Please see my inline responses.
Martin Schneider wrote:
Hello Subrata and others
Thanks for your reply. Unfortunately this doesn't work for me.
Here is a bash shell-script that I have used to start the Opencryptoki
PKCS#11 driver :
# BIOS Set up
# Step 1. Turn the computer off.
# Step 2.
I'm trying to figure out a different behavior I'm seeing today vs. NSS I
was using about a year ago.
Basically I have a code signing cert that contains a complete chain and
my memory of importing a year ago (and looking at the DB files that I
have generated from when I did that work), it has a
On 2009-07-08 22:37 PDT, Michael Kaply wrote:
> I'm importing a code signing cert into my database using pk12util, but
> it gets assigned a random alias:
>
> e33eb463-ddba-4895-9469-bfdd01c71fe2
That's a Microsoft Windows GUID. The most likely cause of this is that
you exported the cert and pri
Appreciate the detailed explanation.
Unfortunately I'm getting a segmentation fault on the export of the
test.pem to my new pfx file...
Very strange...
Mike
On 7/9/09 6:38 AM, David Stutzman wrote:
Michael Kaply wrote:
I'm importing a code signing cert into my database using pk12util, but
At 3:16 PM +0200 7/9/09, Ian G wrote:
>Although I haven't read it at all, normally what happens is that the strength
>of an algorithm of X bits is X/2.
Say what!?! AES is an encryption function, not a hash function. AES-256 has a
strength of 256 bits.
--
dev-tech-crypto mailing list
dev-tech-cr
> "The weakness was discovered when we looked at AES as a hash function,
> and tried to find weaknesses that are specific for hash functions. We
> think that most cryptographers used only blockcipher-oriented
> techniques, against which AES was well protected by the designers."
>
All this quote sa
On 9/7/09 17:33, Peter Djalaliev wrote:
AFAIK, 2^119 is the worst-time complexity of the attack. Breaking a
256-bit key through a brute-force attack takes 2^256 operations in the
worst case. The 'X/2' you are talking about is the average case,
right? We are not looking for collisions here, so
AFAIK, 2^119 is the worst-time complexity of the attack. Breaking a 256-bit
key through a brute-force attack takes 2^256 operations in the worst case.
The 'X/2' you are talking about is the average case, right? We are not
looking for collisions here, so the birthday paradox doesn't apply...
Best
On 8/7/09 19:52, Eddy Nigg wrote:
On 07/08/2009 08:35 PM, Paul Hoffman:
At 8:08 PM +0300 7/8/09, Eddy Nigg wrote:
Funny that today it's better to use AES-128.
Why do you say that? It's the opposite of what the people who wrote
the paper say.
I've not read it today, but IIRC AES-128 remained
Michael Ströder wrote:
Martin Schneider wrote:
I think they keystore on
opencryptoki follows exactly the principle how storing other things
"in" the TPM works: building an encrypted key hierarchy that is stored
on harddisk with an encryption key rooted in the Storage Root Key in
the TPM.
Isn't
That TPMs cannot sign CSRs is true but TPMs can do something similar
and IMHO much more interesting which attesting that a public key
(and thus indirectly the associated private key) was created inside of
the TPM.
The problem here is that few APIs and even fewer protocols deals with
this kind o
Michael Kaply wrote:
I'm importing a code signing cert into my database using pk12util, but
it gets assigned a random alias:
e33eb463-ddba-4895-9469-bfdd01c71fe2
Is there a way via the command line utilities to rename that to a more
human name?
I'm sure I did this in the past, but I can't f
Martin Schneider wrote:
> I think they keystore on
> opencryptoki follows exactly the principle how storing other things
> "in" the TPM works: building an encrypted key hierarchy that is stored
> on harddisk with an encryption key rooted in the Storage Root Key in
> the TPM.
Isn't that how most HS
Hello Peter and others,
> I should start by saying that a TPM's functionality is not equivalent to
> that of other hardware tokens, such as smart cards. A TPM only provides a
> subset of the functionality of a regular PKCS#11 token. A TPM, however,
> also providers things that PKCS#11 tokens don
Hello Subrata and others
Thanks for your reply. Unfortunately this doesn't work for me.
> Here is a bash shell-script that I have used to start the Opencryptoki
> PKCS#11 driver :
> # BIOS Set up
> # Step 1. Turn the computer off.
> # Step 2. Turn the computer on and press F1 to enter the BIOS se
15 matches
Mail list logo
