Hello,
I have chosen DES encryption for encrypting the data and RSA encryption for
encrypting the session key (DES key). I have to write this task in C
language using openSSL. So it would be great if anyone helps me with sample
code snippets or list of the functions that can be used to do this
On Fri, Feb 8, 2013 at 12:11 AM, T J wrote:
>> TLS keying material exporter, i.e., SSL_export_keying_material(), will
>> make your life much easier if you are just looking for a mechanism to
>> derive suitable keys for other uses assuming you are using recent
>> enough OpenSSL. That tls_openssl.c
From what I understand so far, the "KeyBlock" is the place to look for the
key? It's just a matter of getting the sizes and order of the individual
Keys and IV's so that I can extract the bits I need. Any pointers in that
area?
While it is technically possible to extract keys (search for
tls_ope
On Thu, Feb 7, 2013 at 9:00 AM, Trevor Jordan wrote:
> From what I understand so far, the "KeyBlock" is the place to look for the
> key? It's just a matter of getting the sizes and order of the individual
> Keys and IV's so that I can extract the bits I need. Any pointers in that
> area?
While it
s->s3->tmp.key_block
s->s3->tmp.key_block_length
I think, these are the variables you are looking for.. Memory for the
key_block is allocated in ssl3_setup_key_block() or tls1_setup_key_block()
functions. Key Block contains keys and IVs in the following order as
specified in RFC.
client wr
On Thu, Feb 07, 2013 at 08:00:42PM +1300, Trevor Jordan wrote:
> >It is bad practice to clone keys. You should also not depend on
> >OpenSSL negotiating a particular algorithm. OpenSSL's key are
> >for the OpenSSL session only. Keys for your application should
> >be the result of a suitably indepe
On 7/02/2013 7:11 p.m., Viktor Dukhovni wrote:
On Thu, Feb 07, 2013 at 11:12:13AM +1300, T J wrote:
Sorry to keep hammering away at this, but I think I am missing
something here.
OpenSSL does all this for a TLS connection anyway right? I mean,
after a handshake, encryption keys, IV's etc are g
On Thu, Feb 07, 2013 at 11:12:13AM +1300, T J wrote:
> Sorry to keep hammering away at this, but I think I am missing
> something here.
>
> OpenSSL does all this for a TLS connection anyway right? I mean,
> after a handshake, encryption keys, IV's etc are generated so that
> the TLS connection ca
Sorry to keep hammering away at this, but I think I am missing something
here.
OpenSSL does all this for a TLS connection anyway right? I mean, after a
handshake, encryption keys, IV's etc are generated so that the TLS
connection can use them for encrypting/decrypting data. Surely I
shouldn
On Fri, Feb 01, 2013 at 10:05:15AM +1300, T J wrote:
> >These are sufficient to generate a session unique key via a suitable KDF
> >salted with an application-specific string.
>
> OK, great. So I get the master key and run it through the a KDF and
> I get a 256 bit encryption key for use in my app
On Wed, Jan 30, 2013 at 06:15:27PM +, Viktor Dukhovni wrote:
If the OP does not mind potential future binary compatibility
issues, and is willing to use non-public interfaces, then
the master secret can be accessed via:
SSL *ssl;
/* ... */
SSL_SESSION *sess = SSL_
On 1/30/2013 7:15 PM, Viktor Dukhovni wrote:
On Wed, Jan 30, 2013 at 07:03:09PM +0100, Jakob Bohm wrote:
You don't, but, you shold instead obtain the "tls-unique" channel
binding data ( https://tools.ietf.org/html/rfc5929#section-3 ) and
run the result through a KDF (HKDF should work well) on b
On Wed, Jan 30, 2013 at 06:15:27PM +, Viktor Dukhovni wrote:
> If 96-bits is not enough, one needs to get at the master secret
> on both sides, and run that through a KDF together with client
> and server random plus a suitable application-specific salt.
>
> Does OpenSSL provide a public inte
On Wed, Jan 30, 2013 at 07:03:09PM +0100, Jakob Bohm wrote:
> >You don't, but, you shold instead obtain the "tls-unique" channel
> >binding data ( https://tools.ietf.org/html/rfc5929#section-3 ) and
> >run the result through a KDF (HKDF should work well) on both ends
> >to obtain a suitable key fo
On 1/30/2013 6:42 AM, Viktor Dukhovni wrote:
On Wed, Jan 30, 2013 at 05:29:51PM +1300, T J wrote:
How does one obtain the session key from a SSL structure after a
successful TLS handshake?
You don't, but, you shold instead obtain the "tls-unique" channel
binding data ( https:/
On Wed, Jan 30, 2013 at 05:29:51PM +1300, T J wrote:
> How does one obtain the session key from a SSL structure after a
> successful TLS handshake?
You don't, but, you shold instead obtain the "tls-unique" channel
binding data ( https://tools.ietf.org/html/rfc5929#section-3
How does one obtain the session key from a SSL structure after a
successful TLS handshake?
I'm planning to implement a TLS connection to do nothing more than
authenticated key agreement. Once I've established the connection I plan
to somehow extract a AES256 key (from the s
>From: owner-openssl-us...@openssl.org On Behalf Of ask
>Sent: Tuesday, 22 January, 2013 21:39
>Is there a way to tell what size of session key was chosen by
>two peers after a successful handshake, and what encryption method chosen?
http://www.openssl.org/docs/ssl/SSL_get_current
Is there a way to tell what size of session key was chosen by two peers after a
successful handshake, and what encryption method chosen?
Thanks in advance,
A
11 at 3:56 PM, ikuzar wrote:
>> > So, have I to generate a prime with length = 3200 bits ?, ( the
>> > corresponding exponent will belong to 3200-bit MODP group ) in order to
>> > generate an AES 128 session key ? ( I use 2 as generator ).
>> > Here http://too
> From: owner-openssl-us...@openssl.org On Behalf Of ikuzar
> Sent: Tuesday, 19 April, 2011 18:57
> So, have I to generate a prime with length = 3200 bits ?,
> ( the corresponding exponent will belong to 3200-bit MODP group )
> in order to generate an AES
r
> with AES-192, YMMV.
>
> On Tue, Apr 19, 2011 at 3:56 PM, ikuzar wrote:
> > So, have I to generate a prime with length = 3200 bits ?, ( the
> > corresponding exponent will belong to 3200-bit MODP group ) in order to
> > generate an AES 128 session key ? ( I use 2 as
Mike
On Wed, Apr 20, 2011 at 3:06 PM, ikuzar wrote:
>
>
> 2011/4/19 Dave Thompson
>>
>> > From: owner-openssl-us...@openssl.org On Behalf Of ikuzar
>> > Sent: Monday, 18 April, 2011 11:01
>>
>> > I 'd like to know the length of D
2011/4/19 Dave Thompson
> > From: owner-openssl-us...@openssl.org On Behalf Of ikuzar
> > Sent: Monday, 18 April, 2011 11:01
>
> > I 'd like to know the length of DH session key generated by
> > DH_compute_key(unsigned char *key, BIGNUM *pu
19, 2011 at 3:56 PM, ikuzar wrote:
> > So, have I to generate a prime with length = 3200 bits ?, ( the
> > corresponding exponent will belong to 3200-bit MODP group ) in order to
> > generate an AES 128 session key ? ( I use 2 as generator ).
> > Here http://tools.ietf.or
rresponding exponent will belong to 3200-bit MODP group ) in order to
> generate an AES 128 session key ? ( I use 2 as generator ).
> Here http://tools.ietf.org/html/rfc3526, it is said :
> "The new Advanced Encryption Standard (AES) cipher [AES], which has
> more strength, needs s
So, have I to generate a prime with length = 3200 bits ?, ( the
corresponding exponent will belong to 3200-bit MODP group ) in order to
generate an AES 128 session key ? ( I use 2 as generator ).
Here http://tools.ietf.org/html/rfc3526, it is said :
"The new Advanced Encryption Standard
>> Hello,
>> I 'd like to know the length of DH session key generated by
>> DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) . Here :
>> http://www.openssl.org/docs/crypto/DH_generate_key.html
>> It is said that key must point to DH_size(dh) bytes of
gt;
> Mike
>
> On Mon, Apr 18, 2011 at 8:01 AM, ikuzar wrote:
>> Hello,
>> I 'd like to know the length of DH session key generated by
>> DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) . Here :
>> http://www.openssl.org/docs/crypto/DH_generate_k
k its assertions are invalid or outdated. The
paranoid tinfoil hat crowd can probably take twice the maximum bit
count from section 8 (620x2=1240) and be happy.
Mike
On Mon, Apr 18, 2011 at 8:01 AM, ikuzar wrote:
> Hello,
> I 'd like to know the length of DH session key generated by
> From: owner-openssl-us...@openssl.org On Behalf Of ikuzar
> Sent: Monday, 18 April, 2011 11:01
> I 'd like to know the length of DH session key generated by
> DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) .
> Here : http://www.ope
Hello,
I 'd like to know the length of DH session key generated by
DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) . Here :
http://www.openssl.org/docs/crypto/DH_generate_key.html
It is said that *key* must point to *DH_size(dh)* bytes of memory. is 128
bits the default length
Apologies if this is well-known question - but in the UK it's a legal
requirement to
disclose encryption keys if obliged to do so by the police. PGP makes this
relatively
easy even in the case of single messages so you can reveal the one-time session
key
and not your secret key.
Does a
gt; Date: Mar 6, 2006 6:49 PM> Subject: Changing session key, IV & HMAC key regulary
> To: openssl-users@openssl.org openssl-users@openssl.org>>> Hi,>> Can some one let me know if the SSL protocol specification mandates
> changes to these values frequently in an ongoing c
Jagannadha Bhattu G wrote:
Hi,
Can somebody help me with this?
Thanks
JB
-- Forwarded message --
From: *Jagannadha Bhattu G* < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>
Date: Mar 6, 2006 6:49 PM
Subject: Changing session key, IV & HMAC key regulary
T
Hi,
Can somebody help me with this?
Thanks
JB-- Forwarded message --From: Jagannadha Bhattu G <
[EMAIL PROTECTED]>
Date: Mar 6, 2006 6:49 PMSubject: Changing session key, IV & HMAC key regularyTo: openssl-users@openssl.org
Hi,
Can some one let me know if the SS
Hi,
Can some one let me know if the SSL protocol specification mandates changes to these values frequently in an ongoing connection?
If not how to enable it using APIs?
Thanks
JB
Hello,
I have to use a single session key for two PKCS7 objects. However, I
could not find an easy way to set the key for an object since it is
usually generated on the fly by the PCKS7_dataInit function. Is it
possible to get this done without having to rewrite parts of the
dataInit code
If you're going through hell, keep
going
- Original Message -
From: "Dr. Stephen Henson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, May 12, 2004 4:25 PM
Subject: Re: Session key
generation
> On Thu, May 06, 2004, Mich
Hi!
I'm using client authentification
I need that session keys for my SSL session were generated not only from server
certificate but using client's and server's
certificates both
Can anyone give me a help?
--
Best regards,
Michaelmailto:[EMAIL PROTECTED]
___
key(the shared secret).
I need symmetric key to encrypt/decrypt data. How can I use the session key to generate
a symmetric key? Will the session key be transformed into master secret which will be used
to generate the symmetric key? If so, how can I do it?
The following is the sample code from
41 matches
Mail list logo
