On 22/03/17 17:59, Christian Adja via openssl-users wrote: > Good evening everybody,I need help about to transform public key > (unsigned char *) retrieved from IEEE cert in EVP_PKEY o EC_KEY. The > public key is an ecdsaNistP256 in compressed form (compressedy1). > The public key form in hex = > |00|80|83|x point (32 bytes)| You could use BN_bin2bn() to load the x value into a BIGNUM: https://www.openssl.org/docs/man1.1.0/crypto/BN_bin2bn.html Then you could use EC_POINT_set_compressed_coordinates_GFp() to create the EC_POINT for that public key: https://www.openssl.org/docs/man1.1.0/crypto/EC_POINT_set_compressed_coordinates_GFp.html Finally you can create an EC_KEY from the EC_POINT using EC_KEY_set_public_key(): https://www.openssl.org/docs/man1.1.0/crypto/EC_KEY_set_public_key.html Matt > Thanks, > Best Regards > > > Il Mercoledì 22 Marzo 2017 18:48, "openssl-users-request@xxxxxxxxxxx" > <openssl-users-request@xxxxxxxxxxx> ha scritto: > > > Send openssl-users mailing list submissions to > openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx> > > To subscribe or unsubscribe via the World Wide Web, visit > https://mta.openssl.org/mailman/listinfo/openssl-users > or, via email, send a message with subject or body 'help' to > openssl-users-request@xxxxxxxxxxx > <mailto:openssl-users-request@xxxxxxxxxxx> > > You can reach the person managing the list at > openssl-users-owner@xxxxxxxxxxx <mailto:openssl-users-owner@xxxxxxxxxxx> > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of openssl-users digest..." > > > Today's Topics: > > 1. Re: openssl-users Digest, Vol 28, Issue 21 (Christian Adja) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 22 Mar 2017 17:48:08 +0000 (UTC) > From: Christian Adja <christian_adja@xxxxxxxx > <mailto:christian_adja@xxxxxxxx>> > To: "openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx>" > <openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx>> > Subject: Re: openssl-users Digest, Vol 28, Issue 21 > Message-ID: <776809560.1321367.1490204889018@xxxxxxxxxxxxxx > <mailto:776809560.1321367.1490204889018@xxxxxxxxxxxxxx>> > Content-Type: text/plain; charset="utf-8" > > Good evening everybody,I need help about to transform public key > (unsigned char *) retrieved from IEEE cert in EVP_PKEY o EC_KEY. The > public key is an ecdsaNistP256 in compressed form (compressedy1). > The public key form in hex = > |00|80|83|x point (32 bytes)| > Thanks, > Best Regards > > > Il Mercoled? 15 Marzo 2017 22:23, "openssl-users-request@xxxxxxxxxxx > <mailto:openssl-users-request@xxxxxxxxxxx>" > <openssl-users-request@xxxxxxxxxxx > <mailto:openssl-users-request@xxxxxxxxxxx>> ha scritto: > > > Send openssl-users mailing list submissions to > ??? openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx> > > To subscribe or unsubscribe via the World Wide Web, visit > ??? https://mta.openssl.org/mailman/listinfo/openssl-users > or, via email, send a message with subject or body 'help' to > ??? openssl-users-request@xxxxxxxxxxx > <mailto:openssl-users-request@xxxxxxxxxxx> > > You can reach the person managing the list at > ??? openssl-users-owner@xxxxxxxxxxx <mailto:openssl-users-owner@xxxxxxxxxxx> > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of openssl-users digest..." > > > Today's Topics: > > ? 1. Request for adding new ciphers (Christian Adja) > ? 2. Re: Request for adding new ciphers (Matt Caswell) > ? 3. Generating dh parameters multithreaded? (Joseph Southwell) > ? 4. Re: Generating dh parameters multithreaded? (Salz, Rich) > ? 5. OpenSSL Certificate Cross Signing (Moritz Wirth) > ? 6. Re: PKCS#7 (val?ry) > ? 7. Re: Generating dh parameters multithreaded? (Joseph Southwell) > ? 8. Re: Generating dh parameters multithreaded? (Salz, Rich) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 15 Mar 2017 18:03:44 +0000 (UTC) > From: Christian Adja <christian_adja@xxxxxxxx > <mailto:christian_adja@xxxxxxxx>> > To: "openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx>" > <openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx>> > Subject: Request for adding new ciphers > Message-ID: <1576557894.1332584.1489601024241@xxxxxxxxxxxxxx > <mailto:1576557894.1332584.1489601024241@xxxxxxxxxxxxxx>> > Content-Type: text/plain; charset="utf-8" > > Hi everyone, > Someone can help for adding the ciphersuite " > ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in > openssl? > I tried adding in the file tls1.h??? # define > TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM??????????? 0x0300C0AC > ??? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM??????????? 0x0300C0AD > And modifing the file? ssl_ciph.c the functions??? ssl_load_ciphers() > ... And modifing the file evp_cipher.c and sssl_locl.cand finaly ssl_algs.c. > There are no way to make it works. It continue to give me? error: > ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420 > thanks. > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://mta.openssl.org/pipermail/openssl-users/attachments/20170315/5ea926a1/attachment-0001.html> > > ------------------------------ > > Message: 2 > Date: Wed, 15 Mar 2017 18:18:52 +0000 > From: Matt Caswell <matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>> > To: openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx> > Subject: Re: Request for adding new ciphers > Message-ID: <e507eba7-b0c6-d85a-78aa-2af36c2e487e@xxxxxxxxxxx > <mailto:e507eba7-b0c6-d85a-78aa-2af36c2e487e@xxxxxxxxxxx>> > Content-Type: text/plain; charset=windows-1252 > > > > On 15/03/17 18:03, Christian Adja via openssl-users wrote: >> Hi everyone, >> >> Someone can help for adding the ciphersuite " >> ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in >> openssl? >> I tried adding in the file tls1.h >>? ? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM? ? ? ? ? ? 0x0300C0AC >>? ? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM? ? ? ? ? ? 0x0300C0AD >> >> And modifing the file? ssl_ciph.c the functions >>? ? ssl_load_ciphers() ... >> And modifing the file evp_cipher.c and sssl_locl.c >> and finaly ssl_algs.c. >> >> There are no way to make it works. It continue to give me? error: >> ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420 > > > These ciphersuites already exist in OpenSSL (from version 1.1.0). > > Matt > > > > ------------------------------ > > Message: 3 > Date: Wed, 15 Mar 2017 14:18:38 -0400 > From: Joseph Southwell <jsouthwell@xxxxxxxxxxxxx > <mailto:jsouthwell@xxxxxxxxxxxxx>> > To: openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx> > Subject: Generating dh parameters multithreaded? > Message-ID: <56015584-6EDC-4BD6-AA21-F27835281A99@xxxxxxxxxxxxx > <mailto:56015584-6EDC-4BD6-AA21-F27835281A99@xxxxxxxxxxxxx>> > Content-Type: text/plain; charset="utf-8" > > On any new install of our software we generate new dh parameters as follows? > > DH *dh = DH_new(); > !DH_generate_parameters_ex(dh, 2048, 2, NULL); > int codes = 0; > DH_check(dh, &codes); > DH_generate_key(dh); > > It takes a long time. Is there some way to have it use all available > cores instead of just the one? > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://mta.openssl.org/pipermail/openssl-users/attachments/20170315/abdcfd11/attachment-0001.html> > > ------------------------------ > > Message: 4 > Date: Wed, 15 Mar 2017 18:21:05 +0000 > From: "Salz, Rich" <rsalz@xxxxxxxxxx <mailto:rsalz@xxxxxxxxxx>> > To: "openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx>" > <openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx>> > Subject: Re: Generating dh parameters multithreaded? > Message-ID: > ??? > <9ff829cd17f74e4a910ca067196f7d62@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > <mailto:9ff829cd17f74e4a910ca067196f7d62@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>> > Content-Type: text/plain; charset="utf-8" > >> It takes a long time. Is there some way to have it use all available > cores instead of just the one? > > You'll have to write the code to do that parallelism yourself. > > ------------------------------ > > Message: 5 > Date: Wed, 15 Mar 2017 19:46:07 +0100 > From: Moritz Wirth <mw@xxxxxxxxx <mailto:mw@xxxxxxxxx>> > To: openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx> > Subject: OpenSSL Certificate Cross Signing > Message-ID: <c879dec1-9fab-5ecc-de01-4e033c690690@xxxxxxxxx > <mailto:c879dec1-9fab-5ecc-de01-4e033c690690@xxxxxxxxx>> > Content-Type: text/plain; charset=utf-8 > > Good Evening all, > > > I have 2 Root Certificate Authorities which I want to use to cross sign > an intermediate certificate. I created a certificate request and signed > it with both CAs. > > I issued an end user certificate with the intermediate CA and added both > intermediate CA Certificates (the one from Root1 and the one signed by > Root2). If only one CA is trusted, the certificate is still recognized > as trusted in Firefox regardless which certificate is on top of the > chain (Which is exactly what I want.) > > I wondered if I can connect both intermediate Certificates to a single > certificate or do I always need both certificates? > > > Best Regards, > > Moritz > > > > ------------------------------ > > Message: 6 > Date: Wed, 15 Mar 2017 21:42:50 +0100 > From: val?ry <vsbrin@xxxxxxxxx <mailto:vsbrin@xxxxxxxxx>> > To: openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx> > Subject: Re: PKCS#7 > Message-ID: > ??? <CAMkdoSFR_kT=wxt5jAFMENwN3dXEhzVr=VkJmh-7=ocaHj14OA@xxxxxxxxxxxxxx > <mailto:ocaHj14OA@xxxxxxxxxxxxxx>> > Content-Type: text/plain; charset="utf-8" > > Alright, big thanks to both of you for your input! > > On Mar 15, 2017 23:01, "Wouter Verhelst" <wouter.verhelst@xxxxxxxxx > <mailto:wouter.verhelst@xxxxxxxxx>> wrote: > > On 15-03-17 05:13, val?ry wrote: > >> Hi, >> >> thank you very much for your response. >> Say someone would be able to gather several clear text AES keys and >> their respective asymmetrically encrypted RSA blocks. Would it weakens >> the security of the RSA key pair ? I mean could it be easier for someone >> using that information to brute force an RSA key pair ? >> > > Think of it this way: > > As far as the RSA algorithm is concerned, the AES keys are just data. They > happen to be AES keys, but they might have been a hash value, an image, or > somebody's date of birth. > > If getting the cleartext as well as the encrypted text for an RSA message > would allow you to more easily guess the RSA key, then the RSA algorithm > would be seriously flawed. > > There is no known attack against RSA for which this is true, however, as > Rich pointed out. > > -- > Wouter Verhelst > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://mta.openssl.org/pipermail/openssl-users/attachments/20170315/c5426a43/attachment-0001.html> > > ------------------------------ > > Message: 7 > Date: Wed, 15 Mar 2017 17:08:50 -0400 > From: Joseph Southwell <jsouthwell@xxxxxxxxxxxxx > <mailto:jsouthwell@xxxxxxxxxxxxx>> > To: "Salz, Rich" <rsalz@xxxxxxxxxx <mailto:rsalz@xxxxxxxxxx>>, > openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx> > Subject: Re: Generating dh parameters multithreaded? > Message-ID: <F3ADE150-0FAA-46B8-B481-816C1DD1B984@xxxxxxxxxxxxx > <mailto:F3ADE150-0FAA-46B8-B481-816C1DD1B984@xxxxxxxxxxxxx>> > Content-Type: text/plain; charset=us-ascii > > Are you suggesting that I should modify openssl myself to expose that > functionality or are suggesting that there is a way to do that given the > already exposed functionality? If it is the latter could you point me in > the right direction? > >> On Mar 15, 2017, at 2:21 PM, Salz, Rich via openssl-users > <openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx>> wrote: >> >>> It takes a long time. Is there some way to have it use all available > cores instead of just the one? >> >> You'll have to write the code to do that parallelism yourself. >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> > > > > ------------------------------ > > Message: 8 > Date: Wed, 15 Mar 2017 21:15:11 +0000 > From: "Salz, Rich" <rsalz@xxxxxxxxxx <mailto:rsalz@xxxxxxxxxx>> > To: Joseph Southwell <jsouthwell@xxxxxxxxxxxxx > <mailto:jsouthwell@xxxxxxxxxxxxx>>, > ??? "openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx>" > <openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx>> > Subject: Re: Generating dh parameters multithreaded? > Message-ID: > ??? > <2a86a335027d437ba9531551ce0ea897@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > <mailto:2a86a335027d437ba9531551ce0ea897@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>> > Content-Type: text/plain; charset="Windows-1252" > >> Are you suggesting that I should modify openssl myself to expose that >> functionality or are suggesting that there is a way to do that given > the already >> exposed functionality? If it is the latter could you point me in the right >> direction? > > OpenSSL code does not do what you want.? You'll have to write it > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > openssl-users mailing list > openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx> > https://mta.openssl.org/mailman/listinfo/openssl-users > > > ------------------------------ > > End of openssl-users Digest, Vol 28, Issue 21 > ********************************************* > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://mta.openssl.org/pipermail/openssl-users/attachments/20170322/4a392c45/attachment.html> > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > openssl-users mailing list > openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx> > https://mta.openssl.org/mailman/listinfo/openssl-users > > > ------------------------------ > > End of openssl-users Digest, Vol 28, Issue 25 > ********************************************* > > > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users