OpenSSL PKCS #7 supports AES & SHA-2 ?
Whyte, William
WWhyte at ntru.com
Wed Oct 11 04:48:25 EDT 2006
PKCS#7 has been superseded by the IETF's Cryptographic Message Syntax, CMS.
You should check within the S/MIME working group for updates.
William
> -----Original Message-----
> From: owner-cryptography at metzdowd.com
> [mailto:owner-cryptography at metzdowd.com] On Behalf Of Alex Alten
> Sent: Saturday, October 07, 2006 12:29 AM
> To: cryptography at metzdowd.com
> Cc: rivest at theory.lcs.mit.edu; rivest at mit.edu;
> pkcs-editor at rsasecurity.com; housley at vigilsec.com;
> ekr at networkresonance.com; mark at awe.com; rse at engelschall.com;
> shenson at drh-consultancy.demon.co.uk; ben at algroup.co.uk
> Subject: Re: OpenSSL PKCS #7 supports AES & SHA-2 ?
>
> After reading PKCS #1 v2 more closely and SHA-2 is not even
> in the specs,
> therefore OpenSSL PKCS #7 functions won't support SHA-2.
> This spec was
> last updated in 1998.
>
> PKCS Editor, is there a new update in progress by RSA Labs to
> incorporate
> SHA-2 and AES?
>
> Does OpenSSL implement PKCS #1 v2 or just v1.5? If the
> latter then not even
> SHA-1 is supported.
>
> PKCS editor, is there any timeline as to when PKCS #7 will
> then be updated
> with references to official OIDs, etc., for specifying SHA-2 and AES?
>
> Dr. Ron Rivest, are you going to publish new message-digest
> IETF RFCs for
> SHA-1
> and SHA-2? (So that they can be referenced by an updated PKCS #7.)
>
> Mr. Russ Housley, can you weigh in with what happening in the
> IETF WG security
> area? I know that Mr. Eric Rescorla is working on a new TLS v1.2
> draft. Will this
> be done/ratified soon? I assume OpenSSL will incorporate
> this soon thereafter?
>
> This mess with the MD5 and SHA-1 hashes is really starting to
> becoming a
> problem.
> It's certainly impacting new development projects/products
> I'm involved
> with using
> SSL and PKI certificates. My customers are concerned about
> using MD5 and
> SHA-1, and they don't want to keep paying for implementations
> repeatedly as
> the
> standards catch up to reality. Updating these various
> heavily used standards
> quickly is quite important.
>
> Sincerely (and thanks in advance for all of your replies),
>
> - Alex
>
>
> At 09:05 AM 10/6/2006 -0700, Alex Alten wrote:
> >Does anyone know if the OpenSSL PKCS #7 functions support
> AES and SHA-2?
> >(I assuming OpenSSL 0.9.7 or later.)
> >
> >Thanks,
> >
> >- Alex
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> majordomo at metzdowd.com
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list