On Sun, Jan 06, 2002 at 01:04:37PM -0800, Vadim Zaliva wrote:
> 2. Challenge-Response
> 
> I do not know yet how to implement this. Advice appreciated.
> 
> 4. RSA keys
> 
> Similar to SSH. I understand that OpenSSL protocol does not have
> specific support for this, so it have to be written on top of it,
> after SSL connection is established. I guess server have to send some
> token signed with its key, which client have to send back signed with
> its. Checking signatures would ensure identity of both.

I did something like this in openSSL, but had to write basic RSA enc/dec routines. Its 
quite straight forward with the power of OpenSSL. I used a BIO to feed my own RSA key 
into an RSA struct.

from the ssh man pages

     When the user logs in, the ssh program tells the server
     which key pair it would like to use for authentication.  The server
     checks if this key is permitted, and if so, sends the user (actually the
     ssh program running on behalf of the user) a challenge, a random number,
     encrypted by the user's public key.  The challenge can only be decrypted
     using the proper private key.  The user's client then decrypts the chal­
     lenge using the private key, proving that he/she knows the private key
     but without disclosing it to the server.

Kind Regards

Crispin

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to