Search Results

Search found 890 results on 36 pages for 'openssl'.

Page 4/36 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • "Countersigning" a CA with openssl

    - by Tom O'Connor
    I'm pretty used to creating the PKI used for x509 authentication for whatever reason, SSL Client Verification being the main reason for doing it. I've just started to dabble with OpenVPN (Which I suppose is doing the same things as Apache would do with the Certificate Authority (CA) certificate) We've got a whole bunch of subdomains, and applicances which currently all present their own self-signed certificates. We're tired of having to accept exceptions in Chrome, and we think it must look pretty rough for our clients having our address bar come up red. For that, I'm comfortable to buy a SSL Wildcard CN=*.mycompany.com. That's no problem. What I don't seem to be able to find out is: Can we have our Internal CA root signed as a child of our wildcard certificate, so that installing that cert into guest devices/browsers/whatever doesn't present anything about an untrusted root? Also, on a bit of a side point, why does the addition of a wildcard double the cost of certificate purchase?

    Read the article

  • openssl CRC32 calculation

    - by sthustfo
    Hi all, I have seen some of the other questions here about the CRC 32 calculation. But none were satisfactory for me, hence this. Does openssl libraries have any api support for calculating the CRC32? I am already using openssl for SHA1, so would prefer to use it than link in one more library for CRC32(my implementation is in C). Thanks.

    Read the article

  • Building OpenSSL on Android NDK

    - by Soumya Simanta
    Hi, I want to use DTLS (on OpenSSL) using JNI on Android 2.1/2.2. Can someone help me get started (tutorials, howto, pointers etc) with building OpenSSL for Android (2.1/2.2) using the Android NDK? Anything important that I should be aware of before doing it. Thanks.

    Read the article

  • openssl api verify the public key matches private key

    - by AC
    How do I write an openssl server that on a single port has two different active RSA private keys? The openssl documentation seems to implies there can only be one rsa private key active at time with in a context. So I was thinking I have two active context, but what is the code to handle figuring out which connection matches which context. Or am I going about this the wrong way.

    Read the article

  • Help with OpenSSL request using Python

    - by Ldn
    Hi i'm creating a program that has to make a request and then obtain some info. For doing that the website had done some API that i will use. There is an how-to about these API but every example is made using PHP. But my app is done using Python so i need to convert the code. here is the how-to: The request string is sealed with OpenSSL. The steps for sealing are as follows: • Random 128-bit key is created. • Random key is used to RSA-RC4 symettrically encrypt the request string. • Random key is encrypted with the public key using OpenSSL RSA asymmetrical encryption. • The encrypted request and encrypted key are each base64 encoded and placed in the appropriate fields. In PHP a full request to our API can be accomplished like so: <?php // initial request. $request = array('object' => 'Link', 'action' => 'get', 'args' => array( 'app_id' => 303612602 ) ); // encode the request in JSON $request = json_encode($request); // when you receive your profile, you will be given a public key to seal your request in. $key_pem = "-----BEGIN PUBLIC KEY----- MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALdu5C6d2sA1Lu71NNGBEbLD6DjwhFQO VLdFAJf2rOH63rG/L78lrQjwMLZOeHEHqjaiUwCr8NVTcVrebu6ylIECAwEAAQ== -----END PUBLIC KEY-----"; // load the public key $pkey = openssl_pkey_get_public($key_pem); // seal! $newrequest and $enc_keys are passed by reference. openssl_seal($request, $enc_request, $enc_keys, array($pkey)); // then wrap the request $wrapper = array( 'profile' => 'ProfileName', 'format' => 'RSA_RC4_Sealed', 'enc_key' => base64_encode($enc_keys[0]), 'request' => base64_encode($enc_request) ); // json encode the wrapper. urlencode it as well. $wrapper = urlencode(json_encode($wrapper)); // we can send the request wrapper via the cURL extension $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'http://api.site.com/'); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, "request=$wrapper"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $data = curl_exec($ch); curl_close($ch); ?> Of all of that, i was able to convert "$request" and i'v also made the JSON encode. This is my code: import urllib import urllib2 import json url = 'http://api.site.com/' array = {'app_id' : "303612602"} values = { "object" : "Link", "action": "get", "args" : array } data = urllib.urlencode(values) json_data = json.dumps(data) What stop me is the sealing with OpenSSL and the publi key (that obviously i have) Using PHP OpenSSL it's so easy, but in Python i don't really know how to use it Please, help me!

    Read the article

  • secure client/server program in C with OpenSSL

    - by Samantha
    Hello, I'm trying to write a secure client/server program in C with OpenSSL. I've found a code sample at http://www.rtfm.com/openssl-examples/ but I get this error: server: SSL read problem client: Certificate doesn't verify I think the problem is with the certificate generation, but I cannot find it. Any idea? Thanks

    Read the article

  • Details in hex of the certificate in .pem openssl

    - by allenzzzxd
    Hi, I have generated using openssl mycert.pem which contents the certificate. And I converted the base64 text into hex. I wonder if it's possible to extract the informations from the hex string in c (without using the openssl library). For example, the public key, the issuer, the subject, the validity information, etc. Thanks.

    Read the article

  • X.509 certificate based authentication with OpenSSL (without using sockets)

    - by hartem
    Hi, Is there an alternative in OpenSSL to SSL_set_connect_state()/SSL_set_accept_state() for X.509 certificate based authentication? The problem is that in my application the client and server do not communicate using sockets, and the establishment of direct connection between them is not possible. So what I want from OpenSSL is to 'expose' the intermediate SSL context establishment messages which I would then convey to the party at the other end. Thanks for your help!

    Read the article

  • openssl versus windows capi

    - by oren
    Which is better to use openssl or windows capi for ecnryption issues what is the pro and con list for both. and if it possible to write my encryptor program on openssl and decrypt it with windows capi with no problem or there are some problem with this.

    Read the article

  • openssl 0.9.8j connection issue

    - by Lambov
    I have a connection problem using openssl 0.9.8j. When I try to connect with s_client to one specified server openssl said: 640:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3 _pkt.c:1060:SSL alert number 40 640:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188 I tried option "no_ticket",I tried also "ssl2",all is useless. The problem occurs only when I try to connect to this server. Any ideas? Thanks!

    Read the article

  • openssl ssl encryption

    - by deddihp
    Hello, I want to discuss about openssl write and read method. Assume I have an data structure like below: /-----------------------------------------------------\ | my_header | PAYLOAD | \-----------------------------------------------------/ | | \ / \ / not encrypted encrypted I think the proper algorithm would be like this : SEND: build my_header with my own header. encrypt PAYLOAD with encryption function attach my_header and PAYLOAD (encrypted) to one buffer send it using common POSIX function just like send or sendto RECV: using common POSIX function just like recv or recvfrom. extract my_header and PAYLOAD(encrypted) decrypt PAYLOAD with decryption function at last i got my_header and PAYLOAD(decrypted). How is your approach if you face a problem like above. Since openssl encrypt all of data that is sent to SSL_write function (CMIIW). Thanks

    Read the article

  • openssl error wehn compiling Ruby from source

    - by Florian Salihovic
    Prelude: I don't want to use rvm. I installed ruby 2 with the following configuration on Mac OS X 10.8.5 ./configure --prefix=/usr/local \ --enable-pthread \ --with-readline-dir=/usr/local \ --enable-shared It is installed, version is printed correctly ... Now, when invoking gem install jekyll I get the following error: ERROR: Loading command: install (LoadError) cannot load such file -- openssl ERROR: While executing gem ... (NoMethodError) undefined method `invoke_with_build_args' for nil:NilClass I installed openssl into /usr/local but i'm really banging my head against the wall on how installing gems. It can't be that big of a deal right?

    Read the article

  • How to verify a digital signature with openssl

    - by Aaron Carlino
    I'm using a thirdparty credit card processing service (Paybox) that, after a successful transaction, redirects back to the website with a signature in the URL as a security measure to prevent people from manipulating data. It's supposed to prove that the request originated from this service. So my success URL looks something like this: /success.php?signature=[HUGE HASH] I have no idea where to start with verifying this signature. This service does provide a public key, and I assume I need to create a private key, but I don't know much beyond that. I'm pretty good with linux, and I know I'll have to run some openssl commands. I'm writing the verification script in PHP, which also has native openssl() functions. If anyone could please push me in the right direction with some pseudo code, or even functional code, I'd be very grateful. Thanks.

    Read the article

  • openssl client authentication error: tlsv1 alert unknown ca: ... SSL alert number 48

    - by JoJoeDad
    I've generated a certificate using openssl and place it on the client's machine, but when I try to connect to my server using that certificate, I error mentioned in the subject line back from my server. Here's what I've done. 1) I do a test connect using openssl to see what the acceptable client certificate CA names are for my server, I issue this command from my client machine to my server: openssl s_client -connect myupload.mysite.net:443/cgi-bin/posupload.cgi -prexit and part of what I get back is as follow: Acceptable client certificate CA names /C=US/ST=Colorado/L=England/O=Inteliware/OU=Denver Office/CN=Tim Drake/[email protected] /C=US/ST=Colorado/O=Inteliware/OU=Denver Office/CN=myupload.mysite.net/[email protected] 2) Here is what is in the apache configuration file on the server regarding SSL client authentication: SSLCACertificatePath /etc/apache2/certs SSLVerifyClient require SSLVerifyDepth 10 3) I generated a self-signed client certificate called "client.pem" using mypos.pem and mypos.key, so when I run this command: openssl x509 -in client.pem -noout -issuer -subject -serial here is what is returned: issuer= /C=US/ST=Colorado/O=Inteliware/OU=Denver Office/CN=myupload.mysite.net/[email protected] subject= /C=US/ST=Colorado/O=Inteliware/OU=Denver Office/CN=mlR::mlR/[email protected] serial=0E (please note that mypos.pem is in /etc/apache2/certs/ and mypos.key is saved in /etc/apache2/certs/private/) 4) I put client.pem on the client machine, and on the client machine, I run the following command: openssl s_client -connect myupload.mysite.net:443/cgi-bin/posupload.cgi -status -cert client.pem and I get this error: CONNECTED(00000003) OCSP response: no response sent depth=1 /C=US/ST=Colorado/L=England/O=Inteliware/OU=Denver Office/CN=Tim Drake/[email protected] verify error:num=19:self signed certificate in certificate chain verify return:0 574:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:/SourceCache/OpenSSL098/OpenSSL098-47/src/ssl/s3_pkt.c:1102:SSL alert number 48 574:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-47/src/ssl/s23_lib.c:182: I'm really stumped as to what I've done wrong. I've searched quite a bit on this error and what I found is that people are saying the issuing CA of the client's certificate is not trusted by the server, yet when I look at the issuer of my client certificate, it matches to one of the accepted CA returned by my server. Can anyone help, please? Thank you in advance.

    Read the article

  • OpenSSL 0.9.8k or higher on CentOS 5?

    - by davr
    I need to upgrade OpenSSL on my CentOS server to 0.9.8k or higher, however the latest version in the official CentOS repositories is 0.9.8e, much too old. Is there a 3rd party repository I can use that has newer versions of OpenSSL libraries? If not, can someone provide a quick walkthrough of compiling a newer version of OpenSSL for CentOS? I need it to replace the built in version, so the walkthrough would have to explain how to create a CentOS-compatible RPM.

    Read the article

  • How to replace openSSL calls with C# code?

    - by fonix232
    Hey there again! Today I ran into a problem when I was making a new theme creator for chrome. As you may know, Chrome uses a "new" file format, called CRX, to manage it's plugins and themes. It is a basic zip file, but a bit modified: "Cr24" + derkey + signature + zipFile And here comes the problem. There are only two CRX creators, written in Ruby or Python. I don't know neither language too much (had some basic experience in Python though, but mostly with PyS60), so I would like to ask you to help me convert this python app to a C# code that doesn't depend on external programs. Also, here is the source of crxmake.py: #!/usr/bin/python # Cribbed from http://github.com/Constellation/crxmake/blob/master/lib/crxmake.rb # and http://src.chromium.org/viewvc/chrome/trunk/src/chrome/tools/extensions/chromium_extension.py?revision=14872&content-type=text/plain&pathrev=14872 # from: http://grack.com/blog/2009/11/09/packing-chrome-extensions-in-python/ import sys from array import * from subprocess import * import os import tempfile def main(argv): arg0,dir,key,output = argv # zip up the directory input = dir + ".zip" if not os.path.exists(input): os.system("cd %(dir)s; zip -r ../%(input)s . -x '.svn/*'" % locals()) else: print "'%s' already exists using it" % input # Sign the zip file with the private key in PEM format signature = Popen(["openssl", "sha1", "-sign", key, input], stdout=PIPE).stdout.read(); # Convert the PEM key to DER (and extract the public form) for inclusion in the CRX header derkey = Popen(["openssl", "rsa", "-pubout", "-inform", "PEM", "-outform", "DER", "-in", key], stdout=PIPE).stdout.read(); out=open(output, "wb"); out.write("Cr24") # Extension file magic number header = array("l"); header.append(2); # Version 2 header.append(len(derkey)); header.append(len(signature)); header.tofile(out); out.write(derkey) out.write(signature) out.write(open(input).read()) os.unlink(input) print "Done." if __name__ == '__main__': main(sys.argv) Please could you help me?

    Read the article

  • Transmission and verification of certificate (openssl) with socket in c

    - by allenzzzxd
    Hello, guys, I have to write these codes in c. I have already generate the certificate of one terminate t1: t1.pem, which is generated by openssl. The communication between the terminates t1 and t2 has been established via socket in c. Now I want to send this certificate to another terminate t2.and I want t2 to receive the certificate, verify it and answer with an acceptance to t1. When t1 get this acceptance, it will the rest of stuffs.. But I don't know how to do these things. For example, I transmit t1.pem as a string? But in t2 side, how can I do to verify? I know there are functions in openssl to do so, but I'm not so clear about it. At last, normally, the acceptance should be like how? @[email protected] lot of questions here.. sorry...if someone could give me some guide.. Thanks a lot in advance!

    Read the article

  • ld: symbol(s) not found with OpenSSL (libssl)

    - by Benjamin
    Hi all, I'm trying to build TorTunnel on my mac. I've successfully installed the Boost library and its development files. TorTunnel also requires the OpenSSL and its development files. I've got them installed in /usr/lib/libssl.dylib and /usr/include/openssl/. When I run the make command this is the error i'm getting: g++ -ggdb -g -O2 -lssl -lboost_system-xgcc42-mt-1_38 -o torproxy TorProxy.o HybridEncryption.o Connection.o Cell.o Directory.o ServerListing.o Util.o Circuit.o CellEncrypter.o RelayCellDispatcher.o CellConsumer.o ProxyShuffler.o CreateCell.o CreatedCell.o TorTunnel.o SocksConnection.o Network.o Undefined symbols: "_BN_hex2bn", referenced from: Circuit::initializeDhParameters() in Circuit.o "_BN_free", referenced from: Circuit::~Circuit()in Circuit.o Circuit::~Circuit()in Circuit.o CreatedCell::getKeyMaterial(unsigned char**, unsigned char**)in CreatedCell.o "_DH_generate_key", referenced from: Circuit::initializeDhParameters() in Circuit.o "_PEM_read_bio_RSAPublicKey", referenced from: ServerListing::getOnionKey() in ServerListing.o "_BIO_s_mem", referenced from: Connection::initializeSSL() in Connection.o Connection::initializeSSL() in Connection.o "_DH_free", referenced from: Circuit::~Circuit()in Circuit.o "_BIO_ctrl_pending", referenced from: Connection::writeFromBuffer(boost::function)in Connection.o "_RSA_size", referenced from: HybridEncryption::encryptInSingleChunk(unsigned char*, int, unsigned char**, int*, rsa_st*)in HybridEncryption.o HybridEncryption::encryptInHybridChunk(unsigned char*, int, unsigned char**, int*, rsa_st*)in HybridEncryption.o HybridEncryption::encrypt(unsigned char*, int, unsigned char**, int*, rsa_st*)in HybridEncryption.o "_RSA_public_encrypt", referenced from: HybridEncryption::encryptInSingleChunk(unsigned char*, int, unsigned char**, int*, rsa_st*)in HybridEncryption.o HybridEncryption::encryptInHybridChunk(unsigned char*, int, unsigned char**, int*, rsa_st*)in HybridEncryption.o "_BN_num_bits", referenced from: CreateCell::CreateCell(unsigned short, dh_st*, rsa_st*)in CreateCell.o CreatedCell::getKeyMaterial(unsigned char**, unsigned char**)in CreatedCell.o CreatedCell::getKeyMaterial(unsigned char**, unsigned char**)in CreatedCell.o CreatedCell::isValid() in CreatedCell.o "_SHA1", referenced from: CellEncrypter::expandKeyMaterial(unsigned char*, int, unsigned char*, int)in CellEncrypter.o "_BN_bn2bin", referenced from: CreateCell::CreateCell(unsigned short, dh_st*, rsa_st*)in CreateCell.o "_BN_bin2bn", referenced from: CreatedCell::getKeyMaterial(unsigned char**, unsigned char**)in CreatedCell.o "_DH_compute_key", referenced from: CreatedCell::getKeyMaterial(unsigned char**, unsigned char**)in CreatedCell.o "_BIO_new", referenced from: Connection::initializeSSL() in Connection.o Connection::initializeSSL() in Connection.o "_BIO_new_mem_buf", referenced from: ServerListing::getOnionKey() in ServerListing.o "_AES_ctr128_encrypt", referenced from: HybridEncryption::AES_encrypt(unsigned char*, int, unsigned char*, unsigned char*, int)in HybridEncryption.o CellEncrypter::aesOperate(Cell&, aes_key_st*, unsigned char*, unsigned char*, unsigned int*)in CellEncrypter.o "_BIO_read", referenced from: Connection::writeFromBuffer(boost::function)in Connection.o "_SHA1_Update", referenced from: CellEncrypter::calculateDigest(SHAstate_st*, RelayCell&, unsigned char*)in CellEncrypter.o CellEncrypter::initKeyMaterial(unsigned char*)in CellEncrypter.o CellEncrypter::initKeyMaterial(unsigned char*)in CellEncrypter.o "_SHA1_Final", referenced from: CellEncrypter::calculateDigest(SHAstate_st*, RelayCell&, unsigned char*)in CellEncrypter.o "_DH_size", referenced from: CreatedCell::getKeyMaterial(unsigned char**, unsigned char**)in CreatedCell.o "_DH_new", referenced from: Circuit::initializeDhParameters() in Circuit.o "_BIO_write", referenced from: Connection::readIntoBufferComplete(boost::function, boost::system::error_code const&, unsigned long)in Connection.o "_RSA_free", referenced from: Circuit::~Circuit()in Circuit.o "_BN_dup", referenced from: Circuit::initializeDhParameters() in Circuit.o Circuit::initializeDhParameters() in Circuit.o "_BN_new", referenced from: Circuit::initializeDhParameters() in Circuit.o Circuit::initializeDhParameters() in Circuit.o "_SHA1_Init", referenced from: CellEncrypter::CellEncrypter()in CellEncrypter.o CellEncrypter::CellEncrypter()in CellEncrypter.o "_RAND_bytes", referenced from: HybridEncryption::encryptInHybridChunk(unsigned char*, int, unsigned char**, int*, rsa_st*)in HybridEncryption.o Util::getRandomId() in Util.o "_AES_set_encrypt_key", referenced from: HybridEncryption::AES_encrypt(unsigned char*, int, unsigned char*, unsigned char*, int)in HybridEncryption.o CellEncrypter::initKeyMaterial(unsigned char*)in CellEncrypter.o CellEncrypter::initKeyMaterial(unsigned char*)in CellEncrypter.o "_BN_set_word", referenced from: Circuit::initializeDhParameters() in Circuit.o "_RSA_new", referenced from: ServerListing::getOnionKey() in ServerListing.o ld: symbol(s) not found collect2: ld returned 1 exit status make: *** [torproxy] Error 1 Any idea how I could fix it?

    Read the article

  • Accidental Complexity in OpenSSL HMAC functions

    - by Hassan Syed
    SSL Documentation Analaysis This question is pertaining the usage of the HMAC routines in OpenSSL. Since Openssl documentation is a tad on the weak side in certain areas, profiling has revealed that using the: unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d, int n, unsigned char *md, unsigned int *md_len); From here, shows 40% of my library runtime is devoted to creating and taking down **HMAC_CTX's behind the scenes. There are also two additional function to create and destroy a HMAC_CTX explicetly: HMAC_CTX_init() initialises a HMAC_CTX before first use. It must be called. HMAC_CTX_cleanup() erases the key and other data from the HMAC_CTX and releases any associated resources. It must be called when an HMAC_CTX is no longer required. These two function calls are prefixed with: The following functions may be used if the message is not completely stored in memory My data fits entirely in memory, so I choose the HMAC function -- the one whose signature is shown above. The context, as described by the man page, is made use of by using the following two functions: HMAC_Update() can be called repeatedly with chunks of the message to be authenticated (len bytes at data). HMAC_Final() places the message authentication code in md, which must have space for the hash function output. The Scope of the Application My application generates a authentic (HMAC, which is also used a nonce), CBC-BF encrypted protocol buffer string. The code will be interfaced with various web-servers and frameworks Windows / Linux as OS, nginx, Apache and IIS as webservers and Python / .NET and C++ web-server filters. The description above should clarify that the library needs to be thread safe, and potentially have resumeable processing state -- i.e., lightweight threads sharing a OS thread (which might leave thread local memory out of the picture). The Question How do I get rid of the 40% overhead on each invocation in a (1) thread-safe / (2) resume-able state way ? (2) is optional since I have all of the source-data present in one go, and can make sure a digest is created in place without relinquishing control of the thread mid-digest-creation. So, (1) can probably be done using thread local memory -- but how do I resuse the CTX's ? does the HMAC_final() call make the CTX reusable ?. (2) optional: in this case I would have to create a pool of CTX's. (3) how does the HMAC function do this ? does it create a CTX in the scope of the function call and destroy it ? Psuedocode and commentary will be useful.

    Read the article

  • OpenSSL Windows x64 Compilation error

    - by rursw1
    Hi, I'm getting the following error when trying to compile OpenSSL 1.0, 64 bit: ias -o tmp32\ia64cpuid.obj tmp32\ia64cpuid.asm 'ias' is not recognized as an internal or external command, operable program or batch file. NMAKE : fatal error U1077: 'ias' : return code '0x1' Stop. Does someone know what can I do? (I do it on Windows 2008 x64 OS) Thanks.

    Read the article

  • Delayed responses for cURL SSL PUTs/POSTs (php) (NSS vs OpenSSL)

    - by Yarin
    I have two Fedora-based apache webservers making the same SSL PUT/POST calls with php/cURL. One works fine, but with the other the call succeeds but takes a VERY long time to return a response (~10 min). (GETs don't seem affected) The working server's cURL uses OpenSSL for SSL, while the non-working version uses a later version of cURL that uses NSS for SSL I know nothing about SSL implementations or their effect on cURL. What would cause such a significant delay in SSL PUT/POST responses? Any suggestions appreciated- Thanks--

    Read the article

  • OpenSSL Ignore Self-signed certificate error

    - by Ramsey
    I'm writing a small program with the OpenSSL library that is suppose to establish a connection with an SSLv3 server. This server dispenses a self-signed certificate, which causes the handshake to fail with this message: "sslv3 alert handshake failure, self signed certificate in certificate chain." Is there a way I can force the connection to proceed? I've tried calling SSL_CTX_set_verify like so: SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); But it does not seem to change anything. Any suggestions?

    Read the article

  • OpenSSL "Seal" in C (or via shell)

    - by chpwn
    I'm working on porting some PHP code to C, that contacts a web API. The issue I've come across is that the PHP code uses the function openssl_seal(), but I can't seem to find any way to do the same thing in C or even via openssl in a call to system(). From the PHP manual on openssl_seal(): int openssl_seal ( string $data , string &$sealed_data , array &$env_keys , array $pub_key_ids ) openssl_seal() seals (encrypts) data by using RC4 with a randomly generated secret key. The key is encrypted with each of the public keys associated with the identifiers in pub_key_ids and each encrypted key is returned in env_keys . This means that one can send sealed data to multiple recipients (provided one has obtained their public keys). Each recipient must receive both the sealed data and the envelope key that was encrypted with the recipient's public key. What would be the best way to implement this? I'd really prefer not to call out to a PHP script every time, for obvious reasons.

    Read the article

  • Generating short license keys with OpenSSL

    - by Marc Charbonneau
    I'm working on a new licensing scheme for my software, based on OpenSSL public / private key encryption. My past approach, based on this article, was to use a large private key size and encrypt an SHA1 hashed string, which I sent to the customer as a license file (the base64 encoded hash is about a paragraph in length). I know someone could still easily crack my application, but it prevented someone from making a key generator, which I think would hurt more in the long run. For various reasons I want to move away from license files and simply email a 16 character base32 string the customer can type into the application. Even using small private keys (which I understand are trivial to crack), it's hard to get the encrypted hash this small. Would there be any benefit to using the same strategy to generated an encrypted hash, but simply using the first 16 characters as a license key? If not, is there a better alternative that will create keys in the format I want?

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >