You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by anthony
These should be sufficient:
#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM
#define WOLFSSL_SHAKE128
#define WOLFSSL_SHAKE256
You will need shake 128 and 256
Hi Sunnysunday,
Did you mean ML-KEM?
You can use
WOLFSSL_API int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group);The following values for group are good:
WOLFSSL_ML_KEM_512
WOLFSSL_ML_KEM_768
WOLFSSL_ML_KEM_1024
WOLFSSL_SECP256R1MLKEM768
WOLFSSL_X25519MLKEM768
WOLFSSL_SECP384R1MLKEM1024
WOLFSSL_SECP256R1MLKEM512
WOLFSSL_SECP384R1MLKEM768
WOLFSSL_SECP521R1MLKEM1024
WOLFSSL_X25519MLKEM512
WOLFSSL_X448MLKEM768
Warm regards, Anthony
Hi MosheTreutel99 ,
Great questions. Note that RSA encryption/decryption is considered asymmetric encryption as it involves a pubic key and private key. Symmetric encryption is when both sides are using the same key. AES is a good example of this.
There is a theory section at the bottom of this page: https://asecuritysite.com/rsa/ . There are also lots of references to further topics at that link.
Warm regards, Anthony
Hi EbonyHomenick899,
My name is Anthony and I am a member of the wolfSSL team. I cannot speak to any general documentation out there but here at wolfSSL we some some great resources about how to get started with wolfSSL on STM32. Please have a look at https://github.com/wolfSSL/wolfssl/blob … /README.md . You can also have a look at our youtube channel for various tutorials on how to use wolfssl on STM32. https://www.youtube.com/wolfssl/videos
Note that wolfSSL and wolfCrypt are cryptography, protocol, and security libraries. This might not be suited for your goals so please take that into consideration.
Warm regards, Anthony
I think you might find this useful:
https://github.com/wolfSSL/wolfssl/tree/master/Docker
Let me know if you have further questions.
Can you tell us about your project and goals?
Warm regards, Anthony
if "native", then gcc would be sufficient. Just about any C89 compliant compiler would be sufficient.
Perhaps you would prefer a secure and confidential communication channel. If so, please start the conversation by sending a message to support@wolfssl.com.
Can you let us know what build tools or toolchain you have available?
If you would like to try such a project, we would be happy to entertain a contribution. Let us know if you try to do it.
Warm regards, Anthony
Bryce,
in future, please direct questions to support@wolfssl.com .
Warm regards, Anthony
Hi ,
wc_AesGcmEncrypt() is what is known as a "one-shot" API; the whole AES algorithm is run in a single API call.
The file encryption example does not use that API. It uses wc_AesGcmEncryptInit(), wc_AesGcmEncryptUpdate(), and wc_AesGcmEncryptFinal(); this is known as a streaming API which allows the data to be encrypted to be fed in as chunks. This is useful if you are getting dtata in chunks and don't have the full content in a buffer before hand.
Warm regards, Anthony
Excellent. I'm glad to see you made progress and found your own solution. May I ask you about your project? Is this out of person, professional or academic interest?
Warm regards, Anthony
Yes, that should work. That is to say that WOLFSSL_ALT_NAMES does not depend on the openssl compatibility layer. Note that you do not need to use --disable-opensslall; it is disabled by default.
Warm regards, Anthony
Hi,
To be a bit more specific, make sure you have the following macros defined:
WOLFSSL_CUSTOM_CURVES
HAVE_ECC_BRAINPOOL
Warm regards, Anthony
Hi Jakob,
My name is Anthony and I am a member of the wolfSSL team. As of yet we do not have support for assembly optimizations foir brainpool curves so yes, you are seeing expected behaviour.
That said, can you let us know a bit more about yourself and your project? What are your goals? Are you interested in seeing Brainpool assembly optimizations?
If you desire privacy, you can send this information to our confidential support address: support@wolfssl.com.
Warm regards, Anthony
Hello,
My name is Anthony and I am a member of the wolfSSL team.
The page you reference points to a place where you can download the certificate bundle.
If you get them and put them in a directory, you can then use wolfSSL_CTX_load_verify_locations() to specify that directory location and it will have those. If your system has a way to automatically update the certificates you can tell wolfSSL to check that location with the same API.
Warm regards, Anthony
DJ3434,
May I ask if your interest in wolfSSL is professional, academic or person? If you are concerned about confidentiality you can submit more information via support@wolfssl.com .
Warm regards, Anthony
HI DJ3434,
My name is Anthony and I am a member of the wolfSSL team.
This is an interesting result you are seeing. Its very odd and I've never seen such a report. Do you have a simple example application that shows this behaviour?
Warm regards, Anthony
Hi Hannson,
Thank you so much for all these details. I see on the commandl-ine you display you have -DNO_DSA and -DNO_PSK. So, that would be the cause of the redefinition. Perhaps the solution would be to remove NO_DSA and NO_PSK from your user_setting.sh.h file.
Might I ask if this is a commercial use case? If so, to preserve you privacy, I would suggest further interaction happen via our confidential technical support channel. You can send messages to support@wolfssl.com and we will support you there. Note that you can also send messages with attachments there.
Warm regards, Anthony
Hi Bryce,
my name is Anthony and I am a member of the wolfSSL team. We talk about wolfCrypt's MISRA compliance in various blog posts. For example here: https://www.wolfssl.com/wolfssl-conform … uidelines/ .
Generally speaking we'll need to understand your use case so we can specifically target what you need. The best idea would be to send a message to support@wolfssl.com so we can get started on that confidential and private conversation.
Warm regards, Anthony
Thank you so much for finding this!! I really appreciate it. We'll look into fixing this. Feels like it should be a simple fix.
Warm regards, Anthony
Hi Scott,
That happened in the following pull request: https://github.com/wolfSSL/wolfssl/pull/7923 and that made it into wolfSSL Release 5.7.4 (Oct 24, 2024). Note that the previous value was 1024 which would allow RSA-512 keys. Now that it is set to 2048 is will no longer allow RSA-512 but will allow RSA-1024. I understand if this is somewhat confusing. Sorry about that.
This affects, both keys that are generated and loaded. Note that you can override this default by defining RSA_MIN_SIZE yourself.
If you have further questions, please do send to support@wolfssl.com as I can see you are a commercial customer of wolfSSL.
Warm regards, Anthony
Hi Sheondael,
My name is Anthony and I am a member of the wolfSSL team. The wolfssl library has never supported XMSS in certificates. The reason is because the use case for certificates would be for network protocols and XMSS is a stateful hash-based signature scheme. The state makes it inappropriate for usage in network protocols.
Where it is appropriate is in code and firmware signing. As such we use it in our wolfBoot product. In that case, no certificate is required.
That said, can you let us know your use case for XMSS in certificates? Here at wolfSSL, we are always interested in how people are using our code and I would love to understand your need for XMSS in certificates. Also, can you let us know your geographical location and whether this is out of professional, personal or academic interest?
Warm regards, Anthony
Thanks for sending this to support@wolfssl.com. We'll handle it there.
wolfSSL - Embedded SSL Library → Posts by anthony
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.009 seconds (66% PHP - 34% DB) with 4 queries