying to identify the implementation
where “ephemeral public key” and “ephemeral private key” can be added,
I am unclear from your question whether you are asking how to add a new
public/private key scheme for integration into TLS. Or whether
apan)
>
> Right now, I am doing research on secure communication protocols.
> Specifically, we are trying to enable “ephemeral public key” and
> “ephemeral private key” for SSL/TLS.
>
> I have been using quictls/openssl as an implementation of SSL/TLS.
> It is publicly available on G
> From: openssl-users On Behalf Of
> Sent: Sunday, 29 August, 2021 07:04
> Specifically, we are trying to enable “ephemeral public key” and
> “ephemeral private key" for SSL/TLS.
I'm afraid it is not clear to me, at least, what you are trying to do.
Are you att
Dear OpenSSL users (reshaped)
My name is Nobuo Aoki,
and I am a master's student.
(Hiroshima City University, Japan)
Right now, I am doing research on secure communication protocols.
Specifically, we are trying to enable “ephemeral public key” and
“ephemeral private key” for SSL/TLS.
I
Dear OpenSSL users
My name is Nobuo Aoki,
and I am a master's student.
(Hiroshima City University, Japan)
Right now, I am doing research on secure communication protocols.
Specifically, we are trying to enable “ephemeral public key” and
“ephemeral private key" for SSL/TLS.
I have
Dear Dmitry,
I just submitted a new issue, #16256.
Thank you,
Nestor Melo
From: Dmitry Belyavsky
Sent: Friday, August 6, 2021 12:21 PM
To: Nestor Melo
Cc: openssl-users@openssl.org
Subject: Re: Public key from TSS2 private key with OpenSSL 3.0.0-beta2
Dear
m2-software/tpm2-tss-engine
>
> While attempting to extract the public key from a TSS2 private key using
> OpenSSL 3.0.0-beta2 and tpm2-tss-engine, I received a message "PEM format
> not supported":
>
> openssl rsa -engine libtpm2tss -inform engine -in privkey.pem -pubout
>
Greetings,
We use a TPM2 device to generate private keys with tpm2-tss-engine:
https://github.com/tpm2-software/tpm2-tss-engine
While attempting to extract the public key from a TSS2 private key using
OpenSSL 3.0.0-beta2 and tpm2-tss-engine, I received a message "PEM format not
supp
s [mailto:openssl-users-boun...@openssl.org] De la part de
> Mariano Gedisman-Córdoba via openssl-users
> Envoyé : lundi 28 juin 2021 00:29
> À : openssl-users@openssl.org
> Objet : "Expecting: ANY PRIVATE KEY"
>
> Hello everyone!
> I have googled this error to no avail
users [mailto:openssl-users-boun...@openssl.org] De la part de
Mariano Gedisman-Córdoba via openssl-users
Envoyé : lundi 28 juin 2021 00:29
À : openssl-users@openssl.org
Objet : "Expecting: ANY PRIVATE KEY"
Hello everyone!
I have googled this error to no avail, but all answers don’t seem t
Hello everyone!
I have googled this error to no avail, but all answers don’t seem to adjust to
my particular case, or maybe I’m too novice at figuring it out.
I have this key file:
-BEGIN OPENSSH PRIVATE KEY——
[key here]
-END OPENSSH PRIVATE KEY——
I’m trying to use this key in order to
Long shot if someone may know. Secure heap was added long ago for private keys
for
RSA, DSA and DH however EC key generation does not seem to be included.
I see some other EC functions that use secure heap and I also noticed that the
CHANGES
file stated: "Add secure heap for storage of private k
On 10/03/2021 12:08, Stephen Farrell wrote:
It seems a pity that one has to special case in two ways
there (both keytype and groupname) but I can live with it,
For X25519 you can actually pass a groupname of "x25519" through if you
want to keep everything consistent. But it's not strictly n
ally are very different things: different OIDs,
different standards, different file formats, different key formats etc.
So while the "traditional" EC curves have the key type "EC", we have
separate key types of "X25519", "X448", "ED25519" and "E
rent standards, different file formats, different key formats etc.
So while the "traditional" EC curves have the key type "EC", we have
separate key types of "X25519", "X448", "ED25519" and "ED448"
2) The type of the parameters is dependent o
On Wed, 2021-03-10 at 00:53 +, Stephen Farrell wrote:
> Hiya,
>
> On 09/03/2021 03:09, Benjamin Kaduk wrote:
> > I would have expected that the API should hide the differences
> > other than the group name ... but these APIs are still pretty
> > new to me, too. If you can point me at your cod
Hiya,
On 09/03/2021 03:09, Benjamin Kaduk wrote:
I would have expected that the API should hide the differences
other than the group name ... but these APIs are still pretty
new to me, too. If you can point me at your code I might have
more to say.
So again it's probably my fault but I'm sti
Hiya,
On 09/03/2021 03:09, Benjamin Kaduk wrote:
I would have expected that the API should hide the differences
other than the group name ... but these APIs are still pretty
new to me, too. If you can point me at your code I might have
more to say.
Will check it out some more, tidy the code
On Tue, Mar 09, 2021 at 02:44:20AM +, Stephen Farrell wrote:
>
> Hiya,
>
> On 08/03/2021 02:37, Benjamin Kaduk wrote:
> > Hi Stephen :)
> >
> > The API you'll want to use is EVP_PKEY_fromdata(); there's
> > a stubbed out example of using it to make an EVP_PKEY with
> > EC group parameters at
n
On Mon, Mar 08, 2021 at 02:23:36AM +, Stephen Farrell wrote:
Hiya,
My question: how does one setup an EVP_PKEY for a NIST
curve (e.g. p256) key pair when one has the private key
in an octet string using the latest OpenSSL 3.0.0 high
level APIs?
I'm trying to get rid of deprecation wa
an EVP_PKEY for a NIST
> curve (e.g. p256) key pair when one has the private key
> in an octet string using the latest OpenSSL 3.0.0 high
> level APIs?
>
> I'm trying to get rid of deprecation warnings from my
> code for HPKE [1] when dealing with NIST curves using
> the new (I
Hiya,
My question: how does one setup an EVP_PKEY for a NIST
curve (e.g. p256) key pair when one has the private key
in an octet string using the latest OpenSSL 3.0.0 high
level APIs?
I'm trying to get rid of deprecation warnings from my
code for HPKE [1] when dealing with NIST curves
Dear All,
Is there a way to check if a EVP_PKEY is a public or private key ?
In the case of use of EVP_Sign or EVP_DigestSign functions, an
application leads to crash with SIGSEGV
if an incorrect key is given when finalizing process.
Thanks in advance for your answers.
Kind regards,
Patrice.
an h/w which generates ecx (private) key,
returns reference to the private key and the corresponding public key(octet
string).
Private key reference instead of actual private key is encoded while
storing the key persistently. Public key derived by s/w from this "dummy"
private key would
ar 2021 19:00
An: openssl-users@openssl.org
Betreff: Re: Sign without having the private key
Dear Timo,
For 1.0* versions it was possible to provide custom RSA_METHOD and EC_METHOD
and implement an IPC callback.
I think it still should work for 1.1.1
It may be also useful to take a look at the
> From: openssl-users On Behalf Of George
> Sent: Tuesday, 12 January, 2021 00:18
> I'm running this in Windows 10 and when I load the smart card middleware
> PKCS11 DLL, I see the exception:
> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception:
> unsigned long at memory locati
I'm running this in Windows 10 and when I load the smart card middleware
PKCS11 DLL, I see the exception:
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++
exception: unsigned long at memory location 0x07FCFA00.
During mutual authentication, I also see alot of other exceptions
:
Hi,
I have been trying to setup mutual authentication using a smart
card but I can't seem to get the OpenSSL Engine to send a response
back to the server containing client's certificate from the smart card.
I'm using the following to configure the certifi
> From: openssl-users On Behalf Of Timo
> Lange
> Sent: Monday, 11 January, 2021 10:56
> The root certificate, as well as the client private key is not available
> inside
> the container, but stored in a HSM.
> For sure the private key may never leave the HSM
OK.
I have a question similar to
> http://openssl.6102.n7.nabble.com/private-key-not-available-for-client-cert-cb-td79369.html,
> that I am actively following, but though it differs in detail.
>
> What I want to achieve is the following:
> My client applications runs inside a container
Hey all,
I have a question similar to
http://openssl.6102.n7.nabble.com/private-key-not-available-for-client-cert-cb-td79369.html,
that I am actively following, but though it differs in detail.
What I want to achieve is the following:
My client applications runs inside a container and needs to
o configure the certificate and private key:
ENGINE_ctrl_cmd(engine, "LOAD_CERT_CTRL", 0, &cert_info, NULL, 0);
SSL_CTX_use_certificate(sslContext, cert_info.cert);
EVP_PKEY* privateKey = ENGINE_load_private_key(engine,
"2b2586c684d69b670c0a805edf514e720f2b757d8e2faa
> From: openssl-users On Behalf Of George
> Sent: Sunday, 10 January, 2021 21:01
> Right now I am using the "libp11" DLL (i.e.
> libp11-libp11-0.4.11\src\pkcs11.dll)
> with my PKCS11 smart card middleware DLL. Should I be using the OpenSC pkcs11
> DLL
> instead of my middleware DLL if I am usin
Hi,
I had a look at the pkcs11-helper and can see where the
RSA_METHOD_FLAG_NO_CHECK is being set. It's using a session object
called pkcs11h_openssl_session_t, which I do not see in the libp11 or
openSC code.
Right now I am using the "libp11" DLL (i.e.
libp11-libp11-0.4.11\src\pkcs11.d
> From: openssl-users On Behalf Of George
> Sent: Friday, 8 January, 2021 14:35
> The comment indicates that the flag RSA_METHOD_FLAG_NO_CHECK should be set
> for smart cards[...]
> However, it is not actually set when I use a debugger to inspect the flag.
> Does it need to be set? If so, how is
Hi,
I have been trying to setup mutual authentication using a smart card
but I can't seem to get the OpenSSL Engine to send a response back to
the server containing client's certificate from the smart card.
I'm using the following to configure the certificate
Hi,
On 05/01/21 07:39, George wrote:
Hi,
I was looking at the code in
https://github.com/jjkeijser/ppp/blob/eap-tls/pppd/eap-tls.c and
realized I forgot to call ENGINE_ctrl_cmd(...) to setup
"LOAD_CERT_CTRL". However, when I do this, the callback function is no
longer being called duri
ion of "pkey_identifier" in
ENGINE_load_private_key(pkey_engine, *pkey_identifier*,
transfer_pin, &cb_data) ?
I'm not clear on what this value should be. Can you give an example
of what it would look like?
I have the following on my smart card:
Private K
n of "pkey_identifier" in
ENGINE_load_private_key(pkey_engine, *pkey_identifier*,
transfer_pin, &cb_data) ?
I'm not clear on what this value should be. Can you give an example of
what it would look like?
I have the following on my smart card:
Private Key Object; RSA
be called?
What exactly is the definition of "pkey_identifier" in
ENGINE_load_private_key(pkey_engine, *pkey_identifier*,
transfer_pin, &cb_data) ?
I'm not clear on what this value should be. Can you give an example of
what it would look like?
I have the following
Hi,
On 19/12/20 04:48, George wrote:
Hi,
I narrowed the problem down to
ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL)
This causes the initial exception
Exception thrown at 0x757346D2 in GENCom.exe: Microsoft C++ exception:
unsigned long at memory location 0x006FCD68.
It looks like so
Hi,
I narrowed the problem down to
ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL)
This causes the initial exception
Exception thrown at 0x757346D2 in GENCom.exe: Microsoft C++ exception:
unsigned long at memory location 0x006FCD68.
It looks like some of the Engine methods cause an excep
Hi,
On 18/12/20 06:21, George wrote:
Hi,
I'm able to setup the engine now, but as soon as I attempt to
execute the command
ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL);
,I see all kinds of middleware exceptions being generated:
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft
Hi,
I'm able to setup the engine now, but as soon as I attempt to
execute the command
ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL);
,I see all kinds of middleware exceptions being generated:
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception:
unsigned long at memor
15 4:38 a.m., Jan Just Keijser wrote:
Hi,
On 14/12/20 21:01, George wrote:
Ok, so I am not actually going to populate EVP_PKEY with a private
key in the callback function:
int (*client_cert_cb)(SSL *ssl, X509 **x509, *EVP_PKEY **pkey*)?
Instead, I will call
EVP_PKEY *ENGINE_load_private_key(ENGINE
ackoverflow.com/questions/41119744/pkcs11-engine-for-openssl
for a similar question).
HTH,
JJK
On 2020-12-15 4:38 a.m., Jan Just Keijser wrote:
Hi,
On 14/12/20 21:01, George wrote:
Ok, so I am not actually going to populate EVP_PKEY with a private
key in the callback function:
int (*client
"
init = 0|
and load that (see the EAP-TLS code for an example or read
https://stackoverflow.com/questions/41119744/pkcs11-engine-for-openssl
for a similar question).
HTH,
JJK
On 2020-12-15 4:38 a.m., Jan Just Keijser wrote:
Hi,
On 14/12/20 21:01, George wrote:
Ok, so I am not actu
ey_engine, "LOAD", NULL, 0);
Do you see anything wrong with this?
Thanks,
George
On 2020-12-15 4:38 a.m., Jan Just Keijser wrote:
Hi,
On 14/12/20 21:01, George wrote:
Ok, so I am not actually going to populate EVP_PKEY with a private
key in the callback function:
int (*clien
Hi,
On 14/12/20 21:01, George wrote:
Ok, so I am not actually going to populate EVP_PKEY with a private key
in the callback function:
int (*client_cert_cb)(SSL *ssl, X509 **x509, *EVP_PKEY **pkey*)?
Instead, I will call
EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id
> From: openssl-users On Behalf Of George
> Sent: Monday, 14 December, 2020 13:01
> Once I get the resulting EVP_PKEY using ENGINE_load_private_key(...),
> how do I assign it to pkey in the callback function?
I don't know offhand. As I said in my other message, that's not an area I had
to get
Ok, so I am not actually going to populate EVP_PKEY with a private key
in the callback function:
int (*client_cert_cb)(SSL *ssl, X509 **x509, *EVP_PKEY **pkey*)?
Instead, I will call
EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
UI_METHOD *ui_method, void *callback_data
> From: openssl-users On Behalf Of George
> Sent: Monday, 14 December, 2020 09:36
> I see what you mean. So once I have everything setup, i use the following
> to get the private key:
> EVP_PKEY *pkey = ENGINE_load_private_key(...);
>
> Will pkey actually contain the priva
ncrypt and decrypt methods. I also did not
need the verify or keygen methods. Your init and finish methods just need to
return 1.
I set the RSA_METHOD flags to
RSA_FLAG_FIPS_METHOD|RSA_METHOD_FLAG_NO_CHECK|RSA_FLAG_CACHE_PUBLIC
This leaves the cipher methods for private key encrypt/decrypt and si
Hi Michael,
I see what you mean. So once I have everything setup, i use the
following to get the private key:
EVP_PKEY *pkey = ENGINE_load_private_key(pkey_engine, pkey_identifier,
transfer_pin, &cb_data);
Will pkey actually contain the private key from the smart card? I
thought it
it
programmatically, but I think that was only when using Microsoft APIs rather
than going through OpenSSL.)
If the client certificate uses a public key that corresponds to a private key
on the smartcard, though, that's what you'll have to do. You can't use a
certificate as a proof
to set up mutual authentication
in a client. The client is setup with OpenSSL 1.0.2u. and the
client's certificate + private key is stored on a Smart Card. When
the client receives a certificate request from the server during the
mutual authentication handshake, the OpenSSL /client_cer
Hi,
On 14/12/20 08:08, George wrote:
Hi,
I'm new to OpenSSL and am trying to set up mutual authentication in
a client. The client is setup with OpenSSL 1.0.2u. and the client's
certificate + private key is stored on a Smart Card. When the client
receives a certificate reques
Hi,
I'm new to OpenSSL and am trying to set up mutual authentication in
a client. The client is setup with OpenSSL 1.0.2u. and the client's
certificate + private key is stored on a Smart Card. When the client
receives a certificate request from the server during the mutual
auth
Hi Ferenc,
On 23/11/20 13:03, Ferenc Gerlits via openssl-users wrote:
Hi,
I am trying to use openssl to implement a client-side TLS connection
with Client Authentication on Windows, using a non-exportable private
key stored in the Windows Certificate Store. Currently, our code can
use a
Hi,
I am trying to use openssl to implement a client-side TLS connection with
Client Authentication on Windows, using a non-exportable private key stored
in the Windows Certificate Store. Currently, our code can use a private
key stored in a local file, and if the key in the Windows store was
On Thu, Jul 23, 2020 at 03:04:30PM +, Claude Robitaille wrote:
> Now, for sake of completeness, if I wanted to do the opposite, i.e.
> decrypt a key, I guess the steps are the same, using
> PEM_read_bio_PKCS8 at the end. Except that the salt and IV must be
> extracted from the PEM string. What
?
From: openssl-users on behalf of Viktor
Dukhovni
Sent: July 22, 2020 7:17 PM
To: openssl-users@openssl.org
Subject: Re: Using the library to encrypt a RSA private key compatible with Web
Crypto API (PBKDF2)
On Wed, Jul 22, 2020 at 08:36:30PM +, Claude
1 - 100 of 1205 matches
Mail list logo
