Questions tagged [openssl]

0

votes
0

answer
4

Views

How to connect to a server with a certificate and rsa key

I am very new to python programming. I have a certificate and RASkey . and i want to write a python ssl socket client program to send message to server.I know server ip address and port. I have been trying below code. Please guide me.
Nouman Yosuf
1

votes
0

answer
3

Views

suse openssl undefined symbol: private_CAST_set_key

I want to create a ssl certificate on my suse system. When i try to this like this: openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 I get the following error: openssl: symbol lookup error: openssl: undefined symbol: private_CAST_set_key
Marius Illmann
1

votes
3

answer
1.7k

Views

Unable to `openssl verify' letsencrypt certificate

I gererate a certificate with Letsencrypt using the Certbot container: $ mkdir /home/$USER/letsencrypt $ docker run -it --rm -p 80:80 -p 443:443 -v /home/$USER/letsencrypt:/etc/letsencrypt certbot/certbot certonly --standalone --email [email protected] --agree-tos -d example.com I navigate to the gen...
David Carboni
1

votes
1

answer
48

Views

Java and Openssl generates different length of public keys for same private key

I used java to generate public key out of private key as follows, Security.addProvider(new BouncyCastleProvider()); KeyPairGenerator kpg = KeyPairGenerator.getInstance('RSA', 'BC'); kpg.initialize(2048); KeyPair kp = kpg.generateKeyPair(); PrivateKey priv = kp.getPrivate(); RSAPrivateCrtKey rsaCrtKe...
Channa
1

votes
0

answer
17

Views

How can I read certificate to verify signature with openssl?

I have generated a private key and corresponding certificate with openssl on linux, with these commands: openssl req -x509 -newkey rsa:1024 -keyout key.pem -out certificate.pem -days 730 -nodes This has generated to me two files: key.pem and certificate.pem Using key.pem, with C++ (PEM_read_PrivateK...
Mert Mertce
1

votes
1

answer
3.6k

Views

PKCS#11 engine for openSSL

I'm trying to setup openSSL under Windows 7 to use a vendor specific security module. From the vendor I got a PKCS#11 API dll (lets say vendor.dll). The PKCS#11 engine has been created according to https://github.com/OpenSC/libp11 As described in the link, for testing, I start openssl engine pkcs11...
michael
1

votes
1

answer
923

Views

How to calculate SHA512/224 and SHA512/256 hashes using OpenSSL?

Here's how I calculate a SHA512 hash in C. #include #include char *calc_sha512(char *data) { SHA512_CTX ctx; char *md = malloc(sizeof(char)*(SHA512_DIGEST_LENGTH+1)); SHA512_Init(&ctx); SHA512_Update(&ctx, data, strlen(data)); SHA512_Final(md, &ctx); md[SHA512_DIGEST_LENGTH] = '\0'; return md; } i...
Umayr
1

votes
1

answer
134

Views

Adding extension in CSR for generating an intermediate certificate

I am generating a Certificate Signing Request for an intermediate certificate. I want to make the certificate a certificate authority (CA), so I want to add the basic constraints extension in CSR. I am currently using the following code exts = sk_X509_EXTENSION_new_null(); add_ext(exts, x509_req, NI...
shery6405
1

votes
0

answer
1.4k

Views

Delphi Indy error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

I have been using Delphi XE Indy 10.5.7 OpenSSL 1.0.2n (https://indy.fulgan.com/SSL). When I try to execute code: procedure TForm1.Button1Click(Sender: TObject); var IdHTTP: TIdHTTP; URL, Str: string; SSL: TIdSSLIOHandlerSocketOpenSSL; begin URL := 'https://satsis.info/tv/wek/schedule_channel_3_wee...
vlad_n
1

votes
0

answer
491

Views

Revoke existing certificate in openssl

I have created openssl certificates so i have .crt and .key file. If I want to add those certificates in existing certificate revocation list then how can we do that ? I have tried with below code. #include #include #include #include #include #include #include #include #include #include #i...
Neel
1

votes
0

answer
129

Views

Multithreaded program segfaults with OpenSSL and OpenMP

I am using OpenSSL in a multithreaded program in C and having issues. So I wrote a small program to try to narrow down what the problem is. The functions besides the main function were copy pasted from https://github.com/plenluno/openssl/blob/master/openssl/crypto/threads/mttest.c My program is as f...
MSJ
1

votes
0

answer
225

Views

SSLHandshakeException JAVA : client SSL call using key and certificate file

I have a cert file and its key. Using these two I am able to call a given service api successfully using postman. Now I am trying to write a client which should use these two and call the API.Before writing the java code,using openssl created a pfx file using the existing cert file and its correspon...
Abhinav
1

votes
0

answer
87

Views

WebSocket error in common lisp

I want to make slack bot. I can not solve this error. (ql:quickload '(:cl-slack :event-emitter :websocket-driver :jonathan :cl-async ) :silent t) (defconstant +token+ 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx') (defconstant +channel+ 'xxx') (defvar *client* (make-instance 'cl-slack.core:slack-...
leaf_chage
1

votes
0

answer
200

Views

TLS version not set correctly, can't pull session info

RESOLVED Build configuration error. The officially 'blessed' implementations of curl and OpenSSL on our system are woefully out of date (OpenSSL 0.9.8). All the applications I communicate with won't accept anything below TLS v1.2, so I had downloaded and built OpenSSL 1.1 and Curl 7.48 under my hom...
John Bode
1

votes
0

answer
108

Views

Node.js: Use child_process file descriptor as temporary file for key output in spawning openssl

I am trying to generate a self-signed certificate using openssl from a spawned child_process in Node.JS. Because of factors, I want both the generated private key and certificate to be output directly to memory (stores as strings in memory) without writing to the filesystem. this is easy enough for...
Aaron_H
1

votes
1

answer
75

Views

OpenSSL C++ Encrypting Issue

So what I'm trying to do is have an encryption key on my PC that is based off of the time, and have the server generate the same encryption key. I have done that successfully, except for the cipher on my PC. I am trying to encrypt text in AES-256-CBC on the server and on my PC. On my PC I have: std:...
Cole W
1

votes
0

answer
179

Views

SIGILL occurs when using remote debbuging on arm target even if handle SIGILL nostop is set

I'm trying to remote debug a c++ app from a windows host to a debian armbian target of cubietruck board (ARM® Cortex™-A7 Dual-Core). However the debbuger breaks while receiving SIGILL. I've searched and found the reason. It is described in this post SSL_library_init cause SIGILL when running unde...
dk13
1

votes
0

answer
1.3k

Views

Difference between keytool and openssl?

We can generate certificate through keytool like this keytool -genkey -alias initcert -keyalg RSA -keystore keycloak.jks -validity 365 -keysize 2048 and through openssl also like this Openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj '/CN=nginxsvc/O=nginxsv...
Subodh Joshi
1

votes
0

answer
1.7k

Views

cannot compile openssh due to OpenSSL library not found

I am based on 16.04, trying to install openssh from source sudo apt install -y build-essential libssl-dev zlib1g-dev wget 'http://mirrors.evowise.com/pub/OpenBSD/OpenSSH/portable/openssh-7.4p1.tar.gz' tar xfz openssh-7.4p1.tar.gz cd openssh-7.4p1 ./configure When trying to configure, I've gotten the...
user824624
1

votes
1

answer
259

Views

OpenSSL 1.0.2h not accepting config parameters

I am trying to compile OpenSSL 1.0.2h from source in order to meet requirements defined by Common Criteria and for that i need to restrict certain class of cipher suites such as ECHDE, DHE, DSA, all TLS protocols except TLS1.2 and compile OpenSSL with the FIPS Object Module. I did the following: roo...
Hussain Ali Akbar
1

votes
0

answer
714

Views

version OPENSSL_1.0.2 not defined in file libssl.so.1.0.0 with link time reference

I am trying to setup old version of rails(3.2.17) and ruby(1.9.2). When I try to start up the rail server, I am getting the following error: `require': /usr/lib/x86_64-linux-gnu/libcurl.so.4: symbol SSL_CTX_set_alpn_protos, version OPENSSL_1.0.2 not defined in file libssl.so.1.0.0 with link time ref...
Jay
1

votes
0

answer
29

Views

How to modify osx homebrew formula to run on wider variety of systems?

I am installing the openssl package via osx homebrew. I however need to tweak the compilation process, but i cannot even find where/how homebrew is compiling my packages. I specficially would like to see what CFLAGS and most importantly the value of the -march= flag. I looked in the logs ~/Library/L...
horseyguy
0

votes
0

answer
6

Views

How do I encrypt/decrypt strings in Ruby via Terminal?

So I'm having some trouble running my script. My script has two commands : -e which is for encryption, and -d for decryption. The second ARGV is the key for the asymmetric cryptography and the string that it encrypt/decrypts is just static you will see it says 'Words and Stuff' in the code. When I r...
HorseLeg
1

votes
0

answer
199

Views

OpenSSL cmd analog for ECIESwithAES-CBC encryption with BouncyCastle provider?

Is there a way to achieve compatible encryption result using OpenSSL command line tools to the result that I have in Java code? In Java there is an asymmetric encryption of some data with EC public key: PublicKey publicKey = KeyUtils.readPublicKey(publicKeyPath, 'EC'); Cipher cipher = Cipher.getInst...
semenchikus
1

votes
1

answer
278

Views

cURL, php and SSL error

I got instructions from an organisation how to connect to their server with a CA, key and cert. Tried in the terminal successfully with the following: openssl s_client -connect api-system3.xxxx.com:443 -CAfile teliasonerarootcav1.cer -cert BolagACert.crt -key BolagAKey.key and a following GET reques...
Kevin Lindmark
1

votes
0

answer
677

Views

Key Usage and Extended Key Usage certificate extension values should be required in client authentication

Anyone knows in client authentication, what are the Key Usage and Extended Key Usage purposes we should validate? As per the specification in [1]: 'Extended Key Usage' is not necessary and which is configured in addition to or in place of the basic purposes indicated in the key usage extension. 'cli...
Indunil Rathnayake
1

votes
1

answer
119

Views

Get ECDSA key by id for openssl_verify function

I need a little help. I have a txt file with ecdsa public keys: KEY_ID: 1 STATUS: VALID -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+Y5mYZL/EEY9zGji+hrgGkeoyccK D0/oBoSDALHc9+LXHKsxXiEV7/h6d6+fKRDb6Wtx5cMzXT9HyY+TjPeuTg== -----END PUBLIC KEY----- KEY_ID: 2 STATUS: VALID -----BEGIN...
Lubos Belan
1

votes
0

answer
143

Views

OpenSSL causing Windows XP to crash when reading

I have a simple C app that downloads some file on an HTTPS enabled web server. I'm using Visual Studio 2017 and it works great on all Windows platforms, except Windows XP. As far as I noticed, SSL/TLS support is completely obsolete on windows XP. I was not even able to reach certain websites with HT...
UndefinedUserAtSO
1

votes
1

answer
75

Views

Expiry time on php openssl?

I'm not very familiar with encryption, and we are now using PHP's openssl_encrypt/decrypt in our application. Is it possible to make the encryption/decryption work only before an expiry time? e.g. maybe the keys expire?
phantomhive
1

votes
1

answer
578

Views

Failing to build Ruby 2.5.0 with rbenv and ruby-build

So I am trying to install ruby 2.5.0 with rbenv and this is my issue: $ rbenv install 2.5.0 ruby-build: use openssl from homebrew Downloading ruby-2.5.0.tar.bz2... -> https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.0.tar.bz2 Installing ruby-2.5.0... ruby-build: use readline from homebrew BUILD FAI...
Luke
1

votes
0

answer
42

Views

openssl BN_mod_exp function results different output for same inputs on two executions

I'm using openssl library in my project, I execute the program at the same time on two terminals with the same inputs. When they get to BN_mod_exp(temp1,temp2,Y,p,ctx); they result different outputs although inputs are the same values. I print every BIGNUM value that the function inputs to make sur...
Daniel Israel
1

votes
1

answer
159

Views

how to make c openssl generate the same signed text as JAVA SHA256withRSA/PSS Signature?

I am working on rpc call signing, and to make server accept our API calls, we need to use RSAPrivateKey to sign http mime headers. Server side code is written in JAVA and use 'SHA256withRSA/PSS' to verify signature. My problem is I got different signing hashes from JAVA and c openssl code. So the...
Yuhui Liu
1

votes
0

answer
163

Views

What is OpenSSL adding to my SHA256 hash during signing?

I am running into a problem with verifying a SHA256 hash signature generated using OpenSSL. When I invoke openssl dgst -sha256 -binary -out hash.sha256 in_file and I (xxd -g 1 hash.sha256), it looks like this - 00000000: d7 e6 1b 81 5c 32 28 30 7b 7b 45 e1 ef 40 6b 93 00000010: 34 67 d0 a4 ee c0...
zkabitz
1

votes
0

answer
58

Views

How to retrieve SCTs when using OpenSSL?

I am not getting any SCTs when using OpenSSL. After setting up the SSL connection, I'm calling SSL_enable_ct(ssl, SSL_CT_VALIDATION_PERMISSIVE); const STACK_OF(SCT) *sct_stack = sk_SCT_new_null(); sct_stack = SSL_get0_peer_scts(ssl); printf('%i SCTs obtained.\n', sk_SCT_num(sct_stack)); And it alway...
Brian Hogan
1

votes
0

answer
69

Views

How to make client approve a server certificate?

I need to make client approve a server CA certificate which is not known to it. I have generated cert.pem using the following command openssl req -x509 -newkey rsa:4096 -nodes -out cert.pem -keyout key.pem -days 365 And then using the following command I came to know that requests points to /cacert...
1

votes
0

answer
307

Views

Node js socket connection Https server amazon EC2

I was tried socket connection in AWS EC2 with ssl certified. i have created key file and also cert file, and attach my key into amazon load balance. My server side code is const socket = require( 'socket.io' ); const express = require( 'express' ); const https = require( 'https' ); const fs = requi...
Thirupathi
1

votes
0

answer
134

Views

Unable to establish SSL connection from embedded linux device to server

I'm trying to establish an SSL connection using OpenSSL from my embedded Linux device to the self-signed certificate, This is my code : /* Set up the library */ ERR_load_BIO_strings(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); /* Set up the SSL context */ m_ctx = SSL_CTX_new( TLSv1...
MHD
1

votes
1

answer
91

Views

What is the correct way to implement SSL?

I have a flask application(client) from where I need to send some data to a server(another flask application as of now) and get some corresponding data. I need to use REST because the server can be anything later(the current flask app is a dummy server for testing). I need to have SSL connection bet...
Vipin Nagar
1

votes
1

answer
112

Views

OpenSSL: Promote insecure BIO to secure one

I'm trying to create a simple FTP/FTPS client implementation in C++ using OpenSSL. I've managed it to work with plain FTP using BIO API. Now the question is: once I have an insecure connection and BIO object, how can I upgrade the connection to use encryption? The connection works in plain FTP until...
eko
1

votes
1

answer
82

Views

OpenSSL: cannot retrieve LIST via FTPS

I'm developing a simple FTPS client in C++. The control channel communication is working over SSL just fine, but I'm having problems retrieving the file list. Currently I'm doing the following sequence: open control connection AUTH TLS do handshake on control connection USER username PASS password P...
eko

View additional questions