Vadim Zaliva <[EMAIL PROTECTED]> writes: > I am trying to use OpenSSL to build secure authenticated channel between > client and server. I want server to allow connections only from certain > clients, and I want client to be sure it is connected to the right server. > > I see how it could be done using certificates. However for my application > generating certificates would be to complex for end user. > > The simplest way I see it would be to use RSA public/private keys: the way > SSH does. So client and server each would have private/public key pairs > generated. When, I would manually add server public key to client side and > client public key to server side (server will possibly have more that one > client key). > > If there is anything wrong with the way I am planning to do it? It seems > to me that this should be pretty common usage. If somebody done this > before I would appreciate any advice. I am new to openssl and still > learning basics. This can't be done with SSL exactly the way you want to do it. The only way that SSL knows how to carry public keys is via certificates.
Accordingly, what you need to do is use self-signed certificates. At this point you have two authentication options: (1) Hardwire in the certificate values (or public key values) on either side. It's conventional to use a digest of the certificate/key instead of the actual value. (2) Do what SSH does for the server. When the client first connects hope that there's no man-in-the-middle and assume that the certificate is genuine. Write it down and from that point on check the key the peer presents against the cached key. As Crispin points out, this has a few security problems, but it's better than nothing. Essentially, SSH trusts that the first time you connect you actually get to the right host. Given the frequency of actual attacks on the net, this isn't THAT bad an assumption. The traditional thing to do with SSH is for the client to get the server's public key the first time he connects. The client then authenticates to the server with a password. Once the client has authenticated he puts his own public key on the server. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] Author of "SSL and TLS: Designing and Building Secure Systems" http://www.rtfm.com/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]