You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by anthony
Hi MosheTreutel99 ,
Great questions. Note that RSA encryption/decryption is considered asymmetric encryption as it involves a pubic key and private key. Symmetric encryption is when both sides are using the same key. AES is a good example of this.
There is a theory section at the bottom of this page: https://asecuritysite.com/rsa/ . There are also lots of references to further topics at that link.
Warm regards, Anthony
Hi EbonyHomenick899,
My name is Anthony and I am a member of the wolfSSL team. I cannot speak to any general documentation out there but here at wolfSSL we some some great resources about how to get started with wolfSSL on STM32. Please have a look at https://github.com/wolfSSL/wolfssl/blob … /README.md . You can also have a look at our youtube channel for various tutorials on how to use wolfssl on STM32. https://www.youtube.com/wolfssl/videos
Note that wolfSSL and wolfCrypt are cryptography, protocol, and security libraries. This might not be suited for your goals so please take that into consideration.
Warm regards, Anthony
I think you might find this useful:
https://github.com/wolfSSL/wolfssl/tree/master/Docker
Let me know if you have further questions.
Can you tell us about your project and goals?
Warm regards, Anthony
if "native", then gcc would be sufficient. Just about any C89 compliant compiler would be sufficient.
Perhaps you would prefer a secure and confidential communication channel. If so, please start the conversation by sending a message to support@wolfssl.com.
Can you let us know what build tools or toolchain you have available?
If you would like to try such a project, we would be happy to entertain a contribution. Let us know if you try to do it.
Warm regards, Anthony
Bryce,
in future, please direct questions to support@wolfssl.com .
Warm regards, Anthony
Hi ,
wc_AesGcmEncrypt() is what is known as a "one-shot" API; the whole AES algorithm is run in a single API call.
The file encryption example does not use that API. It uses wc_AesGcmEncryptInit(), wc_AesGcmEncryptUpdate(), and wc_AesGcmEncryptFinal(); this is known as a streaming API which allows the data to be encrypted to be fed in as chunks. This is useful if you are getting dtata in chunks and don't have the full content in a buffer before hand.
Warm regards, Anthony
Excellent. I'm glad to see you made progress and found your own solution. May I ask you about your project? Is this out of person, professional or academic interest?
Warm regards, Anthony
Yes, that should work. That is to say that WOLFSSL_ALT_NAMES does not depend on the openssl compatibility layer. Note that you do not need to use --disable-opensslall; it is disabled by default.
Warm regards, Anthony
Hi,
To be a bit more specific, make sure you have the following macros defined:
WOLFSSL_CUSTOM_CURVES
HAVE_ECC_BRAINPOOL
Warm regards, Anthony
Hi Jakob,
My name is Anthony and I am a member of the wolfSSL team. As of yet we do not have support for assembly optimizations foir brainpool curves so yes, you are seeing expected behaviour.
That said, can you let us know a bit more about yourself and your project? What are your goals? Are you interested in seeing Brainpool assembly optimizations?
If you desire privacy, you can send this information to our confidential support address: support@wolfssl.com.
Warm regards, Anthony
Hello,
My name is Anthony and I am a member of the wolfSSL team.
The page you reference points to a place where you can download the certificate bundle.
If you get them and put them in a directory, you can then use wolfSSL_CTX_load_verify_locations() to specify that directory location and it will have those. If your system has a way to automatically update the certificates you can tell wolfSSL to check that location with the same API.
Warm regards, Anthony
DJ3434,
May I ask if your interest in wolfSSL is professional, academic or person? If you are concerned about confidentiality you can submit more information via support@wolfssl.com .
Warm regards, Anthony
HI DJ3434,
My name is Anthony and I am a member of the wolfSSL team.
This is an interesting result you are seeing. Its very odd and I've never seen such a report. Do you have a simple example application that shows this behaviour?
Warm regards, Anthony
Hi Hannson,
Thank you so much for all these details. I see on the commandl-ine you display you have -DNO_DSA and -DNO_PSK. So, that would be the cause of the redefinition. Perhaps the solution would be to remove NO_DSA and NO_PSK from your user_setting.sh.h file.
Might I ask if this is a commercial use case? If so, to preserve you privacy, I would suggest further interaction happen via our confidential technical support channel. You can send messages to support@wolfssl.com and we will support you there. Note that you can also send messages with attachments there.
Warm regards, Anthony
Hi Bryce,
my name is Anthony and I am a member of the wolfSSL team. We talk about wolfCrypt's MISRA compliance in various blog posts. For example here: https://www.wolfssl.com/wolfssl-conform … uidelines/ .
Generally speaking we'll need to understand your use case so we can specifically target what you need. The best idea would be to send a message to support@wolfssl.com so we can get started on that confidential and private conversation.
Warm regards, Anthony
Thank you so much for finding this!! I really appreciate it. We'll look into fixing this. Feels like it should be a simple fix.
Warm regards, Anthony
Hi Scott,
That happened in the following pull request: https://github.com/wolfSSL/wolfssl/pull/7923 and that made it into wolfSSL Release 5.7.4 (Oct 24, 2024). Note that the previous value was 1024 which would allow RSA-512 keys. Now that it is set to 2048 is will no longer allow RSA-512 but will allow RSA-1024. I understand if this is somewhat confusing. Sorry about that.
This affects, both keys that are generated and loaded. Note that you can override this default by defining RSA_MIN_SIZE yourself.
If you have further questions, please do send to support@wolfssl.com as I can see you are a commercial customer of wolfSSL.
Warm regards, Anthony
Hi Sheondael,
My name is Anthony and I am a member of the wolfSSL team. The wolfssl library has never supported XMSS in certificates. The reason is because the use case for certificates would be for network protocols and XMSS is a stateful hash-based signature scheme. The state makes it inappropriate for usage in network protocols.
Where it is appropriate is in code and firmware signing. As such we use it in our wolfBoot product. In that case, no certificate is required.
That said, can you let us know your use case for XMSS in certificates? Here at wolfSSL, we are always interested in how people are using our code and I would love to understand your need for XMSS in certificates. Also, can you let us know your geographical location and whether this is out of professional, personal or academic interest?
Warm regards, Anthony
Thanks for sending this to support@wolfssl.com. We'll handle it there.
Hello,
I did the following:
cd wolfssl
./autogen.sh
./configure --enable-wolfclu --enable-crl
make all
sudo make install
sudo ldconfig
cd ..
cd wolfCLU
./autogen.sh
./configure
make all
./wolfssl crl -in /path/to/wolfssl/certs/crl/ca-int.pem -text -nooutHere is the output from the last command:
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = wolfSSL Intermediate CA, emailAddress = info@wolfssl.com
Last Update: Sep 27 12:10:09 2023 GMT
Next Update: Jun 23 12:10:09 2026 GMT
CRL extensions:
X509v3 Authority Key Identifier:
EF:69:E0:F7:D5:1D:E6:99:EC:DC:6D:D0:F7:E2:B9:5C:64:71:83:35
X509v3 CRL Number:
8192
No Revoked Certificates.
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
4b:7f:45:20:16:f5:77:18:35:70:b5:d3:fe:d8:3f:1b:90:0e:
f7:aa:dc:39:85:b3:df:52:a8:65:e7:b5:01:34:c3:9a:01:bf:
59:f9:79:79:9c:b3:a8:8a:e3:eb:23:41:af:48:ad:ab:01:0a:
e2:b7:09:47:3e:42:19:13:c2:6b:cd:4c:dd:54:5c:42:77:23:
f7:4f:1b:a0:4b:95:b1:a8:96:ce:86:d6:63:3d:53:61:31:54:
be:79:50:a5:13:b7:67:5d:b8:fa:60:6e:71:9f:95:c6:20:a5:
66:a7:02:7d:1f:f4:23:cb:49:14:c6:03:96:dc:16:b5:aa:7c:
55:87:88:57:aa:a1:a8:ac:3b:11:64:cf:87:01:be:99:ed:7c:
8f:28:5c:94:f6:aa:ea:c1:e2:50:16:a7:79:c4:0e:0f:3a:e5:
5e:c2:c6:80:2e:b8:13:d8:74:cd:b1:5c:ef:14:17:ae:72:d6:
46:ea:df:b8:b0:38:bd:8d:b1:a3:2c:a3:c7:04:dc:75:22:c3:
2f:8a:e5:a8:0d:9d:54:4c:7f:16:b6:c0:d5:20:63:81:4a:c9:
cb:85:c9:b6:1b:05:22:ee:0c:d9:f8:98:f3:57:16:29:09:84:
0b:fd:aa:ee:a3:ca:36:b1:86:f1:bd:b8:12:43:ef:15:77:a9:
52:d9:5e:25As you can see, the AKI is parsed and output properly.
Warm regards, Anthony
Thank you for noticing this. Can I ask you if you need support for extensions? If so, you can register a feature request by sending a message to support@wolfssl.com .
Warm regards, Anthony
Hi HAPPY.
Can you send over an example CRL with these extensions?
Warm regards, Anthony.
wolfSSL - Embedded SSL Library → Posts by anthony
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.010 seconds (59% PHP - 41% DB) with 5 queries