Igor Delovski Board Forum Index Igor Delovski Board
My Own Personal Slashdot!
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

OpenSSL

 
Post new topic   Reply to topic    Igor Delovski Board Forum Index -> General Programming
General Programming  
Author Message
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Tue Nov 06, 2012 2:53 pm    Post subject: OpenSSL Reply with quote

pcamacho - An Introduction to XML Signature and XML Encryption
with XMLSec


"XMLSec is a C library that implements the standards XML Signature and
XML Encryption This library is built upon other C libraries, XML processing,
Libxml2 and Libxslt. Cryptographic tools, ..."
Back to top
View user's profile Send private message Visit poster's website
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 2673
Location: Europe

PostPosted: Wed Nov 07, 2012 7:08 pm    Post subject: Reply with quote

XML Security Library - Signing with X509 certificate

"Signs a file using a dynamicaly created template, key from PEM file and
an X509 certificate. The signature has one reference with one enveloped
transform to sign the whole document except the <dsig:Signature/> node
itself. The key certificate is written in the <dsig:X509Data/> node."
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 2673
Location: Europe

PostPosted: Thu Nov 15, 2012 1:58 am    Post subject: Reply with quote

xmlsec

https://trac.macports.org/browser/trunk/dports/security/xmlsec/Portfile

http://www.mmnt.net/db/0/0/ftp.xmlsoft.org/libxml2/xmlsec/releases
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 2673
Location: Europe

PostPosted: Sat Nov 17, 2012 11:12 pm    Post subject: Reply with quote

EvoLve - Compile against libraries installed with MacPorts

"I experienced that problem when trying to compile SDL_image, which
depends on libraries such as libpng. I had to configure with the following
flags :

./configure CPPFLAGS="-I/opt/local/include" LDFLAGS="-L/opt/local/lib"

which indicates in which folders the libraries installed with MacPorts were
installed."
Back to top
View user's profile Send private message
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Sun Nov 18, 2012 9:38 pm    Post subject: Reply with quote

so - Convert SSL private key to a string

"... use the XMLSEC-OpenSSL interface, the xmlSecOpenSSLEvpKeyAdopt()
function loads an xmlsec key object from an OpenSSL EVP_PKEY *, and
xmlSecOpenSSLKeyDataX509AdoptKeyCert() loads an OpenSSL X509 cer-
tificate."
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Sun Nov 25, 2012 9:45 pm    Post subject: Reply with quote

Philippe Camacho - An Introduction to XML Signature and XML Encryption with XMLSec

"Under Linux you can download and compile the source code from XMLSec.
But you should install the corresponding package as almost every linux
distribution comes with XMLSec . Under Windows you can find precompiled
binaries at Zlatkovic’s homepage. Do not forget to install the required
libraries first: libxml2, libxslt, iconv and zlib."


Ref:Forum.hr - Fiskalizacija i VB6
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Sun Dec 02, 2012 7:29 pm    Post subject: Reply with quote

multunus.com - Convert Code Signing Certificates From Pfx to P12

"One of the requirements we had was to sign the applet that we built for
UserThoughts. We had purchased Comodo’s code signing certificate from
KSoftware. When you download the certificate from their site, it automati-
cally gets installed in IE. Follow these steps for converting it into format
which you can use with the Java Jarsigner."
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Sat Feb 09, 2013 9:00 pm    Post subject: Reply with quote

nlnetlabs.nl - Example 1: Signing

"So we have an engine and a private key. Now it's time to do some signing.
We'll just blindly try to read from and write to the given files. As in our PKCS
examples, correct handling of these files is left as an excercise to the reader."
Back to top
View user's profile Send private message Visit poster's website
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 2673
Location: Europe

PostPosted: Sat Sep 27, 2014 4:13 pm    Post subject: Reply with quote

http://queue.acm.org/detail.cfm?id=2673311

Security Collapse in the HTTPS Market

Assessing legal and technical solutions to secure HTTPS
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 2673
Location: Europe

PostPosted: Sat Feb 18, 2017 1:03 am    Post subject: Reply with quote

wiki - PKCS#11

"The PKCS #11 standard defines a platform-independent API to cryptographic
tokens, such as hardware security modules (HSM) and smart cards, and names
the API itself "Cryptoki" (from "cryptographic token interface" and pronounced
as 'crypto-key' - but 'PKCS #11' is often used to refer to the API as well as the
standard that defines it)."
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 2673
Location: Europe

PostPosted: Fri Feb 24, 2017 9:22 pm    Post subject: Reply with quote

r - Cloudflare have been leaking customer HTTPS sessions for months.
Uber, 1Password, FitBit, OKCupid, etc.


"The examples we're finding are so bad, I cancelled some weekend plans
to go into the office on Sunday to help build some tools to cleanup. I've
informed cloudflare what I'm working on. I'm finding private messages
from major dating sites, full messages from a well-known chat service,
online password manager data, frames from adult video sites, hotel bo-
okings. We're talking full https requests, client IP addresses, full respon-
ses, cookies, passwords, keys, data, everything."
Back to top
View user's profile Send private message
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Sat May 27, 2017 7:11 pm    Post subject: Reply with quote

so - How to create a self-signed certificate with openssl?

"You can also add -nodes if you don't want to protect your private key with
a passphrase, otherwise it will prompt you for "at least a 4 character" pass-
word. The days parameter (365) you can replace with any number to affect
expiration date. It will then prompt you for things like "Country Name" but
you can just hit enter and accept defaults."

Code:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

openssl pkcs12 -export -inkey key.pem -in cert.pem -out TestCert.p12


"For anyone else using this in automation, here's all of the common
parameters for the subject:"

Code:

-subj "/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=www.example.com"
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Sun May 28, 2017 2:42 pm    Post subject: Reply with quote

Vanja Komadinovic - HTTPS client for iOS

"In this method we need to obtain certificate ( for code simplicity I will load
cert each time from resource ) and present it to sender which will use that
certificate against server."

Code:
securityError = SecPKCS12Import(inP12data, options, &items);
...
SecIdentityCopyCertificate(myIdentity, &myCertificate);
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Mon Oct 02, 2017 8:53 pm    Post subject: Reply with quote

git - HMAC-SHA256 written in C with OpenSSL 0.9.8k

"message digest as lowercase hexits, generated using HMAC-SHA256 algorithm:

http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/index.html?rest-signature.html

You need to convert it to binary and then to base64 format. Some libraries use
hex instead of base64"
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Fri Oct 12, 2018 5:29 pm    Post subject: Reply with quote

tls.ulfheim.net - The Illustrated TLS Connection

"In this demonstration a client has connection to a server, negotiated a TLS
1.2 session, sent "ping", received "pong", and then terminated the session.
Click below to begin exploring."
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Igor Delovski Board Forum Index -> General Programming All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Delovski.hr
Powered by php-B.B. © 2001, 2005 php-B.B. Group