From cryptlib@mbsks.franken.de  Mon Oct  1 02:27:23 2001
From: cryptlib@mbsks.franken.de (Scott Penno)
Date: Mon, 1 Oct 2001 11:27:23 +1000
Subject: [Cryptlib] How can import the p12 file into cryptlib p12 file
 ? Who can give me some example code?
Message-ID: <DD9E139B4AE7D411814700D0B7A75A4F4BCE32@bobcat.keytrust.com.au>

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------ =_NextPart_001_01C14A6C.0B2DF850
Content-Type: text/plain

Have a look at http://www.cs.auckland.ac.nz/~pgut001/cryptlib/faq.html.

Scott.


-----Original Message-----
From: ca365sohu [mailto:ca365@sohu.com]
Sent: Sunday, 30 September 2001 10:04 AM
To: cryptlib@mbsks.franken.de
Subject: [Cryptlib] How can import the p12 file into cryptlib p12 file?
Who can give me some example code?


Dear All:

How can import the p12 file into cryptlib p12 file? Who can give me some
example code?

lixin

------ =_NextPart_001_01C14A6C.0B2DF850
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<HTML>
<HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">

<TITLE>
</TITLE>


<META content="MSHTML 5.00.3018.900" name=GENERATOR>
<STYLE></STYLE>

</HEAD>
<HEAD>

</HEAD>

<BODY bgColor=#ffffff>

<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=582222701-01102001>Have a 
look at <A 
href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/faq.html">http://www.cs.auckland.ac.nz/~pgut001/cryptlib/faq.html</A>.</SPAN></FONT>

</DIV>


<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=582222701-01102001></SPAN></FONT>&nbsp;

</DIV>


<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=582222701-01102001>Scott.</SPAN></FONT>

</DIV>


<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=582222701-01102001></SPAN></FONT>&nbsp;

</DIV>


<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=582222701-01102001></SPAN></FONT>&nbsp;

</DIV>


<DIV align=left class=OutlookMessageHeader dir=ltr><FONT face=Tahoma 
size=2>-----Original Message-----<BR><B>From:</B> ca365sohu 
[mailto:ca365@sohu.com]<BR><B>Sent:</B> Sunday, 30 September 2001 10:04 
AM<BR><B>To:</B> cryptlib@mbsks.franken.de<BR><B>Subject:</B> [Cryptlib] How can 
import the p12 file into cryptlib p12 file? Who can give me some example 
code?<BR><BR></FONT>

</DIV>

<P><FONT size=2>Dear All:</FONT>

</P>
<P>&nbsp;

</P>
<P><FONT size=2>How can import the p12 file into cryptlib p12 file? Who can give 
me some example code?</FONT>

</P>
<P>&nbsp;

</P>
<P><FONT size=2>lixin</FONT>

</P>
</BODY>
</HTML>

------ =_NextPart_001_01C14A6C.0B2DF850--


From cryptlib@mbsks.franken.de  Mon Oct  1 17:57:23 2001
From: cryptlib@mbsks.franken.de (Antonio Cesa da Silveira Jr.)
Date: Mon, 1 Oct 2001 13:57:23 -0300
Subject: [Cryptlib] off-topic: ASN.1 copilers to PAscal
Message-ID: <003d01c14a9a$2560bb80$0f000080@bryd.com.br>

Somebody knows a free copiler to create Pascal units from ASN.1
specifications ?

 Until now i  have seen only free compiler ASN.1 to c ... OSS Nokalwa have,
but its are pay..


 thanks in advance ...



-------------------------
BRy Tecnologia
-------------------------



From cryptlib@mbsks.franken.de  Wed Oct  3 14:20:22 2001
From: cryptlib@mbsks.franken.de (James Moore)
Date: Wed, 3 Oct 2001 08:20:22 -0500
Subject: [Cryptlib] newbie question
Message-ID: <3BBACA46.28391.39B01BE0@localhost>

I'm looking for some cryptlib examples (sample apps) to help get me 
started... specifically, how to create PKCS5-encrypted files. 

Is there an archive of this list that I could search for previous 
answers to this question?

Thanks,
Jay Moore


From cryptlib@mbsks.franken.de  Wed Oct  3 15:24:35 2001
From: cryptlib@mbsks.franken.de (Matthias Bruestle)
Date: Wed, 3 Oct 2001 16:24:35 +0200
Subject: [Cryptlib] newbie question
In-Reply-To: <3BBACA46.28391.39B01BE0@localhost>; from jaymo@hiwaay.net on Wed, Oct 03, 2001 at 08:20:22AM -0500
References: <3BBACA46.28391.39B01BE0@localhost>
Message-ID: <20011003162435.S13363@mbsks.franken.de>

Mahlzeit


On Wed, Oct 03, 2001 at 08:20:22AM -0500, James Moore wrote:
> Is there an archive of this list that I could search for previous 
> answers to this question?

The newest available archive is at:

ftp://ftp.franken.de/pub/crypt/cryptlib/cryptlib-ml-archive-20010930.zip

It is now 3 days old and contains all cryptlib ML mails from the beginning.


Mahlzeit
endergone Zwiebeltuete


From cryptlib@mbsks.franken.de  Wed Oct  3 15:39:20 2001
From: cryptlib@mbsks.franken.de (Peter Gutmann)
Date: Thu, 4 Oct 2001 02:39:20 +1200 (NZST)
Subject: [Cryptlib] newbie question
Message-ID: <200110031439.CAA164153@ruru.cs.auckland.ac.nz>

"James Moore" <jaymo@hiwaay.net> writes:

>I'm looking for some cryptlib examples (sample apps) to help get me
>started... specifically, how to create PKCS5-encrypted files.

Uhh, PKCS #5 is an (obsolete) password-hashing mechanism.  Do you mean PKCS #7?
For examples of that, see the manual chapter(s) on enveloping.

Peter.


From cryptlib@mbsks.franken.de  Wed Oct  3 16:44:00 2001
From: cryptlib@mbsks.franken.de (Olivier Fouache)
Date: Wed, 3 Oct 2001 17:44:00 +0200 (MET DST)
Subject: [Cryptlib] newbie question
In-Reply-To: <200110031439.CAA164153@ruru.cs.auckland.ac.nz>
Message-ID: <Pine.SOL.3.96.1011003174149.426A-100000@arum>

I'm working on a project who's try to make communicate two programs (one
with cryptLib and the other with Cryptix). and i know that Cryptix encrypt
with PKCS1 or PKCS5 padding.

------------------------------------------------------------------------------
| Olivier FOUACHE                          | http://www.eurecom.fr/~fouache/ |
| Laboratoire CE                           | Olivier.Fouache@eurecom.fr      |
| Institut EURECOM, 2229 Route des Cretes  |                                 |
| SOPHIA ANTIPOLIS 06560 VALBONNE - FRANCE |                                 |
------------------------------------------------------------------------------

On Thu, 4 Oct 2001, Peter Gutmann wrote:

> "James Moore" <jaymo@hiwaay.net> writes:
> 
> >I'm looking for some cryptlib examples (sample apps) to help get me
> >started... specifically, how to create PKCS5-encrypted files.
> 
> Uhh, PKCS #5 is an (obsolete) password-hashing mechanism.  Do you mean PKCS #7?
> For examples of that, see the manual chapter(s) on enveloping.
> 
> Peter.
> 
> _______________________________________________
> Cryptlib mailing list
> Cryptlib@mbsks.franken.de
> Administration via Mail: cryptlib-request@mbsks.franken.de
> 



From cryptlib@mbsks.franken.de  Wed Oct  3 17:15:29 2001
From: cryptlib@mbsks.franken.de (Peter Gutmann)
Date: Thu, 4 Oct 2001 04:15:29 +1200 (NZST)
Subject: [Cryptlib] newbie question
Message-ID: <200110031615.EAA165745@ruru.cs.auckland.ac.nz>

Olivier Fouache <Olivier.Fouache@eurecom.fr> writes:

>I'm working on a project who's try to make communicate two programs (one with
>cryptLib and the other with Cryptix). and i know that Cryptix encrypt with
>PKCS1 or PKCS5 padding.

So does cryptlib, about 10 levels down in the code, but this is so low-level
that you never see it.  Even the most basic interface (cryptCreateSignature())
generates data several layers removed from raw PKCS #1.

Peter.


From cryptlib@mbsks.franken.de  Wed Oct  3 17:59:20 2001
From: cryptlib@mbsks.franken.de (Jay Moore)
Date: Wed, 3 Oct 2001 11:59:20 -0500
Subject: [Cryptlib] newbie question
In-Reply-To: <200110031439.CAA164153@ruru.cs.auckland.ac.nz>
Message-ID: <3BBAFD98.801.3A7893EB@localhost>

On 4 Oct 2001,, Peter Gutmann wrote:

> >I'm looking for some cryptlib examples (sample apps) to help get me
> >started... specifically, how to create PKCS5-encrypted files.
> 
> Uhh, PKCS #5 is an (obsolete) password-hashing mechanism.  Do you mean
> PKCS #7? For examples of that, see the manual chapter(s) on enveloping.

Obsolete?! Do you mean obsolete in the sense that PKCS #7 does all that 
PKCS #5 does and more/better, or in the sense that PKCS #5 is no longer 
supported? I don't doubt what you're saying, I just want to understand.

Thanks,
Jay


From cryptlib@mbsks.franken.de  Wed Oct  3 18:36:03 2001
From: cryptlib@mbsks.franken.de (Peter Gutmann)
Date: Thu, 4 Oct 2001 05:36:03 +1200 (NZST)
Subject: [Cryptlib] newbie question
Message-ID: <200110031736.FAA167655@ruru.cs.auckland.ac.nz>

"Jay Moore" <jaymo@hiwaay.net> writes:
On 4 Oct 2001,, Peter Gutmann wrote:
>>I'm looking for some cryptlib examples (sample apps) to help get me
>>started... specifically, how to create PKCS5-encrypted files.
>Uhh, PKCS #5 is an (obsolete) password-hashing mechanism.  Do you mean
>PKCS #7? For examples of that, see the manual chapter(s) on enveloping.
>
>Obsolete?! Do you mean obsolete in the sense that PKCS #7 does all that PKCS
>#5 does and more/better, or in the sense that PKCS #5 is no longer supported?

PKCS #5 was superseded by PKCS #5v2 some time ago (usually when people say
"PKCS #5" they're using some old document from somewhere and mean the original
PKCS #5 rather than PKCS #5v2).  PKCS #5v2 is completely different from PKCS
#5, which only worked with MD5 and DES keys from memory.

Peter.



From cryptlib@mbsks.franken.de  Wed Oct  3 19:50:36 2001
From: cryptlib@mbsks.franken.de (Jay Moore)
Date: Wed, 3 Oct 2001 13:50:36 -0500
Subject: [Cryptlib] newbie question
In-Reply-To: <200110031736.FAA167655@ruru.cs.auckland.ac.nz>
Message-ID: <3BBB17AC.22330.3ADE71C5@localhost>

On 4 Oct 2001,, Peter Gutmann wrote:

> >Obsolete?! Do you mean obsolete in the sense that PKCS #7 does all that
> >PKCS #5 does and more/better, or in the sense that PKCS #5 is no longer
> >#supported?
> 
> PKCS #5 was superseded by PKCS #5v2 some time ago (usually when people
> say "PKCS #5" they're using some old document from somewhere and mean
> the original PKCS #5 rather than PKCS #5v2).  PKCS #5v2 is completely
> different from PKCS #5, which only worked with MD5 and DES keys from
> memory.

Oh - sorry... I meant PKCS #5 v2 :)

I'd like to see some sample code that generates a PKCS #5 v2 file. I 
looked through the ref. manual, but didn't see anything. Are there any 
such examples available?

Thanks,
Jay Moore


From cryptlib@mbsks.franken.de  Wed Oct  3 21:18:20 2001
From: cryptlib@mbsks.franken.de (Peter Gutmann)
Date: Thu, 4 Oct 2001 08:18:20 +1200 (NZST)
Subject: [Cryptlib] newbie question
Message-ID: <200110032018.IAA170208@ruru.cs.auckland.ac.nz>

"Jay Moore" <jaymo@hiwaay.net> writes:

>I'd like to see some sample code that generates a PKCS #5 v2 file. I looked
>through the ref. manual, but didn't see anything. Are there any such examples
>available?

You won't find any because (as I said earlier) PKCS #5 is a password-hashing
mechanism.  What you want is PKCS #7 which (as I also mentioned earlier) is
covered in the manual chapter(s) on enveloping.

Peter.



From cryptlib@mbsks.franken.de  Thu Oct  4 00:16:52 2001
From: cryptlib@mbsks.franken.de (Jay Moore)
Date: Wed, 3 Oct 2001 18:16:52 -0500
Subject: [Cryptlib] newbie question
In-Reply-To: <200110032018.IAA170208@ruru.cs.auckland.ac.nz>
Message-ID: <3BBB5614.4784.3BD2377B@localhost>

On 4 Oct 2001,, you wrote:

> >I'd like to see some sample code that generates a PKCS #5 v2 file. I
> >looked through the ref. manual, but didn't see anything. Are there any
> >such examples available?
> 
> You won't find any because (as I said earlier) PKCS #5 is a
> password-hashing mechanism.  What you want is PKCS #7 which (as I also
> mentioned earlier) is covered in the manual chapter(s) on enveloping.

I'll apologize in advance for being dense, but perhaps you can clear up 
a point of confusion: PKCS #5 v2.0 calls for both password hashing (to 
derive a key), and message encryption (incl. padding & iv selection).

It appears that all of the necessary "ingredients" to produce an 
encrypted file are present. What am I missing?

Thanks,
Jay Moore


From cryptlib@mbsks.franken.de  Thu Oct  4 21:09:45 2001
From: cryptlib@mbsks.franken.de (Peter Gutmann)
Date: Fri, 5 Oct 2001 08:09:45 +1200 (NZST)
Subject: [Cryptlib] Re: Trying to create cert request (resend)
Message-ID: <200110042009.IAA205554@ruru.cs.auckland.ac.nz>

bsnelson@mindspring.com writes:

>Any other suggestions? I'm really stuck at what (one would hope) would be a
>rather trivial application usage.

It looks like you've made all sorts of odd changes to the code, if you're
trying to create a self-signed cert it'll sign it twice (the second one will
fail), and instead of creating a cert request it'll try and create a cert,
since what you're signing with isn't a CA cert, this will fail too.  In other
words neither of the two options will work.  The original code either created a
v1 self-signed CA cert or a cert request, you can't create a non-self-signed
cert directly.

Peter.


From cryptlib@mbsks.franken.de  Thu Oct  4 08:34:13 2001
From: cryptlib@mbsks.franken.de (Fidel Liberal Malaina)
Date: Thu, 4 Oct 2001 09:34:13 +0200 (CEST)
Subject: [Cryptlib] Network problems, blocking operations?
Message-ID: <Pine.LNX.4.10.10110040921220.29784-100000@aintel.bi.ehu.es>

Hello everybody!

In my proyect I must use SSL connections to my server for administrative
purposes.

With last cryptlib beta (release candidate) I think it's possible to use
blocking network operations by setting NETTIMEOUTs to a certain value.

But when doing so my program doesn't work propertly, in fact, network
operations are not what I understand as "blocking with timeouts":

After stablishing session (cryptSetAttr .... cryptSession ACTIVE 1)
I set timeouts:
  status=cryptSetAttribute(CRYPT_UNUSED,\
                        CRYPT_OPTION_NET_TIMEOUT, DEFAULT_NETTIMEOUT);  
But every network operations doesn't wake up when data arrives but always
waits until timeout.

I'll try to make myself understood:

I think a typical blocking (with timeout) operation should be:

1.- see if there are any data avaliable
2.- wait until timeout OR UNTIL ANY DATA ARRIVE
3.- return from call.
      
So called function (cryptPopData) should return as soon as any data
arrive.


But with cryptlib I get this result (Linux RH 7.0 gcc 2.96-85)

1.- see whether any data have arrived
2.- wait until timeout
3.- check again

Somethink like:  
	cryptPopData
	sleep(NETTIMEOUT);
	cryptPopData


Am I doing something wrong?
Any ideas, suggestions....?

Using blocking calls is imperative as SSL connections interact with human
operators.

	Thanks in advance.

	Fidel Liberal Malaina
	ETSI (Bilbao) Spain



From cryptlib@mbsks.franken.de  Fri Oct  5 09:22:33 2001
From: cryptlib@mbsks.franken.de (Olivier Fouache)
Date: Fri, 5 Oct 2001 10:22:33 +0200 (MET DST)
Subject: [Cryptlib] Re: Trying to create cert request (resend)
In-Reply-To: <200110042009.IAA205554@ruru.cs.auckland.ac.nz>
Message-ID: <Pine.SOL.3.96.1011005102048.7102C-100000@arum>

It isn't possible to make signature in format RSA-SHA1-PKCS1 ?
I try to communicate with an java program which use cryptix.


------------------------------------------------------------------------------
| Olivier FOUACHE                          | http://www.eurecom.fr/~fouache/ |
| S.B.F                                    | Olivier.Fouache@eurecom.fr      |
| Institut EURECOM, 2229 Route des Cretes  | S.T.F                           |
| SOPHIA ANTIPOLIS 06560 VALBONNE - FRANCE |                                 |
------------------------------------------------------------------------------



From cryptlib@mbsks.franken.de  Fri Oct  5 08:31:28 2001
From: cryptlib@mbsks.franken.de (Peter Gutmann)
Date: Fri, 5 Oct 2001 19:31:28 +1200 (NZST)
Subject: [Cryptlib] newbie question
Message-ID: <200110050731.TAA221377@ruru.cs.auckland.ac.nz>

"Jay Moore" <jaymo@hiwaay.net> writes:

>I'll apologize in advance for being dense, but perhaps you can clear up a
>point of confusion: PKCS #5 v2.0 calls for both password hashing (to derive a
>key), and message encryption (incl. padding & iv selection).
>
>It appears that all of the necessary "ingredients" to produce an encrypted
>file are present. What am I missing?

A data format for the encrypted data.  How do you specify the IV?  How do you
specify the password-derivation parameters?  How do you specify the length of
the encrypted data?  What about nested content types?

(You're welcome to go ahead and try to work with raw PKCS #5 if you want, but
 since password-based enveloping does all of that with 6 function calls I don't
 know why you'd want to do it the hard way).

Peter.


From cryptlib@mbsks.franken.de  Fri Oct  5 10:31:28 2001
From: cryptlib@mbsks.franken.de (Olivier Fouache)
Date: Fri, 5 Oct 2001 11:31:28 +0200 (MET DST)
Subject: [Cryptlib] pb with RSA
Message-ID: <Pine.SOL.3.96.1011005112840.7102E-100000@arum>

I encrypt a hash with the private key
and i try to decrypt the hash encrypted with the public key
but the result is a null vector... why ?
I can't decrypt with the public key ?

------------------------------------------------------------------------------
| Olivier FOUACHE                          | http://www.eurecom.fr/~fouache/ |
| S.B.F                                    | Olivier.Fouache@eurecom.fr      |
| Institut EURECOM, 2229 Route des Cretes  | S.T.F                           |
| SOPHIA ANTIPOLIS 06560 VALBONNE - FRANCE |                                 |
------------------------------------------------------------------------------



From cryptlib@mbsks.franken.de  Fri Oct  5 16:26:34 2001
From: cryptlib@mbsks.franken.de (Peter Gutmann)
Date: Sat, 6 Oct 2001 03:26:34 +1200 (NZST)
Subject: [Cryptlib] Network problems, blocking operations?
Message-ID: <200110051526.DAA229764@ruru.cs.auckland.ac.nz>

Fidel Liberal Malaina <jtalimaf@bipt106.bi.ehu.es> writes:

>I think a typical blocking (with timeout) operation should be:
>
>1.- see if there are any data avaliable
>2.- wait until timeout OR UNTIL ANY DATA ARRIVE
>3.- return from call.
>
>So called function (cryptPopData) should return as soon as any data arrive.

That's exactly what it does (see getData() in cryptses.c).  If you're getting
some other behaviour, you'd have to leap in with a debugger to see what's
happening and why.

Peter.


From cryptlib@mbsks.franken.de  Sat Oct  6 15:10:29 2001
From: cryptlib@mbsks.franken.de (Phillip McMahon)
Date: Sat, 06 Oct 2001 14:10:29
Subject: [Cryptlib] pb with RSA
Message-ID: <F96viYjfk9hwEow0lCl00013eca@hotmail.com>

<html><div style='background-color:'><DIV>
<P>you cannot encrypt with your private key otherwise anybody with access to your public key would be able to read anything/everything that you encrypted whether you wanted them to or not! You must encrypt with your public key and use your private key for decryption.</P>
<P>Hope that this helps.</P></DIV>
<P>
<P></P>From: Olivier Fouache <OLIVIER.FOUACHE@EURECOM.FR><BR>Reply-To: cryptlib@mbsks.franken.de <BR>To: mailing list de cryptLib <CRYPTLIB@MBSKS.FRANKEN.DE><BR>Subject: [Cryptlib] pb with RSA <BR>Date: Fri, 5 Oct 2001 11:31:28 +0200 (MET DST) <BR><BR>I encrypt a hash with the private key <BR>and i try to decrypt the hash encrypted with the public key <BR>but the result is a null vector... why ? <BR>I can't decrypt with the public key ? <BR><BR>------------------------------------------------------------------------------ <BR>| Olivier FOUACHE | http://www.eurecom.fr/~fouache/ | <BR>| S.B.F | Olivier.Fouache@eurecom.fr | <BR>| Institut EURECOM, 2229 Route des Cretes | S.T.F | <BR>| SOPHIA ANTIPOLIS 06560 VALBONNE - FRANCE | | <BR>------------------------------------------------------------------------------ <BR><BR><BR>_______________________________________________ <BR>Cryptlib mailing list <BR>Cryptlib@mbsks.franken.de <BR>Administration via Mail: cryptlib-request@mbsks.franken.de <BR></div><br clear=all><hr>Get your FREE download of MSN Explorer at <a href='http://go.msn.com/bql/hmtag_itl_EN.asp'>http://explorer.msn.com</a><br></html>


From cryptlib@mbsks.franken.de  Sun Oct  7 00:47:41 2001
From: cryptlib@mbsks.franken.de (Geoff Thorpe)
Date: Sat, 6 Oct 2001 19:47:41 -0400
Subject: [Cryptlib] pb with RSA
In-Reply-To: <F96viYjfk9hwEow0lCl00013eca@hotmail.com>
References: <F96viYjfk9hwEow0lCl00013eca@hotmail.com>
Message-ID: <20011006235037.66B80237A3@toilet.localnet>

On Saturday 06 October 2001 10:10, Phillip McMahon wrote:
> you cannot encrypt with your private key otherwise anybody with access =
to
> your public key would be able to read anything/everything that you
> encrypted whether you wanted them to or not!

In the case of RSA at least, this is called a signature. :-)

Cheers,
Geoff



From cryptlib@mbsks.franken.de  Mon Oct  8 08:15:47 2001
From: cryptlib@mbsks.franken.de (Olivier Fouache)
Date: Mon, 8 Oct 2001 09:15:47 +0200
Subject: [Cryptlib] pb with RSA
In-Reply-To: <F96viYjfk9hwEow0lCl00013eca@hotmail.com>
References: <F96viYjfk9hwEow0lCl00013eca@hotmail.com>
Message-ID: <01100809154704.01273@chabrol.eurecom.fr>

> <P>you cannot encrypt with your private key otherwise anybody with access
> to your public key would be able to read anything/everything that you
> encrypted whether you wanted them to or not! You must encrypt with your
> public key and use your private key for decryption.</P> <P>Hope that this
> helps.</P></DIV>

False, we have found why..... the private exponent is used when you try to 
decrypt.... but if you want to encrypt with the private key you have to use 
it..... and the public exponent to decrypt.
So :
cryptDecrypt(privateKeyContext, buffer, lengthBuffer); /*to encrypt with the 
private key*/
cryptEncrypt(publicKeyContext, buffer, lengthBuffer); /*to decrypt with the 
public key*/

	Olivier


From cryptlib@mbsks.franken.de  Mon Oct  8 18:50:50 2001
From: cryptlib@mbsks.franken.de (Graham Phillips)
Date: Mon, 8 Oct 2001 18:50:50 +0100
Subject: Re[2]: [Cryptlib] pb with RSA
In-Reply-To: <F96viYjfk9hwEow0lCl00013eca@hotmail.com>
References: <F96viYjfk9hwEow0lCl00013eca@hotmail.com>
Message-ID: <7333978498.20011008185050@caret.cam.ac.uk>

For some further clarification (I hope) see
http://smartcard.caret.cam.ac.uk/encryption.html


On 06 October 2001, Phillip McMahon wrote:
PM> you cannot encrypt with your private key otherwise anybody
PM> with access to your public key would be able to read
PM> anything/everything that you encrypted whether you wanted
PM> them to or not! You must encrypt with your public key and
PM> use your private key for decryption.


-- 
Graham Phillips
Centre for Applied Research in Education Technologies
16 Mill Lane, Cambridge, CB2 1SB, UK
phone (+44) (0) 1223 765371, fax 765505
http://www.caret.cam.ac.uk/



From cryptlib@mbsks.franken.de  Wed Oct 10 00:26:02 2001
From: cryptlib@mbsks.franken.de (Todd Detwiler)
Date: Tue, 09 Oct 2001 16:26:02 -0700
Subject: [Cryptlib] geting the public key
Message-ID: <F208ojJoPUprhup7IpG00001494@hotmail.com>

Can someone help me with this? OK, I've generated a key pair into a 
CRYPT_CONTEXT called privKeyContext. I then add the private key to a keyset 
associated with a file. I believe that the public key is also automatically 
added to this keyset file, is this true. I only think so because I retrieved 
the public key from this file and successfully matched a signature (at least 
I think I did it right). But, now I have another question, can I get the 
public key from privKeyContext and write it to a keyset file containing only 
the public, but not the private key? The function cryptAddPublicKey requires 
a certificate, which I have not generated. Do I have to? What I am trying to 
do is create a file for other users that has only the public key.
Thanks for any help you can offer,
Todd

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp



From cryptlib@mbsks.franken.de  Wed Oct 10 19:05:04 2001
From: cryptlib@mbsks.franken.de (Todd Detwiler)
Date: Wed, 10 Oct 2001 11:05:04 -0700
Subject: [Cryptlib] Please help, public key files
Message-ID: <F111GXix4A2DreBBsQw00002538@hotmail.com>

Hello, I was hoping that someone would be able to help me with this problem. 
I am building a server/client type distributed application. I want to be 
able to store a public key on each client so that they can check the 
signature of files coming from the server. I don't need the key to be in 
anything comlicated, like a database. I was just hoping for something 
simpler such as a public key file or even hardcoded into my application. 
But, I can't figure out how to extract the public key from my servers keyset 
and store it in a file without the associated private key. It seems like the 
keyset type that is a file, requires the private key if you want to store a 
public key or key certificate in it. I do not want the private key on the 
client system. Any suggestions on how to create a public key only file (or 
just get the the actual bytestream of the public key so that I can hard-code 
it)?
Thanks for any help that you can offer,
Todd

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp



From cryptlib@mbsks.franken.de  Wed Oct 10 23:00:48 2001
From: cryptlib@mbsks.franken.de (Todd Detwiler)
Date: Wed, 10 Oct 2001 15:00:48 -0700
Subject: [Cryptlib] more public key questions
Message-ID: <F560dSHpVyLridnGiAw000028ef@hotmail.com>

Hmmm, is anyone else on this mailing list.

I am still trying to figure out how to generate a public key file that does 
not have the associated private key file in it. At the moment, I am trying 
to use pgp keyrings to do this, but it is not working. When I use 
cyyptGetPrivateKey on a pgp file to get the key for my context, then when I 
try to determine the signature size to allocate (by doing a 
cryptCreateSignature with a NULL signature) it says that the signature size 
should be 0. Anyone have any suggestions (or other ways of generating a 
public key only file, it need not be a pgp keyring)?
Thanks,
Todd

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp



From cryptlib@mbsks.franken.de  Thu Oct 11 04:31:39 2001
From: cryptlib@mbsks.franken.de (Peter Gutmann)
Date: Thu, 11 Oct 2001 16:31:39 +1300 (NZDT)
Subject: [Cryptlib] Please help, public key files
Message-ID: <200110110331.QAA45571@ruru.cs.auckland.ac.nz>

"Todd Detwiler" <detwiler_todd@hotmail.com> writes:

>Any suggestions on how to create a public key only file (or just get the the
>actual bytestream of the public key so that I can hard-code it)?

Convert it into a certificate, then call cryptExportCert().

Peter.


From cryptlib@mbsks.franken.de  Thu Oct 11 09:48:49 2001
From: cryptlib@mbsks.franken.de (Delphi Todd)
Date: Thu, 11 Oct 2001 08:48:49 +0000
Subject: [Cryptlib] newbie question
Message-ID: <F147Jf7zynrvDOv5y4F00002df3@hotmail.com>

Hello everbody,

I have a question about the functions decrypt/encrypt. I wrote a simple VB 
programm :

Private Sub Test1_Click()
    Dim sTemp As String
    Dim sTempLen As Integer

    cryptInit
    cryptError = cryptCreateContext(cryptContext, CRYPT_UNUSED, 
CRYPT_ALGO_3DES)
    cryptError = cryptSetAttributeString(cryptContext, CRYPT_CTXINFO_KEY, 
"0123456789ABCDEF", 16)
    sTempLen = Len(sTemp)
    sTemp = String(8, " ")
    sTemp = Left(Text1.Text & sTemp, 8)
    cryptError = cryptEncrypt(cryptContext, sTemp, 8)
    If cryptStatusError(cryptError) Then
        MsgBox cryptError
    End If

    Text2.Text = sTemp

    cryptError = cryptDestroyContext(cryptContext)
    cryptEnd


The result in sTemp is different any time. The decrypt from this value (with 
the decrypt function) give's me the Error -11. What is wrong at this simple 
programm? Could me somebody help ?

Thanks
Todd



_________________________________________________________________
Downloaden Sie MSN Explorer kostenlos unter http://explorer.msn.de/intl.asp



From cryptlib@mbsks.franken.de  Thu Oct 11 22:06:36 2001
From: cryptlib@mbsks.franken.de (Todd Detwiler)
Date: Thu, 11 Oct 2001 14:06:36 -0700
Subject: [Cryptlib] Please help, public key files
Message-ID: <F44u8H8tiCxmDGgMrT500004003@hotmail.com>

OK, I got that to work. Thank you very much for your help. :)
Todd



>From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
>Reply-To: cryptlib@mbsks.franken.de
>To: cryptlib@mbsks.franken.de
>Subject: Re:  [Cryptlib] Please help, public key files
>Date: Thu, 11 Oct 2001 16:31:39 +1300 (NZDT)
>
>"Todd Detwiler" <detwiler_todd@hotmail.com> writes:
>
> >Any suggestions on how to create a public key only file (or just get the 
>the
> >actual bytestream of the public key so that I can hard-code it)?
>
>Convert it into a certificate, then call cryptExportCert().
>
>Peter.
>
>_______________________________________________
>Cryptlib mailing list
>Cryptlib@mbsks.franken.de
>Administration via Mail: cryptlib-request@mbsks.franken.de


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp



From cryptlib@mbsks.franken.de  Fri Oct 12 04:31:53 2001
From: cryptlib@mbsks.franken.de (Jay Moore)
Date: Thu, 11 Oct 2001 22:31:53 -0500
Subject: [Cryptlib] salt & iteration count questions
Message-ID: <3BC61DD9.32335.65EE8FD1@localhost>

I've been rummaging around in the cryptlib source code (cryptmch.c) 
trying to better understand how PKCS #5 key derivation works. I've got 
a couple of questions:

How (and where) is the salt generated? I assume it's generated by the 
RNG, but I've been unable to locate a function or constant that allows 
one to set the size or value of the salt.

Same question for the # of iterations (mechanismInfo->iterations)... It 
is apparently set to a value of 500, but PKCS #5 v2 recommends a 
minimum of 1000.

Thanks,
Jay


From cryptlib@mbsks.franken.de  Fri Oct 12 06:49:11 2001
From: cryptlib@mbsks.franken.de (=?ks_c_5601-1987?B?sei8urD8?=)
Date: Fri, 12 Oct 2001 14:49:11 +0900
Subject: [Cryptlib] pb with RSA
Message-ID: <001901c152e1$9f5dac00$c1d6ecd3@win2k.virtualtek.co.kr>

This is a multi-part message in MIME format.

------=_NextPart_000_0016_01C1532D.0DFCCE70
Content-Type: text/plain;
	charset="ks_c_5601-1987"
Content-Transfer-Encoding: base64

SGkgfn4gZXZlcnlvbmUuLg0KSSBoYXZlIGEgcHJvYmxlbSBhYm91dCBtYWtpbmcgUy9NSU1FIHdp
dGggbGFyZ2UgZGF0YSBxdWFudGl0eS4NCg0KSSBjcmVhdGVkIGEgRW52ZWxvcGxlIGxpa2UgYmVs
b3cuIEluIGNhc2UgZW52ZWxvcGluZyAgc21hbGwgZGF0YSBxdWFudGl0eSwgdGhlcmUgaXMgbm8g
cHJvYmxlbS4NCiAgICAic3RhdHVzID0gY3J5cHRDcmVhdGVFbnZlbG9wZSggJmNyeXB0RW52ZWxv
cGUsIENSWVBUX1VOVVNFRCwgQ1JZUFRfRk9STUFUX1NNSU1FICk7Ig0KYnV0IGluIGNhc2UgbGFy
Z2UgZGF0YSBxdWFudGl0eSwgdGhlcmUgaXMgYSBwcm9ibGVtcy4NCg0Kc28sICBJIHdyaXRlZCBj
b2RlcyBsaWtlIGluIG1hbnVhbCAsIEVudmVsb3BpbmcgTGFyZ2UgRGF0YSBRdWFudGl0eS4NCg0K
ICAgICIgIA0KICAgICAgICBzdGF0dXMgPSBjcnlwdFNldEF0dHJpYnV0ZSggY3J5cHRFbnZlbG9w
ZSwgQ1JZUFRfQVRUUklCVVRFX0JVRkZFUlNJWkUsIEJVRkZFUl9TSVpFICk7DQogICAgICAgIHdo
aWxlKG9mZnNldCA9IGZyZWFkKGVtbEJ1ZiwgMSwgQlVGRkVSX1NJWkUtNDA5NiwgZkluKSA+IDAp
IHsNCiAgICAgICAgICAgICAgICBtZXNzYWdlTGVuZ3RoID0gc3RybGVuKGVtbEJ1Zik7DQoNCiAg
ICAgICAgICAgICAgICBzdGF0dXMgPSBjcnlwdFB1c2hEYXRhKCBjcnlwdEVudmVsb3BlLCBlbWxC
dWYsIG1lc3NhZ2VMZW5ndGgsICZieXRlc0NvcGllZCApOw0KICAgICAgICAgICAgICAgIHN0YXR1
cyA9IGNyeXB0UG9wRGF0YSggY3J5cHRFbnZlbG9wZSwgZW1sQnVmLCBCVUZGRVJfU0laRSwgJmJ5
dGVzQ29waWVkICk7DQogICAgICAgICAgICAgICAgY291bnQgID0gYmFzZTY0ZW5jb2RlKG91dEJ1
ZiwgZW1sQnVmLCBieXRlc0NvcGllZCwgQ1JZUFRfQ0VSVFRZUEVfTk9ORSk7DQogICAgICAgICAg
ICAgICAgZmlsZUNvcGllZCA9ICBmd3JpdGUob3V0QnVmLCAxLCBjb3VudCwgZk91dCk7DQogICAg
ICAgICB9DQogICAgICAgIA0KICAgICAgICBzdGF0dXMgPSBjcnlwdFB1c2hEYXRhKCBjcnlwdEVu
dmVsb3BlLCBOVUxMLCAwLCBOVUxMICk7DQogICAgICAgIHN0YXR1cyA9IGNyeXB0UG9wRGF0YSgg
Y3J5cHRFbnZlbG9wZSwgZW1sQnVmLCBCVUZGRVJfU0laRSwgJmJ5dGVzQ29waWVkICk7DQoNCiAg
ICAgICAgaWYgKGJ5dGVzQ29waWVkKSB7DQogICAgICAgICAgICAgICAgY291bnQgID0gYmFzZTY0
ZW5jb2RlKG91dEJ1ZiwgZW1sQnVmLCBieXRlc0NvcGllZCwgQ1JZUFRfQ0VSVFRZUEVfTk9ORSk7
DQogICAgICAgICAgICAgICAgZmlsZUNvcGllZCA9ICBmd3JpdGUob3V0QnVmLCAxLCBjb3VudCwg
Zk91dCk7DQogICAgICAgIH0NCiAgICINCg0KVGhlIHJlc3VsdCBpcyBiYXNlNjQgZW5jb2RlZCBk
YXRhcyBhbmQgSSBkZWNyeXB0ZWQgdGhhdCwgYnV0IHRoZSByZXN1bHQgaXMgZXJyb3Igd2l0aCBj
b2RlIC0zMS4NCg0KSXQgdGhhdCByaWdodCB3YXkgdG8gbWFrZSBzbWltZSBkYXRhIHdpdGggbGFy
Z2UgZGF0YSBxdWFudGl0eT8/DQoNClBsZWFzZSBoZWxwIG1lfn4NCg0K

------=_NextPart_000_0016_01C1532D.0DFCCE70
Content-Type: text/html;
	charset="ks_c_5601-1987"
Content-Transfer-Encoding: base64

PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv
L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu
dD0idGV4dC9odG1sOyBjaGFyc2V0PWtzX2NfNTYwMS0xOTg3Ij4NCjxNRVRBIGNvbnRlbnQ9Ik1T
SFRNTCA2LjAwLjI2MDAuMCIgbmFtZT1HRU5FUkFUT1I+DQo8U1RZTEU+PC9TVFlMRT4NCjwvSEVB
RD4NCjxCT0RZIGJnQ29sb3I9I2ZmZmZmZj4NCjxESVY+PEZPTlQgc2l6ZT0yPkhpIH5+IGV2ZXJ5
b25lLi48L0ZPTlQ+PC9ESVY+DQo8RElWPjxGT05UIHNpemU9Mj5JIGhhdmUgYSBwcm9ibGVtIGFi
b3V0IG1ha2luZyBTL01JTUUgd2l0aCBsYXJnZSBkYXRhIA0KcXVhbnRpdHkuPC9GT05UPjwvRElW
Pg0KPERJVj48Rk9OVCBzaXplPTI+PC9GT05UPiZuYnNwOzwvRElWPg0KPERJVj48Rk9OVCBzaXpl
PTI+SSBjcmVhdGVkIGEgRW52ZWxvcGxlIGxpa2UgYmVsb3cuIEluIGNhc2UgZW52ZWxvcGluZyZu
YnNwOyANCnNtYWxsIGRhdGEgcXVhbnRpdHksIHRoZXJlIGlzIG5vIHByb2JsZW0uPC9GT05UPjwv
RElWPg0KPERJVj48Rk9OVCBzaXplPTI+DQo8RElWPjxGT05UIHNpemU9Mj4mbmJzcDsmbmJzcDsm
bmJzcDsgInN0YXR1cyA9IGNyeXB0Q3JlYXRlRW52ZWxvcGUoIA0KJmFtcDtjcnlwdEVudmVsb3Bl
LCBDUllQVF9VTlVTRUQsIENSWVBUX0ZPUk1BVF9TTUlNRSApOyI8L0ZPTlQ+PC9ESVY+DQo8RElW
PmJ1dCBpbiBjYXNlIGxhcmdlIGRhdGEgcXVhbnRpdHksIHRoZXJlIGlzIGEgcHJvYmxlbXMuPC9E
SVY+DQo8RElWPiZuYnNwOzwvRElWPg0KPERJVj5zbywmbmJzcDsgSSB3cml0ZWQgY29kZXMgbGlr
ZSBpbiBtYW51YWwgLCBFbnZlbG9waW5nIExhcmdlIERhdGEgDQpRdWFudGl0eS48L0RJVj4NCjxE
SVY+Jm5ic3A7PC9ESVY+DQo8RElWPiZuYnNwOyZuYnNwOyZuYnNwOyAiJm5ic3A7IDwvRElWPg0K
PERJVj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgc3RhdHVzID0g
Y3J5cHRTZXRBdHRyaWJ1dGUoIA0KY3J5cHRFbnZlbG9wZSwgQ1JZUFRfQVRUUklCVVRFX0JVRkZF
UlNJWkUsIEJVRkZFUl9TSVpFICk7PC9ESVY+DQo8RElWPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyAgd2hpbGUob2Zmc2V0ID0gZnJlYWQoZW1sQnVmLCAxLCANCkJVRkZFUl9T
SVpFLTQwOTYsIGZJbikgJmd0OyAwKSB7PC9ESVY+DQo8RElWPiZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyANCm1lc3NhZ2VMZW5ndGggPSBzdHJsZW4oZW1sQnVmKTs8L0RJVj4NCjxE
SVY+PEJSPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyANCnN0YXR1cyA9IGNyeXB0
UHVzaERhdGEoIGNyeXB0RW52ZWxvcGUsIGVtbEJ1ZiwgbWVzc2FnZUxlbmd0aCwgJmFtcDtieXRl
c0NvcGllZCANCik7PEJSPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyANCnN0YXR1
cyA9IGNyeXB0UG9wRGF0YSggY3J5cHRFbnZlbG9wZSwgZW1sQnVmLCBCVUZGRVJfU0laRSwgJmFt
cDtieXRlc0NvcGllZCANCik7PEJSPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAN
CmNvdW50Jm5ic3A7ID0gYmFzZTY0ZW5jb2RlKG91dEJ1ZiwgZW1sQnVmLCBieXRlc0NvcGllZCwg
DQpDUllQVF9DRVJUVFlQRV9OT05FKTs8L0RJVj4NCjxESVY+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7IA0KZmlsZUNvcGllZCA9Jm5ic3A7IGZ3cml0ZShvdXRCdWYsIDEsIGNvdW50
LCBmT3V0KTs8L0RJVj4NCjxESVY+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7IH08L0RJVj4NCjxESVY+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7IDwvRElWPg0KPERJVj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsgc3RhdHVzID0gY3J5cHRQdXNoRGF0YSggDQpjcnlwdEVudmVsb3BlLCBOVUxM
LCAwLCBOVUxMICk7PEJSPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyANCnN0YXR1cyA9IGNyeXB0UG9wRGF0YSggY3J5cHRFbnZlbG9wZSwgZW1sQnVmLCBCVUZGRVJf
U0laRSwgJmFtcDtieXRlc0NvcGllZCANCik7PEJSPjwvRElWPg0KPERJVj4mbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgaWYgKGJ5dGVzQ29waWVkKSANCns8QlI+Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IA0KY291bnQmbmJzcDsgPSBiYXNlNjRlbmNv
ZGUob3V0QnVmLCBlbWxCdWYsIGJ5dGVzQ29waWVkLCANCkNSWVBUX0NFUlRUWVBFX05PTkUpOzwv
RElWPg0KPERJVj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgDQpmaWxlQ29waWVk
ID0mbmJzcDsgZndyaXRlKG91dEJ1ZiwgMSwgY291bnQsIA0KZk91dCk7PEJSPiZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB9PC9ESVY+PC9ESVY+DQo8RElWPiZuYnNw
OyZuYnNwOyAiPC9ESVY+DQo8RElWPiZuYnNwOzwvRElWPg0KPERJVj5UaGUgcmVzdWx0IGlzIGJh
c2U2NCBlbmNvZGVkIGRhdGFzIGFuZCBJIGRlY3J5cHRlZCB0aGF0LCBidXQgdGhlIHJlc3VsdCBp
cyANCmVycm9yIHdpdGggY29kZSAtMzEuPC9ESVY+DQo8RElWPiZuYnNwOzwvRElWPg0KPERJVj5J
dCB0aGF0IHJpZ2h0IHdheSB0byBtYWtlIHNtaW1lIGRhdGEgd2l0aCBsYXJnZSBkYXRhIHF1YW50
aXR5Pz88L0RJVj4NCjxESVY+Jm5ic3A7PC9ESVY+DQo8RElWPlBsZWFzZSBoZWxwIG1lfn48L0ZP
TlQ+PEZPTlQgc2l6ZT0yPjxCUj48L0RJVj48L0ZPTlQ+PC9CT0RZPjwvSFRNTD4NCg==

------=_NextPart_000_0016_01C1532D.0DFCCE70--



From cryptlib@mbsks.franken.de  Fri Oct 12 08:12:43 2001
From: cryptlib@mbsks.franken.de (Peter Gutmann)
Date: Fri, 12 Oct 2001 20:12:43 +1300 (NZDT)
Subject: [Cryptlib] salt & iteration count questions
Message-ID: <200110120712.UAA258123@ruru.cs.auckland.ac.nz>

"Jay Moore" <jaymo@hiwaay.net> writes:

>How (and where) is the salt generated? I assume it's generated by the RNG, but
>I've been unable to locate a function or constant that allows one to set the
>size or value of the salt.

CRYPT_CTXINFO_KEYING_SALT.

>Same question for the # of iterations (mechanismInfo->iterations)... It is
>apparently set to a value of 500, but PKCS #5 v2 recommends a minimum of 1000.

CRYPT_CTXINFO_KEYING_ITERATIONS.

Peter.


From cryptlib@mbsks.franken.de  Fri Oct 12 17:27:16 2001
From: cryptlib@mbsks.franken.de (Todd Detwiler)
Date: Fri, 12 Oct 2001 09:27:16 -0700
Subject: [Cryptlib] pb with RSA
Message-ID: <F79oJbglrDqlvAiDtHF00004edc@hotmail.com>

I am not sure what the problem is (I am a new user of Cryptlib), but I do 
know what that error code is. Although you have probably already figured 
this out on your own, error -31 is CRYPT_ERROR_UNDERFLOW (not enough data 
available).
Hope that is of some help,
Todd


>From: ±è¼º°ü <kimsk@virtualtek.co.kr>
>Reply-To: cryptlib@mbsks.franken.de
>To: <cryptlib@mbsks.franken.de>
>Subject: Re: [Cryptlib] pb with RSA
>Date: Fri, 12 Oct 2001 14:49:11 +0900
>
>Hi ~~ everyone..
>I have a problem about making S/MIME with large data quantity.
>
>I created a Envelople like below. In case enveloping  small data quantity, 
>there is no problem.
>     "status = cryptCreateEnvelope( &cryptEnvelope, CRYPT_UNUSED, 
>CRYPT_FORMAT_SMIME );"
>but in case large data quantity, there is a problems.
>
>so,  I writed codes like in manual , Enveloping Large Data Quantity.
>
>     "
>         status = cryptSetAttribute( cryptEnvelope, 
>CRYPT_ATTRIBUTE_BUFFERSIZE, BUFFER_SIZE );
>         while(offset = fread(emlBuf, 1, BUFFER_SIZE-4096, fIn) > 0) {
>                 messageLength = strlen(emlBuf);
>
>                 status = cryptPushData( cryptEnvelope, emlBuf, 
>messageLength, &bytesCopied );
>                 status = cryptPopData( cryptEnvelope, emlBuf, BUFFER_SIZE, 
>&bytesCopied );
>                 count  = base64encode(outBuf, emlBuf, bytesCopied, 
>CRYPT_CERTTYPE_NONE);
>                 fileCopied =  fwrite(outBuf, 1, count, fOut);
>          }
>
>         status = cryptPushData( cryptEnvelope, NULL, 0, NULL );
>         status = cryptPopData( cryptEnvelope, emlBuf, BUFFER_SIZE, 
>&bytesCopied );
>
>         if (bytesCopied) {
>                 count  = base64encode(outBuf, emlBuf, bytesCopied, 
>CRYPT_CERTTYPE_NONE);
>                 fileCopied =  fwrite(outBuf, 1, count, fOut);
>         }
>    "
>
>The result is base64 encoded datas and I decrypted that, but the result is 
>error with code -31.
>
>It that right way to make smime data with large data quantity??
>
>Please help me~~
>


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp



From cryptlib@mbsks.franken.de  Fri Oct 12 19:48:33 2001
From: cryptlib@mbsks.franken.de (Marc DVer)
Date: Fri, 12 Oct 2001 14:48:33 -0400
Subject: [Cryptlib] Newbie Help
Message-ID: <002a01c1534e$7e85d8a0$09c8a8c0@domain>

I am just starting to fiddle with cryptlib.  I am having some trouble
understanding the basic concepts behind it.  Would someone be so kind as to
let me see some sample code in VB?  I just need to know how things are
organized, how certain things are done, etc.  Yes, I RTFMed, but it is a bit
unclear.

Marc DVer





From cryptlib@mbsks.franken.de  Sun Oct 14 08:08:42 2001
From: cryptlib@mbsks.franken.de (Jay Moore)
Date: Sun, 14 Oct 2001 02:08:42 -0500
Subject: [Cryptlib] salt & iteration count questions
In-Reply-To: <200110120712.UAA258123@ruru.cs.auckland.ac.nz>
Message-ID: <3BC8F3AA.21988.7101CA2D@localhost>

On 12 Oct 2001,, Peter Gutmann wrote:

> >How (and where) is the salt generated? I assume it's generated by the
> >RNG, but I've been unable to locate a function or constant that allows
> >one to set the size or value of the salt.
> 
> CRYPT_CTXINFO_KEYING_SALT.
> 
> >Same question for the # of iterations (mechanismInfo->iterations)... It
> >is apparently set to a value of 500, but PKCS #5 v2 recommends a
> >minimum of 1000.
> 
> CRYPT_CTXINFO_KEYING_ITERATIONS.

I'm sure these are valuable clues, but they're not helping me much. 
Actually, VC++ reports 22 occurrences of the string 
"CRYPT_CTXINFO_KEYING_SALT" in the cryptlib project. Since I was unable 
to find the code that assigned an actual value, I placed breakpoints on 
each executable line of code containing this string. However, execution 
reaches the "derivePKCS5" function without encountering any of these 
breakpoints. It would seem that "CRYPT_CTXINFO_KEYING_SALT" has nothing 
to do with the salt used in generating a PKCS #5 v2 key, eh?

WTFO,
Jay Moore


From cryptlib@mbsks.franken.de  Sun Oct 14 12:52:58 2001
From: cryptlib@mbsks.franken.de (Peter Gutmann)
Date: Mon, 15 Oct 2001 00:52:58 +1300 (NZDT)
Subject: [Cryptlib] salt & iteration count questions
Message-ID: <200110141152.AAA32020@ruru.cs.auckland.ac.nz>

"Jay Moore" <jaymo@hiwaay.net> writes:

>I'm sure these are valuable clues, but they're not helping me much. Actually,
>VC++ reports 22 occurrences of the string "CRYPT_CTXINFO_KEYING_SALT" in the
>cryptlib project. Since I was unable to find the code that assigned an actual
>value, I placed breakpoints on each executable line of code containing this
>string. However, execution reaches the "derivePKCS5" function without
>encountering any of these breakpoints. It would seem that
>"CRYPT_CTXINFO_KEYING_SALT" has nothing to do with the salt used in generating
>a PKCS #5 v2 key, eh?

To specify the salt, you set the CRYPT_CTXINFO_KEYING_SALT attribute, to set
the iterations you set the CRYPT_CTXINFO_KEYING_ITERATIONS, as explained in the
manual in the section on key derivation.  (Why are you poking around inside the
source code?  It'd be much easier to refer to the manual).

Peter.




From cryptlib@mbsks.franken.de  Sun Oct 14 21:25:45 2001
From: cryptlib@mbsks.franken.de (Jay Moore)
Date: Sun, 14 Oct 2001 15:25:45 -0500
Subject: [Cryptlib] salt & iteration count questions
In-Reply-To: <200110141152.AAA32020@ruru.cs.auckland.ac.nz>
Message-ID: <3BC9AE79.12812.73DB811C@localhost>

On 15 Oct 2001,, you wrote:

> To specify the salt, you set the CRYPT_CTXINFO_KEYING_SALT attribute, to
> set the iterations you set the CRYPT_CTXINFO_KEYING_ITERATIONS, as
> explained in the manual in the section on key derivation.  (Why are you
> poking around inside the source code?  It'd be much easier to refer to
> the manual).

I'm beginning to feel a bit like Alice. I researched the manual before 
posting my question, but didn't find an answer... I've just now 
reviewed the Table of Contents in the cryptlib manual (.pdf file), and 
I still find no section titled "key derivation"... I searched the .pdf 
file for the occurrence of the string "key derivation", and also found 
nothing.

The reason I'm "poking around" inside the source code is two-fold: 1) 
'cause I couldn't find an answer in the manual, and - well, I guess I'm 
one of those people who's compelled to take things apart to see how 
they work. And I was under the impression that "poking around" was 
encouraged... one of the primary advantages of open source software.

I'm _really_ not trying to be a smart-ass, and not looking to be "spoon 
fed" information. Anyway, after some more "poking around" I think I've 
found the answer to my question:

The salt value for the PKCS #5 v2 key generation is created in a 
function called "getNonce" with arguments "mechanismInfo.salt, & 
PKCS5_SALT_SIZE". "getNonce" generates a salt value by calling C's 
"time" function, and hashing the result. 

FWIW, I found no dependence of PKCS5_SALT_SIZE on the 
CRYPT_CTXINFO_KEYING_SALT attribute. In fact, line 26 of crypt.c 
#define's PKCS5_SALT_SIZE to 8 bytes. Nor could I find any dependence 
of mechanismInfo.salt on CRYPT_CTXINFO_KEYING_SALT.

If I've overlooked something, please correct me.

Thanks,
Jay Moore


From cryptlib@mbsks.franken.de  Mon Oct 15 09:40:53 2001
From: cryptlib@mbsks.franken.de (cryptlib@mbsks.franken.de)
Date: Mon, 15 Oct 2001 10:40:53 +0200
Subject: [Cryptlib] certificate chaining
Message-ID: <OFF3ED2A92.5F278EDB-ONC1256AE6.002F4EE8@lombardodier.com>

<br><font size=2 face="sans-serif">Hello all,</font>
<br>
<br><font size=2 face="sans-serif">Does anyone knows how to build a certificate chain without using each time the CA's private key ?</font>
<br><font size=2 face="sans-serif">Say I have a certificate X signed with a CA. I want sign another certificate with X, but without using the CA's private key, how can I achieve it ?</font>
<br>
<br><font size=2 face="sans-serif">Thank's</font>
<br><font size=2 face="sans-serif">Anton.<br>
<br>
<br>
************************ DISCLAIMER ************************<br>
This message is intended only for use by the person <br>
to whom it is addressed. It may contain information <br>
that is privileged and confidential. Its content does <br>
not constitute a formal commitment by Lombard Odier. <br>
If you are not the intended recipient of this message, <br>
kindly notify the sender immediately and destroy this <br>
message. Thank You.<br>
*****************************************************************<br>
<br>
<br>
</font>


From cryptlib@mbsks.franken.de  Tue Oct 16 04:11:01 2001
From: cryptlib@mbsks.franken.de (Peter Gutmann)
Date: Tue, 16 Oct 2001 16:11:01 +1300 (NZDT)
Subject: [Cryptlib] salt & iteration count questions
Message-ID: <200110160311.QAA94263@ruru.cs.auckland.ac.nz>

"Jay Moore" <jaymo@hiwaay.net> writes:
>On 15 Oct 2001,, you wrote:
>>To specify the salt, you set the CRYPT_CTXINFO_KEYING_SALT attribute, to
>>set the iterations you set the CRYPT_CTXINFO_KEYING_ITERATIONS, as
>>explained in the manual in the section on key derivation.
>
>I'm beginning to feel a bit like Alice. I researched the manual before posting
>my question, but didn't find an answer... I've just now reviewed the Table of
>Contents in the cryptlib manual (.pdf file), and I still find no section titled
>"key derivation"... 

"Deriving a Key into an Encryption Context", p.72.  A search for either of the
two attribute names I mentioned finds it immediately.

Peter.


From cryptlib@mbsks.franken.de  Tue Oct 16 00:41:11 2001
From: cryptlib@mbsks.franken.de (Todd Detwiler)
Date: Mon, 15 Oct 2001 16:41:11 -0700
Subject: [Cryptlib] checking a signature
Message-ID: <DAV325XkZ1HaRH4Nury00002995@hotmail.com>

This is a multi-part message in MIME format.

------=_NextPart_000_0017_01C15598.32616C40
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I am having a major problem with signing, and then checking the =
signature on a file. I am creating an RSA key pair, and I am making a =
simple key certificate for the public key and giving it to the clients =
that I want to be able to verify my signature. Now, if I sign a file, =
send them the signature, but a different file, then they reject the =
signature, as they should because the code for the file I sent them does =
not hash to the same value as the signature. However, here is the =
strange part. If I send them a key certificate that is NOT created from =
the key pair that I am using to sign the file, but from a different key, =
then cryptCheckSignature() accepts any file and signature regardless of =
whether the signature is from the same file. What I am saying is that if =
the public key (certificate) is not a match to the private key used in =
signing, then cryptCheckSignature() does not throw any error!!!!! Does =
anyone know why this is, or how the client can tell if they are =
accepting the file because it's signature is good rather than just =
signed by the wrong private key?
Thanks in advance,
Todd

------=_NextPart_000_0017_01C15598.32616C40
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.3315.2870" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>I am having a major problem with =
signing, and then=20
checking the signature on a file. I am creating an RSA key pair, and I =
am making=20
a simple key certificate for the public key and giving it to the clients =
that I=20
want to be able to verify my signature. Now, if I sign a file, send them =
the=20
signature, but a different file, then they reject the signature, as they =
should=20
because the code for the file I sent them does not hash to the same =
value as the=20
signature. However, here is the strange part. If I send them a key =
certificate=20
that is NOT created from the key pair that I am using to sign the file, =
but from=20
a different key, then cryptCheckSignature() accepts any file and =
signature=20
regardless of whether the signature is from the same file. What I am =
saying is=20
that if the public key (certificate) is not a match to the private key =
used in=20
signing, then cryptCheckSignature() does not throw any error!!!!! Does =
anyone=20
know why this is, or how the client&nbsp;can tell if they are accepting =
the file=20
because it's signature is good rather than just signed by the wrong =
private=20
key?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Thanks in advance,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Todd</FONT></DIV></BODY></HTML>

------=_NextPart_000_0017_01C15598.32616C40--


From cryptlib@mbsks.franken.de  Tue Oct 16 10:50:49 2001
From: cryptlib@mbsks.franken.de (cryptlib@mbsks.franken.de)
Date: Tue, 16 Oct 2001 11:50:49 +0200
Subject: [Cryptlib] (no subject)
Message-ID: <OF506A218E.74496AEB-ONC1256AE7.00355117@lombardodier.com>

<br><font size=2 face="sans-serif">Hi all,</font>
<br>
<br><font size=2 face="sans-serif">I have a following problem : </font>
<br>
<br><font size=2 face="sans-serif">I have a NT Service that is acting as an authentication server. So it listens on the specified socket port, recieve client request, generates a token for this client and sends token to this client. </font>
<br><font size=2 face="sans-serif">The authentication server uses cryptlib for random and certificate generation. Also, the token sent to the client is envelopped with client certificate.</font>
<br>
<br><font size=2 face="sans-serif">When the client connects to the authentication server, it sends his certificate, which is reused in the server's envelopping process. The authentication server uses his private key to sign data that he sends to the client.</font>
<br>
<br><font size=2 face="sans-serif">I have make some basic tests in my pc, all worked well. But when I started do some stress tests, after a 456 authentication request, cryptlib library has generated an access violation.</font>
<br><font size=2 face="sans-serif">I started to look log files and found that in the same time the authentication server and the client maked call to cryptGetPrivateKey (on the server side it's for the server's private key, and on the client side for the client's private key). I have regrouped all calls to cryptlib in a static library and put them in critical section.</font>
<br><font size=2 face="sans-serif">However, the problem persists.</font>
<br>
<br><font size=2 face="sans-serif">Does any one have encoutered this kind of problem ?</font>
<br><font size=2 face="sans-serif">Anton.<br>
<br>
<br>
************************ DISCLAIMER ************************<br>
This message is intended only for use by the person <br>
to whom it is addressed. It may contain information <br>
that is privileged and confidential. Its content does <br>
not constitute a formal commitment by Lombard Odier. <br>
If you are not the intended recipient of this message, <br>
kindly notify the sender immediately and destroy this <br>
message. Thank You.<br>
*****************************************************************<br>
<br>
<br>
</font>


From cryptlib@mbsks.franken.de  Tue Oct 16 11:36:47 2001
From: cryptlib@mbsks.franken.de (Peter Gutmann)
Date: Tue, 16 Oct 2001 23:36:47 +1300 (NZDT)
Subject: [Cryptlib] checking a signature
Message-ID: <200110161036.XAA102392@ruru.cs.auckland.ac.nz>

"Todd Detwiler" <detwiler_todd@hotmail.com> writes:

>I am having a major problem with signing, and then checking the signature on a
>file. I am creating an RSA key pair, and I am making a simple key certificate
>for the public key and giving it to the clients that I want to be able to
>verify my signature. Now, if I sign a file, send them the signature, but a
>different file , then they reject the signature, as they should because the
>code for the file I sent them does not hash to the same value as the signature.
>However, here is the strange part. If I send them a key certificate that is
>NOT created from the key pair that I am using to sign the file, but from a
>different key, then cryptCheckSignature() accepts any file and signature
>regardless of whether the signature is from the same file. What I am saying is
>that if the public key (certificate) is not a match to the private key used in
>signing, then cryptCheckSignature() does not throw any error!!!!! Does anyone
>know why this is, or how the client can tell if they are accepting the file
>because it's signature is good rather than just signed by the wrong private
>key?

What signature format are you using?

Peter.


From cryptlib@mbsks.franken.de  Tue Oct 16 11:31:37 2001
From: cryptlib@mbsks.franken.de (Peter Gutmann)
Date: Tue, 16 Oct 2001 23:31:37 +1300 (NZDT)
Subject: [Cryptlib] (no subject)
Message-ID: <200110161031.XAA102296@ruru.cs.auckland.ac.nz>

anton.soudovtsev@LombardOdier.com writes:

>I have a NT Service that is acting as an authentication server. So it listens
>on the specified socket port, recieve client request, generates a token for
>this client and sends token to this client.
>
>The authentication server uses cryptlib for random and certificate generation.
>Also, the token sent to the client is envelopped with client certificate.
>
>When the client connects to the authentication server, it sends his
>certificate, which is reused in the server's envelopping process. The
>authentication server uses his private key to sign data that he sends to the
>client.
>
>I have make some basic tests in my pc, all worked well. But when I started do
>some stress tests, after a 456 authentication request, cryptlib library has
>generated an access violation.
>
>I started to look log files and found that in the same time the authentication
>server and the client maked call to cryptGetPrivateKey (on the server side
>it's for the server's private key, and on the client side for the client's
>private key). I have regrouped all calls to cryptlib in a static library and
>put them in critical section.

Hmm, can you provide a bit more information than this (eg put printfs in the
code in strategic locations, I don't know what sort of debugging capabilities
you've got if it's running as a service)?  The only place where two processes
would touch the same data is when the file is opened, if you look at
sFileOpen() in stream.c you'll see the code which is used.  It's opened with
FILE_SHARE_READ so there shouldn't be a conflict (OTOH if one side is a service
running under the system account and the other a user process, who knows what
NT will do).  However if it's specifically inside cryptGetPrivateKey() then I
don't know where the problem could be, because it's reading in-memory data
which is private to both processes.

Peter.


From cryptlib@mbsks.franken.de  Tue Oct 16 18:29:11 2001
From: cryptlib@mbsks.franken.de (Jay Moore)
Date: Tue, 16 Oct 2001 12:29:11 -0500
Subject: [Cryptlib] Error in VB
Message-ID: <3BCC2817.25180.7D8691D4@localhost>

I'm using the Beta6 ver fo cryptlib w/ the VBCAPI.bas file...

Any idea why the following code crashes VB when trying to execute the 
VBcryptPopData line?

Private Sub cmdCryptLib_Click()
    Dim rtnCode As Long
    Dim lngEnvelope As Long, lngCopied As Long, lngLength As Long
    Dim strBuff As String, msg As String
    Dim strDum As String
    Dim cryptUser As Long
    
    msg = "my message is..."
    lngLength = Len(msg)

    rtnCode = VBcryptInit()
    
    rtnCode = VBcryptCreateEnvelope(lngEnvelope, CRYPT_FORMAT_CRYPTLIB)
    rtnCode = VBcryptSetAttributeString(lngEnvelope, 
CRYPT_ENVINFO_PASSWORD, "password")
    rtnCode = VBcryptSetAttribute(lngEnvelope, CRYPT_ENVINFO_DATASIZE, 
lngLength)
    rtnCode = VBcryptPushData(lngEnvelope, msg, lngLength, lngCopied)
    rtnCode = VBcryptPushData(lngEnvelope, strDum, 0, lngCopied)

    rtnCode = VBcryptPopData(lngEnvelope, strBuff, 9999, lngCopied)

    rtnCode = VBcryptDestroyEnvelope(lngEnvelope)
    rtnCode = VBcryptEnd()

Thanks,
Jay Moore


From cryptlib@mbsks.franken.de  Wed Oct 17 13:20:09 2001
From: cryptlib@mbsks.franken.de (Olivier Fouache)
Date: Wed, 17 Oct 2001 14:20:09 +0200
Subject: [Cryptlib] pb with RSA
In-Reply-To: <001001c16e65$34f26e60$b8a4c1c1@anton>
References: <001901c152e1$9f5dac00$c1d6ecd3@win2k.virtualtek.co.kr> <001001c16e65$34f26e60$b8a4c1c1@anton>
Message-ID: <01101714200909.06424@chabrol.eurecom.fr>

I can give you this function but in C ...


On Friday 16 November 2001 07:09, you wrote:
> where can i find this function tell me ?
>
> base64encode

----------------------------------------
Content-Type: text/html; charset="ks_c_5601-1987"; name="Attachment: 1"
Content-Transfer-Encoding: quoted-printable
Content-Description: 
----------------------------------------

-- 
Olivier Fouache                           http://www.eurecom.fr/~fouache/ 
Laboratoires CE/Securite                  Olivier.Fouache@eurecom.fr
Institut EURECOM, 2229 Route des Cretes   Tel labo secu : 04.93.00.26.98
SOPHIA ANTIPOLIS 06560 VALBONNE - FRANCE  


From cryptlib@mbsks.franken.de  Wed Oct 17 16:15:21 2001
From: cryptlib@mbsks.franken.de (Marc DVer)
Date: Wed, 17 Oct 2001 11:15:21 -0400
Subject: [Cryptlib] Error in VB
References: <3BCC2817.25180.7D8691D4@localhost>
Message-ID: <006401c1571e$8df95e50$09c8a8c0@domain>

Could someone explain why the code below would work at all?  It just seems
that a string is getting new data.  What makes that string execute any
commands in the DLL?

Marc DVer
----- Original Message -----
From: Jay Moore <jaymo@hiwaay.net>
To: <cryptlib@mbsks.franken.de>
Sent: Tuesday, October 16, 2001 1:29 PM
Subject: [Cryptlib] Error in VB


> I'm using the Beta6 ver fo cryptlib w/ the VBCAPI.bas file...
>
> Any idea why the following code crashes VB when trying to execute the
> VBcryptPopData line?
>
> Private Sub cmdCryptLib_Click()
>     Dim rtnCode As Long
>     Dim lngEnvelope As Long, lngCopied As Long, lngLength As Long
>     Dim strBuff As String, msg As String
>     Dim strDum As String
>     Dim cryptUser As Long
>
>     msg = "my message is..."
>     lngLength = Len(msg)
>
>     rtnCode = VBcryptInit()
>
>     rtnCode = VBcryptCreateEnvelope(lngEnvelope, CRYPT_FORMAT_CRYPTLIB)
>     rtnCode = VBcryptSetAttributeString(lngEnvelope,
> CRYPT_ENVINFO_PASSWORD, "password")
>     rtnCode = VBcryptSetAttribute(lngEnvelope, CRYPT_ENVINFO_DATASIZE,
> lngLength)
>     rtnCode = VBcryptPushData(lngEnvelope, msg, lngLength, lngCopied)
>     rtnCode = VBcryptPushData(lngEnvelope, strDum, 0, lngCopied)
>
>     rtnCode = VBcryptPopData(lngEnvelope, strBuff, 9999, lngCopied)
>
>     rtnCode = VBcryptDestroyEnvelope(lngEnvelope)
>     rtnCode = VBcryptEnd()
>
> Thanks,
> Jay Moore
>
> _______________________________________________
> Cryptlib mailing list
> Cryptlib@mbsks.franken.de
> Administration via Mail: cryptlib-request@mbsks.franken.de
>




From cryptlib@mbsks.franken.de  Thu Oct 18 18:54:14 2001
From: cryptlib@mbsks.franken.de (Jay Moore)
Date: Thu, 18 Oct 2001 12:54:14 -0500
Subject: [Cryptlib] Key Exchange Question
Message-ID: <3BCED0F6.21923.87EA39FF@localhost>

I'm confused on a point. I'd appreciate someone squaring me away on 
this...

Ref. the example on "Password-based Encryption Enveloping" on p. 30: To 
de-envelope the message, one pushes the password into the envelope. If 
the wrong password is supplied, an error code (-22 as I recall) is 
returned. How is this password confirmed as being correct? 

I know the salt and iteration count must be stored in the enveloped 
data, and the password, salt and iteration count are then used to 
generate a key iaw PKCS #5. But then what?... how is this generated key 
verified as the original key (used to create the envelope)? 

Thanks,
Jay Moore


From cryptlib@mbsks.franken.de  Fri Oct 19 01:33:18 2001
From: cryptlib@mbsks.franken.de (Peter Gutmann)
Date: Fri, 19 Oct 2001 13:33:18 +1300 (NZDT)
Subject: [Cryptlib] Key Exchange Question
Message-ID: <200110190033.NAA336529@ruru.cs.auckland.ac.nz>

"Jay Moore" <jaymo@hiwaay.net> writes:

>Ref. the example on "Password-based Encryption Enveloping" on p. 30: To de-
>envelope the message, one pushes the password into the envelope. If the wrong
>password is supplied, an error code (-22 as I recall) is returned. How is this
>password confirmed as being correct?

If the unwrapped session key format is incorrect, the password was wrong.  See
draft-ietf-smime-password-05.txt.

Peter.



From cryptlib@mbsks.franken.de  Fri Oct 19 15:27:55 2001
From: cryptlib@mbsks.franken.de (Jay Moore)
Date: Fri, 19 Oct 2001 09:27:55 -0500
Subject: [Cryptlib] Key Exchange Question
In-Reply-To: <200110190033.NAA336529@ruru.cs.auckland.ac.nz>
Message-ID: <3BCFF21B.29654.8C53B1B1@localhost>

On 19 Oct 2001,, you wrote:

> >Ref. the example on "Password-based Encryption Enveloping" on p. 30: To
> >de- envelope the message, one pushes the password into the envelope. If
> >the wrong password is supplied, an error code (-22 as I recall) is
> >returned. How is this password confirmed as being correct?
> 
> If the unwrapped session key format is incorrect, the password was
> wrong.  See draft-ietf-smime-password-05.txt.

Wow! A couple more questions...

1) As I found no specification for generation of the CEK in your draft 
am I correct in assuming CEK's are (typically) randomly generated keys?

2) Any thoughts on the likelihood of the draft becoming "standard 
practice"?

Thanks,
Jay Moore


From cryptlib@mbsks.franken.de  Sat Oct 20 02:52:28 2001
From: cryptlib@mbsks.franken.de (Peter Gutmann)
Date: Sat, 20 Oct 2001 14:52:28 +1300 (NZDT)
Subject: [Cryptlib] Key Exchange Question
Message-ID: <200110200152.OAA05449@ruru.cs.auckland.ac.nz>

"Jay Moore" <jaymo@hiwaay.net> writes:

>1) As I found no specification for generation of the CEK in your draft am I
>correct in assuming CEK's are (typically) randomly generated keys?

Yes.  The use of CEKs is described in RFC 2630.

>2) Any thoughts on the likelihood of the draft becoming "standard practice"?

It's a standards-track draft.

Peter.


From cryptlib@mbsks.franken.de  Mon Oct 22 08:28:32 2001
From: cryptlib@mbsks.franken.de (Jay Moore)
Date: Mon, 22 Oct 2001 02:28:32 -0500
Subject: [Cryptlib] Setting an IV
Message-ID: <3BD38450.9265.9A47BEDE@localhost>

I'm trying to set the IV value in an envelope. It seems the way to do 
this is to first create an encryption context, set its attributes, and 
then set the envelope attributes to those of the encryption context.

The code snippet below is my attempt to do this. It seems to work (the 
return val is "0"), but the IV attribute is not "sticking". Why? 

I've also noticed that there seems to be an order dependency in setting 
the attributes. For example, if I set the keying iterations after 
setting the key the "default" has been assumed, and the iteration count 
can no longer be set. So, I guess my general question is whether or not 
I'm approaching this business of setting attributes correctly??

Thanks,
Jay Moore



   cryptInit();
	cryptCreateEnvelope(&cryptEnvelope, CRYPT_UNUSED,                    
                         CRYPT_FORMAT_CRYPTLIB);
//
//	create encryption context for KEK & set its attributes 
	retVal = cryptCreateContext(&cryptContext, CRYPT_UNUSED, 		      
                         CRYPT_ALGO_DES);
	retVal = cryptSetAttribute ( cryptContext, CRYPT_CTXINFO_IVSIZE, 8);
	retVal = cryptSetAttributeString ( cryptContext, CRYPT_CTXINFO_IV,   
                                    ivBuff, 8);
	retVal = cryptSetAttribute ( cryptContext,                           
                         CRYPT_CTXINFO_KEYING_ITERATIONS, 5);
	retVal = cryptSetAttribute ( cryptContext, CRYPT_CTXINFO_MODE,       
                         CRYPT_MODE_CBC);
	retVal = cryptSetAttributeString ( cryptContext,                     
                         CRYPT_CTXINFO_KEYING_SALT, saltBuff, 8);
	retVal = cryptSetAttributeString ( cryptContext,                     
                         CRYPT_CTXINFO_KEYING_VALUE, kekBuff, 8);
//
//	set envelope attributes for KEK using the encryption context above:
	retVal = cryptSetAttribute(cryptEnvelope, CRYPT_ENVINFO_KEY,         
                      cryptContext);

   etc, etc.



From cryptlib@mbsks.franken.de  Mon Oct 22 18:10:44 2001
From: cryptlib@mbsks.franken.de (ca365sohu)
Date: Tue, 23 Oct 2001 01:10:44 +0800
Subject: [Cryptlib] How to hash a block of memory?
Message-ID: <03f901c15b1c$7fc085a0$991ba8c0@free>

This is a multi-part message in MIME format.

------=_NextPart_000_03F4_01C15B5F.8A2D4D50
Content-Type: text/plain;
	charset="gb2312"
Content-Transfer-Encoding: base64

RGVhciBhbGw6DQoNCkhvdyB0byBoYXNoIGEgYmxvY2sgb2YgbWVtb3J5Pw0KDQp0aGFua3MhDQoN
CmxpeGluDQo=

------=_NextPart_000_03F4_01C15B5F.8A2D4D50
Content-Type: text/html;
	charset="gb2312"
Content-Transfer-Encoding: base64

PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv
L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PWdi
MjMxMiIgaHR0cC1lcXVpdj1Db250ZW50LVR5cGU+DQo8TUVUQSBjb250ZW50PSJNU0hUTUwgNS4w
MC4yOTIwLjAiIG5hbWU9R0VORVJBVE9SPg0KPFNUWUxFPjwvU1RZTEU+DQo8L0hFQUQ+DQo8Qk9E
WSBiZ0NvbG9yPSNmZmZmZmY+DQo8RElWPjxGT05UIHNpemU9Mj5EZWFyIGFsbDo8L0ZPTlQ+PC9E
SVY+DQo8RElWPiZuYnNwOzwvRElWPg0KPERJVj48Rk9OVCBzaXplPTI+SG93IHRvIGhhc2ggYSBi
bG9jayBvZiBtZW1vcnk/PC9GT05UPjwvRElWPg0KPERJVj4mbmJzcDs8L0RJVj4NCjxESVY+PEZP
TlQgc2l6ZT0yPnRoYW5rcyE8L0ZPTlQ+PC9ESVY+DQo8RElWPiZuYnNwOzwvRElWPg0KPERJVj48
Rk9OVCBzaXplPTI+bGl4aW48L0ZPTlQ+PC9ESVY+PC9CT0RZPjwvSFRNTD4NCg==

------=_NextPart_000_03F4_01C15B5F.8A2D4D50--



From cryptlib@mbsks.franken.de  Mon Oct 22 18:13:38 2001
From: cryptlib@mbsks.franken.de (ca365sohu)
Date: Tue, 23 Oct 2001 01:13:38 +0800
Subject: [Cryptlib] How to encrypt data with private key and decrypt data with public key?
Message-ID: <040601c15b1c$e4222760$991ba8c0@free>

This is a multi-part message in MIME format.

------=_NextPart_000_0403_01C15B5F.F237ABC0
Content-Type: text/plain;
	charset="gb2312"
Content-Transfer-Encoding: base64

RGVhciBhbGw6DQoNCkhvdyB0byBlbmNyeXB0IGRhdGEgd2l0aCBwcml2YXRlIGtleSBhbmQgZGVj
cnlwdCBkYXRhIHdpdGggcHVibGljIGtleT8NCg0KVGhhbmtzIQ0KDQpsaXhpbg0K

------=_NextPart_000_0403_01C15B5F.F237ABC0
Content-Type: text/html;
	charset="gb2312"
Content-Transfer-Encoding: base64

PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv
L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PWdi
MjMxMiIgaHR0cC1lcXVpdj1Db250ZW50LVR5cGU+DQo8TUVUQSBjb250ZW50PSJNU0hUTUwgNS4w
MC4yOTIwLjAiIG5hbWU9R0VORVJBVE9SPg0KPFNUWUxFPjwvU1RZTEU+DQo8L0hFQUQ+DQo8Qk9E
WSBiZ0NvbG9yPSNmZmZmZmY+DQo8RElWPjxGT05UIHNpemU9Mj5EZWFyIGFsbDo8L0ZPTlQ+PC9E
SVY+DQo8RElWPiZuYnNwOzwvRElWPg0KPERJVj48Rk9OVCBzaXplPTI+SG93IHRvIGVuY3J5cHQg
ZGF0YSB3aXRoIHByaXZhdGUga2V5IGFuZCBkZWNyeXB0IGRhdGEgd2l0aCANCnB1YmxpYyBrZXk/
PC9GT05UPjwvRElWPg0KPERJVj4mbmJzcDs8L0RJVj4NCjxESVY+PEZPTlQgc2l6ZT0yPlRoYW5r
cyE8L0ZPTlQ+PC9ESVY+DQo8RElWPiZuYnNwOzwvRElWPg0KPERJVj48Rk9OVCBzaXplPTI+bGl4
aW48L0ZPTlQ+PC9ESVY+PC9CT0RZPjwvSFRNTD4NCg==

------=_NextPart_000_0403_01C15B5F.F237ABC0--



From cryptlib@mbsks.franken.de  Tue Oct 23 08:13:13 2001
From: cryptlib@mbsks.franken.de (Olivier Fouache)
Date: Tue, 23 Oct 2001 09:13:13 +0200
Subject: [Cryptlib] How to encrypt data with private key and decrypt data
 with public key?
References: <040601c15b1c$e4222760$991ba8c0@free>
Message-ID: <3BD51889.6C5CBFF7@eurecom.fr>

This is a multi-part message in MIME format.
--------------8543A18EAEC8470866A0814C
Content-Type: multipart/alternative;
 boundary="------------695E24F1FAD0BDD0637800A3"


--------------695E24F1FAD0BDD0637800A3
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

ca365sohu wrote:

> Dear all: How to encrypt data with private key and decrypt data with
> public key? Thanks! lixin

cryptdecrypt with your private key (for encrypting)
cryptencrypt with your public key (for decrpyting)

It's just an affair of exponent...

--
Olivier Fouache                           http://www.eurecom.fr/~fouache/
Laboratoires CE/Securite                  Olivier.Fouache@eurecom.fr
Institut EURECOM, 2229 Route des Cretes   Tel labo secu : 04.93.00.26.98
SOPHIA ANTIPOLIS 06560 VALBONNE - FRANCE



--------------695E24F1FAD0BDD0637800A3
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<body bgcolor="#FFFFFF">
ca365sohu wrote:
<blockquote TYPE=CITE><style></style>
<font size=-1>Dear all:</font> <font size=-1>How
to encrypt data with private key and decrypt data with public key?</font>
<font size=-1>Thanks!</font> <font size=-1>lixin</font></blockquote>
cryptdecrypt with your private key (for encrypting)
<br>cryptencrypt with your public key (for decrpyting)
<p>It's just an affair of exponent...
<pre>--&nbsp;
Olivier Fouache&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <A HREF="http://www.eurecom.fr/~fouache/">http://www.eurecom.fr/~fouache/</A>&nbsp;
Laboratoires CE/Securite&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Olivier.Fouache@eurecom.fr
Institut EURECOM, 2229 Route des Cretes&nbsp;&nbsp; Tel labo secu : 04.93.00.26.98
SOPHIA ANTIPOLIS 06560 VALBONNE - FRANCE</pre>
&nbsp;
</body>
</html>

--------------695E24F1FAD0BDD0637800A3--

--------------8543A18EAEC8470866A0814C
Content-Type: text/x-vcard; charset=us-ascii;
 name="olivier.fouache.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Olivier Fouache
Content-Disposition: attachment;
 filename="olivier.fouache.vcf"

begin:vcard 
n:Fouache;Olivier
tel;cell:0666018742
tel;work:0493002698
x-mozilla-html:FALSE
url:http://www.eurecom.fr/~fouache
org:Institut Eurecom;Communication d'entreprise
version:2.1
email;internet:olivier.fouache@eurecom.fr
title:Ingenieur de recherche
adr;quoted-printable:;;Institut Eurecom=0D=0A2229 route des cretes;Valbonne;France;06560;France
x-mozilla-cpt:;0
fn:Olivier Fouache
end:vcard

--------------8543A18EAEC8470866A0814C--



From cryptlib@mbsks.franken.de  Fri Oct 26 11:11:53 2001
From: cryptlib@mbsks.franken.de (Luciano Benetti)
Date: Fri, 26 Oct 2001 12:11:53 +0200
Subject: [Cryptlib] Debug -> Release
Message-ID: <000e01c15e06$a2caf7f0$0414010a@lucianop4>

This is a multi-part message in MIME format.

------=_NextPart_000_000B_01C15E17.6645E540
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hy all folk!

I normally use tha last version of your library (beta 6) to use the PKCS =
#11=20
readers (Reflex 72 schlumberger ).
Everything is ok when the library is built with debug option, but if I =
build=20
it changing the option and use the 'release' option, nothing works: the=20
communication with the reader doesn't work.
Could you tell me why?

cryptDeviceOpen( cryptDevice,CRYPT_UNUSED, CRYPT_DEVICE_PKCS11,p1) ok =
with debug build

error -1 with release build


N.B.: I use Delphi 6 and Visual C++ to build the library
Than you!
Luciano

------=_NextPart_000_000B_01C15E17.6645E540
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>Hy all folk!<BR><BR>I normally use tha last version of your library =
(beta=20
6) to use the PKCS #11 <BR>readers (Reflex 72 schlumberger =
).<BR>Everything is=20
ok when the library is built with debug option, but if I build <BR>it =
changing=20
the option and use the 'release' option, nothing works: the =
<BR>communication=20
with the reader doesn't work.<BR>Could you tell me why?<BR><FONT =
face=3DArial=20
size=3D2></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>cryptDeviceOpen( =
cryptDevice,CRYPT_UNUSED,=20
CRYPT_DEVICE_PKCS11,p1) ok <FONT face=3D"Times New Roman" size=3D3>with =
debug=20
build</FONT></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>error -1 with release =
build</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV>N.B.: I use Delphi 6 and Visual C++ to build the library<BR>Than=20
you!<BR>Luciano</DIV></BODY></HTML>

------=_NextPart_000_000B_01C15E17.6645E540--



From cryptlib@mbsks.franken.de  Mon Oct 29 06:31:05 2001
From: cryptlib@mbsks.franken.de (=?EUC-KR?B?sei8urD8?=)
Date: Mon, 29 Oct 2001 15:31:05 +0900
Subject: [Cryptlib] S/MIME problem about RC2 40bit message deenveloping
Message-ID: <200110290631.PAA16945@iwserver.virtualtek.co.kr>

SGkgZXZlcnlib2R5IH5+IC4uCkkgaGF2ZSBkZWVudmVsb3BlZCB0
aGUgcy9taW1lIG1lc3NhZ2UgZ2VuZXJhdGVkIGJ5IE91dGxvb2sg
RXhwcmVzcyB3aXRoIFJDMiA0MGJpdCAKa2V5IHNpemUsIGJ1dCB0
aGUgcmVzdWx0IG1lc3NhZ2UgaXMgYmFkLWRhdGEgd2l0aCBlcnJv
ciBjb2RlIC0zMi4KCkkgc2VhcmNoZWQgdGhlIG1haWxpbmcgbGlz
dCwgYW5kIGZvdW5kIHRoZSBzYW1lIHByb2JsZW0gd2l0aCBtZSwg
UGV0ZXIgcmVwbGllZCB0aGF0IApsaWtlIGJlbG93CiAgICAgIj5U
aGUgZnVuY3Rpb24gY3J5cHRQdXNoRGF0YShjcnlwdEVudmVsb3Bl
LCBOVUxMLCAwLCBOVUxMKSByZXR1cm5zCiAgICAgID5DUllQVF9F
UlJPUl9CQUREQVRBLgogICAgICA+CiAgICAgID5JcyB0aGVyZSBh
bnkgaW5mb3JtYXRpb24gbWlzc2luZyBpbiB0aGUga2V5c3RvcmUg
PwoKICAgICAgSXQncyBub3QgdGhlIGtleSBzdG9yZSwgdGhlIG1l
c3NhZ2UgaXMgZW5jcnlwdGVkIHVzaW5nIDQwLWJpdCBSQzIgd2hp
Y2ggaXNuJ3QKICAgICAgb2ZmaWNpYWxseSBzdXBwb3J0ZWQgYnkg
Y3J5cHRsaWIgKHdoZXRoZXIgcmVwb3J0aW5nIHRoaXMgYXMgImJh
ZCBkYXRhIiBpcwogICAgICBhcHByb3ByaWF0ZSBpcyBvcGVuIHRv
IGRlYmF0ZSBJIGd1ZXNzIDotKS4gIElmIHlvdSB3YW50IHRvIGdl
dCB0aGlzIHRvIHdvcmssCiAgICAgIHlvdSdkIG5lZWQgdG8gZmly
c3QgcHV0IGEgYnJlYWtwb2ludCBpbiBjcnlwdG1jaC5jIGluIGlt
cG9ydFBLQ1MxKCkgdG8gc2VlCiAgICAgIHdoZXRoZXIgaXQgcmVh
bGx5IGlzIGEgNDAtYml0IGtleSAoc29tZSBpbXBsZW1lbnRhdGlv
bnMgbGllIGFib3V0IHRoZSBrZXkgc2l6ZSwKICAgICAgYnV0IEkn
dmUgb25seSBzZWVuIHRoaXMgMTI4LWJpdCBrZXlzIHNvIGZhciku
ICBUaGVuIGxvb2sgYXQgcmMya2V5SW5pdCgpIGFuZAogICAgICB0
aGUgY29tbWVudCBhYm92ZSBpdCBpbiByYzIuYy4gICIiIiIiCgpi
dXQgSSBkb24ndCBrbm93IGhvdyBJIGhhdmUgdG8gZG8gZXhhY3Rs
eS4KUGV0ZXIsICBwbGVhc2UgaGVscCBtZS4KClRoYW5rcy4=


From cryptlib@mbsks.franken.de  Mon Oct 29 10:58:21 2001
From: cryptlib@mbsks.franken.de (nachtfrosch)
Date: Mon, 29 Oct 2001 11:58:21 +0100
Subject: [Cryptlib] Verifying (and browsing) PKCS#7 signed data
Message-ID: <1310401947.20011029115821@nachtfrosch.de>

Hi all, I am a newbie to cryptlib. Im am using it with the VB API
declarations. I can get around quite good with general or basic
operations. however, my final development goal is to verify, or rather
browse PKCS#7 signed data messages.

I have:

1. A root CA certificate
2. The PKCS#7 ASN1-encoded signed data. It contains, just as per spec:
   a. Version this message (=1)
   b. Digest Algorithm Identifier (=SHA)
   c. Content info (=data, the signed message in clear text)
   d. signer's certificate (=Certificate base including signer's Public Key, signature algorithm, signature)
   e. Signer Info (=digest algorithm, digest encryption algorithm, encrypted digest)

I want:
A. Get the clear text message (2c.) and create a hash with (2b.).
B. Decrypt the encrypted digest in (2e.) with the signers public key
   (2d.) and check if it matches my hash from A.
C. Verify the signer's public key by decrypting the signature from
   (2d.) with my root CA's public key from 1.

So basically, I want to see if my PKCS#7 message is valid altogether
and read the clear text.

My problems:
Using cryplib, I can read my root certificate with cryptImportCert.
I can also download and read the signer's public certificate from the Root CA's server.

What I don't know, is :
What type of cryptlib object is my PKCS#7 BLOB?
Or is my BLOB a cryptlib envelope ?
How do I import the public cert (either the signer's or the root CA's)
properly into a context that can be used to verify the message ? I am
a bit confused by all the contexts mentioned...

I anyone could point me in the right direction, I would be very glad!

As an example, I have put my message (containing "TEST" as signed
message), the signers cert and my root certificate to
http://www.nachtfrosch.de/cryptlib/root-ca.cer and
http://www.nachtfrosch.de/cryptlib/TEST.p7m and
http://www.nachtfrosch.de/cryptlib/my-public.cer


Kind regards,
Ralf Kürbitz

nachtfrosch gestaltung & programmierung
Ralf Kürbitz | Kerstin Heyroth
Martin-Luther-Strasse 10/10A
D-20459 Hamburg
Telephon 040-3750 3681 Fax 040-3750 3682
mailto:mail@nachtfrosch.de



From cryptlib@mbsks.franken.de  Wed Oct 31 04:32:17 2001
From: cryptlib@mbsks.franken.de (Peter Gutmann)
Date: Wed, 31 Oct 2001 17:32:17 +1300 (NZDT)
Subject: [Cryptlib] Verifying (and browsing) PKCS#7 signed data
Message-ID: <200110310432.RAA259944@ruru.cs.auckland.ac.nz>

nachtfrosch <mail@nachtfrosch.de> writes:

>What I don't know, is : What type of cryptlib object is my PKCS#7 BLOB? Or is
>my BLOB a cryptlib envelope ?

If you're trying to de-envelope it, just push it into a cryptlib envelope and
cryptlib will do the rest (well, when you supply it with any required
keys/certificates/whatever).

>How do I import the public cert (either the signer's or the root CA's)
>properly into a context that can be used to verify the message ? 

cryptImportCert();

Peter.


From cryptlib@mbsks.franken.de  Wed Oct 31 13:07:27 2001
From: cryptlib@mbsks.franken.de (cryptlib@mbsks.franken.de)
Date: Wed, 31 Oct 2001 14:07:27 +0100
Subject: [Cryptlib] (no subject)
Message-ID: <OFD002D0E9.DC623A72-ONC1256AF6.00478010@lombardodier.com>

<br><font size=2 face="sans-serif">Hi all,</font>
<br>
<br><font size=2 face="sans-serif">I would like to import a certificate generated with CryptLib in Netscape or Internet Explorer. But if I generate a PKCS15 keyset ans retreive certificate from it, I can put it in IE but I have no acces to the certificate's private key. I understand that a PKCS#15 format is really more secure that PKCS#12, but if I want to use CryptLib generated certificates in IE how can I ahceive that ?</font>
<br>
<br><font size=2 face="sans-serif">Thank you,</font>
<br><font size=2 face="sans-serif">Anton.<br>
<br>
<br>
************************ DISCLAIMER ************************<br>
This message is intended only for use by the person <br>
to whom it is addressed. It may contain information <br>
that is privileged and confidential. Its content does <br>
not constitute a formal commitment by Lombard Odier. <br>
If you are not the intended recipient of this message, <br>
kindly notify the sender immediately and destroy this <br>
message. Thank You.<br>
*****************************************************************<br>
<br>
<br>
</font>


From cryptlib@mbsks.franken.de  Wed Oct 31 14:21:46 2001
From: cryptlib@mbsks.franken.de (Neil Nelson)
Date: Wed, 31 Oct 2001 06:21:46 -0800
Subject: [Cryptlib] Archives and  Decrypting Large Data Quantities
Message-ID: <3BE008FA.4080101@dslextreme.com>

Dear Readers,

I have just started working with cryptlib and have reviewed the
manual which answers most of my questions but was also looking
for additional code examples particularly in the area of public
keys.  It may be there are archives to this list I could review
without troubling the list with a number of minor questions.

I am looking at the algorithm on pp. 32-33 of the pdf manual
which encrypts a large file in subsequent parts.  The question is:
for decryption using the same algorithm format as on p. 33 and if
the password must be applied to the envelope after the data is pushed
in as shown by the decryption example on p. 30, then I might be
reapplying the password for each file portion that is decrypted in
turn.  But reapplying the password to the envelope for each
portion would seem unnecessary since the envelope only needs
the password once.  Perhaps the solution is to push the first portion
of the data into the envelope and then just apply the password to
the envelope once and then the remaining portions are
automatically taken care of.  And it may be that the first portion
pushed into the envelope should be at least, say, 4k bytes which
contains cryptlib property data for the encrypted file as suggested
elsewhere in the manual.

Neil Nelson




From cryptlib@mbsks.franken.de  Wed Oct 31 14:37:31 2001
From: cryptlib@mbsks.franken.de (Matthias Bruestle)
Date: Wed, 31 Oct 2001 15:37:31 +0100
Subject: [Cryptlib] Archives and  Decrypting Large Data Quantities
In-Reply-To: <3BE008FA.4080101@dslextreme.com>; from n_nelson@dslextreme.com on Wed, Oct 31, 2001 at 06:21:46AM -0800
References: <3BE008FA.4080101@dslextreme.com>
Message-ID: <20011031153731.P29464@mbsks.franken.de>

Mahlzeit


On Wed, Oct 31, 2001 at 06:21:46AM -0800, Neil Nelson wrote:
> keys.  It may be there are archives to this list I could review
> without troubling the list with a number of minor questions.

A 1 month old archive is at:

ftp://ftp.franken.de/pub/crypt/cryptlib/cryptlib-ml-archive-20010930.zip


Mahlzeit
endergone Zwiebeltuete


From cryptlib@mbsks.franken.de  Wed Oct 31 19:57:19 2001
From: cryptlib@mbsks.franken.de (Neil Nelson)
Date: Wed, 31 Oct 2001 11:57:19 -0800
Subject: [Cryptlib] Re: Decrypting Large Data Quantities
References: <3BE008FA.4080101@dslextreme.com>
Message-ID: <3BE0579F.7020903@dslextreme.com>

Dear Readers,

My question was answered by Peter in the following post in part
2 of the archives.

----
Date: Thu, 15 Feb 2001 08:23:39 (NZDT)

 > The Question is when I want to Decrypt the Data, where to set the 
password?
 > Maybe after the first push?

Yes.

Peter.
----