OpenSSL | 易学教程

Do I need multiple EVP_CIPHER_CTX structures?

阅读更多关于 Do I need multiple EVP_CIPHER_CTX structures?

问题 I have a single-threaded client/server application that needs to do both encryption and decryption of their network communication. I plan on using OpenSSL's EVP API and AES-256-CBC. Some sample pseudo-code I found from a few examples: // key is 256 bits (32 bytes) when using EVP_aes_256_*() // I think iv is the same size as the block size, 128 bits (16 bytes)...is it? 1: EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); 2: EVP_CipherInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv, 1); //0=decrypt, 1

Openssl : error “self signed certificate in certificate chain”

阅读更多关于 Openssl : error “self signed certificate in certificate chain”

问题 When I used openssl APIs to validate server certificate (self signed), I got following error : error 19 at 1 depth lookup:self signed certificate in certificate chain As per openssl documentation, this error (19) is "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain - the certificate chain could be built up using the untrusted certificates but the root could not be found locally." Why this error occurs ? Any problems with my server certificate ? 回答1: You have

what is default cipher for PEM format in OpenSSL?

阅读更多关于 what is default cipher for PEM format in OpenSSL?

问题 I generate key/cert using openssl openssl.exe req -x509 -days 1000 -newkey rsa:1024 -keyout key.pem -out cert.pem It prompts for a password. I guess that the password is used for key encryption. However I haven't specified any cipher. What cipher is used in this case? 回答1: The default cipher is DES-EDE3-CBC , which is three-key triple DES EDE in CBC mode. You can see this in the source code file req.c. cipher=EVP_des_ede3_cbc(); If you are using an OpenSSL version compiled with the option

what is default cipher for PEM format in OpenSSL?

阅读更多关于 what is default cipher for PEM format in OpenSSL?

Convert a big number given as a string to an OpenSSL BIGNUM

阅读更多关于 Convert a big number given as a string to an OpenSSL BIGNUM

问题 I am trying to convert a string p_str representing a big integer to a BIGNUM p using the OpenSSL library. #include <stdio.h> #include <openssl/bn.h> int main () { /* I shortened the integer */ unsigned char *p_str = "82019154470699086128524248488673846867876336512717"; BIGNUM *p = BN_bin2bn(p_str, sizeof(p_str), NULL); BN_print_fp(stdout, p); puts(""); BN_free(p); return 0; } Compiled it with: gcc -Wall -Wextra -g -o convert convert.c -lcrypto But, when I execute it, I get the following

Convert a big number given as a string to an OpenSSL BIGNUM

阅读更多关于 Convert a big number given as a string to an OpenSSL BIGNUM

Composer not working on windows, gives [Composer\Exception\NoSslException] error

阅读更多关于 Composer not working on windows, gives [Composer\Exception\NoSslException] error

问题 I'm trying to install laravel on windows 10. I installed composer to install laravel but it gives me below error. [Composer\Exception\NoSslException] The openssl extension is required for SSL/TLS protection but is not availab le. If you can not enable the openssl extension, you can disable this error , at your own risk, by setting the 'disable-tls' option to true. Command doesn't matteri it gives above error with all commands... I checked out this question and used solutions but it didin't

Why does Nginx Provide the Client SSL DN in reverse order?

阅读更多关于 Why does Nginx Provide the Client SSL DN in reverse order?

问题 I'm curious why some web servers (eg. Nginx) provides the Client SSL DN in reverse order. A web app is posting the DN to a Java Web Service, which is attempting to create a Java javax.naming.ldap.LdapName. Standard Order (LDAP or X500Name): "CN=Jimmy Blooptoop,OU=Someplace,OU=Employees,DC=Bloopsoft-Inc" Reverse Order (OpenSSL Oneline Format) (What Nginx Returns as _$ssl_client_s_dn_): "/DC=Bloopsoft-Inc/OU=Employees/OU=Someplace/CN=Jimmy Blooptoop" Why is this? Which one matches the LDAP RFC?

利用Github免费搭建个人主页（转）

阅读更多关于利用Github免费搭建个人主页（转）

搭建过程涉及: Github注册 Github搭建博客域名选购绑定域名更多一。 Github注册在地址栏输入地址： http://github.com/join 填写相关信息, 按步骤完成即可。这样, 你就拥有了属于自己的Github账号了。很简单吧~ GitHub · Build software better, together. So Cool! 二。 Github搭建博客配置和使用Github 以下教程主要参考beiyuu的《使用Github Pages建独立博客》写成。配置SSH keys 我们如何让本地git项目与远程的github建立联系呢？用SSH keys。检查SSH keys的设置首先我们需要检查你电脑上现有的ssh key： $ cd ~/. ssh 检查本机的ssh密钥 1 如果提示：No such file or directory 说明你是第一次使用git。生成新的SSH Key： $ ssh -keygen -t rsa -C "邮件地址@youremail.com" Generating public/ private rsa key pair . Enter file in which to save the key (/Users/your_user_directory / .ssh/id_rsa): <回车就好 >

重磅：阮一峰的又一开源力作

阅读更多关于重磅：阮一峰的又一开源力作

点击上方“ 蓝色字体 ”，选择“ 设为星标 ” 做积极向上的前端人！作者：GitHub精选链接： https://mp.weixin.qq.com/s/71jJm5iFmi2hcU8oKADNlg 大家好，我是苏南。今天给大家推荐的这开源项目又是出自于阮一峰之手。这个开源的项目，是一本新书《SSH 教程》，阮一峰大神真的是一如既往的保持开源的精神，又免费开源了。《SSH 教程》写的十分详细，SSH 是 Linux 系统的登录工具，现在广泛用于服务器登录和各种加密通信。对于一个常年跟服务器打交道的人，摸透 SSH 是一件很有必要的事情。《SSH 教程》主要介绍 SSH（主要是它的实现 OpenSSH）的概念和基本用法，也可以当作手册查询。这个开源项目的目录如下：每个知识点都讲的非常的详细，非常不错，比如：SSH 密钥登录这个章节的内容，就包含了如下内容：非常不错，如果你目前对于学习 SSH 有急切的需求，如果你想重温一遍 SSH 的知识，大家可以看看这个开源项目。文档地址： https://wangdoc.com/ssh/index.html 开源项目地址： https://github.com/wangdoc/ssh-tutorial - EOF - 漫画 | Bug是如何产生的？如何阅读大型前端开源项目的源码？基于 Vue 的前端架构，我做了这 15 点