copyedit date March 2011 Infobox software name OpenSSL logo screenshot caption developer The OpenSSL ... License like unique website http www.openssl.org OpenSSL is an open source implementation of the Transport ... and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety ... systems , OpenVMS and Microsoft Windows . IBM provides a port for the IBM i System i OS 400 . OpenSSL ... OpenSSL 1.0.0 was released on March 29, 2010. OpenSSL 0.9.8 was released on July 5, 2005. OpenSSL 0.9.7 was released on December 31, 2002. OpenSSL 0.9.6 was released on September 25, 2000. OpenSSL 0.9.5 was released on February 28, 2000. OpenSSL 0.9.4 was released on August 9, 1999. OpenSSL 0.9.3 was released on May 25, 1999. OpenSSL 0.9.2b was released on March 22, 1999. OpenSSL 0.9.1c was the first release, on December 23, 1998. Algorithms OpenSSL supports a number of different cryptographic ... http cvs.openssl.org fileview?f openssl engines ccgost README.gost title GOST engine OpenSSL 1.0.0 ... Elliptic curve , GOST R 34.10 2001 ref name gost FIPS 140 2 compliance OpenSSL is one of the few ... CMVP . OpenSSL itself is not validated, but a component called the OpenSSL FIPS Object Module, based on OpenSSL, was created to provide many of the same capabilities . ref cite web url http www.openssl.org docs fips fipsnotes.html title Important Notes about OpenSSL and FIPS 140 2 publisher openssl.org ... recertifies open source encryption module publisher gcn.com ref Licensing OpenSSL is dual licensed under the OpenSSL License and the SSLeay License . ref cite web url http www.openssl.org source license.html title OpenSSL Source, License publisher openssl.org ref OpenSSL License is Apache License 1.0 ... may pick which license they wish to use. However, OpenSSL documentation uses the term dual license to mean that both licenses apply. As the OpenSSL License is Apache License 1.0, but not Apache License 2.0, it requires the phrase This product includes software developed by the OpenSSL Project ... more details
IPstack The Time Stamp Protocol , or TSP is a cryptographic protocol computing protocol for certifying Trusted timestamping timestamp s using X.509 certificates and public key infrastructure . The timestamp is the signer s assertion that a piece of electronic data existed at or before a particular time. External links IETF RFC 3161, official specification http www.opentsa.org OpenTSA is an open source project to add time stamping functionalities to OpenSSL . Crypto stub ru Time Stamp Protocol uk TSP Category Cryptographic protocols ... more details
Orphan date February 2009 Ironclad is a Common Lisp cryptography Library computing library aiming to provide functionality similar to OpenSSL or Crypto . External links http method combination.net lisp ironclad Ironclad homepage http www.cliki.net Ironclad Ironclad on cliki Category Common Lisp software compu library stub security software stub ... more details
lowercase Unreferenced date October 2008 neon is a library computing library for accessing HTTP and WebDAV servers for the C programming language . It is free software and is licensed under GNU Lesser General Public License LGPL . neon relies on OpenSSL for secure https connections and either libxml or expat XML expat for parsing WebDAV XML responses. Among others, neon is used by the Subversion software Subversion version control system, GnomeVFS file system abstraction layer and the davfs2 network file system. External links http www.webdav.org neon neon home page compu library stub Category C libraries ... more details
structure using OpenSSL code openssl asn1parse in your request code A CSR may be represented as a Base64 ... signing request s ASN.1 structure as parsed by openssl appears as the following pre 0 d 0 hl 4 l ... code openssl asn1parse inform PEM i code where PEM stands for Privacy enhanced mail and describes ... CSR using openssl in Debian Etch Linux ? Your CSR may contain information such as a challenge passphrase ... the content of your CSR by the following openssl command openssl req in myreq.pem noout text You can check the signature on your CSR by the following openssl command openssl req in myreq.pem noout ... http www.openssl.org OpenSSL service can decode a CSR locally, without transmitting sensitive information ... on OpenSSL. http www.ssl.nu nl csr decoderen CSR Decoder SSL.nu http www.spacereg.com a.rpl?m checkcsr ... more details
Infobox software name Stunnel screenshot caption Universal SSL Wrapper developer Micha Trojnara latest release version 4.35 ref http www.stunnel.org ?page sdf ChangeLog Stunnel ChangeLog ref latest release date February 5, 2011 operating system Multi platform genre Proxy server Proxy , Encryption license GNU General Public License website http www.stunnel.org www.stunnel.org Stunnel is a free software free multi platform computer program , used to provide universal Transport Layer Security TLS SSL tunneling service. Stunnel can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively ref O Donovan, Barry http linuxgazette.net 107 odonovan.html Secure Communication with Stunnel , Linux Gazette, Issue 107, October 2004 ref . It runs on a variety of operating systems ref http www.stunnel.org ?page ports Stunnel Ports ref , including most Unix like operating systems and Microsoft Windows Windows . Stunnel relies on a separate Library computing library such as OpenSSL or SSLeay to implement the underlying TLS or SSL protocol. Stunnel uses Public key cryptography with X.509 Public key certificate digital certificates to secure the SSL connection. Clients can optionally be authenticated via a certificate too ref http stunnel.org static stunnel.html stunnel 8 manual ref . If Linker computing linked against TCP Wrapper libwrap , it can be configured to act as a Proxy server proxy Firewall networking firewall service as well. Stunnel is maintained by Micha Trojnara. Released under the terms of the GNU General Public License GPL with OpenSSL OpenSSL Licensing exception . Example scenario The application can present an external secure SSL port that is mapped to an internal unsecured TCP port of an existing application. For example, to provide a secure Transport Layer Security SSL connection to an existing Simple Mail Transfer Protocol SMTP mail server, Stunnel might map the SSL port 465 to port 25 of the mail server. Network ... more details
In information technology , the Datagram Transport Layer Security DTLS protocol provides communications privacy for packet information technology datagram protocols. DTLS allows datagram based applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream oriented Transport Layer Security TLS protocol and is intended to provide similar security guarantees. The datagram semantics of the underlying transport are preserved by the DTLS protocol the application will not suffer from the delays associated with stream protocols, but will have to deal with packet reordering, loss of datagram and data larger than a datagram packet size. DTLS is defined in RFC 4347 for use with User Datagram Protocol UDP encapsulation and in RFC 5238 for use with DCCP encapsulation. See also OpenSSL a free and popular implementation of TLS added support for DTLS with version 0.9.8. CyaSSL an open source embedded SSL TLS implementation with DTLS support. External links http www.ietf.org html.charters tls charter.html The IETF TLS Workgroup http crypto.stanford.edu nagendra papers dtls.pdf The Design and Implementation of Datagram TLS http www.eldos.com sbb desc ssl.php SSLBlackbox components for Windows and .NET software development with support for DTLS http www.cisco.com en US products ps8411 tsd products support series home.html AnyConnect popular VPN Client that uses TLS and DTLS http www.yassl.com yaSSL.com SSL TLS implementation with support for DTLS in version 1.0.3 http libsystools.sourceforge.net libsystools a TLS DTLS open source library for Windows Linux using OpenSSL. FOLDOC crypto stub Category Cryptographic protocols Category Internet protocols Category Session layer protocols de Datagram Transport Layer Security es Datagram Transport Layer Security eu Datagram Transport Layer Security fr Datagram Transport Layer Security ... more details
cleanup date January 2009 orphan date January 2009 SPKAC is an acronym that stands for Signed Public Key and Challenge, also known as Netscape SPKI It is a format for sending a Certification request Certification Signing Request it encodes a public key, that can be manipulated using openssl see http www.openssl.org docs apps spkac.html spkac openssl man page . It is created using the little documented http developer.mozilla.org en HTML HTML Extensions KEYGEN Tag HTML keygen element inside a number of Netscape compatible browsers. HTML5 has now specified the http dev.w3.org html5 spec Overview.html the keygen element keygen element , and has more info on http dev.w3.org html5 spec Overview.html signedpublickeyandchallenge SPKAC This can be very useful for making it easy to create client side certificates through a web service for protocols such as http www.w3.org 2008 09 msnws papers foaf ssl.html foaf ssl . An overview of how http lists.whatwg.org pipermail whatwg whatwg.org attachments 20080714 07ea5534 attachment.txt the keygen tag works with spkac in php . Bouncy Castle provides a http www.bouncycastle.org docs docs1.5 org bouncycastle jce netscape NetscapeCertRequest.html Java class to process spkac, shown in action in http lists.foaf project.org pipermail foaf protocols 2009 January 000144.html this simple server implementation in Java . The user interface needs to be improved in browsers, to make it more obvious to users when a server is asking for the client certificate http www.heise online.co.uk security User tracking with SSL certificates in Firefox news 96239 as explained by the heise online article . Category Cryptography ... more details
unreferenced date September 2010 Infobox software name PolarSSL logo screenshot caption developer Paul Bakker frequently updated yes operating system Multi platform programming language C programming language C genre Library computer science Security library license GPL2 Version 2 GPLv2 and commercial website http www.polarssl.org PolarSSL is a dual licensed open source GPL2 Version 2 GPLv2 and commercial implementation of the Transport Layer Security SSL and TLS protocols. The core library computer science library written in the C programming language C programming language implements the basic cryptography cryptographic functions and provides various utility functions. Unlike OpenSSL and other implementations of TLS, PolarSSL is designed to fit on small embedded devices, with the minimum complete TLS stack requiring under 60KB of program space and under 64KB of RAM. It is also highly modular each component, such as a cryptographic function, can be used independently from the rest of the framework. Versions are also available for Microsoft Windows and Linux . PolarSSL was based on XySSL. Major version releases PolarSSL 0.14.0 was released on August 16, 2010. PolarSSL 0.13.1 was released on March 24, 2010. PolarSSL 0.12.1 was released on October 4, 2009. PolarSSL 0.12.0 was released on July 28, 2009. PolarSSL 0.11.0 was released on May 3, 2009. Algorithms PolarSSL supports a number of different cryptographic algorithms Cipher s Advanced Encryption Standard AES , Camellia cipher Camellia , Data Encryption Standard DES , RC4 , RC5 , Triple DES Cryptographic hash function s MD5 , MD2 cryptography MD2 , SHA 1 , SHA 2 Public key cryptography RSA , Digital Signature Algorithm DSA , Diffie Hellman key exchange See also Portal box Free software Cryptography Transport Layer Security Comparison of TLS Implementations POSSE project GnuTLS Network Security Services OpenSSL References Reflist External links http www.polarssl.org PolarSSL homepage software stub DEFAULTSORT Polars ... more details
Cleanup date March 2010 The http oss institute.org Open Source Software Institute is a U.S. based 501 c 6 , non profit organization whose mission is to promote the development and implementation of open source software solutions within US Federal, state and municipal government agencies. OSSI was established in 2000 and has focused on strategic initiatives to promote the adoption of open source within US Department of Defense and Department of Homeland Security. Efforts include securing the FIPS 140 2 Federal Information Processing Standards FIPS 140 2 OpenSSL validation for the OpenSSL cryptographic module library, participation in development of the http www.doncio.navy.mil PolicyView.aspx?ID 312 U.S. Navy s Open Source Guidance Document , securing the http www.disa.mil news pressreleases 2009 goscon 110309.html Open Source Corporate Management Information System OSCMIS with the http disa.mil U.S. Defense Information Systems Agency DISA , and working with the http www.dhs.gov xabout structure editorial 0530.shtm Department of Homeland Security s Science and Technology Directorate to establish and implement the http www.cyber.st.dhs.gov host.html Homeland Open Security Technology HOST program. Related articles http www.networkworld.com news 2009 042709 military open source.html Military enlists open source community, NetworkWorld, 2009 http www.softwaretechnews.com stn view.php?stn id 42&article id 85 Open Source Software and the Long Road to Sustainability within U.S. DoD IT System, DoD Software Tech News DACS , 2007 http delivery.acm.org 10.1145 950000 945125 karels.html?key1 945125&key2 8642929621&coll &dl ACM&CFID 81197581&CFTOKEN 82397389 Commercializing Open Source Software, ACM The Queue Magazine, 2003 http www.chips.navy.mil archives 02 summer authors index2 files navoceano software.htm Open Source Permeates NAVOCEANO Systems, CHIPS Magazine, Category Free and open source software organizations ... more details
www.mozilla.org projects security pki nss OpenSSLOpenSSLOpenSSL project yes free BSD licenses 4 clause license .28original .22BSD License.22.29 BSD Eric Young, Tim Hudson, Sun, OpenSSL project, and others ... yes no Network Security Services NSS yes yes yes no no no OpenSSL yes yes yes no no yes PolarSSL no yes ... B Cryptography Suite B cryptlib yes CyaSSL no GnuTLS no Network Security Services NSS no OpenSSL no PolarSSL ... yes client side only no no no no no no yes yes no OpenSSL yes yes yes yes yes no no no yes no no yes ... yes yes yes no OpenSSL yes no yes yes yes yes yes yes PolarSSL yes no yes no yes no no no SChannel ... no no Network Security Services NSS no yes yes yes no no OpenSSL no yes yes yes yes yes PolarSSL ... NSS yes OpenSSL yes PolarSSL no SChannel no JSSE no class sortbottom Implementation DEFLATE Cryptographic ... Security Services NSS yes PKCS11 OpenSSL yes PKCS11 via external module Custom method PolarSSL ... available no no OpenSSL yes yes yes no no ? yes yes ? no no PolarSSL no no no no no no no no no SChannel ... libnspr4 br 307kb libsoftokn3 br 14kb libplc4 br 8kb libplds4 Not Ported OpenSSL 159 kLoc br crypto ... Namespace Build Tools API Manual Crypto Back end OpenSSL Compatibility Layer cryptlib ... nss compat ossl ref name nsscapatossl http fedoraproject.org wiki Nss compat ossl ref OpenSSL SSL br ... Back end OpenSSL Compatibility Layer Portability Concerns class wikitable sortable style text ... UX, IRIX, Linux, Mac OS X, OS 2, Solaris, OpenVMS, Amiga DE, Windows, WinCE, Sony Playstation OpenSSL ... http www.openssl.org OpenSSL Website http polarssl.org PolarSSL Website Categories DEFAULTSORT Comparison ... more details
Image CMVPlogo.gif thumb right 226px Logo of the Cryptographic Module Validation Program. The Cryptographic Module Validation Program CMVP is a joint American and Canadian security accreditation program for cryptographic modules. The program is available to any vendors who seek to have their products certified for use by the U.S. Government and regulated industries such as financial and health care institutions that collect, store, transfer, share and disseminate sensitive, but not classified information. All of the tests under the CMVP are handled by third party laboratories that are accredited as CMTL Cryptographic Module Testing Laboratories by the National Voluntary Laboratory Accreditation Program NVLAP . Product certifications under the CMVP are performed in accordance with the requirements of FIPS 140 2 . The CMVP was established by the U.S. National Institute of Standards and Technology NIST and the Communications Security Establishment CSE of the Politics of Canada Government of Canada in July 1995. See also CAVP Cryptographic Algorithm Validation Program CAVP External links http csrc.nist.gov cryptval NIST Cryptographic Module Validation Program http csrc.nist.gov cryptval 140 2.htm NIST FIPS 140 2 http oss institute.org fips faq.html FAQ of a validated implementation OpenSSL broken tested 2011 04 04 crypto stub Category Cryptography standards ... more details
tinc is a self routing, mesh networking protocol, used for data compression compressed , encrypted , virtual private networks . It was started in 1998 by Guus Sliepen , Ivo Timmermans , and Robert van der Meulen , and released as a GPL licensed project. Supported network transports IPv4 IPv6 Virtualized Ethernet via TUN TAP driver Embedded technologies OpenSSL encryption library zlib best compression LZO fast compression Projects that use tinc Freifunk tinc was enabled in their routers as of October 2006 http www.the mesh.org tiki read article.php?articleId 39 . OpenWRT has an installable package for tinc. External links http www.tinc vpn.org Homepage http tinc vpn.org examples simple bridging with dhcp server side Debian GNU Linux tinc dhcp bridging setup http www.vanheusden.com Linux tinc mini howto.html Quick & Dirty TINC setup http en.gentoo wiki.com wiki Tinc Gentoo Linux tinc setup compu network stub VPN Category Internet protocols Category Routing protocols Category Network related software ... more details
OpenCA , officially the OpenCA PKI Research Labs and formerly the OpenCA Project , is a Public key infrastructure PKI collaborative effort to develop a robust, full featured and Open Source out of the box Certificate authority Certification Authority implementing the most used protocols with full strength cryptography. OpenCA is based on many Open Source Projects. Among these there are OpenLDAP , OpenSSL and Apache Software Foundation Apache Project . The project development is divided into two main tasks studying and refining the security scheme that guarantees the best model to be used in a Certification Authority and developing software to easily setup and manage a Certification Authority. The software development side of the project is further divided into the following sub projects OpenCA PKI , a full featured PKI package. LibPKI , a library for PKI application development. OpenCA OCSPD , a small, robust Online Certificate Status Protocol daemon. PRQPD Server , a PKI Resource Query Protocol daemon for use in conjunction with the PKI package. OpenCA ng , a planned project to implement new features and overcome limitations of the current project. ng stands for Next Generation External links http www.openca.org OpenCA http www.openca.org projects openca PKI Project Category Cryptographic software crypto stub de OpenCA PKI ... more details
Infobox software name Simple Repeater stone author Hiroaki Sengoku latest release version 2.3e latest release date 2008 05 02 use port forwarding , proxy software operating system Cross platform license GNU General Public License website http www.gcd.org sengoku stone Simple Repeater stone is a port forwarding and Firewall computing firewall breaching software, used to maintain inbound and outbound communication with different network layers and protocols. Uses Portal Free software Post Office Protocol POP to APOP converter. HTTP proxy server . IPv4 to IPv6 protocol application bridge. OpenSSL tunneler. External links http www.gcd.org sengoku stone Homepage http en.sourceforge.jp projects stone SourceForge Japan project page DEFAULTSORT Stone Software Category Free network related software Category Free routing software Category Unix network related software Category BSD software Category Windows software network software stub ... more details
digital certificates. Some well known open source implementations are EJBCA OpenCA OpenSSL , it is really ... SSL based on the functionality of OpenSSL . Mod ssl features support for Secure Sockets Layer SSLv2 ... packages the mod ssl package, an extended API, and a SSL TLS implementation toolkit such as OpenSSL ... more details
Description column followed by AES and then a specific certificate number. C ASM library OpenSSL ... OpenSSL includes AES cipher support as of version 0.9.7 released in 2002 and is dual licensed under the terms of the OpenSSL License and the original SSLeay license. FIPS validated via IBM Pidgin ... more details
Refimprove date August 2008 A permissive free software licence is a free software license that applies to an otherwise copyright ed work. It also offers many of the same rights found in free software licenses when releasing a work to the public. In contrast to non permissive copyleft reciprocal licenses such as the GNU General Public License , any copies and derivatives of the source code created under permissive licenses may be made available on terms that are more restrictive than those of the original license. For example, source code released under a permissive software license does not have the requirement that all distributed derivatives also be made available to the public. Well known examples of permissive licenses include the MIT License and the BSD licenses . Comparison to public domain Computer Associates Int l v. Altai used the term public domain to refer to works that have become widely shared and distributed under permission, rather than work that was deliberately put into the public domain. However, such licenses are not actually equivalent to releasing a work into the public domain Copyright public domain . Permissive licenses often do stipulate some limited requirements, such as that the original authors must be credited attribution . If a work is truly in the public domain, this is usually not legally required, but a United States copyright registration requires disclosing material that has been previously published, ref http www.copyright.gov forms notice.html US Copyright Office Form CO see also dBase dBase programming language Ashton Tate v. Fox ref and attribution may still be considered an ethical requirement in academia. GPL compatibility Some permissive free software licenses contain clauses that require advertising materials to credit the copyright holder. Licenses with an advertising clause include the BSD license UC Berkeley advertising clause 4 clause BSD license , the PHP License , and the OpenSSL license License incompatibilities OpenS ... more details
for the Unix null device dev null No footnotes date March 2010 Devnull is the name of a computer worm for the Linux operating system that has been named after dev null tt dev null tt , Unix s null device. This worm was found on 30 September 2002. This worm, once the host has been compromised, downloads and executes a shell script from a web server. This script downloads a gzip ped executable file named tt k.gz tt from the same address, and then decompresses and runs the file. This downloaded file appears to be an IRC client. It connects to different channels and waits for commands to process on the infected host. Then the worm checks for presence of the GNU Compiler Collection GCC compiler on the local system and, if found, creates a directory called tt .socket2 tt . Next, it downloads a compressed file called tt devnull.tgz tt . After decompressing, two files are created an Executable and Linkable Format ELF binary file called tt devnull tt and a source script file called tt sslx.c tt . The latter gets compiled into the ELF binary tt sslx tt . The executable will scan for vulnerable hosts and use the compiled program to exploit a known OpenSSL vulnerability. See also Linux malware External links http www.f secure.com v descs devnull.shtml F Secures Website Linux Devnull Category Computer worms Category Linux malware malware stub ... more details
The Cryptographic Message Syntax CMS is the IETF s standard for Cryptography cryptographically protected messages. It can be used to Digital signature digitally sign , Cryptographic hash function digest , Message authentication code authenticate or encryption encrypt any form of digital data. CMS is based on the syntax of PKCS 7, which in turn is based on the Privacy enhanced Electronic Mail Privacy Enhanced Mail standard. The newest version of CMS As of 2009 lc on is specified in RFC 5652 but see also RFC 5911 for updated ASN.1 modules conforming to ASN.1 2002 . The architecture of CMS is built around X.509 certificate based key management, such as the profile defined by the PKIX working group . CMS is used as the key cryptographic component of many other cryptographic standards, such as S MIME , PKCS 12 and the RFC 3161 Digital timestamping protocol. OpenSSL is an open source software that can encrypt, decrypt, sign and verify, compress and uncompress CMS documents. See also Portal Cryptography CAdES computing CAdES CMS Advanced Electronic Signatures S MIME PKCS 7 External links http www.ietf.org rfc rfc5652.txt RFC 5652 http www.ietf.org rfc rfc3852.txt RFC 3852 obsolete http www.ietf.org rfc rfc2630.txt RFC 2630 obsolete http tools.ietf.org rfc rfc5911.txt RFC 5911 http www.globaltrustfinder.com PKCS7UserSigningStep1.aspx GlobalTrustFinder CMD Demo Powered by ADSS requires registration Categories Category Cryptographic protocols Crypto navbox Crypto stub de Cryptographic Message Syntax ja pl Cryptographic Message Syntax ... more details
allowed the Camellia cipher to become part of the OpenSSL Project, under an Open source license , since November 2006. ref name ntt openssl cite press release title The Open Source Community OpenSSL ... popular Library computing security libraries , such as Crypto , GnuTLS , PolarSSL and OpenSSL also include ... more details
Unreferenced date December 2009 Image Heckert GNU white.svg thumb 200px right The GNU logo The GNAT Modified General Public License short Modified GPL , GMGPL is a version of the GNU General Public License specifically modified for the wikibooks Ada Programming Generics generic feature found in the Ada programming language . The modification is as follows As a special exception, if other files instantiate generics from this unit, or you link this unit with other files to produce an executable, this unit does not by itself cause the resulting executable to be covered by the GNU General Public License. This exception does not however invalidate any other reasons why the executable file might be covered by the GNU Public License. The GNAT Ada compiler can automate conformance checks for some GPL software license issues via a compiler directive . Use code pragma License Modified GPL code to activate the check against the Modified GPL. The GNAT Reference Manual ref cite web url http gcc.gnu.org onlinedocs gnat rm title GNAT Reference Manual accessdate 2010 07 21 ref documents the License ref cite web url http gcc.gnu.org onlinedocs gnat rm Pragma License.html title Pragma License accessdate 2010 07 21 ref pragma along with other compiler directives. See also Portal Free software Free software licences GNU Free Documentation License GNU Lesser General Public License OpenSSL exception GPL linking exception References and notes Reflist GNU DEFAULTSORT Gnat Modified General Public License Category GNU Project Category Free software licenses Category Ada programming language de GNAT Modified General Public License es GNAT Modified General Public License eu GNAT Modified General Public License ja GNAT Modified General Public License zh GMGPL ... more details
Encyclopedia
top
