Michael Sierchio wrote:
>
> "Grebelsky, Konstantin" wrote:
>
>
> > As far as I understood from different sources this is not possible without
> > RSA since with DH we can not get public keys (limitations of SSLeay)? Thus
> > either I have to pay RSA or I have to create or obtain certificates to use
> > with DH because then I will be able to authenticate client and server
> > without need to get and save actual public keys?
>
> DH public keys include the public DH parameters, which may be shared
> among a group of users. There are profiles for embedding DH parameters
> in X.509 certs, and while DH cannot be used to create digital
> signatures (i.e. an authenticator which may be verified by any
> third party), there are methods of proof-of-possession of the
> private key corresponding to a cert. So, for pairwise auth or
> encryption, you can use DH.
>
> I have no idea how to do this in OpenSSL.
>
OpenSSL doesn't support DH certificates though it may in future.
My queries about test vectors for DH X9.42 parameter generation in lots
of places (including S/MIME v3 where it is supposed to be a mandatory
algorithm) have resulted in zero replies. Conclusions about the
popularity of X9.42 are left as an exercise for the reader...
Anyway back to the original posters query:
>
> "Grebelsky, Konstantin" wrote:
>
> > I have the following problem: I have a server and client application. All I
> > want to do is to secure (encrypt) the link (TCP/IP) between the
> > applications. I want to be able to authenticate both parties upon connection
> > using public key. I don't want to use certificates. The idea is that I'd
> > authenticate the remote party using just public key.
>
Whats wrong with using certificates? You can have client and server use
DSA self signed certificates and uses SSL without RSA. You then wont
have problems with either the RSA patent or getting a CA to issue
certificates.
Alternatively if you insist on not using certificates then you can use
anonymous DH and authenticate using whatever method you wish. External
authentication is advisable because without it anon DH is vulnerable to
a man in the middle attack.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
