I am building a system that will not use certificates. I'm using the
sample code "mkit" to accomplish self certification.
I do need public/private keys however, and I need the "server" to encrypt
the public key before sending it out. This does not seem to be something
the designers intend the code to do, so I am trying to modify it, sigh.
Two questions:
1) Is there a way to do this built in I have not discovered?
2) Assuming #1 is no, I went ahead and modified
int ssl23_get_client_hello(SSL *s)
with the following at the very end where it sends out the certificate.
============================
// corky's code to encrypt public key just before sending it
#define CCRYPT 0
#if CCRYPT
BF_set_key(&key, 11, "UsePassword");
iLoop = 0;
printf("plain pub key: %s\n",
s->cert->key->x509->cert_info->key->public_key->data);
while (iLoop < s->cert->key->x509->cert_info->key->public_key->length)
{
BF_encrypt((unsigned
int*)&s->cert->key->x509->cert_info->key->public_key->data[iLoop],
&key); // encrypts 8 bytes
iLoop += 8;
}
printf("crypted pub key: %s\n",
s->cert->key->x509->cert_info->key->public_key->data);
#endif
// corky's code end
return(SSL_accept(s));
============================
Sure enough, the client gets the encrypted public key data, but it also
croaks because it thinks the connection has been tampered with.
Does anyone know the code well enough to tell me where I should do the
encryption on the server and decryption on the client to get this to
work? Also checking to make sure I am encrypting what I think I am would
be nice since I never saw this code till a few days ago, and the structures
are quite involved, I worry I got it wrong.
Many thanks for all help!
-Corky
__________________________________________________
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
