second question: A real 1024-bit-key must have at least 1017
bit, so it consits of 128 byte (= 1024 bit) with 7 leading zeros.
Regards
Thomas Beckmann
> -Ursprüngliche Nachricht-
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Auftrag von Tan Eng Ten
> Gesendet: Mittwoch, 17.
hat
> > these numbers are multiples of 8 ans though can be
> fractioned into bytes
> > (1024 bit = 128 byte).
> > Withe the increase of calculation power the key size was
> increased, in the
> > end by doubling the number of bits.
> >
> > To answer our
Are
you sure this is the right community to ask?
-Ursprüngliche Nachricht-Von:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Im
Auftrag von Paull DodemaideGesendet: Mittwoch, 17. August 2005
13:38An: openssl-users@openssl.orgBetreff: Setup
Help
Hi All,
I am having no
Who will mandate ECC by 2010???
> -Ursprüngliche Nachricht-
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Auftrag von Uri
> Gesendet: Mittwoch, 17. August 2005 14:54
> An: openssl-users@openssl.org
> Betreff: Re: RSA key sizes
>
>
> Please note that the importance of RSA is going
In the C-Field of the DN only two characters are allowed. So "C=ZA Par" is
invalid.
Regards
Thomas
> -Ursprüngliche Nachricht-
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Auftrag von Brendon Schafer
> Gesendet: Donnerstag, 25. August 2005 12:47
> An: openssl-users@openssl.org
>
Well,
I am not a guru concerning ac but looking at the ac you send with your mail my
ASN.1-Dump told me there's a negative INTEGER in it (at approx. octet 497,
length 2), but an INTEGER mustn't be negative. Maybe this is the "Wrong
Tag"?
Regards
Thomas
-Ursprüngliche Nachricht
Andrea,
You have to add the lines
x509_extensions =
and
[]
to your config file.
If you want to get an x.509v3 certificate without extensions, you can leave
the section empty. Otherwise you can specify your extensions to be used
here.
Regards
Thomas
> -Ursprüngliche Nachric
Michael,
OpenSSL ist working correct because "9a 38 74 00 00 00 00
25 be" is a negative integer. If you preceedyour serial number with "00"
everything will work fine... even the presentation of your number
with OpenSSL.
Best regards
Thomas
Von: [EMAIL PROTECTED]
[mailto:[E
Kyle
it's not required by the RFC but it's required by x.209 (BER, Encoding of
integer-values)
Regards
Thomas
> -Ursprüngliche Nachricht-
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Im Auftrag von Kyle Hamilton
> Gesendet: Mittwoch, 11. Januar 2006 15:22
> An: openssl-users@o
Because it IS a negative number according to x.209... and other papers
defining the bit representation of INTEGER.
> -Ursprüngliche Nachricht-
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Im Auftrag von Bohn, Michael
> Gesendet: Mittwoch, 11. Januar 2006 16:00
> An: openssl-users@
Michael,
just for my curiousity... who ist the issuer of the
certificate?
Best regards
Thomas
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Bohn,
MichaelGesendet: Mittwoch, 11. Januar 2006 07:20An:
openssl-users@openssl.orgBetreff: openssl can don' t ha
r field 6,
> got 1, '' left)
> > TMF-TestCA/bin/ComputeRequests: line 15: 5411
> Speicherzugriffsfehler >>
> > openssl ca -config $CADIR/TMF-TestCA.cnf -name
> $PURPOSE -in
A.cnf
> > wrong number of fields on line 1 (looking for field 6,
> got 1, '' left)
> > TMF-TestCA/bin/ComputeRequests: line 15: 5411
> Speicherzugriffsfehler >>
> > openssl ca -config $CADIR/TMF-TestCA.cnf -name
&g
Hzhijun,
maybe
this part from the openssl FAQs (at www.openssl.org) may help
you:
--
1. Why do I get a "PRNG not seeded" error
message?
Cryptographic software needs
You have to specify a config file using the -config parameter of openssl.
Even as "ca" "req" needs a configuration file to get specific information
like keylength or the distinguishedName structure.
My experience is that openssl does not find the default config file so you
have to set either the e
Why did you concatenate the server.key and the server.csr? Why don't you use
the csr to produce the certificate???
> -Ursprüngliche Nachricht-
> Von: Ronan [mailto:[EMAIL PROTECTED]
> Gesendet: Mittwoch, 27. Oktober 2004 12:28
> An: [EMAIL PROTECTED]
> Betreff: CSR signing
>
>
> ok so iv
As far as I understood, using "openssl req..." the produced format is PEM,
independant what file extension you use. So normally this should work. Sorry
for this kind of vague information but I didn't use openssl for a while.
Thomas
> -Ursprüngliche Nachricht-
> Von: Ronan [mailto:[EMAIL P
Ah, now I know where the concatenation idea comes from ;-)
> -Ursprüngliche Nachricht-
> Von: Dr. Stephen Henson [mailto:[EMAIL PROTECTED]
> Gesendet: Mittwoch, 27. Oktober 2004 17:43
> An: [EMAIL PROTECTED]
> Betreff: Re: AW: CSR signing
>
>
> On Wed, Oct 27, 2004, Ronan wrote:
>
> > >
Sravan,
the AlgorithmIdentifier in the Certificate definition tells you which
algorithms have been used to produce and to verifify the certificate
signature. The AlgorithmIdentifier in the TBSCertificate tells you which
algorithms to use applying the key included.
regards
Thomas
> -Ursprung
Andrus,
as Stephen explains the key is represented in an ASN.1 structure called
"SubjectPublicKeyInfo" and is coded in DER (Distinguished Encoding Rules).
The structure consits of an ObjectIdentifier ([06 09] 2A...01 01 01) and the
parameter NULL ([05 00]) followed by the public modulus of your ke
Aparna,
you
can put an email address either in the EMAIL attribute of the DN or in the
subjectAltName extension.
As far
as I know it is recommended to put the email address in either the one or the
other place for S/MIME messages but it is not mandatory.
Regards
Thomas
-Ursprü
Hello everybody,
I am not quite sure which list to address so I chose both.
Regarding the news around the "breaking" of SHA1, I wonder if it is planned
or already in work to implement other hash algorithms like SHA256 into
OpenSSL.
Best Regards
Thoma
Richard,
as far as I read the text from the RFC, they are talkin about non-negative
numbers. So the range is from 0 to 2^(159)-1 because the one bit missing
indicates a negative number.
Best regards
Thomas Beckmann
> -Ursprüngliche Nachricht-
> Von: [EMAIL PROTECTED]
> [mail
23 matches
Mail list logo