Upstream University
[ English ]

ADMINSITRATIVE PART

C.5. Cryptographic Services provided

[ ] Authentication (*) : ....................

[ ] Access Control (*) : ....................

[X] Signature (*) : DSA, Diffie-Hellman, RSA

[X] Integrity (*) : SHA-1, MD2, MD4, MD5, RIPE MD-160

[X] Confidentiality (*) : RSA, DSA, DES, Triple-DES, Blowfish, CAST5-128, IDEA, RC2, RC4, RC5

 

(*) Specify the names of the algorithms used.

TECHNICAL PART

General description of the product, the user manual ;

A description of the services provided by the product : cryptographic library with support for the X509 certification environment, and for hardware extensions. Used as a generic cryptographic library in many Free Software programs and specifically for its SSL and X509 support in programs communicating in a secure way over the Internet, either on-line (transport layer for WWW, IMAP, LDAP...), either off-line (S/MIME format e-mail). http://www.openssl.org/docs/ssl/ssl.html; http://www.openssl.org/docs/crypto/crypto.html ;

A description of the cryptographic functions provided by the product (encryption, signature, key management) : Encryption, data signing, public key handling, key certification (X509 format), password protection of private keys, key pair creation and random numbers generation, bignum computing library, safe memory management (erasing deallocated memory chunks, memory locking), flow encryption and authentication (SSL), "nul divulgation" interactive authentication ;

The description of the key management implemented in the software, including at least:

- the distribution method : irrelevant for OpenSSL, it is customary to use files or LDAP repositories ;
- the key generation process/method :

openssl-0.9.6d/apps/gendsa.c
openssl-0.9.6d/apps/genrsa.c
openssl-0.9.6d/apps/gendh.c
;
- the key archival format, if relevant: PKCS#8 (http://www.rsasecurity.com/rsalabs/pkcs/pkcs-8/), PKCS#12, PEM or DER formats, in a file. Encryption with symetric algorithms proposed in the sources. ;
- the key transmission format, if relevant: clear transmission of public keys (X509), Diffie-Hellman key exchange during the initalization of an SSL session (directory openssl-0.9.6d/ssl/), PKCS#12 ;

The description of technical means implemented to prevent alteration of the encryption method or the associated key management: Calculus: safe memory management (erasing deallocated memory chunks, memory locking), Keys: protected by PKCS#8 encryption, MAC (MD5 and SHA1 algorithms) and PKCS#12 (password protection) ;

The description of pre-processing applied on un-encrypted data before encryption (compression, formating, header addition, etc.):

  * PKCS#7 encapsulation (S/MIME) for textual files
  * other encodings ASN.1 : PKCS#12, X509
  * TLSv1 protocol (SSL) for interactive sessions
; ;

The description of post-processing of encrypted data, after encryption (adding a header, formating, slicing into packets, etc.).

  * PEM ("----BEGIN CERTIFICATE----" / "----END
    CERTIFICATE----") format 
  * TLSv1 protocol (SSL) for interactive sessions, and the selected
transport layer (eg. TCP/IP).

Updated: $Date: 2003-02-28 16:16:22 +0100 (Fri, 28 Feb 2003) $ $Author: loic $
 
Sections
Accueil
Actualités
Soutenir
Intervenants
À propos
Guides techniques
Contact
Projets
Gna!
Ferme GCC
Contrats
Liens
April
FSF
   bonjour@fsffrance.org
Copyright (C) 2003-2011, FSF France, 12 boulevard Magenta, 75010 Paris, France
La reproduction exacte et la distribution intégrale de cet article sont permises sur n'importe quel support d'archivage, pourvu que cette notice soit préservée.
Le présent site a fait l'objet d'une déclaration a la CNIL sous le numéro 1134545. Conformément à la législation française en vigueur et plus particulièrement à la loi du 6 janvier 1978 Informatique et liberté, vous disposez d'un droit d'accès, de rectification, d'opposition et de suppression sur ces données que vous pouvez exercer en écrivant à l'adresse de courriel suivante bonjour@fsffrance.org ou au siège social de l'association.