Igor Delovski Board Forum Index Igor Delovski Board
My Own Personal Slashdot!
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

OpenSSL

 
Post new topic   Reply to topic    Igor Delovski Board Forum Index -> General Programming
General Programming  
Author Message
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Tue Nov 06, 2012 2:53 pm    Post subject: OpenSSL Reply with quote

pcamacho - An Introduction to XML Signature and XML Encryption
with XMLSec


"XMLSec is a C library that implements the standards XML Signature and
XML Encryption This library is built upon other C libraries, XML processing,
Libxml2 and Libxslt. Cryptographic tools, ..."
Back to top
View user's profile Send private message Visit poster's website
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Wed Nov 07, 2012 7:08 pm    Post subject: Reply with quote

XML Security Library - Signing with X509 certificate

"Signs a file using a dynamicaly created template, key from PEM file and
an X509 certificate. The signature has one reference with one enveloped
transform to sign the whole document except the <dsig:Signature/> node
itself. The key certificate is written in the <dsig:X509Data/> node."
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Thu Nov 15, 2012 1:58 am    Post subject: Reply with quote

xmlsec

https://trac.macports.org/browser/trunk/dports/security/xmlsec/Portfile

http://www.mmnt.net/db/0/0/ftp.xmlsoft.org/libxml2/xmlsec/releases
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Sat Nov 17, 2012 11:12 pm    Post subject: Reply with quote

EvoLve - Compile against libraries installed with MacPorts

"I experienced that problem when trying to compile SDL_image, which
depends on libraries such as libpng. I had to configure with the following
flags :

./configure CPPFLAGS="-I/opt/local/include" LDFLAGS="-L/opt/local/lib"

which indicates in which folders the libraries installed with MacPorts were
installed."
Back to top
View user's profile Send private message
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Sun Nov 18, 2012 9:38 pm    Post subject: Reply with quote

so - Convert SSL private key to a string

"... use the XMLSEC-OpenSSL interface, the xmlSecOpenSSLEvpKeyAdopt()
function loads an xmlsec key object from an OpenSSL EVP_PKEY *, and
xmlSecOpenSSLKeyDataX509AdoptKeyCert() loads an OpenSSL X509 cer-
tificate."
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Sun Nov 25, 2012 9:45 pm    Post subject: Reply with quote

Philippe Camacho - An Introduction to XML Signature and XML Encryption with XMLSec

"Under Linux you can download and compile the source code from XMLSec.
But you should install the corresponding package as almost every linux
distribution comes with XMLSec . Under Windows you can find precompiled
binaries at Zlatkovic’s homepage. Do not forget to install the required
libraries first: libxml2, libxslt, iconv and zlib."


Ref:Forum.hr - Fiskalizacija i VB6
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Sun Dec 02, 2012 7:29 pm    Post subject: Reply with quote

multunus.com - Convert Code Signing Certificates From Pfx to P12

"One of the requirements we had was to sign the applet that we built for
UserThoughts. We had purchased Comodo’s code signing certificate from
KSoftware. When you download the certificate from their site, it automati-
cally gets installed in IE. Follow these steps for converting it into format
which you can use with the Java Jarsigner."
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Sat Feb 09, 2013 9:00 pm    Post subject: Reply with quote

nlnetlabs.nl - Example 1: Signing

"So we have an engine and a private key. Now it's time to do some signing.
We'll just blindly try to read from and write to the given files. As in our PKCS
examples, correct handling of these files is left as an excercise to the reader."
Back to top
View user's profile Send private message Visit poster's website
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Sat Sep 27, 2014 4:13 pm    Post subject: Reply with quote

http://queue.acm.org/detail.cfm?id=2673311

Security Collapse in the HTTPS Market

Assessing legal and technical solutions to secure HTTPS
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Sat Feb 18, 2017 1:03 am    Post subject: Reply with quote

wiki - PKCS#11

"The PKCS #11 standard defines a platform-independent API to cryptographic
tokens, such as hardware security modules (HSM) and smart cards, and names
the API itself "Cryptoki" (from "cryptographic token interface" and pronounced
as 'crypto-key' - but 'PKCS #11' is often used to refer to the API as well as the
standard that defines it)."
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Fri Feb 24, 2017 9:22 pm    Post subject: Reply with quote

r - Cloudflare have been leaking customer HTTPS sessions for months.
Uber, 1Password, FitBit, OKCupid, etc.


"The examples we're finding are so bad, I cancelled some weekend plans
to go into the office on Sunday to help build some tools to cleanup. I've
informed cloudflare what I'm working on. I'm finding private messages
from major dating sites, full messages from a well-known chat service,
online password manager data, frames from adult video sites, hotel bo-
okings. We're talking full https requests, client IP addresses, full respon-
ses, cookies, passwords, keys, data, everything."
Back to top
View user's profile Send private message
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Sat May 27, 2017 7:11 pm    Post subject: Reply with quote

so - How to create a self-signed certificate with openssl?

"You can also add -nodes if you don't want to protect your private key with
a passphrase, otherwise it will prompt you for "at least a 4 character" pass-
word. The days parameter (365) you can replace with any number to affect
expiration date. It will then prompt you for things like "Country Name" but
you can just hit enter and accept defaults."

Code:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

openssl pkcs12 -export -inkey key.pem -in cert.pem -out TestCert.p12


"For anyone else using this in automation, here's all of the common
parameters for the subject:"

Code:

-subj "/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=www.example.com"
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Sun May 28, 2017 2:42 pm    Post subject: Reply with quote

Vanja Komadinovic - HTTPS client for iOS

"In this method we need to obtain certificate ( for code simplicity I will load
cert each time from resource ) and present it to sender which will use that
certificate against server."

Code:
securityError = SecPKCS12Import(inP12data, options, &items);
...
SecIdentityCopyCertificate(myIdentity, &myCertificate);
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Mon Oct 02, 2017 8:53 pm    Post subject: Reply with quote

git - HMAC-SHA256 written in C with OpenSSL 0.9.8k

"message digest as lowercase hexits, generated using HMAC-SHA256 algorithm:

http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/index.html?rest-signature.html

You need to convert it to binary and then to base64 format. Some libraries use
hex instead of base64"
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Fri Oct 12, 2018 5:29 pm    Post subject: Reply with quote

tls.ulfheim.net - The Illustrated TLS Connection

"In this demonstration a client has connection to a server, negotiated a TLS
1.2 session, sent "ping", received "pong", and then terminated the session.
Click below to begin exploring."
Back to top
View user's profile Send private message Visit poster's website
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Sat Feb 10, 2024 3:56 pm    Post subject: Reply with quote

git - OpenSSL-Universal

"OpenSSL CocoaPods, Carthage and Swift Package Manager package for iOS
and macOS. A complete solution to OpenSSL on iOS and macOS. The package
comes with precompiled libraries and includes a script to build newer versions
if necessary.

The current version contains binaries built with the latest iOS SDK (target
11.0), and the latest macOS SDK (target 13) for all supported architectures
(including macOS Catalyst)."
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Sat Feb 17, 2024 6:40 pm    Post subject: Reply with quote

openssl.org - Downloads - Old Releases

"The master sources are maintained in our git repository, which is accessible
over the network and cloned on GitHub, at https://github.com/openssl/openssl
Bugs and pull patches (issues and pull requests) should be filed on the GitHub
repo."


Mailing List: https://mta.openssl.org/mailman/listinfo/openssl-users

so - How to Build OpenSSL for iOS and OSX

This script may help. It builds the OpenSSL 1.1.1 and 1.0.2 series libraries
(reference - also has build script for OSX)


(or: https://github.com/jasonacox/cURL-SSL-for-iOS )
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Thu Feb 22, 2024 3:22 pm    Post subject: Reply with quote

applef - Both ios-x86_64-simulator and ios-arm64-simulator represent two equivalent library definitions. XCFramework for iOS simulator on M1 & Intel Mac? How?

"You should never use lipo to merge, say, an arm64 iOS slice with an x86_64
iOS Simulator slice, because those slices are for different platforms. However,
using lipo to merge an arm64 iOS Simulator slice (for the simulator running
on an Apple silicon Mac) with an x86_64 iOS Simulator slice (for the simulator
running on an Intel Mac) is standard operational procedure."


Last edited by Ike on Fri Feb 23, 2024 8:53 am; edited 1 time in total
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Fri Feb 23, 2024 8:52 am    Post subject: Reply with quote

git - OpenSSL - Building for iOS

"I adapted the 1.0.2 version to the new OpenSSL 1.1.0 build system. The iOS
simulator indeed requires a Darwin x64 build.

I created a separate configuration file (based on the default OpenSSL build
targets for Darwin and iOS) for iOS/tvOS devices and simulators.

https://github.com/x2on/OpenSSL-for-iPhone/blob/master/config/20-ios-tvos-cross.conf

The most important additional option for the x64 simulator is a reference to
build using the iOS SDK."


...

git - OpenSSL-for-iPhone

"This is a script for using self-compiled builds of the OpenSSL-library on the
iPhone. You can build apps with Xcode and the official SDK from Apple with
this. I also made a small example-app for using the libraries with Xcode and
the iPhone/iPhone-Simulator."
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Igor Delovski Board Forum Index -> General Programming All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Delovski.hr
Powered by php-B.B. © 2001, 2005 php-B.B. Group