obtaining list of ciphers, digests and algorithms?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

obtaining list of ciphers, digests and algorithms?

Bear Giles
Is there a way to programmatically obtain a list of available ciphers,
digests and algorithms?  I looked at the header files, but may have
overlooked something.

Bear
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: obtaining list of ciphers, digests and algorithms?

Girish Venkatachalam


--- Bear Giles <[hidden email]> wrote:

> Is there a way to programmatically obtain a list of
> available ciphers,
> digests and algorithms?  I looked at the header
> files, but may have
> overlooked something.
>
man ciphers
> Bear
>
______________________________________________________________________
> OpenSSL Project                                
> http://www.openssl.org
> Development Mailing List                      
> [hidden email]
> Automated List Manager                          
> [hidden email]
>


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: obtaining list of ciphers, digests and algorithms?

Dr. Stephen Henson
On Sun, Jul 30, 2006, Girish Venkatachalam wrote:

>
>
> --- Bear Giles <[hidden email]> wrote:
>
> > Is there a way to programmatically obtain a list of
> > available ciphers,
> > digests and algorithms?  I looked at the header
> > files, but may have
> > overlooked something.
> >
> man ciphers

That only works for SSL/TLS ciphersuites. If the OP really means ciphers and
digests then this is possible, there are two new options
list-message-digest-algorithms and list-cipher-algorithms in OpenSSL 0.9.9
which do this, they use a couple of new functions derived from
OBJ_name_do_all().

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: obtaining list of ciphers, digests and algorithms?

Bear Giles
Dr. Stephen Henson wrote:

>On Sun, Jul 30, 2006, Girish Venkatachalam wrote:
>
>  
>
>>--- Bear Giles <[hidden email]> wrote:
>>
>>    
>>
>>>Is there a way to programmatically obtain a list of
>>>available ciphers,
>>>digests and algorithms?  I looked at the header
>>>files, but may have
>>>overlooked something.
>>>
>>>      
>>>
>>man ciphers
>>    
>>
>
>That only works for SSL/TLS ciphersuites. If the OP really means ciphers and
>digests then this is possible, there are two new options
>list-message-digest-algorithms and list-cipher-algorithms in OpenSSL 0.9.9
>which do this, they use a couple of new functions derived from
>OBJ_name_do_all().
>  
>
Yes, I'm trying to update my code that creates PostgreSQL data types and
functions using OpenSSL. Some of the advanced functions (e.g., rekeying
an PKCS8 object) require that the user pass in things like digest names,
but my interface doesn't yet support a way of learning what those
possible values are.

I'm building against Debian and it's still 0.9.7.  Is it hard to use
OBJ_name_do_all()?

Hmm, I guess the worst-case scenario is that I return a staic list until
the next Debian release.  The nature of the beast means that there will
be a lot of inertia and a strong preference for proven selections.

Thanks,

Bear

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: obtaining list of ciphers, digests and algorithms?

Dr. Stephen Henson
On Sun, Jul 30, 2006, Bear Giles wrote:

> Dr. Stephen Henson wrote:
>
> >On Sun, Jul 30, 2006, Girish Venkatachalam wrote:
> >
> >
> >
> >>--- Bear Giles <[hidden email]> wrote:
> >>
> >>  
> >>
> >>>Is there a way to programmatically obtain a list of
> >>>available ciphers,
> >>>digests and algorithms?  I looked at the header
> >>>files, but may have
> >>>overlooked something.
> >>>
> >>>    
> >>>
> >>man ciphers
> >>  
> >>
> >
> >That only works for SSL/TLS ciphersuites. If the OP really means ciphers
> >and
> >digests then this is possible, there are two new options
> >list-message-digest-algorithms and list-cipher-algorithms in OpenSSL 0.9.9
> >which do this, they use a couple of new functions derived from
> >OBJ_name_do_all().
> >
> >
> Yes, I'm trying to update my code that creates PostgreSQL data types and
> functions using OpenSSL. Some of the advanced functions (e.g., rekeying
> an PKCS8 object) require that the user pass in things like digest names,
> but my interface doesn't yet support a way of learning what those
> possible values are.
>

Well not all ciphers or digests are appropriate. Using 40 bit RC2 for example
encrypting private keys.

> I'm building against Debian and it's still 0.9.7.  Is it hard to use
> OBJ_name_do_all()?
>

The function isn't documented but you can trace the few functions that call it
in 0.9.9 from the list-cipher-algorithms command and copy the source you need.

The function EVP_cipher_do_all() in crypto/evp/names.c for example.

> Hmm, I guess the worst-case scenario is that I return a staic list until
> the next Debian release.  The nature of the beast means that there will
> be a lot of inertia and a strong preference for proven selections.
>

OpenSSL 0.9.9 wont be released for some time yet and wont make it into distros
for some time after that.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: obtaining list of ciphers, digests and algorithms?

Bear Giles
>> Yes, I'm trying to update my code that creates PostgreSQL data types and
>> functions using OpenSSL. Some of the advanced functions (e.g., rekeying
>> an PKCS8 object) require that the user pass in things like digest names,
>> but my interface doesn't yet support a way of learning what those
>> possible values are.
>
> Well not all ciphers or digests are appropriate. Using 40 bit RC2 for
> example encrypting private keys.

I know, and I wonder how much flexibility is warranted when one of the
primary audiences for a (still hypothetical) public release is people who
need to use certs/keys/keystores/etc but don't really understand the
issues well enough to do it safely for themselves.  Unfortunately the
other target is people who really do understand the issues and don't want
to have their hands tied.

I'm increasingly thinking that the solution is in the stored procedures,
with sane defaults/examples.

Bear

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]