Hi,
Sorry if this is a bit OT, can someone explain what is the difference
between
an MS Authenticode certificate, a normal certificate, and a certificate
for signing Netscape object?
What are the bits and bytes that are different? I can't find info
detailed enough to give a satisfactory answer
Thanks for replying.
From: "Dr. Stephen Henson" <[EMAIL PROTECTED]>
I looked at this some time ago so this may not be up to date...
There wasn't anything special about an authenticode certificate provided
you
didn't set the extensions to specifically exclude the usages. So a
"vanilla"
CA and
Just found a link which may help:
http://www.thawte.com/support/code/msauth.html#timestamp
Thanks a lot. Sorry to sound like a dumbass, but how do I put that
information into the certificate when I signed it? :) I mean, how do I
specify the URL of the tsa, which extension to use ?
If some
>
> Thanks a lot. Sorry to sound like a dumbass, but how do I put that
> information into the certificate when I signed it? :) I mean, how do I
> specify the URL of the tsa, which extension to use ?
>
You don't. The timestamp URL is something you use on the command line of
the
relevant authentic
Hmmm, I don't have access to the relevant tools for that. Do you have a
sample
signed macro or certificate that includes this information?
hehe, I don't, that's why I can't figure out what to put in there. I tried
different extensions, looked up all the stuff I can use in x509v3, to no
avai
Wow, Steve, I must say, you are a god-send!
I was still digging in the registry and the msdn site last night for a
clue...
Had I input the right keyword (TimeStampURL) in google, that would've solved
my problem. But I was looking at the wrong place (msdn, which is a pretty
useless site), also c
Is there any plan to support OCSP verification over LDAP (or LDAP/s)?
OT: BTW, could anyone recommend an LDAP client library (C or C++) that works
on Windows? Preferably open source.
thanks
coco
_
Express yourself instantly with M
> Is there any plan to support OCSP verification over LDAP (or LDAP/s)?
This question makes no sense. OCSP and LDAP are two differnet protocols.
It's like saying "SMTP over HTTP"
/r$
Huh? In what way doesn't it make sense? Sorry if the question might be
confusing,
but I'm looking at
I'm trying to read a certificate in PEM format from memory, using BIO, but
everytime, it just returns NULL. Can anyone point out what's wrong with this
code?
char * mykey =
"-BEGIN CERTIFICATE-\n" \
"MIIBzjCCATegAwIBAgIIB+d8Z03zbQQwDQYJKoZIhvcNAQEFBQAwHzEMMAoGA
Thanks a lot, that seems to be the problem.
rgds
Try to split b64 data in 64 chars lines.
Francesco Petruzzi
_
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/
Sorry if this is a dumb question, I'm not sure why EVP_SignInit_ext() is
giving me unhandled exception error. My code is a very simple testing code:
char * clearText = "testing openssl";
char cryptText[MAX_LEN];
char buf[MAX_LEN];
unsigned char ubuf[MAX_LEN];
My apologies if this is not really an openssl question. Just want to get
some ideas from the gurus here.
There is this company (a so-called partner) which has hired an external
security consultant to oversee the security of a project which makes use of
crypto quite heavily. The security consul
try a EVP_MD_CTX_init() before using the EVP_MD_CTX objects
Thanks, not very familiar with openssl at all, this is the first time trying
to get
something quickly done with openssl.
Is there any developer guide, like giving better description of the API
provided by openssl, beside the O'Reil
Thanks all for replying. More heated debates I guess.
_
Dont just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
__
I'm trying to get a client application written in C++ using OpenSSL to
verify a signature sent by a
server (in Java) and vice versa. Not sure I specified it correctly, but the
signatures generated on
both sides, from the same input data, are not the same, and therefore, can't
be verify. And this
> Thanks all for replying. More heated debates I guess.
How can there be a heated debated when there is not yet one argument
advanced in favor of the double certificate scheme?
I got what you meant, sorry for not being clear. I meant there will be more
heated debate between us (the tec
Like everyone else, I say this consultant doesn't know what he's
talking about (I'm tempted to ask you to tell me who it is, so I can
avoid him/her). Can I suggest a different line of attack, though?
It's obvious that confronting the consultant by calling bull doesn't
win you any points, so how
I am also facing the similar problem. I am generating signature
using OpenSSL and passing in to JAVA to verify (running JAVA test
suite). Signature format is in DER encoded PKCS#7 format.
But JAVA is not able to parse the "SignedData" content in the
PKCS#7 format. It is giving "
> Pease help to fill in items that I might have missed :)
The security risk that this non-standard scheme might introduce an
unforseen vulnerability. This is, IMO, as likely as that it will protect
against some unforseen vulnerability -- the alleged reason for the scheme.
Hehe, I was t
Like the commentator, I'm also a little guy. In my case, I'm a retired guy
who got his intro to this stuff from Entrust. I got convinced that their
two (or more) -certificate solution was right, based upon the following:
If you are an employee in an organization, it is valid for the organiz
I thought the problem was that you were using the same keypair
for encryption and signing. So that there really is only one key.
I know, the key escrow was designed when the requirements were
only for encryption only. Digital signature requirement was added when
the consultant got on board. S
Then perhaps your company should hire a security expert to design the
security. Defects in portability or performance are low-risk and easily
detected, and the cost scales with the time until a patch is deployed.
Security vulnerabilities are much more tricky and expensive to detect and
the
Did you got any break through.
Sorry, didn't read this list for a while. Actually, the code I put up in my
question
was correct. The problem was with a Base64 lib that I linked with in C++.
The implementation of the library has a small bug, which does not handle
the '+' char properly.
That'
To rule out any problems with your OpenSSL code I'd suggest you check the
signatures using the dgst command and if there are problems analyze them
using
rsautl.
Thanks for the reply. I got it, by examining basically every function that
touches
my data. So, in the end, it was the base64 libr
24 matches
Mail list logo
