AW: RSA key sizes

2005-08-17 Thread thomas . beckmann
second question: A real 1024-bit-key must have at least 1017 bit, so it consits of 128 byte (= 1024 bit) with 7 leading zeros. Regards Thomas Beckmann > -Ursprüngliche Nachricht- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Auftrag von Tan Eng Ten > Gesendet: Mittwoch, 17.

AW: AW: RSA key sizes

2005-08-17 Thread thomas . beckmann
hat > > these numbers are multiples of 8 ans though can be > fractioned into bytes > > (1024 bit = 128 byte). > > Withe the increase of calculation power the key size was > increased, in the > > end by doubling the number of bits. > > > > To answer our

AW: Setup Help

2005-08-17 Thread thomas . beckmann
Are you sure this is the right community to ask? -Ursprüngliche Nachricht-Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Im Auftrag von Paull DodemaideGesendet: Mittwoch, 17. August 2005 13:38An: openssl-users@openssl.orgBetreff: Setup Help Hi All,   I am having no

AW: RSA key sizes

2005-08-17 Thread thomas . beckmann
Who will mandate ECC by 2010??? > -Ursprüngliche Nachricht- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Auftrag von Uri > Gesendet: Mittwoch, 17. August 2005 14:54 > An: openssl-users@openssl.org > Betreff: Re: RSA key sizes > > > Please note that the importance of RSA is going

AW: problems making Certificate Request

2005-08-25 Thread thomas . beckmann
In the C-Field of the DN only two characters are allowed. So "C=ZA Par" is invalid. Regards Thomas > -Ursprüngliche Nachricht- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Auftrag von Brendon Schafer > Gesendet: Donnerstag, 25. August 2005 12:47 > An: openssl-users@openssl.org >

AW: Problem while parsing attribute certificate.

2005-09-09 Thread thomas . beckmann
Well, I am not a guru concerning ac but looking at the ac you send with your mail my ASN.1-Dump told me there's a negative INTEGER in it (at approx. octet 497, length 2), but an INTEGER mustn't be negative. Maybe this is the "Wrong Tag"?   Regards   Thomas -Ursprüngliche Nachricht

AW: certificate version

2005-11-14 Thread thomas . beckmann
Andrea, You have to add the lines x509_extensions = and [] to your config file. If you want to get an x.509v3 certificate without extensions, you can leave the section empty. Otherwise you can specify your extensions to be used here. Regards Thomas > -Ursprüngliche Nachric

AW: openssl can don' t handle 20 Octes long Serial Numbers RFC 32 80

2006-01-11 Thread thomas . beckmann
Michael,   OpenSSL ist working correct because "9a 38 74 00 00 00 00 25 be" is a negative integer. If you preceedyour serial number with "00" everything will work fine... even the presentation of your number with OpenSSL.   Best regards   Thomas   Von: [EMAIL PROTECTED] [mailto:[E

AW: openssl can don' t handle 20 Octes long Serial Numbers RFC 32 80

2006-01-11 Thread thomas . beckmann
Kyle it's not required by the RFC but it's required by x.209 (BER, Encoding of integer-values) Regards Thomas > -Ursprüngliche Nachricht- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Im Auftrag von Kyle Hamilton > Gesendet: Mittwoch, 11. Januar 2006 15:22 > An: openssl-users@o

AW: openssl can don' t handle 20 Octes long Serial Numbers RFC 32 80

2006-01-11 Thread thomas . beckmann
Because it IS a negative number according to x.209... and other papers defining the bit representation of INTEGER. > -Ursprüngliche Nachricht- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Im Auftrag von Bohn, Michael > Gesendet: Mittwoch, 11. Januar 2006 16:00 > An: openssl-users@

AW: openssl can don' t handle 20 Octes long Serial Numbers RFC 32 80

2006-01-11 Thread thomas . beckmann
Michael,   just for my curiousity... who ist the issuer of the certificate?   Best regards   Thomas Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Bohn, MichaelGesendet: Mittwoch, 11. Januar 2006 07:20An: openssl-users@openssl.orgBetreff: openssl can don' t ha

AW: ErrorMessage on certificate generation

2004-08-02 Thread thomas . beckmann
r field 6, > got 1, '' left) > > TMF-TestCA/bin/ComputeRequests: line 15: 5411 > Speicherzugriffsfehler >> > > openssl ca -config $CADIR/TMF-TestCA.cnf -name > $PURPOSE -in

AW: ErrorMessage on certificate generation

2004-08-02 Thread thomas . beckmann
A.cnf > > wrong number of fields on line 1 (looking for field 6, > got 1, '' left) > > TMF-TestCA/bin/ComputeRequests: line 15: 5411 > Speicherzugriffsfehler >> > > openssl ca -config $CADIR/TMF-TestCA.cnf -name &g

AW: question about certificate creation

2004-08-16 Thread thomas . beckmann
Hzhijun,   maybe this part from the openssl FAQs (at www.openssl.org) may help you:   --  1. Why do I get a "PRNG not seeded" error message? Cryptographic software needs

AW: Generating Test Certificates

2004-08-17 Thread thomas . beckmann
You have to specify a config file using the -config parameter of openssl. Even as "ca" "req" needs a configuration file to get specific information like keylength or the distinguishedName structure. My experience is that openssl does not find the default config file so you have to set either the e

AW: CSR signing

2004-10-27 Thread thomas . beckmann
Why did you concatenate the server.key and the server.csr? Why don't you use the csr to produce the certificate??? > -Ursprüngliche Nachricht- > Von: Ronan [mailto:[EMAIL PROTECTED] > Gesendet: Mittwoch, 27. Oktober 2004 12:28 > An: [EMAIL PROTECTED] > Betreff: CSR signing > > > ok so iv

AW: AW: CSR signing

2004-10-27 Thread thomas . beckmann
As far as I understood, using "openssl req..." the produced format is PEM, independant what file extension you use. So normally this should work. Sorry for this kind of vague information but I didn't use openssl for a while. Thomas > -Ursprüngliche Nachricht- > Von: Ronan [mailto:[EMAIL P

AW: AW: CSR signing

2004-10-28 Thread thomas . beckmann
Ah, now I know where the concatenation idea comes from ;-) > -Ursprüngliche Nachricht- > Von: Dr. Stephen Henson [mailto:[EMAIL PROTECTED] > Gesendet: Mittwoch, 27. Oktober 2004 17:43 > An: [EMAIL PROTECTED] > Betreff: Re: AW: CSR signing > > > On Wed, Oct 27, 2004, Ronan wrote: > > > >

AW: doubt regd X509 Certificate

2004-11-17 Thread thomas . beckmann
Sravan, the AlgorithmIdentifier in the Certificate definition tells you which algorithms have been used to produce and to verifify the certificate signature. The AlgorithmIdentifier in the TBSCertificate tells you which algorithms to use applying the key included. regards Thomas > -Ursprung

AW: DER public key file structure

2004-12-15 Thread thomas . beckmann
Andrus, as Stephen explains the key is represented in an ASN.1 structure called "SubjectPublicKeyInfo" and is coded in DER (Distinguished Encoding Rules). The structure consits of an ObjectIdentifier ([06 09] 2A...01 01 01) and the parameter NULL ([05 00]) followed by the public modulus of your ke

AW: X509 certificate with S/MIME

2005-02-02 Thread thomas . beckmann
Aparna,   you can put an email address either in the EMAIL attribute of the DN or in the subjectAltName extension.   As far as I know it is recommended to put the email address in either the one or the other place for S/MIME messages but it is not mandatory.   Regards   Thomas -Ursprü

The breaking of SHA1

2005-03-08 Thread thomas . beckmann
Hello everybody, I am not quite sure which list to address so I chose both. Regarding the news around the "breaking" of SHA1, I wonder if it is planned or already in work to implement other hash algorithms like SHA256 into OpenSSL. Best Regards Thoma

AW: Max length of serial number

2005-07-18 Thread thomas . beckmann
Richard, as far as I read the text from the RFC, they are talkin about non-negative numbers. So the range is from 0 to 2^(159)-1 because the one bit missing indicates a negative number. Best regards Thomas Beckmann > -Ursprüngliche Nachricht- > Von: [EMAIL PROTECTED] > [mail