I am having a similar problem here:
For some reason I need to renew/extend a intermediate certificate within a
chain. Without setting the old serial number, all its descending certs
verification will fail when use 'openssl verify'.
So the question is: Is there anyway to issuing a new signing certi
Hi all,
problem 1:
I compiled the binary openssl from FIPS Object Module v1.2. However, I got
"illegal instruction" when I try to use "openssl req" command, regardless
FIPS_MODE set to 1 or 0.
My program got the same error if linking to the FIPS static library. The
bombing place is while executin
connecting. I confirm
both the client and server have set a FIPS-valid cipher list. The problem
may due to the certificate I use. However, I wonder if there is any way to
catch and detemine the error rather than have the program exit?
Thanks.
Peter Lin
On Thu, Jun 25, 2009 at 5:44 PM, Dr. Stephen
Hi all,
I noticed that md5 is used as the digest algo in PEM, which is not allowed
for FIPS mode.
Is there any way change it to a FIPS valid method (e.g. sha1) ? Or is there
any other format to store a RSA private key in OpenSSL FIPS mode?
Thanks
Peter Lin
y( fp, key, EVP_aes_128_cbc(), 0, 0,
callbackFunc, 0 );
Actually I am not fully understand the "transparently used". Could anyone
please explain a bit more? My target it to have a format with FIPS-valid
encryption and digest methods to store and read private RSA keys. Thank you
very much.
Hi,
You can check the api in rsa.h, where contains rsa structure called
"rsa_st".
the common modulus for both private and public keys is key->n.
private key exponent is key->d, public key exponent is key->e.
All of these values are ing BIGNUM structure format, of which you can
find quit a lot o
Hi all,
I need to know how many of bytes have been written after calling
PEM_write_bio_PrivateKey.
My code:
BIO *bo = BIO_new( BIO_s_mem() );
PEM_write_bio_PrivateKey(bo, key, 0, 0, 0, 0, 0);
Is there any way I can tell the size of memory written?
thanks
Peter
___
Hi all,
I need to know how many of bytes have been written after calling
PEM_write_bio_PrivateKey.
My code:
BIO *bo = BIO_new( BIO_s_mem() );
PEM_write_bio_PrivateKey(bo, key, 0, 0, 0, 0, 0);
Is there any way I can tell the size of memory written?
thanks
Peter Lin
ey in a
unsafe place for other purpose, but need to make sure its safety. Also it is
not desired to maintain two sets of keys, so here comes the idea to encrypt
a key with itself.
Hope I have explained it clearly. Any opinion or better suggestion is
appreciated.
Peter Lin
y decrypt the encrypted private key. Will this
procedure be safe in the case someone obtained my encrypted AES key and
encrypted RSA private key?
Thanks again.
Peter Lin
On Tue, Oct 27, 2009 at 8:08 AM, Patrick Patterson <
ppatter...@carillonis.com> wrote:
> Peter Lin wrote:
> &g
"Can OpenSSL hash function outputs a specified
(normally shorter) length of hash?"
Thanks and regards,
Peter Lin
__
OpenSSL Project http://www.openssl.org
User Support Ma
ry? Any idea is welcomed.
Thank you very much.
Peter Lin
*[r...@peter asm.sm]# openssl version*
OpenSSL 1.0.0-fips-beta4 10 Nov 2009
*[r...@peter asm.sm]# openssl s_client -connect 192.168.0.119:1173
-tls1 -de
compulsory, and which are optional? Is my procedure correct?
Thanks all.
Peter Lin
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Hi all,
I need to build a scenario of detecting incorrect cypher suite of TLS
connection.
The plan is to modify from a good TLS server, to encrypt data in a different
cypher method from client request in handshake phase. However, as openssl
encapsulated the implementation, I wonder if there's an
For me , the "responding incorrectly" here defined as "incorrect cypher
suite".
Is there any way to detect this exact error?
Thanks
Peter
On Fri, May 22, 2009 at 1:04 PM, David Schwartz wrote:
>
> > 4. TLS server free, but responding incorrectly
> > (as the scenario described in the beginning)
Is there any error code describing what courses any TLS connection fail?
On Fri, May 22, 2009 at 1:27 PM, Peter Lin wrote:
> For me , the "responding incorrectly" here defined as "incorrect cypher
> suite".
> Is there any way to detect this exact error?
>
> Th
1. Find the implementation of function you need to call, for eg, hashFunc. 2.
copy the implementation to your project, rename to hashFunc2. Make whatever
modification you need to the code.
3. call hashFunc2 rather than hashFunc.
2009/5/24 jazeltq
>
> look demos , then source code
>
>
> 在2009-05
17 matches
Mail list logo
