Hi,
I am trying to decrypt the client TLS finish.
The TLS client finish message should contain 4 bytes of header (1 byte
of type + 3 bytes of len), 12 bytes of verify data, 20 bytes of
sha1-mac, 3 bytes of padding an 1 bytes of padlen.
The EVP_CipherFinal fails with the following error message:
I'm trying to read a certificate in PEM format from memory, using BIO, but
everytime, it just returns NULL. Can anyone point out what's wrong with this
code?
char * mykey =
"-BEGIN CERTIFICATE-\n" \
"MIIBzjCCATegAwIBAgIIB+d8Z03zbQQwDQYJKoZIhvcNAQEFBQAwHzEMMAoGA
Try to split b64 data in 64 chars lines.
Francesco Petruzzi
[EMAIL PROTECTED]
The information contained in this electronic message and any attachments
(the "Message") is intended for one or more specific individuals or
entities, and may be confidential, proprietary, privileged or otherw
Thanks a lot, that seems to be the problem.
rgds
Try to split b64 data in 64 chars lines.
Francesco Petruzzi
_
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/
Hi all,
with the intermediate CA in the SSLCertificateChainFile the openssl s_client
-connect ...,
returns verify code: 0 (ok). The certificate chain reports two certificates,
the server and the intermediate CA certificate with the correct issuers,
while just after CONNECTED(004) I can see
Sorry if this is a dumb question, I'm not sure why EVP_SignInit_ext() is
giving me unhandled exception error. My code is a very simple testing code:
char * clearText = "testing openssl";
char cryptText[MAX_LEN];
char buf[MAX_LEN];
unsigned char ubuf[MAX_LEN];
My apologies if this is not really an openssl question. Just want to get
some ideas from the gurus here.
There is this company (a so-called partner) which has hired an external
security consultant to oversee the security of a project which makes use of
crypto quite heavily. The security consul
>If you want to separate the signature key from the encryption key, you
should have 2 keys, and not one key with 2 certificates.
Totally agreed - the reason for using key separation is that encryption keys
will (typically) have a shorter life time than signing keys (at least for
certificate valid
coco coco wrote:
My apologies if this is not really an openssl question. Just want to
get some ideas from the gurus here.
There is this company (a so-called partner) which has hired an
external security consultant to oversee the security of a project
which makes use of crypto quite heavily.
Hello All,
I have the requirement to sign the data in CMS format. I used PKCS7_sign function , which outputs data in
PKCS#7 format.
After creating signed data, I am
passing the data to the function “Verify_CMS()” (This function is
not listed
Why is this message 38K?
On Tue, Jun 14, 2005 at 04:55:01PM +0530, Madhu Sudhan Reddy wrote:
>
>
>
>
> Hello All,
>
>
>
> I have the requirement to sign the data in CMS format. I
> used PKCS7_sign function , which outputs data in PKCS#7 format.
>
>
>
> After creating s
Hello All,
I
have the requirement to sign the data in CMS format. I used PKCS7_sign function , which outputs data in
PKCS#7 format.
After creating signed data, I am
passing the data to the function “Verify_CMS()” (This function is
not listed below, pa
Hi,
I try to run the mini-ASN.1 compiler with several OpenSSL version but
it doesn't work. The "-genstr" option results ever unknown by the
system.
Where is the error? What I miss?
Thanks
pana
__
OpenSSL Project
I've tried one of the 0.9.8 snapshots and "make test" is failing, after running
for an enormous amount
of time. (openssl-0.9.8-stable-SNAP-20050613.tar.gz)
Two questions:
1. what's the output supposed to look like, these days? Specifically, is it
supposed to run a long time?
2. where's the
On Tue, Jun 14, 2005 at 12:14:54AM -1000, coco coco wrote:
> My apologies if this is not really an openssl question. Just want to get
> some ideas from the gurus here.
>
> There is this company (a so-called partner) which has hired an external
> security consultant to oversee the security of a
Hello, I want to use AES encryption in my C application, but I am missing
documentation. I only have openssl/aes.h but there isn't any manpage. Can
someone points me to any how-to or source code? Thanks for you help.
--
Julien ALLANOS
___
Thank you Heikki Toivonen and Goetz Babin-Ebell, your
suggestions were very helpful.
-David
> david kine wrote:
> > How does one load verify locations into a SSL_CTX
> from
> > in-memory X509 certificates?
>
> You can get the X509_STORE from the SSL_CTX.
> There you do an X509_STORE_add_cert()
coco coco wrote:
Sorry if this is a dumb question, I'm not sure why EVP_SignInit_ext() is
giving me unhandled exception error. My code is a very simple testing code:
char * clearText = "testing openssl";
char cryptText[MAX_LEN];
char buf[MAX_LEN];
unsigned char ubuf[MAX_LEN];
Julien ALLANOS wrote:
Hello, I want to use AES encryption in my C application, but I am missing
documentation. I only have openssl/aes.h but there isn't any manpage. Can
someone points me to any how-to or source code? Thanks for you help.
consider using the EVP_Cipher* etc. functions (see EVP_C
pana wrote:
Hi,
I try to run the mini-ASN.1 compiler with several OpenSSL version but
it doesn't work. The "-genstr" option results ever unknown by the
system.
Where is the error? What I miss?
works for me, what did you do ?
Nils
___
Rodney Thayer wrote:
I've tried one of the 0.9.8 snapshots and "make test" is failing, after
running for an enormous amount
of time. (openssl-0.9.8-stable-SNAP-20050613.tar.gz)
Two questions:
1. what's the output supposed to look like, these days?
what do you get ?
Specifically, is it su
Rodney Thayer wrote:
I've tried one of the 0.9.8 snapshots and "make test" is failing, after
running for an enormous amount
of time. (openssl-0.9.8-stable-SNAP-20050613.tar.gz)
Two questions:
1. what's the output supposed to look like, these days? Specifically,
is it supposed to run a long
Eleftheria Petraki wrote:
Hi all,
Hello Elefteria,
with the intermediate CA in the SSLCertificateChainFile the openssl
s_client -connect ...,
returns verify code: 0 (ok). The certificate chain reports two
certificates, the server and the intermediate CA certificate with the
correct issuers,
try a EVP_MD_CTX_init() before using the EVP_MD_CTX objects
Thanks, not very familiar with openssl at all, this is the first time trying
to get
something quickly done with openssl.
Is there any developer guide, like giving better description of the API
provided by openssl, beside the O'Reil
Thanks all for replying. More heated debates I guess.
_
Dont just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
__
Hi everybody,
I am not at all familiar with OpenSSL or DSA, but I was tinkering around trying to get
DSA_sign/DSA_verify to work. I've stumbled upon a peculiar issue I have not seen brought
up anywhere else, or documented. Somehow I am not able to sign messages longer than 20 bytes.
The error mess
coco coco wrote:
> Is there any developer guide, like giving better description of the API
> provided by openssl, beside the O'Reilly book? It doesn't have to be
> tutorial, I'm quite ok with crypto stuff in Java, but using openssl
> has been a try-and-error process so far, and constantly need to
>
Hello all,
I have an application wherein I digitally sign files. In that
application, I have an option to include timestamp of the *data file* in
the signature as an
un-authenticated attribute. I would like to know the OID this attribute
should have.
Since I am not timestamping the signature,
28 matches
Mail list logo
