FAQ Database Discussion Community


Configuring gnus with gmail imap

emacs,openssl,imap,gnus
I am trying to configure gnus to work with my gmail account. My .gnus file looks like this: (setq gnus-select-method '(nntp "news.gwene.org")) (setq user-full-name "George P. Burdell") (setq user-mail-address "[email protected]") (setq smtpmail-auth-credentials "~/.authinfo.epg") (add-to-list 'gnus-secondary-select-methods '(nnimap "gmail" (nnimap-address "imap.gmail.com") (nnimap-server-port 993) (nnimap-stream ssl) (nnimap-authinfo-file "~/.authinfo.epg") ) ) (setq smtpmail-stream-type 'ssl...

How to fix invalid key size when decrypting data in C# that was encrypted in php

c#,php,encryption,openssl
I am trying to solve an encryption issue I am having between php and c#. I have encrypted data using the following php and openssl operation. $encrypt_method = "AES-256-CBC"; $secret_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; $secret_iv = 'XXXXXXXXXXXXXXXX'; $key = hash ('sha256', $secret_key); $iv = substr (hash ('sha256', $secret_iv), 0, 16); $output =...

Compilation of OpenSSL: No reference to BIO-functions

c,linux,ssl,compilation,openssl
I'm trying to compile a c-program with openssl-references. I'm using Linux Mint 17.1 and the development package "libssl-dev" is installed. #include <openssl/bio.h> #include <openssl/err.h> #include &lt;openssl/ssl.h> ... void send_smtp_request(BIO *bio, const char *req) { BIO_puts(bio, req); BIO_flush(bio); printf("%s", req); } If I compile the code with: gcc -o client bio-ssl-smtpcli2.c...

What is the proper way of clearing OpenSSL secrets?

c,security,openssl
In the code I often use OpenSSL resources: RSA, EC_KEY, EVP_PPKEY, so on. I know there are designated functions for creating and deleting them: RSA_new() RSA_free(RSA*) However, are these functions enough to ensure the secrets don't remain in the memory - e.g. the memory is scrubbed/zeroed - if, say, an...

AES/CBC/PKCS5Padding different results in JAVA and JNI

java,android,encryption,android-ndk,openssl
I have a Java code for encryption which looks like this byte[] encrypt(byte[] clearData) { byte[] passwordKey = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,0x0f}; byte[] rawSecretKey = new byte[]{0x34, (byte) 0xA4, 0x16, 0x09, 0x77, (byte) 0x85, (byte) 0xB4, 0x31, 0x75,...

opentok-android-sdk-2.3.1 and OpenSSL vulnerability issue

android,openssl,opentok,boringssl
I have an app on Google play store. Recently i got a mail subjected: Google Play 60-day deadline for resolving OpenSSL vulnerabilities It states that i'm using a version of OpenSSL, which is vulnerable to some issues. However, i'm not using OpenSSL directly. I'm using OpenTok library for Video chatting...

ProcessBuilder and running OpenSSL command which contains spaces

java,openssl
I am facing a problem while executing openSSL command using my jar in Ubuntu environemnt. I have concluded that this is happening because of the space in the path of the file which is being passed as a parameter in the command e.g. SHA 256 in below command. I have...

Segmentation fault when signing a message using OpenSSL, SWIG, and Perl

c,perl,openssl,swig,ecdsa
We were using SWIG to make a C cryptographic utility library available to Perl. We are able to generate keys, create digests, but the signing code causes a segmentation fault, which we believe may be in the OpenSSL code itself but it's difficult to be sure. This problem only comes...

Update Android app to latest version of OpenSSL

android,openssl
This morning i got a Mail from google's developer console that i'm using a version of OpenSSL that is open to security vulnerabilities. Actually I'm just maintaining the code and i haven't developer it rather. However, I am supposed to fix this issue. I would like to know how to...

Ruby OpenSSL Errors - Missing CA Certs (Who is Justin?)

ruby,windows,ssl,https,openssl
I'm writing a little utility script that deals with some RESTful API's over HTTPS using Ruby's Net::HTTP module on Windows. I consistently get this error: C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:923:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError) from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:923:in `block in connect' from C:/Ruby22-x64/lib/ruby/2.2.0/timeout.rb:74:in `timeout' from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:923:in `connect'...

How to increment the value of an unsigned char * (C)

c++,c,openssl,byte,sha1
I have a value stored as an unsigned char * (in C). This holds the SHA1 hash of a string. My goal is to cover the SHA1 key space. Since I'm using <openssl/evp.h> to generate the hashes, I end up with an unsigned char* holding the SHA1 value. Now I...

get Subject Key Identifier of certificate with openssl commands [closed]

linux,mono,openssl,certificate
i want to get get Subject Key Identifier of my certificate using openssl and also every x509 extensions property of my certificate but i didn't find any solution. please help if there is a way to do it. I need the OpenSSL commands to do it....

Client Certificate Authentication and User Enrollment

openssl,worklight,worklight-adapters,worklight-server,worklight-security
I'm currently reading the Client X.509 Certificate Authentication and User Enrollment tutorial (https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-6-3/authentication-security/client-x-509-certificate-authentication-userenrollment/ ) and trying to implement it with my current worklight appliation. I'm using Worklight Studio 6.0 However, I'm a bit confused about the authenticationConfig.xml setup. I currently have an adapter authentication working. The first page of my...

Get RSA keys in a “simple” form

c++,c,encryption,openssl,rsa
How can I get keys generated by OpenSSL in RAW form? I mean I can't decode my encoded messages in any of online tools. What actions should I do to distribute my keys to other clients (in other apps and web-apps) in proper forms? My generation code is: void VS_CarrierNet::generateKeys()...

Compile with linking against static and dynamic library for OpenSSL

ubuntu,openssl
I want to compile my code including the OpenSSL library. For my purpose it is necessary to link the library statically. If I was dynamically linking the script for compilation would look like g++ test.cpp -lcrypto -o test. I tried to use the -static option for the compilation, but if...

How to verify server hostname

delphi,ssl,openssl,certificate,indy
I'm using Indy TIdHTTP (shipped with XE2) and the OpenSSL library DLLs V1.0.1m to verify a certificate when connecting over HTTPS. I have implemented an event handler for the OnVerifyPeer event of the TIdSSLIOHandlerSocketOpenSSL component. function TForm1.IdSSLIOHandlerSocketOpenSSL1VerifyPeer(Certificate: TIdX509; AOk: Boolean; ADepth, AError: Integer): Boolean; begin (...) end; According to RFC...

Subject Alternative Name not present in certificate

ssl,openssl,ssl-certificate
I have generated a CSR that includes the field subject alt names: openssl req -out mycsr.pem -new -key mykey.pem -days 365 When I inspect this it looks as expected with a new field present: X509v3 Subject Alternative Name: DNS: my.alt.dns However when I use this to sign a certificate that...

Configuring SQLCipher on Ubuntu 14.10

linux,openssl,configure,sqlcipher,ubuntu-14.10
i have a problem in configuring SQLCipher: in dynamic linking ./configure --enable-tempstore=yes CFLAGS="-DSQLITE_HAS_CODEC" LDFLAGS="-lcrypto" i receive this error: checking whether the C compiler works... no and in static linking ./configure --enable-tempstore=yes CFLAGS="-DSQLITE_HAS_CODEC" LDFLAGS="/usr/local/openssl/lib/libcrypto.a" this error: configure: error: Library crypto not found. Install openssl!" for static method, i built last version...

Android NDK OpenSSL

android,windows,android-studio,android-ndk,openssl
I am new in NDK, I am trying to add openssl to my android project using C, I have looked and tried and I cannot figure out how to linked openssl libraries in Android, another reason I am asking this is because most page and post I've found that talk...

SSL operation failed with code 1: dh key too small

php,codeigniter,ssl,mysqli,openssl
I am connecting to my database Google Cloud SQL via SSL. I use codeigniter 3.0 to do so, although the mysqli driver is a bit modified to allow this functionality. It's been working well for months. However it just started to return this warning: Message: mysqli::real_connect(): SSL operation failed with...

Should I upgrade the version installed with OS X Yosemite?

openssl
I am new to using Openssl and am wondering whether it is always best to upgrade it to the latest version available or whether this might cause problems. In most cases I would not hesitate to install the newest version of any given software product but in this case I...

Open Pegasus 2.14.1 client connection issue

c++,openssl,gnu-make,wbem
I would like to build new version of Open Pegasus Client (2.14.1). Unfortunately I'm facing with some build issues. Does anybody know some workaround for these issues? My environment is: OS: Windows 8.1 Enterprise Make version: GNU Make 3.81 Pegasus sources version: 2.14.1 OpenSSL version: 1.0.2a My scenario is quite...

Decrypt the content of a signed CMS_ContentInfo*

c,openssl,libcrypto
I am having problems accessing the EnvelopedData within a signed CMS_ContentInfo* object when using a memory BIO. Using the following code, everything works fine : BIO* output = BIO_new_file("/absolute/path/test.txt", "r+"); if (CMS_verify(cms, stack, store, dcont, output, CMS_NOINTERN)) { BIO_flush(output); BIO_reset(output); CMS_ContentInfo* cms2 = SMIME_read_CMS(output, nullptr); } cms2 is instantiated properly...

set the OpenSSL_HOME variable

amazon-web-services,https,path,openssl,command-prompt
I am trying to configuring HTTPS based on this tutorial: Configuring HTTPS for your Elastic Beanstalk Environment I am stuck at the following section: To set the OpenSSL_HOME variable Enter the path to the OpenSSL installation: c:\ set OpenSSL_HOME=path_to_your_OpenSSL_installation My openSSL is installed in c:\OpenSSL, so would I write set...

Use PHP to generate a public/private key pair and export public key as a .der encoded string

php,openssl,cryptography
Currently I have some working php code to generate a private/public keypair and store them in two variables. These variables are strings, with one variable containing the private key, and the other containing the public key. I researched on stack overflow and I also found some code to convert a...

How to sign a certificate request using openssl?

openssl,certificate,signing,pki
For testing, I'm trying to do these 3 steps: generate a CA certificate for "My Own CA Company" generate a certificate request for another entity "My Customer" sign the request using the CA certificate I'm failing at the last step (see below). I think my problem is that I have...

How to do two-way authentication on tomcat?

tomcat,openssl,client-certificates,self-signed,mutual-authentication
How to do Two-way SSL authentication on tomcat using OpenSSL self signed certificates - Need to use EC DSA for generating certificates. Suggestions much appreciated.Thanks in advance...

Rails Base64 decoding

ruby-on-rails,openssl,base64
I have to implement a client and server for end-to-end encryption. So if I am correctly informed, I need to encode and decode my keys with Base64. ArgumentError (string contains null byte): app/controllers/users_controller.rb:46:in `register' This is what I get just after the request reached my Server. And that is the...

Secure unsubscribe link - How much encryption is enough?

php,encryption,openssl,unsubscribe
My users can subscribe to threads that send them an email with a simple unsubscribe link. This link contains an encrypted subscribeid and a verifying userid via this process: // generate iv and create encrypted data $iv = openssl_random_pseudo_bytes(16); $encrypted = openssl_encrypt($data, 'AES-128-CBC', ENCRYPTION_KEY,0,$iv); // send the iv along with...

How to specify CA private key password for client certificate creation using OpenSSL

command-line,openssl,x509,ca
I am building a command line script to create a client certificate using OpenSSL "mini CA" feature. I have a CA certificate and CA private key encrypted with a password. With those things I am trying to create the client certificate and stumbled upon the command line syntax. How do...

Generate nonce c++

c++,openssl,cryptography,crypto++,nonce
I am wondering if there is a way to generate a Cryptographic Nonce using OpenSSL or Crypto++ libraries. Is there anything more to it than just generating a set of random bytes using autoseeded pools?

How to check OpenSSL library version of android application

android,windows,openssl
This is related to Google Play and OpenSSL warning message. Play store recommend to use the following command to grep: $ unzip -p YourApp.apk | strings | grep "OpenSSL" But on Windows, this command is not running. However I have installed WinZip, WinRAR, Cygwin and MinGW. So please help me...

Failing mutual auth on Android w/ javax.net.ssl.SSLHandshakeException: Handshake failed

java,android,ssl,openssl,mutual-authentication
I am trying to get a mutual authentication request to work on android. I am testing against my own server so I have a self signed CA and client certificate. So I will have to allow for untrusted server cert. Here is what I am doing: KeyStore clientCertificate = KeyStore.getInstance("PKCS12");...

Whats is the Java name for openssl's “aes-256-cfb”?

java,node.js,encryption,openssl,cryptography
I'm using openssl's aes-256-cfb algorithm (from NodeJS's crypto module). While both the NodeJS and the Java code successfully encrypt and decrypt data, the ciphertext is different, even when the iv, key and plaintext are all identical. openssl/NodeJS cipherText: 05c2aad7bac42ed0846e9a52ce73df9ff9d7ff914feea49fed27d55ad690782a43107914c1b307ec92753227728c95b8e59c546d Java cipherText: 05C2AAD7BAC42ED084739340D47CEC9F03D8E94AC7B1E11A56A6654F76AD2C8076BCA162303E39B44D043732E98FDD28C52D I have guessed that openssl's aes-256-cfb translates to...

RSA decrypt message [closed]

c++,c,openssl,cryptography,rsa
My programs fails when I try to decrypt encrypted messages. My code: char *pri_key[] = "some key"; // ---> some key, that i've got from server RSA *rsa; BIO *keybio; keybio = BIO_new_mem_buf(pri_key, strlen(pri_key)); rsa = PEM_read_bio_RSAPrivateKey(keybio, &rsa, NULL, NULL); // Decrypt it // Encoded message is in buff char...

invalid private key on decrypt data in PHP

php,encryption,openssl,rsa
I am trying to decrypt the private key data in PHP. But my response displays the private key invalid. I tried a lot of other options but dont helping. To start I need at least the most simple example of how to decrypt the data in PHP. My code: $privateKey...

'NoneType' object has no attribute '_app_data' in scrapy\twisted\openssl

python,openssl,scrapy,twisted,pyopenssl
During the scraping process using scrapy one error appears in my logs from time to time. It doesnt seem to be anywhere in my code, and looks like it something inside twisted\openssl. Any ideas what caused this and how to get rid of it? Stacktrace here: [Launcher,27487/stderr] Error during info_callback...

OpenSSL's rsautl cannot load public key created with PEM_write_RSAPublicKey

c++,openssl,pem
I've generated a public key using openssl BIGNUM* e = BN_new(); BN_set_word(e, 17); RSA* rsa = RSA_new(); if(!RSA_generate_key_ex(rsa, 2048, e, NULL)) { LOG(security, debug) << "failed to generate private key"; } And these are written to files: FILE* pubwriter = fopen("key.pub", "wb"); int err = PEM_write_RSAPublicKey(pubwriter, key); if(!err) { throw...

Validating that an uploaded file is a valid PEM file

php,openssl,php-openssl
I'm trying to figure out an effective/elegant way to validate that a user uploaded file is a valid pem file without relying on validating the extension. Anyone accomplish this or have any ideas?

ERROR: While executing gem … (OpenSSL::X509::StoreError)

ruby-on-rails,ruby,openssl
I tried to install serialport into Windows 7 as administrator however, I am facing below error: C:\Sites>gem install serialport ERROR: While executing gem ... (OpenSSL::X509::StoreError) I've tried the following, but they have not helped: OpenSSL::X509::StoreError: cert already in hash table? Where is Ruby looking for SSL_CERT_FILE? I have tried to...

No module named OpenSSL in kivy app

python,openssl,kivy,autobahn
I have a kivy app which actually based on this example . In my desktop it works perfectly but when I build it whit buildozer and run it in my android device i get this error - ImportError: No module named OpenSSL Here is my buildozer requirements section: # comma...

Use OpenSSL RSA key with .Net

c++,.net,openssl,rsa
I am using openssl 0.9.6g and I have created public/private keypair using RSA_generate_key(). When I save the key with PEM_write_bio_RSAPublicKey, it gives me keys like: -----BEGIN RSA PUBLIC KEY----- ... -----END RSA PUBLIC KEY----- I have another module in .NET which throws an exception when passed in this key due...

Using Security Transforms to verify an RSA signature created with Ruby/OpenSSL

ruby,cocoa,openssl,licensing,rsa
I'm trying to implement a simple license key scheme for my app and I'm running into significant roadblocks. I'm following the example at OpenSSL for License Keys. Since that blog post was written in 2004 and OpenSSL has been deprecated on OS X I'm attempting to use the Security Transforms...

Should I BIO_flush() after BIO_read()-ing?

openssl,base64,decode,flush,decoder
So I implement a base64 decoder and while encoding (BIO_write() on BIO_f_base64) you should BIO_flush() as they say in documentation. However, they don't mention anything regarding BIO_read() (decoding). Should I flush after BIO_read() and if not what are the consequences if I do?

Convert a big number given as a string to an OpenSSL BIGNUM

c,openssl,bignum
I am trying to convert a string p_str representing a big integer to a BIGNUM p using the OpenSSL library. #include <stdio.h> #include <openssl/bn.h> int main () { /* I shortened the integer */ unsigned char *p_str = "82019154470699086128524248488673846867876336512717"; BIGNUM *p = BN_bin2bn(p_str, sizeof(p_str), NULL); BN_print_fp(stdout, p); puts(""); BN_free(p); return...

What counts as a self-signed SSL certificate?

ssl,openssl,self-signed,certificate-authority
If I use openssl to create a certificate authority (CA) root (e.g. this blog post or this MDN article) and use it to sign a certificate signing request (CSR), is the resulting signed certificate considered "self-signed" by current desktop PC browsers (Firefox, Chrome, IE)? Does the answer depend on whether...

FIPS integrity verification test failed when iniating SSH session

ssh,openssl,centos,centos6,fips
I recently enabled the FIPS module under CentOS 6 (minimum install). Module is confirmed working: cat /proc/sys/crypto/fips_enabled yields 1 openssl md5 somefile(fails) and openssl sha1 somefile(succeeds). openssl version yields OpenSSL 1.0.1e-fips 11 Feb 2013 When I attempt to ssh into a box I connect to daily, I now see a...

OpenSSL CSR signing not including Locality

openssl
I am trying to sign a CSR generated with: openssl req -new -key private/web.key.pem -sha256 \ -extensions v3_ca -out certs/web.csr.pem \ -subj "/C=DE/ST=Example State/L=Exmaple City/O=Example Org/OU=Example Org Unit/CN=example.com/[email protected]" When I check the CSR with a openssl req -in certs/web.csr.pem -text -noout the Locality shows up (there's a L=Example City visible)....

Create OpenSSL certificates signed by myself

c++,ssl,boost,openssl,ssl-certificate
I'm using boost ssl for server and client, and I have a model for server/client program in my mind, and I'm not sure it's gonna work. The model I have in my mind is to be the only authority for certificates of my program. My main question is: How can...

Not able to strip password from private key

ios,osx,openssl,apple-push-notifications,mdm
I am following this blog to create a mdm server link. In the 7th step they are stripping password from the private key by running this command openssl rsa -in key.pem -out private.key But when I run this command on my terminal I am getting error unable to load Private...

How to get the same result with Node.js and PHP-mcrypt using TripleDES encryption?

php,node.js,encryption,openssl,mcrypt
This is 3DES using crypto (base on OpenSSL) in native Node.js. var secretKey = "efd77bed61e8fdd0437df1ac"; var enchding = 'hex'; var text = 'This is test.'; var cipher = modules.crypto.createCipher('des-ede3-cbc', secretKey); var cryptedPassword = cipher.update(text, 'utf8', enchding) + cipher.final(enchding); output is : af4ee52e0227fe40ab2e7ddd72fb1137 But I used online PHP-mcrypt encrypt tool (link...

What causes 'error:1408D172:SSL routines:SSL3_GET_KEY_EXCHANGE:wrong signature type' SSL error?

php,ssl,curl,soap,openssl
I get the following output from CURL when attempting to fetch a WSDL from a SOAP web service on the command line (this is being used to test basic connectivity). Server specific info has been redacted because it belongs to a vendor. The vendor say they have not had any...

OpenSSL socket: Select always returns 0

c++,sockets,select,openssl,server
I made a small socket echo server with a blocking socket (see code below), but the select statement always returns 0 even when there is a message to be read. Everything else works. If you replace the select statement by simple assigning 1 to selectResult, the server works. The server...

OpenSSL or LibreSSL C++ sample for client TLS connection

c++,openssl,libressl
I am searching for a client TLS connection example in C++. Best for Visual Studio, but honestly it can be any compiler. I found several C samples. But no one worked. I started with this sample in C: https://wiki.openssl.org/index.php/SSL/TLS_Client But it failes on res = BIO_do_connect(web); with "system library" if...

issues in creating c linux library

java,c,openssl,jni,shared-libraries
Hi I am creating an openssl wrapper c library to be use with JNI. My c source file name is rsa.c and JNI header file name is OpensslRSA.h which is contain in both JAVA_HOME/include and JAVA_HOME/include/linux directories. I am using below syntax to create this library . gcc -shared -fpic...

Windows alternative to zeus and spring for rails

ruby-on-rails,ruby,openssl
Just wondering if there's any viable windows alternative to using zeus and spring for ruby on rails. I have a very long startup time for my rails server due to a problem with openSSL (as detailed here). As far as I'm aware zeus and spring don't run on windows, and...

SoapClient in PHP 5.6 when using HTTPS emits warning with “key values mismatch”

php,soap,openssl,php-5.6
After upgrading to Debian 8 with PHP 5.6.9 (change from PHP 5.4) I'm getting this warning when calling SOAP web service with HTTPS endpoint address: Warning: SoapClient::__doRequest(): SSL operation failed with code 1. OpenSSL Error messages: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch followed by SoapFault: Fatal error: Uncaught SoapFault exception: [HTTP]...

AES decryption only works for first 16 characters

c++,encryption,openssl,aes
I'm trying to get a simple AES encrypt/decrypt going using c++ for my computer science class. It works almost perfectly, but the decryption will only work on the first 16 characters of the character array. Here's my code: #include <iostream> #include "openssl/aes.h" using namespace std; int main() { unsigned char...

Link error when using AES256 example with OpenSSL

c,linker,openssl
Using gcc 4.8.2 on Ubuntu 14.04 to compile openssl example. gcc SSLsample.c -lssl3 The linker gives undefined symbols: SSLsample.c:(.text+0x25d): undefined reference to `EVP_CIPHER_CTX_new' SSLsample.c:(.text+0x272): undefined reference to `EVP_aes_256_cbc' SSLsample.c:(.text+0x294): undefined reference to `EVP_DecryptInit_ex' SSLsample.c:(.text+0x2bc): undefined reference to `EVP_DecryptUpdate' SSLsample.c:(.text+0x2ed): undefined reference to `EVP_DecryptFinal_ex' SSLsample.c:(.text+0x309): undefined reference to `EVP_CIPHER_CTX_free'...

OpenSSL trouble python

python,windows,openssl,web.py,m2crypto
I'm trying to follow this tutorial to get a little MDM test setup going. I have the server set up and working on Ubuntu but when I try to run it on windows, I get the following error: Code: if __name__ == "__main__": print "Starting Server" app = web.application(urls, globals())...

Working with EVP and OpenSSL, coding in C

c,encryption,openssl,digital-signature,evp-cipher
I've seen many questions on OpenSSL and EVP, but not very many clear answers, but I figured I'd still post my question here and hope for better feedback. The materials given to me are a signed file "symmetrickey.bin", an RSA key set "privatekey_A.pem", "publickey_A.pem", and the other user's public key...

Replicating request to Chef with Python RSA

python,openssl,rsa,chef
Goal: I need a Python 3 wrapper for Chef's REST API. Because its Python-3, PyChef is out of the question. Problem: I am trying to replicate the Chef request with Python RSA. But the wrapper results in an error message: "Invalid signature for user or client 'XXX'". I approached the...

What is special for a private key to be PEM-formatted?

python,openssl,public-key-encryption,jwt
I am trying to use the Google API with a oAuth service account, with Python 3.4. One of the steps is to generate a JSON Web Token, for which I use PyJWT. My code for the generation is the following: # opening the certificate downloaded from the Google API console...

Base64 encode/decode issue

openssl,hex,base64,ocaml
I have two functions to convert to and from base64 using openssl: (* base64 encode *) let encode_base64 msg = let open_ssl_arg = "echo -n '" ^ msg ^ "' | openssl enc -base64" in let ic = Unix.open_process_in open_ssl_arg in let rec output s = try let new_line =...

AES_encrypt/AES_decrypt only returns part of a message

openssl,jni
I don't know why the following code will return "Hello native! Th" not "Hello native! This is from jni load!\n", may someone tip it? #include "helloJNI.h" #include "openssl/aes.h" #define LEN 1024 jstring jni_text(JNIEnv *env, jclass clz) { AES_KEY aesKey; int result; const char origin[] = "Hello native! This is from...

Undefined symbols for architecture x86_64 (clang)

c,osx,openssl,clang,llvm
I'm trying to use OpenSSL to compute sha1 hash from a c program. I am compiling with clang on Mac OS X Yosemite with an Intel i7 (so 64 bit). The relevant piece of code is roughly like so: #include <openssl/evp.h> ... unsigned char outHash[20]; hash("SHA1","abcd", 20, outHash); The thing...

mixing openssl API and BSD sockets API

c,sockets,unix,openssl,portability
I'm writing a client that must deal with both ordinary http protocol and also https for secure connections. For ordinary http connections, I should use basic socket I/O functions such as send(), recv() and so on. But for https connections, I should use SSL_read(), SSL_write and other functions from the...

SSLv3 certificate verify failure when TLSv1 was specified?

ruby,openssl
Can someone help me figure this out. I've seen this asked all over the web, but no one has an adequate answer. I am on Ubuntu, Ruby 1.8.7, and OpenSSL 1.0.1 Net::HTTP.ssl_context_accessor 'ssl_version' uri = URI.parse("https://www.paypal.com") http = Net::HTTP.new(uri.host, uri.port) http.verify_mode = OpenSSL::SSL::VERIFY_PEER http.use_ssl = true http.ssl_version = :TLSv1 request...

compilation of Qt 5 fails under make in debian64

c++,qt,openssl,qtnetwork,qsslsocket
I tried to make qt 5.4.1 with openSsl configuration but i got some errors during make it. I configured it as bellow : OPENSSL_LIBS='-L/usr/local/ssl/lib -lssl -lcrypto' ./configure -prefix $PWD/qtbase -opensource -debug-and-release -nomake tests -openssl-linked -I/usr/local/ssl/include -L/usr/local/ssl/lib and then make. the last 10 line of output is: /usr/bin/ld: /usr/local/ssl/lib/libssl.a(s2_srvr.o): relocation R_X86_64_32...

getSession closes Socket

java,android,sockets,openssl
Is it possible to find the reason why the Android OpenSSLSocketImpl is closing the Socket? (how do I debug the Android internal libraries?) Background: The source where I'm trying to create the SSLContext can be found in TLSNetSocketUtil.java during the call to resultSocket.getSession() the underlying Socket are getting closed. I've...

Load RSA private key to EVP_PKEY

ios,objective-c,c,openssl,privatekey
I currently have private key in a .pem file. In my App (iOS) I want to load the private Key into a EVP_PKEY struct to sign a X509_REQ. My current problem is that I'm able to load the private key, but actually it is a different private key than the...

Error while creating iOS Developer CSR for iOS

ios,openssl,certificate
I am trying to generate a certificate request for an iOS Developer certificate. I get the error below (Unknown option CN=...). I am able to generate the private key just fine, it is the next step - generating the cert request that is failing. openssl req -new -key privatekey.key -out...

Statically link OpenSSL in XCode

xcode,openssl,static-linking,dylib
I am trying to link libssl.a and libcrypto.a static libraries in XCode command line project [under Link Binary With Libraries]. I have included Openssl header files in search path. Compilation succeeds but execution fails with dyld: Library not loaded: /usr/local/ssl/lib/libcrypto.1.0.0.dylib. Why does it look for dylib when I am linking...

Updating Openssl in os x yosemite

osx,openssl,homebrew,macports,brew
-- Build of crashreporter disabled. -- Found Qt5 core, checking for further dependencies... -- Using Qt 5! -- GIT_SHA1 40cdbda31285d9090d8109b10b244aa4740a5891 -- Using Qt 5.4.x -- We would not require Neon in this setup, compile without! CMake Error at /usr/local/Cellar/cmake/3.1.3/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:138 (message): Could NOT find OpenSSL, try to set the path to...

PHP Websocket SSL Stunnel “bad certificate” with OpenSSL signed certificate

php,ssl,websocket,openssl,stunnel
I know there are many other questions like this one but after days of tries i have no more ideas for solve the problem. I'm experiencing Websocket connection for the first time, i need to build a simple Chat and for do this i'm trying PHPWebSocketServer (https://github.com/ghedipunk/PHP-WebSockets), so i've tested...

how to handle low_entropy exception of crypto:strong_rand_bytes(N)?

openssl,erlang
I want to generate cryptographically strong pseudorandom numbers in erlang for session IDs. There is crypto:strong_rand_bytes(N). What if it throws the low_entropy exception? From http://www.erlang.org/doc/man/crypto.html#strong_rand_bytes-1 strong_rand_bytes(N) -> binary() Types: N = integer() Generates N bytes randomly uniform 0..255, and returns the result in a binary. Uses a cryptographically secure prng...

Create a base64 md5 hash in nodejs equivalent to this openssl command

node.js,openssl
I have a linux command to create argument value, but I dont know how to convert it in nodejs. This is linux command line: echo -n '2147483647/s/link127.0.0.1 secret' | \ openssl md5 -binary | openssl base64 | tr +/ -_ | tr -d = and result when execute it in...

OpenSSL::X509::Certificate Showing Certificate for Wrong Domain

ruby,osx,sockets,openssl,ssl-certificate
I'm looping through a list of domains to see if a) there is 443 listener and b) collect the ssl cert expiry, signature algorithm, and common name. All of the domains that have a 443 listener report the correct ssl cert (matching up to what Chrome reports), however, there is...

OpenSSL error alert handshake failure

openssl
When trying to connect to some websites OpenSSL fails to connect. I get this error with OpenSSL's s_client: $ openssl s_client -connect www.airvistara.com:443 -debug CONNECTED(00000003) write to 0x600060cf0 [0x600076e90] (346 bytes => 346 (0x15A)) 0000 - 16 03 01 01 55 01 00 01-51 03 03 b7 94 61 d2...

Git Clone Fails with sslRead() error on OS X Yosemite

git,curl,openssl,osx-yosemite,gitlab
I'm currently on OS X Yosemite 10.10.3, and trying to git clone an existing repo which works fine on Windows. I've tried a combo of installing git through homebrew with curl/openssl with no luck. When i run the git clone, i get the following ssl read error: GIT_CURL_VERBOSE=1 git clone...

OpenSSL causing very slow Rails boot time on Windows

ruby-on-rails,ruby,ruby-on-rails-4,openssl
I'm having a problem with Ruby on Rails running extremely slowly. I'm using Ruby 2.1.3p242 and Rails 4.2.1 on a Windows 8 machine. Whenever I run anything that requires rails to boot (including tests) it takes a long time to get up and running. I put some calls to Benchmark...

Undefined symbols for architecture x86_64 on OS X with fat library

c++,c,xcode,osx,openssl
I have build libcrypto.a and libssl.a myself from source, specifying darwin64-x86_64-cc (for 64-bit) and darwin-i386-cc (for 32-bit) to OpenSSL's configure script. Created the fat libraries with lipo and added them as a dependency in my Xcode project. However, I'am getting an undefined symbol error: undefined symbols for architecture x86_64: "_OPENSSL_ia32cap_P",...

Pass connected SSL Socket to another Process

python,network-programming,openssl,m2crypto
I am struggling to find a mechanism to send a request to the target server and when the socket has data to be read, pass the socket to another process for getting the data out. I came so far using epoll on Linux, to implement it to the point that...

Segmentation fault with generating an RSA and saving in ASN.1/DER?

c,openssl,cryptography,rsa
#include <string.h> #include <openssl/aes.h> #include <openssl/rand.h> #include <openssl/bio.h> #include <openssl/rsa.h> #include <openssl/evp.h> #include <openssl/pem.h> #define RSA_LEN 2048 #define RSA_FACTOR 65537 int genRSA2048(unsigned char **pub,unsigned int *pub_l,unsigned char **priv,unsigned int *priv_l){ RSA *pRSA = NULL; pRSA = RSA_generate_key(RSA_LEN,RSA_FACTOR,NULL,NULL); if (pRSA){ pub_l = malloc(sizeof(pub_l)); *pub_l = i2d_RSAPublicKey(pRSA,pub); priv_l = malloc(sizeof(priv_l));...

How to know which version of openssl boost ssl is using

c++,openssl,boost-asio
I have some questions about boost openssl updation How can I find out which version of openssl boost ssl is using? Do we need to recompile the C++ boost application after updating openssl or will updating openssl suffice? ...

Can't set public/private key in OpenSSL

c++,c,encryption,openssl,rsa
I am trying to set the public and private key to an EVP_PKEY in C++ from a string. However, even after following several examples online, the PKEY always comes out as NULL. Here is the code to reproduce the problem (this is for private keys but the effect is the...

Verify a RSA public key in OpenSSL?

c++,c,openssl
I have an EVP_PKEY with only the public part of a RSA key. I extracted the public part from a SubjectPublicKeyInfo structure in DER encoding. This is what I have now: unsigned char publicKey[] = {0x30, 0x5a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, ...} size_t publicKeyLength = 92; unsigned...

EIdOSSLUnderlyingCryptoError Exception

delphi,http,openssl,indy,indy10
I am using Indy (IdHTTP, OpenSSL). I use this simple code to download a page var IdHTTP: TIdHTTP; begin IdHTTP:=TIdHTTP.Create; try IdHTTP.Get('https://ezfile.ch/?m=help&a=tos'); finally IdHTTP.Free; end; end; It returns: EIdOSSLUnderlyingCryptoError exception "Error connecting with SSL. error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert internal error" The site uses TLS 1.1, AES_128_CBC_SHA1, ECDHE-ECDSA. It should be easily...

Android NDK OpenSSL error cross-compiling

c,windows,android-ndk,openssl,cross-compiling
I am new in NDK and I am following this guide to build OpenSSL for Android, I am using Windows 7 and Cygwin for this. I'm having errors when trying to build the OpenSSL library. # From the 'root' directory $ . ./setenv-android.sh $ cd openssl-1.0.1g/ $ perl -pi -e...

Ruby OpenSSL AES-128-CTR

ruby,openssl,cryptography,aes
I can't figure out what I am doing wrong here trying to decrypt a string of hex values with a given key using ruby's OpenSSL cipher AES-128-CTR. I am using the gem hex_string to convert my hex to bytes ctrkey = "36f18357be4dbd77f050515c73fcf9f2" ciphertext3 = "69dda8455c7dd4254bf353b773304eec0ec7702330098ce7f7520d1cbbb20fc3\ 88d1b0adb5054dbd7370849dbf0b88d393f252e764f1f5f7ad97ef79d59ce29f5f51eeca32eabedd9afa9329" cipher2 = OpenSSL::Cipher.new('AES-128-CTR') cipher2.decrypt...

Select different padding modes in OpenSSL commands

encryption,openssl,cryptography,des
I wrote a Java Card applet to do DES encryption/Decryption. The source code of my applet (If you want to use it, consider that Mr Bodewes found some bugs in this source code (those are mentioned in the comments under his answer. So fix it and then use) have the...

Run 'openssl req' command in Java?

java,openssl
It seems x509 cert request can only be generated by Openssl that Java has no control over that. So I decided to invoke Openssl command in Java; my system is Windows7-64bit, JDK 1.7, Openssl 1.02 binary distribution. Generating CSR request is good via direct Openssl command, but invoking the same...

Get x509 certificate hash with openssl library

c,hash,openssl,x509,libcrypto
I'm currently working on an app, which uses the openssl library (libcrypto) to generate certificates. Now I have to get the hash of a already existing certificate. When I use my Terminal I am able to generate the hash value by using openssl x509 -hash -in cert.pem -noout Output: 01da0e2b...

“tlsv1 alert internal error” during handshake

php,ssl,openssl
I have a PHP script that checks URLs availability (basically, the script should return true for a given URL when the URL could be opened in browser and vice versa). There is an URL I stumbled upon: https://thepiratebay.gd/. This URL could be correctly opened in browser, but fsockopen() just fails...

Code Signing Certificate - Creating a PFX from a godaddy SPC & Key File

openssl,ssl-certificate,code-signing-certificate
Problem: I generated a CRT using openssl; first I made a Key file; then Used the key file to generate a CRT. I put the CRT text into the godaddy window; when they issued the code signing cert, they issued a SPC. My Key and CRT are both TEXT, so...

Getting google search ssl pem certificate

c++,c,https,openssl,libressl
For testing purpose I want to set up a https connection to google and start a search. I downloaded the OpenSSL example from here. In the code, I have to load a pem file here: /* http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html */ res = SSL_CTX_load_verify_locations(ctx, "random-org-chain.pem", NULL); ssl_err = ERR_get_error(); now I search for...

Simple gSoap Server and Client with SSL

c++,ssl,openssl,gsoap
The call to soap_ssl_accept always results in the error SSL23_GET_CLIENT_HELLO:unknown protocol. I made it simple as possible and turned of server authentication by setting SOAP_SSL_NO_AUTHENTICATION. I broke it down to following server and client code. Can you help me getting a working example? Server Side: #include <cstdio> #include "ADService.nsmap" //...

Server with ECDHE key and cert not working

c,openssl,ca
I use the below server.c source, i generated sinful-host-cert.pem sinful-host.key as described here: Elliptic Curve CA Guide When running the program get the following errors: 140722397161136:error:10071065:elliptic curve routines:func(113):reason(101):ec_lib.c:995: 140722397161136:error:0B080075:x509 certificate routines:func(128):reason(117):x509_cmp.c:346: I compiled using: gcc server.c -ldl -lcrypto -lssl -o Server The error occurs at this line I think if...

Use Client Cert and TLS_RSA_WITH_AES_256_CBC_SHA256 cipher suite

ruby,openssl
Update: Many of my problems just had to do with not knowing how to post the client certificate. I've placed those details over here. I am using Ruby to connect to an SSL server that only supports the TLS_RSA_WITH_AES_256_CBC_SHA256 cipher. I also need to supply a client certificate. When I...

node.js crypto signature and openssl signature does not match

node.js,openssl,rsa,digital-signature,sha256
I wanted to perform RSA-SHA512 on a file in node.js. I could calculate sha512 hash of the given data file which matches with that of openssl's. However when trying to get the digital signature on the same hash, node.js signature differs from openssl signature. Below is an example code snippet:...