Dear OpenSSL,
I have a question for the community. Specifically, I am changing the
implementation that we are working on for Composite Crypto from directly
patching the OpenSSL library with a new method, we want to add it
dynamically - this makes it easier to use Composite Crypto with existing
Hi all,
I am trying to solve a particular problem related to provide random
access to encrypted files. AFAIK, I have two options. The first is to
use CRT mode (read only) and the second is to use XTS (read and write).
Since I have never used the XTS mode before, does anybody have
experience
re ? Am I supposed to, somehow, modify the plaintext before
encrypting it (e.g., XOR with the block number ?).
Thanks,
Max
P.S.: I am cross-posting the message also to dev as this might have
better chances to get an answer there... ?
On 4/6/16 10:54 AM, Dr. Pala wrote:
Hi all,
I am trying
Hi all,
I am trying to define an ASN1 structure similar to this:
ASN1_SEQUENCE(TEST) = {
ASN1_SIMPLE(TEST, version, ASN1_INTEGER),
ASN1_EXP_SEQUENCE_OF_OPT(TEST, otherTests, TEST, 0)
} ASN1_SEQUENCE_END(TEST)
IMPLEMENT_ASN1_FUNCTIONS(TEST) [**]
what is the correct procedure for doing t
17 12:14:54 -0700,
"Dr. Pala" said:
director> I am trying to define an ASN1 structure similar to this:
director>
director> ASN1_SEQUENCE(TEST) = {
director> ASN1_SIMPLE(TEST, version, ASN1_INTEGER),
director> ASN1_EXP_SEQUENCE_OF_OPT(TEST, otherTests, TEST, 0
er, I guess I will have to either change the
envisioned approach (maybe introducing an intermediate data structure of
some kind..?) or use the ASN1_ANY approach.
Cheers,
Max
On 12/2/17 4:54 AM, Richard Levitte wrote:
In message on Fri, 1 Dec 2017 20:22:09 -0700,
"Dr. Pala" said:
Hi all,
does anybody know if there are downloadable binaries of openssl-fips
and/or openssl-fips-ecp (2.0.16 or earlier) for Windows ?
Cheers,
Max
--
Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
OpenCA Logo
smime.p7s
Description: S/MIME Cryptographic Signature
--
openssl-use
Hi all,
I am trying to verify a certificate and provide the possibility to
directly trust an intermediate CA's certificate (not self-signed). After
setting up the STORE and STORE_CTX and add the intermediate CA to the
trusted certificates, when I use the "X509_verify_cert(ctx)" I get the
usua
code
yet...
... any suggestion on how to fix this ? Do you think it is actually a
bug ? ... or am I missing some other configs / setting I should have
done for the verify param ?
Cheers,
Max
On 12/11/17 3:18 PM, Viktor Dukhovni wrote:
On Dec 11, 2017, at 5:06 PM, Dr. Pala wrote:
Hi all
Hi Victor,
On 12/11/17 4:18 PM, Viktor Dukhovni wrote:
[...]
Perhaps you ended up creating a parameter structure with a
depth limit that's too small. Just configuring partial
chains will never yield a chain that is longer than it
otherwise would be. In fact you generally get shorter
chains.
Hi Victor,
does it matter that we are not in the TLS case (maybe the code is
different in the SSL_CTX ) ? I am just trying to validate the chain with
the TA set to the SubCA... :D
IMHO, the correct (or, better, the expected) behavior (from a
developer's standpoint) would be to trust keys in
Hi Victor,
A... that is why :D I wrongly assumed that the newly created
parameters would hold the same initialization. This approach works!
Thanks again!
Cheers,
Max
On 12/11/17 5:45 PM, Viktor Dukhovni wrote:
On Dec 11, 2017, at 7:35 PM, Dr. Pala wrote:
Perhaps you ended up
Hi Jan,
not sure if this might help you, I solved the problem by using
X509_PUBKEY + i2d_X509_PUBKEY. Here's an example:
https://github.com/openca/libpki/blob/b87b647170cb5f71e00baffe609f5a02edfa3845/src/openssl/pki_keypair.c#L307
I hope that helps,
Cheers,
Max
On 3/21/18 1:42 PM, Jan Dan
Hi all,
I have a small question - I am trying to calculate the HASH over a
public key, and I want it to be reliable across different environments.
In particular, I would like to be able to calculate an HASH over the
public key (e.g., loaded from the keypair file) and or a key in a
certificate
Hi all,
I am working on providing a new Public Key method that will handle
Composite Keys (i.e., multiple keys with different algos - e.g., one RSA
and one EC) and Composite Signatures (i.e., multiple signatures
generated with the corresponding Composite Keys). In particular, I would
like to be a
Hi All,
small question - I was playing around with the CMS interface and I was
wondering what is the right way to generate a signed and encrypted CMS.
In particular, for PKCS#7, you could use the signed_and_encrypted
choice... but in CMS, there is the envelopedData ... but that does not
allow
Hi All,
I am having issues using AES GCM in EnvelopedData - in particular if I
use AES CBC, that is ok, but when I try to use the GCM mode, I simply
cannot finalize the data.
Are there any specific operations that need to happen in order to use
AES in GCM mode (as per RFC5084) ?
Is there a
17 matches
Mail list logo
