OpenSSL OpenSSL - User

what's the difference between copy and move?

classic Classic list List threaded Threaded
9 messages Options
Gerd Schering
Reply | Threaded
Open this post in threaded view
|

what's the difference between copy and move?

Gerd Schering
Hi,

in the template config file that came with 0.9.8, I found that

subjectAltName=email:copy
subjectAltName=email:move

are both possible, but what is the difference?

Gerd
--
------------------------------------------------------
-- Gerd Schering, Email: [hidden email]  --
------------------------------------------------------

smime.p7s (4K) Download Attachment
konark
Reply | Threaded
Open this post in threaded view
|

PKCS7 standard : OpenSSL is following weather v1.5 OR v1.6 OR any other

konark

 

Hi All,

 

I found that OpenSSL PKCS#7 module implementation is different from the both the versions .

 

Please tell me which version it is following (URGENT)

 

Regards,

konark
Dr. Stephen Henson
Reply | Threaded
Open this post in threaded view
|

Re: PKCS7 standard : OpenSSL is following weather v1.5 OR v1.6 OR any other

Dr. Stephen Henson
On Fri, Nov 11, 2005, Konark wrote:

>  
>
> Hi All,
>
>  
>
> I found that OpenSSL PKCS#7 module implementation is different from the both
> the versions .
>
>  
>
> Please tell me which version it is following (URGENT)
>
>  

PKCS#7 v1.5. Very few applications use 1.6.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
konark
Reply | Threaded
Open this post in threaded view
|

RE: PKCS7 standard : OpenSSL is following weather v1.5 OR v1.6 OR any other

konark

 

Thanks for the reply .

 

But my problem is ......

 

PKCS#7 V1.5 sign implementation  uses this structure in process of sign calculation  

 

DigestInfo ::= SEQUENCE {

  digestAlgorithm DigestAlgorithmIdentifier,

  digest Digest }

 

But I found that OpenSSL is not doing as specified in V1.5 .

 

Reply by cheking the OpenSSl .....

 

If incase OpenSSl is not fully folling the v1.5 Please let me know .

 

Regards,

konark

 

On Fri, Nov 11, 2005, Konark wrote:

>

> Hi All,

>

>

> I found that OpenSSL PKCS#7 module implementation is different from the both

> the versions .

>

>

> Please tell me which version it is following (URGENT)

>

 

PKCS#7 v1.5. Very few applications use 1.6.

 

Steve.

--

Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage

OpenSSL project core developer and freelance consultant.

Funding needed! Details on homepage.

Homepage: http://www.drh-consultancy.demon.co.uk

______________________________________________________________________

OpenSSL Project                                 http://www.openssl.org

User Support Mailing List                    [hidden email]

Automated List Manager                           [hidden email]
Dr. Stephen Henson
Reply | Threaded
Open this post in threaded view
|

Re: PKCS7 standard : OpenSSL is following weather v1.5 OR v1.6 OR any other

Dr. Stephen Henson
On Fri, Nov 11, 2005, Konark wrote:

>  
>
> Thanks for the reply .
>
>  
>
> But my problem is ......
>
>  
>
> PKCS#7 V1.5 sign implementation  uses this structure in process of sign
> calculation  
>
>  
>
> DigestInfo ::= SEQUENCE {
>
>   digestAlgorithm DigestAlgorithmIdentifier,
>
>   digest Digest }
>
>  
>
> But I found that OpenSSL is not doing as specified in V1.5 .
>
>  

What makes you think that?

>
> Reply by cheking the OpenSSl .....
>
>  
>
> If incase OpenSSl is not fully folling the v1.5 Please let me know .
>

OpenSSL passed S/MIME v2 compliance test which check PKCS#7 v1.5 conformance.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
konark
Reply | Threaded
Open this post in threaded view
|

RE: PKCS7 standard : OpenSSL is following weather v1.5 OR v1.6 OR any other

konark

Actually we implemented PKCS#7 V1.5 ( we got the standards from RSA site )

-> We did as per standard including DigestInfo structure as part of
signature calculation .

-> When I try to identify signature with OpenSSL I found this thing
        then I tried with out this DigestInfo structure It's verified
successfully .
-> That's why I doubt which version it is ?

konark


On Fri, Nov 11, 2005, Konark wrote:

>  
>
> Thanks for the reply .
>
>  
>
> But my problem is ......
>
>  
>
> PKCS#7 V1.5 sign implementation  uses this structure in process of sign
> calculation  
>
>  
>
> DigestInfo ::= SEQUENCE {
>
>   digestAlgorithm DigestAlgorithmIdentifier,
>
>   digest Digest }
>
>  
>
> But I found that OpenSSL is not doing as specified in V1.5 .
>
>  

What makes you think that?

>
> Reply by cheking the OpenSSl .....
>
>  
>
> If incase OpenSSl is not fully folling the v1.5 Please let me know .
>

OpenSSL passed S/MIME v2 compliance test which check PKCS#7 v1.5
conformance.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Dr. Stephen Henson
Reply | Threaded
Open this post in threaded view
|

Re: PKCS7 standard : OpenSSL is following weather v1.5 OR v1.6 OR any other

Dr. Stephen Henson
On Fri, Nov 11, 2005, Konark wrote:

>
> Actually we implemented PKCS#7 V1.5 ( we got the standards from RSA site )
>
> -> We did as per standard including DigestInfo structure as part of
> signature calculation .
>
> -> When I try to identify signature with OpenSSL I found this thing
> then I tried with out this DigestInfo structure It's verified
> successfully .
> -> That's why I doubt which version it is ?
>

The DigestInfo is also part of PKCS#1 so if you tell some implementations
(including OpenSSL) to sign a message digest the DigestInfo is automatic.

You can see the DigestInfo structure by using the 'rsautl' utility on the
signature.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
konark
Reply | Threaded
Open this post in threaded view
|

RE: PKCS7 standard : OpenSSL is following weather v1.5 OR v1.6 OR any other

konark

Thanks Steve.  I it seems to be correct But I need to check with my
colleague who implemented PKCS#1 (crypto) .

konark



On Fri, Nov 11, 2005, Konark wrote:

>
> Actually we implemented PKCS#7 V1.5 ( we got the standards from RSA site )
>
> -> We did as per standard including DigestInfo structure as part of
> signature calculation .
>
> -> When I try to identify signature with OpenSSL I found this thing
> then I tried with out this DigestInfo structure It's verified
> successfully .
> -> That's why I doubt which version it is ?
>

The DigestInfo is also part of PKCS#1 so if you tell some implementations
(including OpenSSL) to sign a message digest the DigestInfo is automatic.

You can see the DigestInfo structure by using the 'rsautl' utility on the
signature.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Goetz Babin-Ebell
Reply | Threaded
Open this post in threaded view
|

Re: what's the difference between copy and move?

Goetz Babin-Ebell
In reply to this post by Gerd Schering
Gerd Schering wrote:
> Hi,
Hello Gerd,

> in the template config file that came with 0.9.8, I found that
>
> subjectAltName=email:copy
> subjectAltName=email:move
>
> are both possible, but what is the difference?

it's obvious you never bothered to try it or apply
a little bit of syntactical reasoning.

email:copy searches the DN for all extensions of the type
emailAddress, takes this values, generates a copy and inserts
this _copy_ into the subjectAltName extension.

Reasoning the function of the email:move command is
an exercise for the reader.

Bye

Goetz

--
DMCA: The greed of the few outweighs the freedom of the many

smime.p7s (4K) Download Attachment
Free forum by Nabble Edit this page