how to encrypte public key

Sat, 17 Mar 2001 20:46:55 -0800 

I am building a system that will not use certificates. I'm using the
sample code "mkit" to accomplish self certification.

I do need public/private keys however, and I need the "server" to encrypt
the public key before sending it out.  This does not seem to be something
the designers intend the code to do, so I am trying to modify it, sigh.
 Two questions:

1) Is there a way to do this built in I have not discovered?

2) Assuming #1 is no, I went ahead and modified 

     int ssl23_get_client_hello(SSL *s)

with the following at the very end where it sends out the certificate.

============================
        // corky's code to encrypt public key just before sending it
#define CCRYPT 0
#if CCRYPT
        BF_set_key(&key, 11, "UsePassword");
        iLoop = 0;
        printf("plain pub key: %s\n", 
s->cert->key->x509->cert_info->key->public_key->data);
        while (iLoop < s->cert->key->x509->cert_info->key->public_key->length)
        {
                BF_encrypt((unsigned 
int*)&s->cert->key->x509->cert_info->key->public_key->data[iLoop],
&key);  // encrypts 8 bytes
                iLoop += 8;
        }
        printf("crypted pub key: %s\n", 
s->cert->key->x509->cert_info->key->public_key->data);
#endif
        // corky's code end

        return(SSL_accept(s));
============================


Sure enough, the client gets the encrypted public key data, but it also
croaks because it thinks the connection has been tampered with.

Does anyone know the code well enough to tell me where I should do the
encryption on the server and decryption on the client to get this to
work?  Also checking to make sure I am encrypting what I think I am would
be nice since I never saw this code till a few days ago, and the structures
are quite involved, I worry I got it wrong.

Many thanks for all help!

-Corky



PS  -- I'm not sure I am properly registered on the mailing list -- it
would not confirm me.  If you could CC 

[EMAIL PROTECTED]

I would be sure to get it.


__________________________________________________
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to