cheers,
Thanks for the response, but haven't the evp_pkey struct of the public key. I' ve only the an bytes string that i retrieved from IEEE cert with "PEM_bytes_read_bio()". Now in want to form the ec_key struct and then the evp_pkey struct.
Thanks
Best regards
Christian Adja
Il Mercoledì 22 Marzo 2017 19:01, Ethan Rahn <ethan.rahn@xxxxxxxxx> ha scritto:
Couldn't you just use EVP_PKEY_get1_EC_KEY?
Cheers,
Ethan
On Wed, Mar 22, 2017 at 10:48 AM, Christian Adja via openssl-users <openssl-users@xxxxxxxxxxx> wrote:
Good evening everybody,I need help about to transform public key (unsigned char *) retrieved from IEEE cert in EVP_PKEY o EC_KEY. The public key is an ecdsaNistP256 in compressed form (compressedy1).The public key form in hex =|00|80|83|x point (32 bytes)|Thanks,Best RegardsIl Mercoledì 15 Marzo 2017 22:23, "openssl-users-request@ openssl.org" <openssl-users-request@ openssl.org> ha scritto:
Send openssl-users mailing list submissions toTo subscribe or unsubscribe via the World Wide Web, visitor, via email, send a message with subject or body 'help' toYou can reach the person managing the list atWhen replying, please edit your Subject line so it is more specificthan "Re: Contents of openssl-users digest..."Today's Topics:1. Request for adding new ciphers (Christian Adja)2. Re: Request for adding new ciphers (Matt Caswell)3. Generating dh parameters multithreaded? (Joseph Southwell)4. Re: Generating dh parameters multithreaded? (Salz, Rich)5. OpenSSL Certificate Cross Signing (Moritz Wirth)6. Re: PKCS#7 (val?ry)7. Re: Generating dh parameters multithreaded? (Joseph Southwell)8. Re: Generating dh parameters multithreaded? (Salz, Rich)------------------------------ ------------------------------ ----------Message: 1Date: Wed, 15 Mar 2017 18:03:44 +0000 (UTC)From: Christian Adja <christian_adja@xxxxxxxx>Subject: [openssl-users] Request for adding new ciphersMessage-ID: <1576557894.1332584. 1489601024241@xxxxxxxxxxxxxx>Content-Type: text/plain; charset="utf-8"Hi everyone,Someone can help for adding the ciphersuite " ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in openssl?I tried adding in the file tls1.h??? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_ 128_CCM??????????? 0x0300C0AC??? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_ 256_CCM??????????? 0x0300C0ADAnd modifing the file? ssl_ciph.c the functions??? ssl_load_ciphers() ... And modifing the file evp_cipher.c and sssl_locl.cand finaly ssl_algs.c.There are no way to make it works. It continue to give me? error: ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420thanks.-------------- next part --------------An HTML attachment was scrubbed...URL: <http://mta.openssl.org/ pipermail/openssl-users/ attachments/20170315/5ea926a1/ attachment-0001.html>------------------------------Message: 2Date: Wed, 15 Mar 2017 18:18:52 +0000From: Matt Caswell <matt@xxxxxxxxxxx>Subject: Re: Request for adding new ciphersMessage-ID: <e507eba7-b0c6-d85a-78aa- 2af36c2e487e@xxxxxxxxxxx>Content-Type: text/plain; charset=windows-1252On 15/03/17 18:03, Christian Adja via openssl-users wrote:> Hi everyone,>> Someone can help for adding the ciphersuite "> ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in> openssl?> I tried adding in the file tls1.h> # define TLS1_CK_ECDHE_ECDSA_WITH_AES_ 128_CCM 0x0300C0AC> # define TLS1_CK_ECDHE_ECDSA_WITH_AES_ 256_CCM 0x0300C0AD>> And modifing the file ssl_ciph.c the functions> ssl_load_ciphers() ...> And modifing the file evp_cipher.c and sssl_locl.c> and finaly ssl_algs.c.>> There are no way to make it works. It continue to give me error:> ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420These ciphersuites already exist in OpenSSL (from version 1.1.0).Matt------------------------------Message: 3Date: Wed, 15 Mar 2017 14:18:38 -0400From: Joseph Southwell <jsouthwell@xxxxxxxxxxxxx>Subject: [openssl-users] Generating dh parameters multithreaded?Message-ID: <56015584-6EDC-4BD6-AA21- F27835281A99@xxxxxxxxxxxxx>Content-Type: text/plain; charset="utf-8"On any new install of our software we generate new dh parameters as follows?DH *dh = DH_new();!DH_generate_parameters_ex(dh, 2048, 2, NULL);int codes = 0;DH_check(dh, &codes);DH_generate_key(dh);It takes a long time. Is there some way to have it use all available cores instead of just the one?-------------- next part --------------An HTML attachment was scrubbed...URL: <http://mta.openssl.org/ pipermail/openssl-users/ attachments/20170315/abdcfd11/ attachment-0001.html>------------------------------Message: 4Date: Wed, 15 Mar 2017 18:21:05 +0000From: "Salz, Rich" <rsalz@xxxxxxxxxx>Subject: Re: Generating dh parameters multithreaded?Message-ID:Content-Type: text/plain; charset="utf-8"> It takes a long time. Is there some way to have it use all available cores instead of just the one?You'll have to write the code to do that parallelism yourself.------------------------------Message: 5Date: Wed, 15 Mar 2017 19:46:07 +0100From: Moritz Wirth <mw@xxxxxxxxx>Subject: OpenSSL Certificate Cross SigningMessage-ID: <c879dec1-9fab-5ecc-de01- 4e033c690690@xxxxxxxxx>Content-Type: text/plain; charset=utf-8Good Evening all,I have 2 Root Certificate Authorities which I want to use to cross signan intermediate certificate. I created a certificate request and signedit with both CAs.I issued an end user certificate with the intermediate CA and added bothintermediate CA Certificates (the one from Root1 and the one signed byRoot2). If only one CA is trusted, the certificate is still recognizedas trusted in Firefox regardless which certificate is on top of thechain (Which is exactly what I want.)I wondered if I can connect both intermediate Certificates to a singlecertificate or do I always need both certificates?Best Regards,Moritz------------------------------Message: 6Date: Wed, 15 Mar 2017 21:42:50 +0100From: val?ry <vsbrin@xxxxxxxxx>Subject: Re: PKCS#7Message-ID:<CAMkdoSFR_kT= wxt5jAFMENwN3dXEhzVr=VkJmh-7=o caHj14OA@xxxxxxxxxxxxxx>Content-Type: text/plain; charset="utf-8"Alright, big thanks to both of you for your input!On Mar 15, 2017 23:01, "Wouter Verhelst" <wouter.verhelst@xxxxxxxxx> wrote:On 15-03-17 05:13, val?ry wrote:> Hi,>> thank you very much for your response.> Say someone would be able to gather several clear text AES keys and> their respective asymmetrically encrypted RSA blocks. Would it weakens> the security of the RSA key pair ? I mean could it be easier for someone> using that information to brute force an RSA key pair ?>Think of it this way:As far as the RSA algorithm is concerned, the AES keys are just data. Theyhappen to be AES keys, but they might have been a hash value, an image, orsomebody's date of birth.If getting the cleartext as well as the encrypted text for an RSA messagewould allow you to more easily guess the RSA key, then the RSA algorithmwould be seriously flawed.There is no known attack against RSA for which this is true, however, asRich pointed out.--Wouter Verhelst--openssl-users mailing listTo unsubscribe: https://mta.openssl.org/ mailman/listinfo/openssl-users-------------- next part --------------An HTML attachment was scrubbed...URL: <http://mta.openssl.org/ pipermail/openssl-users/ attachments/20170315/c5426a43/ attachment-0001.html>------------------------------Message: 7Date: Wed, 15 Mar 2017 17:08:50 -0400From: Joseph Southwell <jsouthwell@xxxxxxxxxxxxx>Subject: Re: Generating dh parameters multithreaded?Message-ID: <F3ADE150-0FAA-46B8-B481- 816C1DD1B984@xxxxxxxxxxxxx>Content-Type: text/plain; charset=us-asciiAre you suggesting that I should modify openssl myself to expose that functionality or are suggesting that there is a way to do that given the already exposed functionality? If it is the latter could you point me in the right direction?> On Mar 15, 2017, at 2:21 PM, Salz, Rich via openssl-users <openssl-users@xxxxxxxxxxx> wrote:>>> It takes a long time. Is there some way to have it use all available cores instead of just the one?>> You'll have to write the code to do that parallelism yourself.> --> openssl-users mailing list> To unsubscribe: https://mta.openssl.org/ mailman/listinfo/openssl-users>------------------------------Message: 8Date: Wed, 15 Mar 2017 21:15:11 +0000From: "Salz, Rich" <rsalz@xxxxxxxxxx>To: Joseph Southwell <jsouthwell@xxxxxxxxxxxxx>,Subject: Re: Generating dh parameters multithreaded?Message-ID:Content-Type: text/plain; charset="Windows-1252"> Are you suggesting that I should modify openssl myself to expose that> functionality or are suggesting that there is a way to do that given the already> exposed functionality? If it is the latter could you point me in the right> direction?OpenSSL code does not do what you want. You'll have to write it------------------------------Subject: Digest Footer______________________________ _________________openssl-users mailing list------------------------------End of openssl-users Digest, Vol 28, Issue 21****************************** ***************
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/ mailman/listinfo/openssl-users
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
